News

Processing a transaction using a microprocessor card

Introduction of alternative microprocessor card technology on the market, any card operation begins with the procedure for selecting the technology. At the technology selection stage, depending on the capabilities of the terminal and the card, a decision is made about which technology — the magnetic stripe or chip — will be used to perform the current transaction. The capabilities of the terminal are determined by the presence of a reader for reading data from the magnetic stripe and (or) a chip, as well as appropriate software capable of...

read more

ARPC calculation algorithm

Algorithm for calculating ARPC ARD is padded on the right with six null bytes: X:=(ARD||’00’| |’00’| |’00’| |’00’| |’00’| |’00’); D:[email protected]; ARPC: – DES3(SK”c) [DJ; a 10-byte Issuer Authentication Data element (Tag ’91’) is generated, representing the Issuer Authentication Data=ARPC| (ARC. Method 2. The ARPC cryptogram is calculated by the Issuer using the 3 IS0 / IEC 9797-1 algorithm for calculating the MAC value using the session 16-byte 5kls...

read more

The ARQC and ARPC cryptograms

Data to be signed by the Issuer when generating the ICC RE Public Key certificate Name of the Length field, byte Description Format Certificate Format 1 ‘ 04’h b PAN 10 the pan card Number, supplemented on the right by the characters ‘F’h’ 20 Certificate Expiration Date 2 the date (month and year) after which the certificate is invalid P4 Certificate Serial Number 3 a Binary number unique to this certificate assigned by the Issuer Hash Algorithm Indicator 1 Identifies the hashing algorithm; in the current...

read more

Appearance of CDA methods in EMV 4.0

The static authentication procedure is performed in three steps: The terminal uses the certificate Authority Public Key Index and RID data read from the card (the first 5 bytes of AID) to select the public key of the certification authority payment system certification center stored in it, which corresponds to the certificate Authority private key used to calculate the Issuer’s public key certificate. If the public key of the payment system is not found, it is considered that the static authentication of the card failed (SDA failed)....

read more

EMV standard for creating/verifying a digital signature

The data field of the command contains the new parameter value and the value of the Message Authentication Code (MAC), which is used to ensure the integrity of the transmitted data and authenticate its source. There is no data field in the response to the command. For a successfully completed command, SWl= ’90’h, SW2=’ 00Ti. Security issues in the EMV standard The most important feature of IPC is the support of the operating system for cryptographic functions. The use of these features by the card application can...

read more

List of commands used in EMV applications

List of commands used in EMV applications: CLA INS Value 1 2 3 ’8x’ ‘ IE* APPLICATION BLOCK ‘8x’ ’18’ APPLICATION UNBLOCK ‘8x’ ’16’ CARD BLOCK ‘Oh’ ’82’ EXTERNAL AUTHENTICATE ‘8x’ ‘ AE ‘ GENERATE APPLICATION CRYPTOGRAM ‘Oh’ ’84’ GET CHALLENGE ‘8x’ ‘CA’ GET DATA 1 2 In ‘8x’ ‘ A81 GET PROCESSING OPTIONS ‘Oh’ ’88’ INTERNAL AUTHENTICATE ‘8x’...

read more

EMV access condition values

AEF files As already noted, the ADF file is an access point to the AEF files containing the data of the application corresponding to the ADF file. After the terminal selects the ADF file, all the AEF files of this application can be selected by the SFI name of these files. The SFI value of any application AEF file varies from 1 to 30. According to Book 3 of the EMV specifications, AEF files identified by SFI in the range from 1 to 10 store data defined in the EMV standard. Files identified by SFI in the range from 11 to 20 and from 21 to 30...

read more

EMV file system

Ef files As noted earlier, it is in the EF files that the data of the card and its applications are stored. In terms of graph theory, EF files are leaves (terminal vertices of a graph) in the tree-like file structure of the IPC. ISO 7816-4, an EF file may have its own header (FCI). Consider a possible FCI implementation for an EF file. EF file and takes two bytes. The card EF file operating system reserves the required EEPR0M space. New data can be added to the EF file until there is no free space in the reserved space. The data element File...

read more

The file structure, commands, and data protection mechanisms in microprocessor-based cards of the EMV standard

Data objects and their encoding Any application of a microprocessor card uses a certain set of data elements (Data Element) — minimal units of information that are identified by their name, content, and format (digital, binary, symbolic, and mixed formats are allowed). Data elements are logical structures, and for their storage in card memory, they are cardped (encoded) into physical data objects (Data Object). There are various forms of displaying data elements in data objects. The BER-TLV encoding defined by the IS0/IEC 8825 standard is...

read more

General trends in the development of microprocessor cards

General trends in the development of microprocessor cards today are dictated not by the banking sector, but by telecommunications applications. The main focus of these trends is to: – eliminate the weak telecommunications capabilities of the smart card associated with the support of low-speed half-duplex asynchronous communication protocols that have not changed for more than 15 years; implementation of multitasking (multithreaded) mode of operation of the smart card, i.e. its ability to run multiple applications at any given time. The...

read more