|
|
资料
| 文件格式: |
pdf |
| 文件页数: |
103 |
| 文件语言: |
英文 |
| 文件原作者: |
EMVCo, LLC |
| 成文时间: |
2007 7 |
| 摘要或目录: |
Table of Contents
1. Purpose v
2. Scope vi
3. Audience viii
4. Normative References ix
5. Definitions xi
6. Abbreviations and Notations xii
1 Card Personalization Data Processing 1
1.1 Overview of the Process 1
1.2 The Infrastructure of Card Personalization 2
1.3 Secure Messaging 3
1.4 The STORE DATA Command 3
1.5 The Common Personalization Record Format 4
2 Data Preparation 7
2.1 Creating Personalization Data 7
2.1.1 Issuer Master Keys and Data 8
2.1.2 EMV Application Keys and Certificates 8
2.1.3 Application Data 9
2.2 Creation of Data Groupings 10
2.3 Completion of Personalization 11
2.3.1 Multiple Transport Key Capability 12
2.4 Processing Steps and Personalization Device Instructions 12
2.4.1 Order that Data must be sent to the IC Card 13
2.4.2 Support for Migration to New Versions 14
2.4.3 Encrypted Data Groupings 15
2.4.4 PIN Block Format and Random Numbers 16
2.4.5 Grouping of DGIs 16
2.4.6 Security Level Indicator of Secure Channel Sessions 17
2.5 Creation of Personalization Log Data 19
2.6 Data Preparation-Personalization Device Interface Format 19
3 Personalization Device-ICC Interface 29
3.1 Processing Step ‘0F’ 29
3.1.1 Key Management 30
3.1.2 Processing Flow 30
3.2 Processing Step ‘0B’ 31
3.2.2 Key Management 33
3.2.3 Processing Flow 33
3.2.4 SELECT Command 34
3.2.5 INITIALIZE UPDATE Command 35
3.2.6 EXTERNAL AUTHENTICATE Command 39
3.2.7 STORE DATA Command 41
3.2.8 Last STORE DATA Command 45
3.3 Command Responses 45
3.4 Personalization Log Creation 45
4 IC Card Personalization Processing 49
4.1 Preparation for Personalization (Pre-Personalization) 49
4.2 Load / Update of Secure Channel Key Set 50
ii Tables and Figures July 2007
4.3 File Structure for Records 51
4.4 Personalization Requirements 51
4.4.1 IC Card Requirements 51
4.4.2 Command Support 51
4.4.3 Secure Messaging 51
5 Cryptography for Personalization 55
5.1 Two Key Zones 55
5.2 One Key Zone 55
5.3 Session Keys 56
5.4 MACs 56
5.4.1 MACs for Personalization Cryptograms 57
5.4.2 C-MAC for Secure Messaging 57
5.4.3 MAC for integrity of the personalization data file 60
5.5 Encryption 62
5.5.1 Encryption Using ECB mode 62
5.5.2 Encryption Using CBC Mode 62
5.6 Decryption 62
5.6.1 Decryption Using ECB Mode 63
5.6.2 Decryption Using CBC Mode 63
5.7 Triple DES Calculations 63
6 Personalization Data Elements 65
6.1 ACT (Action to be Performed) 65
6.2 AID (Application Identifier) 65
6.3 ALGSCP (Algorithm for Secure Channel Protocol) 65
6.4 C-MAC 65
6.5 CMODE (Chaining Mode) 66
6.6 CSN (Chip Serial Number) 66
6.7 DTHR (Date and Time) 66
6.8 ENC (Encryption Personalization Instructions) 66
6.9 IDTK (Identifier of the Transport Key) 66
6.10 IDOWNER (Identifier of the Application Specification Owner) 66
6.11 IDTERM (Identifier of the Personalization Device) 66
6.12 KENC (DES Key for Creating Personalization Session Key for
Confidentiality and Authentication Cryptogram) 66
6.13 KDEK (DES Key for Creating Personalization Session Key for Key and PIN
Encryption) 67
6.14 KMAC (DES Key for Creating Personalization Session Key for MACs) 67
6.15 Key Check Value 67
6.16 KEYDATA (Derivation Data for Initial Update Keys) 67
6.17 KMC (DES Master Key for Personalization Session Keys) 67
6.18 KMCID (Identifier of the Master Key for Personalization) 68
6.19 L (Length of Data) 68
6.20 LCCA (Length of IC Card Application Data) 68
6.21 LOGDATA (Data Logging Personalization Instructions) 68
6.22 MACINP (MAC of All Data for an Application) 68
6.23 MACkey (MAC Key) 69
6.24 MIC (Module Identifier Code) 69
6.25 ORDER (Data Grouping Order Personalization Instructions) 69
6.26 POINTER (Additional Pointer to Personalization Data or Instructions)69
iii Tables and Figures July 2007
6.27 RCARD (Pseudo-Random Number from the IC Card) 69
6.28 RTERM (Random Number from the Personalization Device) 69
6.29 RANDOM (Random Number) 69
6.30 REQ (Required or Optional Action) 70
6.31 SEQNO (Sequence Number) 70
6.32 SKUENC (Personalization Session Key for confidentiality and
authentication cryptogram) 70
6.33 SKUDEK (Personalization Session Key for Key and PIN Encryption) 70
6.34 SKUMAC (Personalization Session Key for MACing) 70
6.35 TAG (Identifier of Data for a Processing Step) 71
6.36 TK (Transport Key) 71
6.37 TYPETK (Indicator of Use(s) of Transport Key) 71
6.38 VERCNTL (Version Control Personalization Instructions) 72
6.39 VNL (Version Number of Layout) 72
Annex A. Common EMV Data Groupings 73
A.1 Introduction 73
A.2 Common DGIs for EMV Payment Applications 73
A.3 Common DGIs for EMV PSE 79
A.4 Common DGIs to Load/Update Secure Channel Static Keys 80
A.5 Common DGIs to Create File Structure for EMV Records 82
Annex B. Overview of EMV Card Personalization Indirect Method 85
iv Tables and Figures July 2007 |
| 文件截图: |
 |
|
窥视卡
雷达卡
发表于 2011-7-20 16:28:11
收藏
分享
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡