Professional Documents
Culture Documents
boqkb`fobs
= b`k^fim m^
uuPP=fkjl
uuTP=fkjl
bo rq` bqfe`o^
aibfepfobs
vqfor`bp
M MM R=`p
SC 5000
SC 5000 EMV Application Architecture and Interface Guide 2002 VeriFone, Inc.
All rights reserved. No part of the contents of this document may be reproduced or transmitted in any form without the written permission of VeriFone, Inc. The information contained in this document is subject to change without notice. Although VeriFone has attempted to ensure the accuracy of the contents of this document, this document may include errors or omissions. The examples and sample programs are for illustration only and may not be suited for your purpose. You should verify the applicability of any example or sample program before placing the software into productive use. This document, including without limitation the examples and software programs, is supplied As-Is. VeriFone, the VeriFone logo, Omni, VeriCentre, Verix, and ZonTalk are registered trademarks of VeriFone. Other brand names or trademarks associated with VeriFones products and services are trademarks of VeriFone, Inc. All other brand names and trademarks appearing in this manual are the property of their respective holders. Comments? Please e-mail all comments in this document to i_Tell_Us_More@VeriFone.com
VeriFone, Inc. 2455 Augustine Drive Santa Clara CA 95054-3002 www.verifone.com VeriFone Part Number 22595, Revision A
CONTENTS
CHAPTER 1 General Interface and Communications Protocol CHAPTER 2 Communication Packets and Commands
5 5 6 6 6
Packet Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 General Communication Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Packet 11: PIN Pad Connection Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Packet 12: Select Prompt Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Packet 13: Application Version and Modify Serial Port. . . . . . . . . . . . . . . . . 10 Encrypted PIN Communication Packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Packet 02: Transfer Master Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Packet 04: Check Master Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Packet 08: Select a Master Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Packet Z62: Accept and Encrypt PIN, Display Custom Messages . . . . . . . . 17 Packet 71: Transfer PIN Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Packet 72: Cancel Session Request. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Custom Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Custom Communication Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Packet Z2: Display a String. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Packet Z8: Set/ Reset Idle Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
CHAPTER 3 Magnetic Card Reader Specifications CHAPTER 4 ICC Reader Specifications CHAPTER 5 EMV Services
Packet Q4: Activate/Deactivate the Card Reader . . . . . . . . . . . . . . . . . . . . . . . 25 Packet 81: Card Image Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Packet I02: Wait for ICC Removal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Packet I05: ICC Presence Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Transaction Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Primary EMV Communication Packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Step-by-Step EMV Communication Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet Response Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Card Status Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C00: Wait For Card and Select Application . . . . . . . . . . . . . . . . . . . Packet C01: Add Amount, Process AFL, and Authenticate . . . . . . . . . . . . . Packet C02: Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C03: Get Card Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C04: Transaction Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C05: Add Amount and Process AFL . . . . . . . . . . . . . . . . . . . . . . . . . Packet C06: Card Data Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C07: Get Card Config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
34 34 35 36 39 39 41 44 45 47 49 50 52
3
Packet C08: Card Holder Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C09: Processing Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C10: Terminal Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C11: Authenticate Issuer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C12: Process Issuer Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C13: Europay-Specific Tests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C14: Get CAPK. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C15: Set Default DDOL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C16: Set Default TDOL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C17: Set TACs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C18: Set ROS Parameter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C19: Add TLV to Collxn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C20: Get TLV from Collxn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C21: Update TLV in Collxn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C22: Check Fallback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C23: Clean Transaction Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C24: Get Card Second Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C25: Write to Script File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C99: Unsolicited Packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet C3X: Super Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Example Situation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Parameters and Response Fields Lists . . . . . . . . . . . . . . . . . . . . . . . . . .
53 54 56 57 58 59 61 62 64 65 66 67 68 70 72 73 74 75 77 78 79 80
EST.DAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MVT.DAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . How the Tables are Used . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Field Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Certificate Serial Number Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
83 83 85 86 88
Database Communication Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Database Concepts and Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Packet Response Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Packet D00: Create Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 Packet D01: Table Info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Packet D02: Seek Record. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Packet D03: Read Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 Packet D04: Add New Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Packet D05: Update Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Packet D06: Delete Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Packet D07: Delete Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Packet D08: Get Field from Table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Packet D09: Put Field into Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Packet P00: Remote Application Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Packet P01: Who are You? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
CHAPTER 1
General Interface and Communications Protocol
The SC 5000 Generic Application Interface is designed to provide functionality and services needed to implement specific application (such as, EMV, PINPad101/201 emulation), as well as other regional applications by providing the following features:
EMV services: Required for a complete EMV financial transaction (application selection, data authentication, restriction processing, risk management, cardholder verification, and so on) Traditional PINPadP101/201 credit and debit services: Required for a magnetic-stripe card-based financial transaction (PIN entry, PIN encryption, mag stripe reading, and so on) ICC read/write services: Required for non-EMV ICC-based transactions (for example, loyalty applications) Database services Application selection and RS-232 set up services Adding user-defined commands for specific country or customer application requirements
The SC 5000 communicates with a master device through an RS-232 connection. The master device can request any of the above services using a defined set of commands the PIN pad interprets. A master device can be a VeriFone terminal, ECR (electronic cash register), or other device that can communicate over the RS-232 port using the defined message protocol and command set.
Receiving a NAK
If during a communication session, either the master device or the PIN pad receives a NAK, it retransmits the previous message and increments a NAK counter for the communication session. If more than three NAKs occur while attempting to transmit the same packet, the sending device (that is, the device that transmitted the three NAKs) sends an EOT and terminates the communication session. During a communication session, the PIN pad or master device times out the expected communication is not received within the specified time-out period This can be configured using packet 13 (see section Packet 13: Application Version and Modify Serial Port). The default time-out value is 15 seconds. In this situation, the SC 5000 sends an EOT to terminate the communication session. In some circumstances the SC 5000 may send a specific report to the master device. In this case, an ENQ character is sent from the SC 5000. If this ENQ is answered with an ACK, the SC 5000 sends the unsolicited packet.
Timeout
Unsolicited Packets
CHAPTER 2
Communication Packets and Commands Packet Format
There are two options for packet format:
The SC 5000 EMV application accepts any of these formats for all packets described in the rest of this document. The description for each packet, nevertheless, is compatible with PINPad 101 and PINPad 1000. It is recommended that the master device developer comply with this definitions, as there is no guarantee that other platforms have the same flexibility provided by the SC 5000.
The following packets initiated tests or functions between a master device and a PIN pad. These packets are suitable for any key management scheme.
Communication test Select prompt language Application version Modify serial port
Table 1 lists packets used in both MS and DUKPT sessions. Table 1 Packet
11 12 13
This packet is used by the master device to test the connection with the PIN pad. On a good connection, the master device receives an ACK from the PIN pad within one second. Otherwise, the master device must assume that the PIN pad is not properly connected.
NOTE
Table 2
Data Element
<SI> Packet type <SO> {LRC}
Comments
Shift In, Value: 0Fh Value: 11 Shift Out, Value: 0Eh Error Check
Packet 11 Length
Packet 11 Example
<SI>11<SO>{LRC}
Table 3
Master Device
<SI>11<SO>{LRC}
The master device uses packet 12 to select the prompt language for the PIN pad. Up to four different languages are supported. Languages can be selected from one of the following single digit codes:
The language ID must be in the range 14. If the ID is out of this range, the PIN pad selects English (ID=1), the default language, as the new prompt language. After the new prompt language is selected, the PIN pad displays the new language for 3 seconds, then falls back to the idle prompt in the selected language.
For example, for Latin American countries the supported languages are English, Spanish, French, and Portuguese. Packet 12 is responsible for setting the preferred language of the master device. Other situations where the language can be changed are:
NOTE
If the preferred language for the EMV card is different than set. If the user selects another language during a type operation (for example, Z62).
Table 4
Data Element
<SI> Packet type [c] <SO> {LRC}
Comments
Shift In, Value: 0Fh Value: 12 Language codes: 1 to 4 Shift Out, Value: 0Eh Error Check
Packet 12 Length
Packet 12 Example
<SI>122<SO>{LRC}
Table 5
Master Device
<SI>12[c]<SO>{LRC}
The master device uses packet 13 to obtain the SC 5000 application version identifier and select the baud rate and data communication parameters. After the new baud rate and other parameters are selected, the PIN pad flashes the new configuration for 3 seconds and then returns to the idle prompt. Table 6 Packet 13 Format Characteristic
1H 2AN 1N
Data Element
<SI> Packet type [b]
Comments
Shift In, Value: 0Fh Value: 13 Baud rate codes:
0 = Return application version 1 = 1200 bps 3 = 4800 bps 5 = 19200 bps 7 = 115200 bps 8 and 9 are accepted for backwards 2 = 2400 bps 4 = 9600 bps 6 = 38400 bps
parity
3 = 8 bits, no
parity
4 = 8 bits, even
parity
5 = 8 bits, odd
parity
parity <FS> <SO> {LRC} 1AN 1H 1H If an FS (0x1C) character is here the display of new configuration is disabled (optional). Shift Out, Value: 0Eh Error Check
10
Packet 13 Length
Packet 13 Example
<SI>130<SO>{LRC} (get app version) <SI>1311<SO>{LRC} (1200 baud, 7 bits, Even parity) <SI>1343<SO>{LRC} (9600 baud, 8 bits, No parity)
Table 7
Data Element
<SI> Packet type [application version string] <SO> {LRC}
Comments
Shift In, Value: 0Fh Value: 13 String containing the app version Shift Out, Value: 0Eh Error Check
Packet 13 Length
Packet 13 Example
<SI>001121<SP>100100100<SO>{LRC}
Table 8
Master Device
<SI>13[b][c]<SO>{LRC}
only if [b] = 0
ACK if LRC okay NAK if LRC incorrect EOT after 3 NAKs
11
The following packets initiate test or functions for Master Key Sessions (MS) and are only suitable for key management when the SC 5000 is configured for Master Session or MS + DUKPT. The SC 5000 rejects these packets sending an <EOT> if the PIN pad is configured for DUKPT. Table 9 Packet
02 04 08 Z62 71
???
12
The master device uses this packet to send a master key to the PIN pad.
To avoid overwriting existing master keys, it is required that Packet 04: Check Master Key is sent to check for valid master keys already present in a designated address prior to sending packet 02. Table 10 Packet 02 Format Characteristic
1H 2AN 1N 16H 1H 1H
Data Element
<SI> Packet type [n] [hhh...hh] <SO> {LRC}
Comments
Shift In, Value: 0Fh Value: 02 Master key address:
09
Packet 02 Length
Packet 02 Example
<SI>0200123456789ABCDEF<SO>{LRC}
This example packet requests that the PIN pad load the master key 0123456789ABCDEF into location 0. Table 11 Packet 02 Communication Protocol Transmit Direction PIN Pad
Master Device
<SI>02[n][hhhhhhhhhhhhhhhh]<SO>{LRC}
ACK if LRC and key echo okay NAK if LRC incorrect EOT after 3 NAKs EOT if LRC correct but key echo incorrect
PIN pad saves new master key only on receipt of ACK. EOT terminates entire session. EOT
13
The master device sends packet 04 to check if the PIN pad has a master key stored at a designated master key address. To avoid overwriting existing master keys, it is required that packet 04 is sent to check for valid master keys already present in a designated address prior to sending packet 02. Table 12 Packet 04 Format Characteristic
1H 2AN 1N 1H 1H
Data Element
<SI> Packet type [a] <SO> {LRC}
Comments
Shift In, Value: 0Fh Value: 04 Master key address:
09
Packet 04 Length
Packet 04 Examples
Request sample packet to check if the master key at address 5 is loaded:
<SI>045<SO>{LRC}
Table 13
Data Element
<SI> Packet type [r]
Comments
Shift In, Value: 0Fh Value: 04 Response Code: 0 = No MK at address [a] F = MK present at address [a]
<SO> {LRC}
1H 1H
14
Table 14
Master Device
<SI>04[a] <SO>{LRC}
EOT
The master device sends packet 08 to the PIN pad to select one of ten possible master keys (09). To request PIN entry, the master device should always send packet 08 before sending the following packets
70 Z60 Z62
The master key address must be in the range 09. If the master key address is out of range, the selected MK is not changed. If the master key address is valid, the SMK is set to the new master key location, regardless if the new location contains a master key.
NOTE
To ensure the presence of a valid master key, send Packet 04: Check Master Key before sending packet 08. Table 15 Packet 08 Format Characteristic
1H 2AN 1N 1A 1H 1H
Data Element
<SI> Packet type [a] [check presence flag] <SO> {LRC}
Comments
Shift In, Value: 0Fh Value: 08 Master key address: 0 9 Optional: C Shift Out, Value: 0Eh Error Check
15
Packet 08 Length
Packet 08 Example
Sample packet to select master key 7:
<SI>087<SO>{LRC}
Table 16
Data Element
<SI> Packet type [r]
Comments
Shift In, Value: 0Fh Value: 08 Response Code: 0 = No MK at address [a] F = MK present at address [a]
<SO> {LRC}
1H 1H
NOTE
Table 17
Master Device
<SI>08[a] <SO>{LRC}
16
Table 17
Master Device
ACK if LRC okay NAK if LRC incorrect EOT after 3 NAKs
EOT
Packet Z62 initiates the PIN pad to accept a PIN from a customer, build a PIN block, encrypt it (using single DES Master Session key), and return it to the master device. This packet also allows the master device to specify the length of the PIN and if a null PIN entry is allowed. It displays up to two messages, alternating with each other before PIN entry, and a message after PIN entry. The [message1] and [message2] fields can contain printable ASCII characters only. Control characters (00-1Fh) are ignored by the PIN pad. If the [message] fields are empty, they are also ignored by the PIN pad.
NOTE
During a Z62 session, only the receipt of packet 72 from the master device or pressing the CLEAR key ( ) on the PIN pad can cancel the session. On receipt of packet 72, the PIN pad sends EOT to terminate the session and displays CANCEL REQUESTED for 2 seconds (if turned on, otherwise returns to idle prompt). All other packets received during a 70 session are ignored (no response). When the CLEAR ( ) key on the PIN pad, the PIN pad stops the operation and sends EOT to master device to terminate the session, even if a PIN entry was started. If THE CANCEL REQUESTED prompt is enabled (through packet 72), the PIN pad displays the text for 2 seconds, then returns to the idle prompt. If the CANCEL REQUESTED is disabled, the idle prompt displays. To correct any entry from the keypad, use the BACKSPACE () key. Table 18 Packet Z62 Format Characteristic
1H 3AN 1A 8-19N 1H
Data Element
<STX> Packet type Packet Type Del. [aaa...aa] Field Separator
Comments
Start of Text, Value: 02h Value: Z62 Value: (.), 2Eh Card Account Number Value: 1Ch
17
Table 18
Data Element
[www...ww]
Comments
The working key is encrypted under the PIN pad master key. If zero filled, PIN pad active master key is used as the working key.
2N 2N 1
A
[bbb...bb] Field Separator [ccc...cc] Field Separator [ddd...dd] Field Separator <ETX> {LRC}
Message 1 (Message 1 and 2 will be displayed until the user presses a key) Value: 1Ch Message 2 Value: 1Ch Processing message to display after PIN entry Value: 1Ch End of Text, Value: 03h Error Check
On receipt of packet Z62, the PIN pad alternately displays the text for [message 1] and [message 2] until a PIN or null PIN is entered. A null PIN is generated by pressing the Enter key ( ). Only a PIN with a length range of 4 to 12 digits is accepted. Each PIN digit is echoed with an asterisk (*). As soon as the PIN entry is complete, a third message, PROCESSING MSG, displays.
18
On receipt of packet Z62, the PIN pad displays the text for [message 1] and [message 2] until a PIN is entered. No null PIN entry is allowed. Only a PIN with a length range of 6 to 8 digits is accepted. Each PIN digit is echoed with an asterisk (*). As soon as the PIN entry is complete, a third message, PROCESSING MSG, displays.
In response to the request for a PIN (packets 70, Z60, and Z62), the PIN pad encrypts the formatted clear-text PIN block and sends the cipher text PIN block to the master device (refer to VISA PIN Processing Specification, US Version 1.0). Table 19 Packet 71 Format Characteristic
1H 2AN 1A 1N 2N 2N
Data Element
<STX> Packet type Packet delimiter Function Key Indicator PIN Length PIN Block Format
Comments
Start of Text, Value: 02h Value: 71 Value: (.), 2Eh Value is 0, Function key feature not implemented Range: 00, 04 12 Value: 01 Format of PIN block prior to encryption.
PIN Block
16AN
64-bit encrypted PIN block represented as 16 hex digits. Length is 0 if null PIN entered. End of Text, Value: 03h Error Check
<ETX> {LRC}
1H 1H
Packet 71 Length
Packet 71 Examples
<STX>71.000010123456789123456<ETX>{LRC} <STX>71.00001<ETX>{LRC} <-- NULL entry
Table 20
Master Device
<STX>Z62.[aaaaaaaaaaaaaaaaaaa]<FS> [wwwwwwwwwwwwwwww][ll][hh][n] [bbbbbbbbbbbbbbbb]<FS>[cccccccccccccc] <FS>[ddddddddddddddd]<ETX>{LRC}
19
Table 20
Master Device
Display
[dddddddddddddddd]
repeatedly
Packet 72 is the only packet which can be used to cancel or abort the session after initiating PIN entry mode (packets 70, Z60, and Z62). After the PIN pad receives packet 72, EOT will be sent back to terminate the session. If packet 72 is received and the PIN pad is not in the PIN/data entry mode, ACK will be sent back as in normal condition. All other packets will be ignored (no response) when received during pin/data entry session. Packet 72 returns the PIN-Pad's display to the default idle prompt (set by Z8). Table 21 Packet 72 Format Characteristic
1H 2AN 1H 1H
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: 72 End of Text, Value: 03h Error Check
Packet 72 Length
Packet 72 Examples
<STX>72<ETX>{LRC}
Table 22
Master Device
<STX>72<ETX>{LRC}
20
Custom Specifications
The master device must be able to send to the PIN pad special prompts and data entry requirements for customizing the PIN pad. Under control of the master device, the PIN pad can:
display a single message, display rotating messages (in approximately 3 second intervals), and request a single keystroke entry from the customer.
The following custom packets were designed according to specific application requirements: Table 23 Packet
Z2 Z8
21
This packet presents messages to the PIN pad display (up to 32 bytes). These messages can only consist of ASCII printable characters. Control characters (00-1Fh) are ignored. Table 24 Packet Z2 Format Characteristic
1H 2AN 1H 0-32AN 1H 1H
Data Element
<STX> Packet type <SUB> [sss...ss] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: Z2 1Ah, Optional (clear display) Message: ASCII string End of Text, Value: 03h Error Check
Packet Z2 Length
Packet Z2 Examples
<STX>Z2THX<ETX>{LRC}
Directs the PIN pad to add the message THX to the end of the currently displayed message.
<STX>Z2<SUB>PLZ SLIDE CARD<ETX>{LRC}
Directs the PIN pad to clear the current display, then display the message PLZ SLIDE CARD. Table 25 Packet Z2 Communication Protocol Transmit Direction PIN Pad
Master Device
<STX>Z2<SUB>[sssssssssssssss]<ETX>{LRC}
22
Packet Z8 sets the idle prompt in the PIN pad. Sending a null string resets the idle prompt to the default setting. Table 26 Packet Z8 Format Characteristic
1H 2AN 0-32AN 1H 1H
Data Element
<STX> Packet type [ppp...pp] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: Z8 Message: ASCII string End of Text, Value: 03h Error Check
Packet Z8 Length
Packet Z8 Examples
Reset the idle prompt:
<STX>Z8<ETX>{LRC}
Table 27
Master Device
<STX>Z8[pppppppppppppppp]<ETX>{LRC}
23
24
CHAPTER 3
Magnetic Card Reader Specifications
The SC 5000 magnetic (mag) card reader allows customers to slide mag stripe cards to enter account information without ever releasing their card. Table 28 Packet
Q4 81
On power up, the PIN pad mag card reader defaults to the disabled state. The master device can use packet Q4 to toggle the PIN pad card reader between its enabled/disabled state. Packet Q4 tells the PIN pad to allow or not allow data entry from its cardreader.
Table 29
Data Element
<STX> Packet type Card reader status
Comments
Start of Text, Value: 02h Value: Q4 Range:
0 = Activate 1 = Deactivate
<ETX> {LRC}
1H 1H
Packet Q4 Length
Packet Q4 Examples
Activates the PIN pad mag card reader:
<STX>Q40<ETX>{LRC}
25
Table 30
Master Device
<STX>Q4[f]<ETX>{LRC}
Packet 81 sends the card information obtained from the PIN pad card reader to the master device. The track data order in Table 31 was adopted for compatibility with existing applications. Table 31 Packet 81 Format Characteristic
1H 2AN 1A 0-40N
Data Element
<STX> Packet type Message type delimiter [track2 data]
Comments
Start of Text, Value: 02h Value: 81 Value: (.),2Eh Card image information (track 2) or * (0x2A), meaning that an ICC card was inserted. Value: 1Ch Card image information (track 1) Value: 1Ch Card image information (track 3) End of Text, Value: 03h Error Check
Field Separator [track1 data] Field Separator [track3 data] <ETX> {LRC}
1H 0-79AN 1H 0-107N 1H 1H
Packet 81 Length
PAcket 81 Example
<STX>81.0123456789012345678901234567890123456789<FS><FS><FS><ETX>{LRC}
Table 32
Master Device
26
Table 32
Master Device
To optimize the communication between the master device and the PIN pad, packet 81 has the capability to signal that an ICC card was inserted to the primary ICC reader. In this case the response is:
<STX>81.*<ETX>{LRC}
27
28
CHAPTER 4
ICC Reader Specifications
The SC 5000 ICC reader allows customers to insert smart cards and perform read/write and security functions associated with the card Table 33 Packet
I02 I05
Packet 102 makes the SC 5000 wait for removal of the customer ICC from the reader. Packet 102 is only valid for the primary ICC reader. This request can be cancelled at any time with packet 72. Table 34 Packet 102 Format Characteristic
1H 3AN 1H 1H
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: I02 End of Text, Value: 03h Error Check
Table 35
Data Element
<STX> Packet type [status]
Comments
Start of Text, Value: 02h Value: I02 Operation status:
0 = Success 1 = Invalid parameter
<ETX> {LRC}
1H 1H
29
Table 36
Master Device
<STX>I02<ETX>{LRC}
Packet 105 forces the SC 5000 to check for the physical presence of an ICC in one of its readers. Table 37 Packet 105 Format Characteristic
1H 3AN 1N 1H 1H
Data Element
<STX> Packet type [reader] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: I05 Reader number: 0-4 0 = primary End of Text, Value: 03h Error Check
30
Comments
Start of Text, Value: 02h Value: I05 Result:
0 = no card inserted 1 = ICC inserted
<ETX> {LRC}
1H 1H
Table 39
Master Device
<STX>I05[reader]<ETX>{LRC}
31
32
CHAPTER 5
EMV Services
Figure 1 outlines a typical EMV transaction.
ICC INSERTED MS CARD SWIPE
SELECT APPLICATION
FAILED
GOOD MS
DATA AUTHENTICATION
STOP
CARD RANGING
AMOUNT ENTRY
PROCESSING RESTRICTIONS
TERMINAL-TO-HOST PROTOCOL
ONLINE?
N TRANSACTION COMPLETED
Figure 1
33
Transaction Tasks
1 Transaction initialization (not shown in Figure 1). 2 Chip card inserted or magnetic card swiped. 3 Application is selected. 4 Read application data from card. 5 Data authenticated. 6 Fallback procedures enacted. 7 Card ranging. 8 Total transaction amount entered. 9 Processing restrictions checked. 10 EMV or MS terminal risk management assessed. 11 Cardholder verified. 12 Terminal action analysis completed. 13 Card generated first cryptogram. 14 Terminal-to-host protocol verified. 15 Issuer authenticated. 16 Script processed. 17 Card generated second cryptogram. 18 Transaction completed.
The messages listed in this section are the main commands required to facilitate the transactions described above. The objective of these commands is to minimize the communication steps between the master device and the PIN pad, so each message performs as many steps of the whole transaction as possible: Table 40 Packet
C00 C01 C02 C03 C04 C22 C23 C25
34
In the following table, the transaction tasks are associated with the appropriate communication packet.
Transaction initialization (not shown in
Figure 1)
Chip card inserted or magnetic card
Wait for card and select application (C00). Wait for card and select application (C00). Wait for card and select application (C00). Terminal application, plus add amount, process AFL and authenticate (C01). Add amount, process AFL, and authenticate (C01). Add amount, process AFL, and authenticate (C01). Magnetic Card messages (Q4, 81) Check fallback (C22). Terminal application. Risk management (C02). Risk management (C02). Risk management (C02). Get card certificate (C03). Get card certificate (C03). Terminal application. Terminal application. Transaction complete (C04). Transaction complete (C04/C25). Transaction complete (C04). Transaction complete (C04).
swiped
Select application Amount entry
Read application data from card Data authentication Mag card swipe (MS) Fallback procedures Card ranging Processing restrictions EMV terminal risk management Cardholder verification Terminal action analysis Card generates first cryptogram MS terminal risk management Terminal-to-host protocol Issuer authentication Script processing Second cryptogram Transaction completed
In addition to the primary commands listed in Primary EMV Communication Packets, the packets listed in Table 41 enable host-specific or customized services. Most of these are a part or individual steps of the commands listed in Primary EMV Communication Packets. Table 41 Packet
C05 C06 C07 C08 C09 C10 C11 C12
35
Table 41 Packet
C13 C14 C15 C16 C17 C18 C19 C20 C21 C23 C24
The following table associates tasks with the appropriate communication packet.
Transaction initialization (not
Wait for card and select application (C00) Wait for card and select application (C00) Wait for card and select application (C00) Terminal application, plus add amount and process AFL (C05) Add amount and process AFL (C05) Card data authentication (C06) Magnetic card messages (Q4, 81) Check fallback (C22) Terminal application Process restrictions (C09) Terminal risk management (C10) Cardholder verification (C08) Terminal application Get card certificate (C03) Terminal application Terminal application Authenticate issuer (C11) Process issuer scripts (C12/C25) Get card second certificate (C24)
shown in Figure 1)
ICC inserted Select application Amount entry Read application data from card Data authentication MS card swiped Fallback procedures Card ranging Processing restrictions EMV terminal risk management Cardholder verification Terminal action analysis Card generates first cryptogram MS terminal risk management Terminal-to-host protocol Issuer authentication Script processing Second cryptogram Transaction completed
All C XX response packets contain a 2-digit response code (after the CXX identification) that reflects the result of the operation related to the packet. Table 42 lists these codes.
36
Comments
04
05 06 07 08 09 10 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
INVALID_CONFIG TIMEOUT TIMER_ERROR CANCELLED COMM_FAILURE CHIP_RDR_FAILURE USE_CHIP_READER USE_MAG_STRIPE CHIP_ERROR CARD_REMOVED CARD_BLOCKED CARD_NOT_SUPPORTED INVALID_APP DO_ABSENT DO_REPEAT INVALID_PIN PIN_LAST_CHANCE PIN_RETRYLIMIT TLVCOLLECTION_FULL TLVFORMAT INVALID_PDOL INVALID_CDOL INVALID_TDOL INVALID_DDOL INVALID_SDOL AID_LIST_FULL PSE_NOT_FOUND ICC_DATA_MISSING CANDIDATELIST_EMPTY
SC 5000 EMV APPLICATION ARCHITECTURE AND INTERFACE GUIDE
37
Comments
Some return codes are not expected to be received under normal conditions (for example, 97 and 98). It is possible that these packets may be sent in any unpredictable situation. In this case, a negative number can follow the response code. Report negative-number response codes when requiring support from the VeriFone Helpdesk.
ICC insertion and removal events are signaled by the SC 5000 EMV application to the master device. To allow this, unsolicited packets must be enabled through EMVG_DNF.DAT. It is also possible to display CARD INSERTED or CARD REMOVED, according to the event, if configured in the MVT.DAT table. If these features are enabled, C00 begins card status detection. If the card is inserted before issuing C00, the event is not detected. After the card is removed or C23 is issued, card status detection is turned off. Unsolicited packets do not substitute any CXX response, so receipt of C99 and then a CXX answer is normal (see Packet C99: Unsolicited Packet).
This command takes the internal data base configuration data from the SC 5000, which is not specific to any particular card, and puts it in the data object collection (DOC). It also obtains the date and time and puts them in the DOC. This command must be called at the start of every transaction. This command also checks for ICC presence and establishes communication with an EMV card. The C00 command:
Switches the card on, attempts to read the ATR, and decides whether to use the T=0 or T=1 protocol. It sets the appropriate parameters required for terminal-to-card communication, and tests the ATR for conformance with the EMV 96, 3.1.1, Card Spec., Part I, 4. Looks for a PSE file on the card. If found, it makes the selection according to implicit selection rules. Otherwise, it uses explicit selection (EMV 96, ICC Spec., Part III). C00 uses the list of supported applications present in the SC 5000 internal data base. Performs application selection. Packet C00 Format Characteristic
1H 3AN 3N 2N 6N 6N
Table 43
Data Element
<STX> Packet type [timeout] Terminal Record Date Time
Comments
Start of Text, Value: 02h Value: C00 Time to wait for card insertion in seconds Terminal DB record number to be used. Current date in YYMMDD format. Current time in HHMMSS format
39
Table 43
Data Element
<ETX> {LRC}
Comments
End of Text, Value: 03h Error Check
Table 44
Data Element
<STX> Packet type [response] [AID len] [AID] [Pref Name len] [Pref Name] [App Label len] [App Label] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C00 According to Table 42 Tag 4F length (= n) Tag 4F (ASCII representation of hex) Tag 9F12 length (= n) Tag 9F12 (ASCII representation of hex) Tag 50 length (= n) Tag 50 (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 45
Master Device
<STX>C00[timeout][term rec][date][time]<ETX>{LRC}
40
Table 45
Master Device
Adds the transaction amounts authorized and cash back TLV data objects to the DOC. Tries to initialize the application selected at C00. In case of failure, C01 allows the user to select another application (if available). In this case, the three C00 return fields are replaced by three new fields at C01 response. If the initialized application is the one selected at C00, the first three C01 fields return empty. Performs get processing options and obtains the AFL and other data objects, which are placed in the DOC. If the selected application is Easy Entry (as defined in VIS 1.3), the Easy Entry condition value returns. Takes the AFL from the DOC and uses it to locate files associated with the selected card application. C01 reads all appropriate records from these files, extracts the data, and places it in the DOC. C01 then counts the mandatory data objects and ensures that a data object does not occur more than once. Builds up the concatenated static data required for static data authentication (SDA), as appropriate. (See EMV 96, Application Spec., 7.2.) Takes the relevant cryptographic data from the DOC and uses it to perform either SDA or dynamic data authentication (DDA), as required (according to EMV 96, ICC spec., Part IV, 1. & 2). And takes the relevant CA public key from the appropriate config file described in the Appendix. Checks the issuer public key certificate serial number against a list of revoked serial numbers maintained in the internal data base. It adjusts the values of the TVR and TSI in the DOC as appropriate. If the card does not support SDA or DDA, C01 returns SUCCESS and does nothing. Packet C01 Format Characteristic
1H 3AN 1N 12N
Table 46
Data Element
<STX> Packet type [transaction type] [amount]
Comments
Start of Text, Value: 02h Value: C01 0 = credit 1 = debit Transaction amount (maximum 12 digits)
41
Table 46
Data Element
[cash back amount] [currency code] <ETX> {LRC}
Comments
Transaction cash back amount (maximum 12 digits) Optional. Substitutes Tag 5F2A at the collection. End of Text, Value: 03h Error Check
Table 47
Data Element
<STX> Packet type [response] [AID len] [AID]
Comments
Start of Text, Value: 02h Value: C01 According to Table 42 Tag 4F length (= n) Tag 4F (ASCII representation of hex). This field returns empty if the initialized application is the same as selected in C00.
3N nH (2nAN)
Tag 9F12 length (= n) Tag 9F12 (ASCII representation of hex). This field returns empty if the initialized application is the same as selected in C00.
3N nH (2nAN)
Tag 50 length (= n) Tag 50 (ASCII representation of hex). This field returns empty if the initialized application is the same as selected in C00.
[Serv Code len] [Serv Code] [CHolder Name len] [CHolder Name] [Track 2 Eq len] [Track 2 Eq] [PAN len] 42
Tag 5F30 length (= n) Tag 5F30 (ASCII representation of hex) Tag 5F20 length (= n) Tag 5F20 (ASCII representation of hex) Tag 57 length (= n) Tag 57 (ASCII representation of hex) Tag 5A length (= n)
Table 47
Data Element
[PAN] [Exp Date len] [Exp Date] [PAN Seq len] [PAN Seq] [authentication status]
Comments
Tag 5A (ASCII representation of hex) Tag 5F24 length (= n) Tag 5F24 (ASCII representation of hex) Tag 5F34 length (= n) Tag 5F34 (ASCII representation of hex)
0 = success 1 = CAPK not found 2 = CAPK check sum failure 3 = CAPK check sum absent 4 = SDA failed 5 = DDA failed
<ETX> {LRC}
1H 1H
Table 48
Master Device
<STX>C01[tran type][amount][cash back amount]<ETX>{LRC}
43
Based on the card ranging performed by the terminal application (so that the application knows the issuer and the acquirer), packet C02 collects all configuration data required to perform a particular transaction (in addition data already collected when C00 is sent). It does this by looking through the SC 5000 internal card scheme, general EMV data, and issuer and acquirer tables. Packet C02:
Takes the relevant data from the DOC (which must include the transaction amount) and uses it to perform both the processing restrictions and the terminal risk management procedures (according to EMV 96, Application Spec., 7.4. & 7.6). Adjusts the values of the TVR and TSI in the DOC as appropriate. If the card does not support terminal risk management, this part of the function is not performed and the TRM Performed bit is not set in the TSI. Packet C02 must be called after amount is entered. Takes the relevant data from the DOC (mainly the CVM list) and performs cardholder verification (according to EMV 96, Application Spec., 7.5. & 7.6). Adjusts the values of the TVR and TSI in the DOC as appropriate. If the card does not support cardholder verification, the Cardholder Verification Performed bit is not set in the TSI. Packet C02 Format Characteristic
1H 3AN 4N 4N 1H 1H
Table 49
Data Element
<STX> Packet type [issuer number] [acquirer number] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C02 Issuer index to the internal tables
0 indicates no reference
Table 50
Data Element
<STX> Packet type [response]
Comments
Start of Text, Value: 02h Value: C02 According to Table 42
44
Table 50
Data Element
[signature flag]
Comments
0 = signature not required 1 = signature required 2 = online PIN required
3N nH (2nAN) 3N nH (2nAN) 1H 1H
Tag 95 length (= n) Tag 95 (ASCII representation of hex) Tag 9B length (= n) Tag 9B (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 51
Master Device
<STX>C02[issuer number][acquirer number]<ETX>{LRC}
Packet C03:
Performs terminal action analysis (see EMV 96, Application Spec., 7.7) to decide what kind of certificate to request. It takes CDOL1 from the DOC, together with the TDOL, where necessary. Can take the default TDOL from the configuration data. Packet C03 uses these data objects to assemble the data string required to perform the generate application cryptogram procedure (according to EMV 96, ICC Spec., Part II, 2.4.5 and EMV 96, Application Spec., 8.
45
Adjusts the values of the TVR and TSI in the DOC, as appropriate. It puts the card-generated 8-byte cryptogram (tag 9F26) in the DOC, along with the cryptogram information data (CID, tag 9F27), the issuer application data (tag 9F10), and the application transaction counter (ATC, tag 9F36). The application must inspect the CID to decide how to proceed with the transaction (see EMV 96, ICC Spec., Part II, 2.4.5.4 & EMV 96, Terminal Spec., Part I, 2.2.7). Packet C03 Format Characteristic
1H 3AN 1N
Table 52
Data Element
<STX> Packet type [terminal decision]
Comments
Start of Text, Value: 02h Value: C03 Enables the application to force the transaction online or force a decline. May be because merchant is suspicious or because application must force a particular transaction online (for example, 1 in N checking). Possible values:
0 = no decision 1 = FORCED_ONLINE 2 = FORCED_DECLINE
<ETX> {LRC}
1H 1H
Table 53
Data Element
<STX> Packet type [response] [CID len] [CID] [Auth Resp len] [Auth Resp] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C03 According to Table 42 Tag 9F27 length (= n) Tag 9F27 (ASCII representation of hex) Tag 8A length (= n) Tag 8A End of Text, Value: 03h Error Check
46
Table 54
Master Device
<STX>C03[terminal decision]<ETX>{LRC}
Packet C04 takes the data returned by the host after a transaction has gone online and uses the data to perform all necessary steps to complete the transaction (as far as the card is concerned). This always involves performing the second generate AC and can also involve issuer authentication and issuer script processing (EMV 96, Application Spec., 7.9 & 7.10), depending on the data returned by the host and which processes are supported by the card. It adjusts the values of the TVR and TSI in the DOP, as appropriate. The application must inspect the CID to decide how to complete the transaction. It is assumed that all scripts returned by the host will have been written (in binary format) to the files SCRIPT71.DAT (for the type 71 scripts) and SCRIPT72.DAT (for the type 72 scripts). In each file the scripts are simply written sequentially with no separators. Table 55 Packet C04 Format Characteristic
1H 3AN
Data Element
<STX> Packet type
Comments
Start of Text, Value: 02h Value: C04
47
Table 55
Data Element
[host decision]
Comments
Possible values:
0 = HOST_AUTHORISED 1 = HOST_DECLINED 2 = FAILED_TO_CONNECT 3 = REFERRAL_AUTHORIS 4 = REFERRAL_DECLINE
<ETX> {LRC}
1H 1H
Table 56
Data Element
<STX> Packet type [response] [CID len] [CID] [Auth Resp len] [Auth Resp] [scripts processed] [script 1 results] ... [script n results] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C04 According to Table 42 Tag 9F27 length (= n) Tag 9F27 (ASCII representation of hex) Tag 8A length (= n) Tag 8A Number of scripts processed Results obtained on script 1 processing (ASCII representation of hex) ... Results obtained on script n processing (ASCII representation of hex) End of Text, Value: 03h Error Check
48
Table 57
Master Device
<STX>C04[host decision]<ETX>{LRC}
Packet C05:
Adds the transaction amounts, authorized and cash back TLV data objects, to the DOC. Takes the AFL from the DOC and uses it to locate the files associated with the selected card application. Reads all appropriate records from these files, extracts the data, and puts the data in the DOC. Packet C01 then counts the mandatory data objects and ensures that a data object does not occur more than once. Builds up the concatenated static data required for SDA, where appropriate (see EMV 96, Application Spec., 7.2). Packet C05 Format Characteristic
1H 3AN 1N 12N 12N 1H 1H
Table 58
Data Element
<STX> Packet type [transaction type] [amount] [cash back amount] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C05
0 = credit 1 = debit
Transaction amount (maximum 12 digits) Transaction cash back amount (maximum 12 digits) End of Text, Value: 03h Error Check
49
Comments
Start of Text, Value: 02h Value: C05 According to Table 42 End of Text, Value: 03h Error Check
Table 60
Master Device
<STX> C05[tran type][amount][cash back amount]<ETX>{LRC}
Packet C06:
Takes the relevant cryptographic data from the DOC and uses it to perform either SDA or DDA, as required (according to EMV 96, ICC Spec., Part IV, 1. & 2). Takes the relevant CA public key from the appropriate config. file described in the Appendix. Checks the issuer public key certificate serial number against the list of revoked serial numbers maintained in the internal data base. Adjusts the values of the TVR and TSI in the DOC, as appropriate.
50
If the card does not support SDA or DDA this function returns SUCCESS and does nothing. Table 61 Packet C06 Format Characteristic
1H 3AN 1H 1H
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C06 End of Text, Value: 03h Error Check
Table 62
Data Element
<STX> Packet type [response] [authentication status]
Comments
Start of Text, Value: 02h Value: C06 According to Table 42
0 = success 1 = CAPK not found 2 = CAPK check sum failure 3 = CAPK check sum absent 4 = SDA failed 5 = DDA failed
<ETX> {LRC}
1H 1H
51
Table 63
Master Device
<STX>C06<ETX>{LRC}
Packet C07 collects all configuration data required to perform a particular transaction (in addition to that already collected when C00 is sent) based on the card ranging performed by the terminal application (so that the application knows the issuer and the acquirer). It does this by looking through the SC 5000 internal card scheme, general EMV data, issuer and acquirer tables. Table 64 Packet C07 Format Characteristic
1H 3AN 4N 4N 1H 1H
Data Element
<STX> Packet type [issuer number] [acquirer number] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C07 Issuer index to the internal tables Acquirer index to the internal tables End of Text, Value: 03h Error Check
Table 65
Data Element
<STX> Packet type [response] <ETX> {LRC} 52
Comments
Start of Text, Value: 02h Value: C07 According to Table 42 End of Text, Value: 03h Error Check
Table 66
Master Device
<STX>C07[issuer number][acquirer number]<ETX>{LRC}
Packet C08:
Takes the relevant data from the DOC (mainly the CVM list) and performs cardholder verification (according to EMV 96, Application Spec., 7.5. & 7.6). Adjusts the values of the TVR and TSI in the DOC, as appropriate.
If the card does not support cardholder verification, packet C08 returns SUCCESS and does nothing, the Cardholder Verification Performed bit is not set in the TSI. If online PIN verification is required, the online PIN entry function is called. If online PIN is not supported, the pointer to this function should be set to NULL. Table 67 Packet C08 Format Characteristic
1H 3AN 1H 1H
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C08 End of Text, Value: 03h Error Check
53
Table 68
Data Element
<STX> Packet type [response] [signature flag]
Comments
Start of Text, Value: 02h Value: C08 According to Table 42
0 = signature not required 1 = signature required 2 = online PIN required
<ETX> {LRC}
1H 1H
Table 69
Master Device
<STX>C08<ETX>{LRC}
Packet C09:
Takes relevant data from the DOC and uses it to perform processing restrictions (according to EMV 96, Application Spec., 7.4). Adjusts the value of the TVR in the DOC, as appropriate.
54
Table 70
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C09 End of Text, Value: 03h Error Check
Table 71
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C09 According to Table 42 End of Text, Value: 03h Error Check
Table 72
Master Device
<STX>C09<ETX>{LRC}
55
Packet C10:
Takes relevant data from the DOC and uses it to perform terminal risk management (according to EMV 96, Application Spec., 7.6). Adjusts the values of the TVR and the TSI in the DOC, as appropriate. Must be called after amount is entered. Packet C10 Format Characteristic
1H 3AN 1H 1H
Table 73
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C10 End of Text, Value: 03h Error Check
Table 74
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C10 According to Table 42 End of Text, Value: 03h Error Check
Table 75
Master Device
<STX>C10<ETX>{LRC}
56
Table 75
Master Device
Packet C11:
Takes the issuer authentication data the application received from the host after going online and performs issuer authentication (as described in EMV 96, Application Spec. 7.9). Adjusts the values of the TVR and the TSI in the DOC, as appropriate.
If issuer authentication is not supported, the function returns SUCCESS and does nothing. It is assumed that the issuer authentication data (tag 91) is in the DOC. Table 76 Packet C11 Format Characteristic
1H 3AN 1H 1H
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C11 End of Text, Value: 03h Error Check
Table 77
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C11 According to Table 42 End of Text, Value: 03h Error Check
57
Table 78
Master Device
<STX>C11<ETX>{LRC}
Packet C12 takes an issuer script received from the host and sends it to the card (as described in EMV 96, Application Spec. 7.10).
It is the responsibility of the application developer to ensure that the script is sent to the card at the correct point in the transaction (before or after the second generate AC) and that the TVR and TSI are adjusted as appropriate. Table 79 Packet C12 Format Characteristic
1H 3AN 2N 1H 1H
Data Element
<STX> Packet type [Script Type] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C12 71 or 72 End of Text, Value: 03h Error Check
58
Table 80
Data Elements
<STX> Packet type [response] [scripts processed] [script 1 results] ... [script n results] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C12 According to Table 42 Number of scripts processed Results obtained on script 1 processing (ASCII representation of hex) ... Results obtained on script n processing (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 81
Master Device
<STX>C12[script type]<ETX>{LRC}
MasterCard Europe (previously known as Europay) mandates requirements for EMV cards in addition to those of the EMV specification. A card whose AID value indicates that it is issued by MasterCard Europe or MasterCard is normally subject to these requirements that is, it is rejected if it does not meet MasterCard Europes requirements, even if it meets all EMV requirements. Packet C13:
59
Performs all additional card data checks required by MasterCard Europe if the cards AID indicates it is a MasterCard Europe card Tests for additional mandatory data objects. Validates track 2 equivalent data. Compares the second terminal application version number.
Call packet C13 after EMV processing restrictions and terminal risk management. Table 82 Packet C13 Format Characteristic
1H 3AN 1H 1H
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C13 End of Text, Value: 03h Error Check
Table 83
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C13 According to Table 42 End of Text, Value: 03h Error Check
60
Table 84
Master Device
<STX>C13<ETX>{LRC}
Packet C14 obtains the appropriate CA public key modulus and exponent required for SDA or DDA. It does this by opening the relevant CAPK configuration file and extracting the key + exponent in binary form. This function must be called if the application is using an SDA or DDA module different from the one provided in the VeriFone Tool Kit. Table 85 Packet C14 Format Characteristic
1H 3AN 5H (10AN) 1H (2AN) 1H 1H
Data Element
<STX> Packet type [RID] [CAPK Index] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C14 Registered application ID (ASCII representation of hex) Certification authority public key index (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 86
Data Element
<STX> Packet type [response]
Comments
Start of Text, Value: 02h Value: C14 According to Table 42
61
Table 86
Data Element
[CAPK Modulus len] CAPK Modulus [CAPK Exponent len] CAPK Exponent <ETX> {LRC}
Comments
CAPK modulus length (= n) CAPK modulus (ASCII representation of hex) CAPK exponent length (= 2m) CAPK exponent (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 87
Master Device
<STX>C14[RID][CAPK Index]<ETX>{LRC}
Packet C15 sets the default DDOL directly. This is for situations where the configuration data handling mechanism provided by the EMV Tool Kit is not appropriate. Table 88 Packet C15 Format Characteristic
1H 3AN 3N nH (2nAN)
Data Element
<STX> Packet type [DDOL len] [DDOL] 62
Comments
Start of Text, Value: 02h Value: C15 DDOL length (= n)(= n) DDOL (ASCII representation of hex)
Table 88
Data Element
<ETX> {LRC}
Comments
End of Text, Value: 03h Error Check
Table 89
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C15 According to Table 42 End of Text, Value: 03h Error Check
Table 90
Master Device
<STX>C15[DDOL len][DDOL]<ETX>{LRC}
63
Packet C16 sets the default TDOL directly. This for situations where the configuration data handling mechanism provided by the EMV Tool Kit is not appropriate. Table 91 Packet C16 Format Characteristic
1H 3AN 3N nH (2nAN) 1H 1H
Data Element
<STX> Packet type [TDOL len] [TDOL] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C16 TDOL length (= n)(= n) TDOL (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 92
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C16 According to Table 42 End of Text, Value: 03h Error Check
Table 93
Master Device
<STX>C16[TDOL len][TDOL]<ETX>{LRC}
64
Table 93
Master Device
Packet C17 sets the TACs directly. This is for situations where the configuration data handling mechanism provided by the EMV Tool Kit is not appropriate. Table 94 Packet C17 Format Characteristic
1H 3AN 5H (10AN) 5H (10AN) 5H (10AN) 1H 1H
Data Element
<STX> Packet type [TAC Decline] [TAC Online] [TAC Default] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C17 TAC decline (ASCII representation of hex) TAC online (ASCII representation of hex) TAC default (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 95
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C17 According to Table 42 End of Text, Value: 03h Error Check
65
Table 96
Master Device
<STX>C17[TAC Decline][TAC Online][TAC Default]<ETX>{LRC}
Packet C18 sets the parameters for random online selection directly. This is for situations where the configuration data handling mechanism provided by the EMV Tool Kit is not appropriate. Table 97 Packet C18 Format Characteristic
1H 3AN 18N 18N 6N 6N 1H 1H
Data Element
<STX> Packet type [Floor Limit] [RS Threshold] [RS Target] [RS Max] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C18 Floor Limit (in cents) RS Threshold (in cents) RS Target percentage (3 decimals) RS Max percentage (3 decimals) End of Text, Value: 03h Error Check
Table 98
Data Element
<STX> Packet type 66
Comments
Start of Text, Value: 02h Value: C18
Table 98
Data Element
[response] <ETX> {LRC}
Comments
According to Table 42 End of Text, Value: 03h Error Check
Table 99
Master Device
<STX>C18[Floor Limit][RS Threshold][RS Target][RS Max]<ETX>{LRC}
Packet C19 is required when an application must add a tagged EMV data object in the data object collection (DOC) or to add a new data object to the DOC. Table 100 Packet C19 Format Characteristic
1H 3AN 2H (4AN) 3N nH (2nAN) 1H 1H
Data Element
<STX> Packet type [Tag] [Len] [Data] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C19 Tag name (ASCII representation of hex) Data length (= n)(= n) Data (ASCII representation of hex) End of Text, Value: 03h Error Check
67
MIN: 15 characters
Table 101
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C19 According to Table 42 End of Text, Value: 03h Error Check
Table 102
Master Device
<STX>C19[Tag][Len][Data]<ETX>{LRC}
Packet C20 is required when an application must obtain a tagged EMV data object in the DOC or to add a new data object to the DOC. Since someone may need to retrieve a set of tags, several tags may be required by the same packet. In this case, the response may be bigger than the 512-byte limit for a response packet, and the PIN pad needs to send additional response packets to perform the task. This situation can be recognized by a [response] = 03, indicating additional response packets are being transmitted.
68
The response packet(s) contain all tags required in the same order as asked for. If some tags required do not exist in the DOC, their length is set to zero. Table 103 Packet C20 Format Characteristic
1H 3AN 2N 2H (4AN) 2H (4AN) ... 2H (4AN) 1H 1H
Data Element
<STX> Packet type [number of Tags] [Tag 1] [Tag 2] ... [Tag n] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C20 Total tags required (n).
MAX = 10.
First tag required (ASCII representation of hex) Second tag required (ASCII representation of hex) ... nth tag required (ASCII representation of hex) End of Text, Value: 03h Error Check
Table 104
Data Element
<STX> Packet type [response] [Len 1] [Data 1] [Len 2] [Data 2] ... [Len n] [Data n] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C20 According to Table 42 First required tag data length (= n)(= n) First required tag data (ASCII representation of hex) Second required tag data length (= n)(= n) Second required tag data (ASCII representation of hex) ... nth required tag data length (= n)(= n) nth required tag data (ASCII representation of hex) End of Text, Value: 03h Error Check
69
Table 105
Master Device
<STX>C20[number of Tags][Tag 1]... [Tag n]<ETX>{LRC}
(optional)
ACK if LRC okay NAK if LRC incorrect EOT after 3 NAKs
<STX>C20RR...[Len n][Data n]<ETX>{LRC}
Packet C21 is required when an application needs to update a tagged EMV data object in the DOC or to add a new data object to the DOC. Table 106 Packet C21 Format Characteristic
1H 3AN 2N 2H (4AN) 3N nH (2nAN) ... 2H (4AN) 3N nH (2nAN)
Data Element
<STX> Packet type [number of Tags] [Tag 1] [Len 1] [Data 1] ... [Tag m] [Len m] [Data m]
Comments
Start of Text, Value: 02h Value: C21 Total tags required (m).
MAX = 10.
Tag name (ASCII representation of hex) Data length (= n) Data (ASCII representation of hex) ... Tag name (ASCII representation of hex) Data length (= n) Data (ASCII representation of hex)
70
Table 106
Data Element
<ETX> {LRC}
Comments
End of Text, Value: 03h Error Check
Table 107
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C21 According to Table 42 End of Text, Value: 03h Error Check
Table 108
Master Device
<STX>C21[Tag][Len][Data]<ETX>{LRC}
71
When a magnetic stripe card is read, packet C22 must be issued to verify that the card is EMV and has a chip. This is done through the service code on the stripe. If this is the case, the magnetic stripe transaction is only allowed if the last ICC read failed. This is done internally by the EMV application. The following are possible scenarios:
If does not contain an EMV chip, continue the MS transaction. If it does contain an EMV chip and the last ICC read failed, continue the MS transaction. If it does contain an EMV chip and the last ICC read did not fail, display a message and return the appropriate response code. Packet C22 Format Characteristic
1H 3AN 3N 1H 1H
Table 109
Data Element
<STX> Packet type [service code] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C22 Magnetic stripe service code End of Text, Value: 03h Error Check
Table 110
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C22 According to Table 42 End of Text, Value: 03h Error Check
72
Table 111
Master Device
<STX>C22[service code]<ETX>{LRC}
Packet C23:
Resets all the parameters for that transaction. Cleans all the TLV data objects at the DOC. Packet C23 Format Characteristic
1H 3AN 1H 1H
Table 112
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C23 End of Text, Value: 03h Error Check
Table 113
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C23 According to Table 42 End of Text, Value: 03h Error Check
73
Table 114
Master Device
<STX>C23<ETX>{LRC}
Packet C24:
Performs the second generate AC operation. Puts the card-generated 8-byte cryptogram (tag 9F26) in the DOC along with the cryptogram information data (CID, tag 9F27), the issuer application data (tag 9F10,) and the application transaction counter (ATC, tag 9F36).
The application must inspect the CID to decide how to proceed with the transaction (see EMV 96, ICC spec., Part II, 2.4.5.4 & EMV 96, Terminal spec., Part I, 2.2.7). Table 115 Packet C24 Format Characteristic
1H 3AN 1N
Data Element
<STX> Packet type [host decision]
Comments
Start of Text, Value: 02h Value: C24 Host decision. Possible values:
0 = HOST_AUTHORISED 1 = HOST_DECLINED 2 = FAIL_TO_CONNECT 3 = REFERRAL_AUTHORIS 4 = REFERRAL_DECLINE
<ETX> {LRC}
1H 1H
74
Table 116
Data Element
<STX> Packet type [response] [CID len] [CID] [Auth Resp len] [Auth Resp] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C24 According to Table 42 Tag 9F27 length (= n) Tag 9F27 (ASCII representation of hex) Tag 8A length (= n) Tag 8A End of Text, Value: 03h Error Check
Table 117
Master Device
<STX>C24[host decision]<ETX>{LRC}
Packet C25 is required for script processing. It allows the creation of EMVS71.DAT and EMVS72.DAT files adding the scripts received from the host.
75
Scripts of type 71 are to execute before second AC generation, and scripts of type 72 after it. The maximum script size supported by the EMV specs. is 261 bytes. The maximum packet size supported by SC 5000 is 512 bytes. The maximum supported size for the script, according to the format below, is 249 bytes. The solution is to transfer the script in two packets using
[number of scripts] 81 and [number of scripts] 91
The [number of scripts] element is described in Table 118. Note that in this case, only one script can transfer in the two-packet message. Table 118 Packet C25 Format Characteristic
1H 3AN 2N 1N 2N
Data Element
<STX> Packet type [script type] [clear file flag] [number of scripts]
Comments
Start of Text, Value: 02h Value: C25 71 or 72
0 = append script to existing file 1 = clear file before adding the script
message [script 1 length] 3N Script 1 Data length (= n) Transfers in this packet for a two-packet message. [script 1 data] ... [script n length] [script n data] [script length] [script data] <ETX> {LRC} nH (2nAN) ... 3N nH (2nAN) 3N nH (2nAN) 1H 1H Script 1 (ASCII representation of hex) .. Script n data length (= n) Script n data (ASCII representation of hex) Data length (= n) Data (ASCII representation of hex) End of Text, Value: 03h Error Check
76
Table 119
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C25 According to Table 42 End of Text, Value: 03h Error Check
Table 120
Master Device
<STX>C25<ETX>{LRC}
When certain events occur, the SC 5000 EMV application may need to send unsolicited data to the master device. Examples of this are the ICC insertion or removal events. EMV recommendsand some bank specifications requirethat the master device is warned about these events and display appropriate messages. To avoid packet collision, the SC 5000 first sends an ENQ (05h) to the master device, indicating the intention of sending a packet. If the master device answers this request with an ACK (06h), then the SC 5000 sends packet C99, according to the format listed in Table 121. If the master device does not send an ACK or sends a request packet instead, the SC 5000 abandons the process without sending packet C99.
77
Table 121
Data Element
<STX> Packet type [response] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C99 According to Table 42 End of Text, Value: 03h Error Check
Table 122
Master Device
ACK
<STX>C99RR<ETX>{LRC}
incorrect
EOT after 3 NAKs
We have designed this message to obtain the best possible performance in making an EMV transaction. Packet C3X:
Performs the tasks of C01, C02, C03, C04, C20, C21 and C22. This includes all transaction services, obtaining and updating data objects from and to the internal SC 5000 Data Object Collection, and checking for magnetic stripe fall back. Parameters are all binary to prevent the applications from making excessive data conversions. Parameters are TLV objects. If they are direct readings or updates to internal Data Object Collection, the tags will be known EMV tags. If the parameters are proprietary data from the application, the tags will be 0xC1, 0xE1, 0xC2, and 0xE2, as explained below.
78
Once called, depending on the parameters provided and the transaction results, it will perform as many activities as possible. In the best case, one issue will be sufficient to perform all the transactions.
The idea is to call C3X, where X can be 0 through 4, in increasing order. The C30 is the first packet to be called. The minimum parameters are the same as for the C00 packet but, if C01, C02, C03 or C04 packets' parameters are already available, It is possible to provide them at C30. Example Situation Let's suppose that, at the beginning of the transaction, you already have the transaction type, the amounts and the currency code involved. This way you can call the C30 with C00 + C01 parameters. The result will be that the EMV application will perform both packets' services and return a C31 response packet containing the response parameters of C00 + C01 packets. If, more than that, you are not performing card ranging (no issuer and acquirer specific data considered) and you already have the merchant decision, you will call C30 and receive a C33 response packet. In the best case, if your terminal has no on-line capability enabled, you already know the host decision: FAILED TO CONNECT. In this case, C30 has a C34 response, completing the transaction with just one packet exchange. Table 123 C3X Parameter Format Characteristic
1H 3AN 2H ?H 1H 1H
Data Element
<STX> Packet type [param list size] [param list] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: C3X X = 1, 2, 3 or 4
MAX: depends on the length of the parameter list MIN: 8 characters C3X Response Format Characteristic
1H 3AN 2N
Table 124
Data Element
<STX> Packet type [response]
Comments
Start of Text, Value: 02h Value: C3X X = 1, 2, 3 or 4
According to Table 42
79
Table 124
Data Element
[response fields list size] [response fields list] <ETX> {LRC}
Comments size of response fields list in 2 binary bytes list of response fields in TLV format
End of Text, Value: 03h Error Check
MAX: 8 characters MIN: 16 characters Packet C3X Communication Protocol Transmit Direction PIN Pad
Table 125
Master Device
<STX>C3X<size1><size2> <param list><ETX>{LRC}
Parameters and Response Fields Lists As mentioned above, the tag labels may be known EMV ones, if directed related to the Data Object Collection present at the SC 5000. They may can also receive special tag labels if they use proprietary data. The possible proprietary tag labels are:
0xC1 - for input parameters. 0xE1 - for input constructed objects. 0xC2 - for output parameters. 0xE2 - for output constructed objects.
<4F><len><AID><9F12><len><Application Preferred
Name><50><len><Application Label>
C2<len><Signature Flag><9500><len><TVR><9B><len><TSI> <9F27><len><Crypt. Info. Data><8A><Authorization Response Code> E2<len><Objects Required for an online transaction>
The response fields in the first list item are the minimum returned by C30 packet, the ones in the second list item are the minimum returned by C31, and so on. Basically they all match with C01,..., C04 response fields except for the Objects Required for an online transaction which matches with the C20 packets, issued to obtain the data needed to assemble the packet to perform an online transaction.
81
82
CHAPTER 6
EMV Configuration Tables
Use the following two tables to configure an EMV transaction:
EST.DAT
Name of card scheme Registered application identification 10 AID data sets with:
VISA, MASTERCARD, and so on. RID: for example, A000000003 for VISA Application identification (AID): for example, A0000000031010 Partial name selection flag: Allows or prohibits partial name selection for the AID. Application version number: for example, 8300 Second application version number: for example, 8300 Pointer to a record in MVT.DAT
-1 indicates no reference
MVT.DAT
Card scheme reference
Pointer to a record in EST.DAT that this set of mandated data is for.
-1 indicates non-scheme specific
Issuer reference
83
Flag required because any one of the following data elements could be set to zero:
Floor limit Random selection threshold Target random selection
percentage
MAX target random selection
percentage
Terminal action code Default Terminal action code Denial Terminal action code Online
Terminal data object list Dynamic data authentication data object list. Used for DDA. This means that there is another record mandated by the same entity but for a different scheme or issuer.
-1 indicates no further records.
EMV Transaction Counter Terminal Country Code Terminal Currency Code Terminal Capabilities Terminal Additional Capabilities Terminal Type Merchant Category Code Auto Select Flag Terminal ID Merchant ID Acquirer ID Terminal CAPK index (tag 9F22
1 enabled 0 disabled
8-digit terminal ID Up to 15 characters of the merchant ID. Up to an 11-digit acquirer ID. This tag that must be provided for some DOLs and has no relation to tag 8F.
1 enabled 0 disabled
For ICC card or online PIN, time, in seconds, to wait for a PIN entry. For online PIN
0-1 Master Session 2-9 DUKPT B secure scripts
84
For online PIN: if secure scripts are in use. For online PIN
0 = traditional 1 = using script 2 = none
INSERTED and CARD REMOVED messages on the SC 5000 when this event occurs and unsolicited packets are configured at EMVG_CNF.DAT
1 = displays the messages.
At EMV application initialization, all records from EST.DAT are read to generate the AID list, obtaining all supported AIDs for all card schemes (records). At transaction initialization when packet C00 is sent by the POS/ECR to the SC 5000, the application reads the MVT.DAT terminal record included in the packet (TR=1 means record=0) as the default-terminal EMV parameters for that transaction. During the risk management phase, packet C02 is sent by the POS/ECR to the SC 5000, including the issuer and acquirer record numbers at MVT.DAT. During packet C02 execution, the following fields of the MVT.DAT terminal record may be overruled:
Floor Limit Random Selection Threshold Target Random Selection Percentage MAX Target Random Selection Percentage Terminal Action Code Default Terminal Action Code Denial Terminal Action Code Online Default TDOL Default DDOL
85
These fields are referenced as ROL (the first 4), TAC (the three terminal action codes), TDOL, and DDOL. This overrule only can happen if the terminal record does not specify values for these fields. Also during the risk management phase, the acquirer identifier (tag 9F01) is replaced if an acquirer record number is defined in package C02.
a Reads EST.DAT until the current RID record is found, and accesses the
exact AID to determine the terminal AVN. Steps b-d are only performed if any of the TAC, ROL, TDOL, and DDOL parameters are not the default value in the terminal record. In this case, only those with no default value receive a value.
b In the same EST.DAT record, checks for a pointer to any MVT.DAT record
that indicates a EMV specific data mandate. If as pointer is found, reads the MVT.DAT record and overwrites the TAC, ROL, TDOL, and DDOL parameters.
c If an issuer record was defined in packet C02 ([rec num] > 0), reads the
MVT.DAT record and checks if the card scheme reference matches the record read in step C. If so and any of the EMV parameters (TAC, ROL, TDOL and DDOL) were not loaded yet then load them. If issuer record was defined, check for the next record reference. If 0, reads this record and check for a match. Continues to scan the table until parameters are loaded or the next record reference = -1 (indicating no reference).
d If an acquirer record was defined in packet C02 ([rec num] > 0), reads
the MVT.DAT record and updates the acquirer identifier (tag 9F01) at object collection. It also checks if the card scheme reference and the issuer reference match with the record read in steps c and d. If so and any EMV parameters (TAC, ROL, TDOL, or DDOL) have not been loaded, then loads them. If not, checks for the next record reference. If 0, reads the record checking for a match. Continues to scan the table until parameters are loaded or the Next Record Reference = -1 (indicating no reference).
Field Format
The following tables are created outside the SC 5000, using the GENDATA utility. Table 126 Field Name
1: Name of card scheme 2: Registered application identification (RID) 3, 7, 10,..., 39: Application identification 4,8,11,...40: Partial name selection flag 5,9,12,...,41: Application version number 6,10,13,...,42: Second application version number 43: Pointer to a record in MVT.DAT
Size
32 + 1 10 + 1 32 + 1 1+1 4+1 4+1 4+1
86
Size
4+1 4+1 1+1 14 + 1 14 + 1 5+1 5+1 10 + 1 10 + 1 10 + 1 64 + 1 64 + 1 4+1 6+1 4+1 4+1 6+1 10 + 1 2+1 4+1 1+1 8+1 15 + 1 11 + 1 2+1 1+1 3+1 1+1 1+1 2+1 1+1 2+1 1+1
1: Card scheme reference 2: Issuer reference 3: Term risk management data present flag 4: Floor limit 5: Random selection threshold 6: Target random selection percentage 7: MAX target random selection percentage 8: Terminal action code: Default 9: Terminal action code: Denial 10: Terminal action code: Online 11: Default TDOL 12: Default DDOL 13: Next record reference 14: EMV transaction counter 15: Terminal country code 16: Terminal currency code 17: Terminal capabilities 18: Terminal additional capabilities 19: Terminal type 20: Merchant category code 21: Auto select flag 22: Terminal ID 23: Merchant ID 24: Acquirer ID 25: Terminal CAPK index (tag 9F22) 26: PIN bypass flag 27: PIN timeout 28: PIN format 29: PIN script number 30: PIN macro number 31: PIN key derivation flag 32: PIN key derivation macro number 33: Card status display flag
87
To provide a mechanism to check for invalid issuer certificate serial numbers, you can download exception files to the SC 5000, with the extension .CSN. Their filenames are <RID>.CSN, for example:
A000000003.CNS
.CSN file are text files and each record contains eight ASCII bytes, as follows:
The two first bytes correspond to two nibbles of CAPK index (for example, 96) The six subsequent bytes correspond to six nibbles (three binary bytes) of the CSN to check
88
CHAPTER 7
Database Services
This section presents packets to control database services.
Database communication packets can be used to define application data objects, including downloadable configuration parameters. In addition, applications can be designed to allow data sharing and/or data object passing to other applications on the SC 5000. Once the tables are created outside the SC 5000 and are downloaded into it with the applications, this set of commands is not mandatory and are only necessary if the master device application (ECR/POS) decides to change the initial configuration. Table 128 Packet
D00 D01 D02 D03 D04 D05 D06 D07 D08 D09
NOTE
Specific database implementation design and packet contents are not within the scope of this document.
SC 5000 database fields are all null-terminated strings. [Record] is sequence of fields (or strings) separated by an FS (field separator, 0x1C) character. [Table IDs] and [Record Numbers] all begin at 1. [Condition] is a comparison criteria between a field and a string value in the following format:
NNNCT<string>
where,
SC 5000 EMV APPLICATION ARCHITECTURE AND INTERFACE GUIDE
89
0 (for equal) 1 (for not equal) 2 (for less than) 3 (for less or equal) 4 (for greater than) 5 (for greater or equal)
All D XX response packets contain a two-digit response code (after the DXX identification) that reflects the result of the operation related to the packet. Table 129 describes these codes. Table 129 Code
00 01 02 03
Comments
04 05 06 07 08
Error opening table Error reading table Error writing to a table Error closing table Error in table record The file containing the table data is corrupt or has invalid data. The table filename is already registered and has an associated table ID. There is no table associated with the provided table ID.
09
10
Table ID invalid
90
Comments
The limit of tables to be created has been reached.
MAX: 30
12
99
Internal failure
Packet D00 creates a table (database). Internally, the SC 5000 maintains a record of all created tables. It allows this set of DXX commands to manage the tables by table ID instead of filenames. Also, it checks to ensure that data received matches the tables structure (that is, number of fields, maximum size, and so on). Table IDs 1, 2, and 3 are reserved by the EMV application, as follows.
1 = EST.DAT 2 = MVT.DAT 3 = EMVG_CNF.DAT
NOTE
The maximum number of tables is 30. Table 130 Packet D00 Format Characteristic
1H 3AN up to 30AN 1H 3N
Data Element
<STX> Packet type [Data Base name] <FS> [Len of Field Sizes]
Comments
Start of Text, Value: 02h Value: D00 Name of the physical file, including its extension. Field separator, Value: 1Ch Number of the fields making up the table record, multiplied by 3 (three bytes per field size 3N).
MAX: 100 X 3 = 300
3N 3N 1H 1H
Maximum string size accepted for field 1. ... Maximum string size accepted for field n. End of Text, Value: 03h Error Check
91
Table 131
Data Element
<STX> Packet type [Response Code] [Table ID] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: DXX According to Table 129 ID to use in further table accesses End of Text, Value: 03h Error Check
Table 132
Master Device
<STX>D00[parms]<ETX>{LRC}
Table created
<STX>D00RR[data]<ETX>{LRC}
92
Packet D01 extracts the internally recorded table data for all or one specific table. Table 133 Packet D01 Format Characteristic
1H 3AN 2N 1H 1H
Data Element
<STX> Packet type [Table ID] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: D01 00 for all tables End of Text, Value: 03h Error Check
Table 134
Data Element
<STX> Packet type [Response Code] [Number of Data Tables]
Comments
Start of Text, Value: 02h Value: D01 According to Table 129 Returns 01 for a specific table (Table ID different from 00 on request) or the number of recorded tables (= m). Length of the following data until the end of the packet. First recorded table info. Field Separator, Value: 1Ch ... mth recorded table info Field Separator, Value: 1Ch End of Text, Value: 03h Error Check
[Length] [Table Info 1] <FS> ... [Table Info m] <FS> <ETX> {LRC}
3N var 1H var 1H 1H 1H
93
Table 135
Master Device
<STX>D01[parms]<ETX>{LRC}
Packet D02 seeks the first record in a specified database that meets all specified conditions (AND logic). Table 136 Packet D02 Format Characteristic
1H 3AN 2N
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D02
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 04-30 = user-defined
[Starting Record] [Number of Conditions] [Length] [Condition 1] <FS> ... [Condition m] <FS> <ETX> {LRC}
3N 2N 3N var 1H var 1H 1H 1H
Length of the following data until the end of the packet. First condition to meet. Field Separator, Value: 1Ch ... mth condition to meet. Field Separator, Value: 1Ch End of Text, Value: 03h Error Check
94
Table 137
Data Element
<STX> Packet type [Response Code] [Record Number] [Num Fields] [Length] [Record] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: D02 According Table 129 Number of the first record found Number of fields that follows Length of the following field Record fields separated by <FS> End of Text, Value: 03h Error Check
Table 138
Master Device
<STX>D02[parms]<ETX>{LRC}
Database search
<STX>D02RR[data]<ETX>{LRC}
95
Packet D03 reads the contents of a specified record from a specified table. Table 139 Packet D03 Format Characteristic
1H 3AN 2N
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D03
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 04-30 = user defined
3N 1H 1H
Table 140
Data Element
<STX> Packet type [Response Code] [Num Fields] [Length] [Record] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: D03 According Table 129 Number of fields that follows Length of the following field Record fields separated by <FS> End of Text, Value: 03h Error Check
96
Table 141
Master Device
<STX>D03[parms]<ETX>{LRC}
Packet D04 adds a new record to the specified table. The new record is appended to the end of the table. Table 142 Packet D04 Format Characteristic
1H 3AN 2N
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D04
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 04-30 = user defined
3N 3N var 1H 1H
Number of fields that follows Length of the following field Record fields separated by <FS> End of Text, Value: 03h Error Check
Table 143
Data Element
<STX> Packet type [Response Code]
Comments
Start of Text, Value: 02h Value: D04 According to Table 129
97
Table 143
Data Element
[Record Number] <ETX> {LRC}
Comments
Number of the first record available End of Text, Value: 03h Error Check
Table 144
Master Device
<STX>D04[parms]<ETX>{LRC}
Packet D05 updates the contents of a specific record in the specified table. Table 145 Packet D05 Format Characteristic
1H 3AN 2N
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D05
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 04-30 = user defined
3N 3N 3N var 1H 1H
Number of the first record found Number of fields that follows Length of the following field Record fields separated by <FS> End of Text, Value: 03h Error Check
Table 146
Data Element
<STX> Packet type [Response Code] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: D05 According to Table 129) End of Text, Value: 03h Error Check
Table 147
s
Master Device
<STX>D05[parms]<ETX>{LRC}
Packet D06 facilitates deletion of a specific record in the specified table. Subsequent records move up to the deleted records position (that is, if record 3 is deleted, record 4 becomes 3, 5 becomes 4, and so on).
99
Table 148
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D06
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 0430 = user defined
3N 1H 1H
Number of the first record found End of Text, Value: 03h Error Check
Table 149
Data Element
<STX> Packet type [Response Code] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: D06 According to Table 129 End of Text, Value: 03h Error Check
Table 150
Master Device
<STX>D06[parms]<ETX>{LRC}
Table 150
Master Device
Packet D07 deletes an existing table (database). Table 151 Packet D07 Format Characteristic
1H 3AN 2N
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D07
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 0430 = user defined
<ETX> {LRC}
1H 1H
Table 152
Data Element
<STX> Packet type [Response Code] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: D07 According to Table 129 End of Text, Value: 03h Error Check
101
Table 153
Master Device
<STX>D07[parms]<ETX>{LRC}
Packet D08 gets a field and the maximum length accepted for the specified table. Table 154 Packet D08 Format Characteristic
1H 3AN 2N
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D08
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 0430 = user defined
3N 3N 1H 1H
Starts at 1 Number of the field. See Field Format, page 86 End of Text, Value: 03h Error Check
Table 155
Data Element
<STX> Packet type [Response Code] [Field Data Len] 102
Comments
Start of Text, Value: 02h Value: D08 According to Table 129 Current length of field data (x)
Table 155
Data Element
[Field Data] [Maximum Field Data Len] <ETX> {LRC}
Comments
Field data Maximum accepted length for the field. End of Text, Value: 03h Error Check
Table 156
Master Device
<STX>D08[parms]<ETX>{LRC}
Database inquiry
<STX>D08RR[data]<ETX>{LRC}
103
Packet D09 updates a field value of the specified table. Table 157 Packet D09 Format Characteristic
1H 3AN 2N
Data Element
<STX> Packet type [Table ID]
Comments
Start of Text, Value: 02h Value: D09
01 = EST.DAT 02 = MVT.DAT 03 = EMVG_CNF.DAT 0430 = user defined
[Record Number] [Field Number] [Field Data Len] [Field Data] <ETX> {LRC}
3N 3N 3N xAN 1H 1H
Starting from 1 Field number. See Field Format, page 86 Current length of [Field Data] (x) Field data End of Text, Value: 03h Error Check
Table 158
Data Element
<STX> Packet type [Response Code] <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: D09 According to Table 129 End of Text, Value: 03h Error Check
104
Table 159
Master Device
<STX>D09[parms]<ETX>{LRC}
Database updated
<STX>D09RR<ETX>{LRC}
105
106
CHAPTER 8
Application Switching Packets
This section presents the packets for application switching.
The master device (for example, an ECR) uses packet P00 to select the required application without user interface on the SC 5000.
If the application GID received by the currently selected application is valid (that is, the selected application exists in the SC 5000), the SC 5000 (that is, the new application) responds with packet P00 and the result is 00. If the application ID received is invalid (that is, does not exist), the currently selected application responds with packet P00 and the result is 01.
NOTE
All information is provided by the OS in the SC 5000. No configuration table is required. Table 160 Packet P00 Format Characteristic
1H 3AN 2AN 1H 1H
Data Element
<STX> Packet type Application GID <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: P00 01 to 15 End of Text, Value: 03h Error Check
Table 161
Data Element
<STX> Packet type Result
Comments
Start of Text, Value: 02h Value: P00 00 = app selected
107
Table 161
Data Element
<ETX> {LRC}
Comments
End of Text, Value: 03h Error Check
Table 162
Master Device
<STX>P00[app GID]<ETX>{LRC}
Packet P01 tells the master device which application is running on the SC 5000. The response contains the GID and executable filename (without the extension).
Table 163
Data Element
<STX> Packet type <ETX> {LRC}
Comments
Start of Text, Value: 02h Value: P01 End of Text, Value: 03h Error Check
108
Table 164
Data Element
<STX> Packet type Result
Comments
Start of Text, Value: 02h Value: P01
00 = success 01 = cannot to obtain application
information Application GID Application Name <ETX> {LRC} 2N VAN 1H 1H 1 to 15 Application executable filename without extension. End of Text, Value: 03h Error Check
Table 165
Master Device
Master Device
109
110
CHAPTER 9
EMV Application Configuration File
The EMVG_CNF.DAT file is a DAT file generated outside the SC 5000 unit by the GENDATA.EXE VeriFone utility. The file has only one record and contains all configurable data for the EMV Application, broken up into the following fields:
UART Baud Rate - Baud Rate from 1200 to 115200 UART Data Bits - Data Bits 7 or 8 UART Parity - Parity O, E, N UART Stop Bits - Stop Bits 1 or 2 UART Timeout - Protocol timeout (default = 15 seconds) Serial Number - Slot for an user application SN (optional use) Supported Language 1 - Supported Language 1 ISO-639 (default = English "en") Supported Language 2 - Supported Language 2 ISO-639 (default = Spanish "es") Supported Language 3 - Supported Language 3 ISO-639 (default = Portugese - "po") Supported Language 4 - Supported Language 4 ISO-639 (default = French "fr") Selected Language - Current selected language - 1 to 4 Active Language - Current selected language - 1 to 4 Idle Prompt - User defined idle-prompt (after a Z8 message) Unsolicited Enable - 0 = Unsolicited Messages disabled, 1 = Enabled Unsolicited Timeout - Timeout to wait for an ACK after sending ENQ Back-Light Enable - 0 = Disabled, 1 = Enabled Key Injection Style - 0 = ClearText, 1 = 3DES (this is not used by EMV Application. VeriFone provides this option for compatibility with PIN pad Emulation Application). Magnetic Stripe Reading Config Byte - Reserved for future use. Its value has no effect at this release.
111
Figure 2 Field
1-UART Baud Rate 2-UART Data Bits 3-UART Parity 4-UART Stop Bits 5- UART Timeout 6- Serial Number 7- Supported Language 1 8- Supported Language 2 9- Supported Language 3 10- Supported Language 4 11-Selected Language 12-Active Language 13- Idle Prompt 14- Unsolicited Enable 15- Unsolicited Disable 16- Back Light Enable 17- Key Injection Style 18- Mag Stripe Reading Config Byte
112
APPENDIX
Certification Authority Public Key Files
The SC 5000 unit uses Certification Authority Public Key (CAPK) files. These binary files contain:
5 bytes for the RID 1 byte for PK Index 1 byte CAPK Modulus length = n n bytes CAPK Modulus 1byte CAPK Exponent length = m m bytes CAPK Exponent 20 bytes CAPK Hash Value (optional)
VeriFone recommends using filenames with some reference to CAPK and PK Index. The file extension has to be .EMV. Example: A398.EMV for RID A000000003 and PK Index 98.
113
p b` k^f imm^
uuPP=fkjl
klfq^`f imm^Jfqi rj
uuTP=fkjl
bo rq` bqfe`o^
aibfepfobs
vqfor` bp
M MM R=`p
boqkb`fobs
bqfrp
SC 5000
VeriFone, Inc. 2455 Augustine Drive Santa Clara CA 95054-3002 Tel: 800-VeriFone (837-4366) www.verifone.com