Index_P-Q
P-Q
PANData template, 351, 352
Partial name selection, 103-6
mechanism, 105
optional support of, 103
Passwords, one-time, 396-97
Payment
A2C, 1
B2C, 1
C2C, 1
interoperable application, 80-90
P2P, 1
proprietary application, 69-80
remote, 2, 291-356
SET, 291-92
TLS-based, 291-92
Payment authorization, 328-31
AuthReq, 328-29
AuthRes, 329-31
defined, 323
See also SET
Payment capture, 331-32
CapReq, 331
CapRes, 332
defined, 323-24
merchant initiation, 331
See also SET
Payment card processing, 9-50
authorization message, 13
network and back-office view, 12
overview, 10-13
payment message, 12
roles, 13-15
user view, 11
Payment cards
brands, 15-16
counterfeiting, 31-33
credit, 16-17
data storage types, 17-18
debit, 16-17
defined, 15
embossed financial data, 18-20
magnetic stripe, 20-24
Payment instruments
credit, 3
debit, 3
implementation dependence, 1
mobility, 6
prepaid , 2
Payment message, 12
Payment system environment (PSE), 112-15
building candidate list from, 118-19
content, 112
data elements, 113-14
defined, 112
directory structure, 114, 115
mapped onto DF, 112
Personalization stage
in enciphered PIN verification, 192
off-line DDA, 166
off-line SDA, 162
Person-to-person (P2P) payment, 1
Physical layer protocol (layer 1), 65
PIN
asymmetric enciphered, verification, 390
control parameters field (PINPARAM), 30
eavesdropping of, 26
encrypted, 36
entry, bypassing, 187
image stored value, 28, 29, 36, 47
image verification, 36
off-line processing, 186-91
off-line verification, 227
on-line processing, 194-95
pad malfunctioning, 187, 194
plaintext, verification, 388-89
RSA digital envelope for, 191-94
symmetric enciphered, verification, 389
try limit exceeded, 276
verification, 28, 29
PInitReq, 324, 346-47
PInitRes, 324-25, 346-47
PKCS#1, 414-16
data formatting, 414
decryption-key unwrapping , 416
encryption-key wrapping, 415-16
signature generation, 414-15
signature verification, 415
Plaintext PIN verification, 268, 388-89
Point of sale (POS) terminals, 2
Point of service
with acquirer network connection, 36
data elements featuring, 35
processing at, 34-37
risk management, 35, 37
terminal, 66
verifications, 34
Post-issuance commands, 225
PReq, 325-27, 350, 351
PRes, 327-28
Primary account number (PAN), 14
on track 1, 20
on track 3, 22
Private keys, ICC, 248
Processing Options Data Object List (PDOL), 102
EMV ¢ debit/credit, 153-54
included in FCI, 256
not included in FCI, 256
processing error, 275
tag-length identifier, 265
terminal checking, 255
Processing restrictions, 174-78, 271-73
Application Effective Date, 178, 272-73
Application Expiration Date, 178, 272-73
Application Usage Control, 175-78, 271-72
Application Version Number, 174-75, 272
See also EMV ¢ debit/credit
Proprietary-defined data objects, 249-53
Proprietary payment application, 69-80
encoding elements with fixed format, 71-72
fixed file system organization, 73
information data elements, 70
overview, 69-70
post C-APDU processing, 77
preestablished command/response formats, 73-75
symmetric cryptographic technology, 76-80
transaction profile, 74
See also ICCs
Public key certificates, 125-40, 384-87
data items included in, 132-35
defined, 125
digital signature scheme, 132
Entity Public Key, 129, 130
expiration date, 385
format, 385
generation, 135-36, 385-86
ICC, 248
ICC requirement, 128-29
issuer requirement, 127-28
issuing, 132-36
public key authenticity, 384
for RSA scheme, 126-27
serial number, 385
SET, 312-13
verification, 136-40, 386-87
verifier, 136, 138
See also EMV ¢ certificates; Security mechanisms
Public keys
authenticity verification, 168-70, 384
CA, 129, 131
creation, 407
Purchase initialization, 346-47
Purchase processing, 324-28
defined, 323
PInitReq, 324
PInitRes, 324-25
PReq, 325-27
PRes, 327-28
See also SET
Purchase request and response, 350-53
Implementing Electronic Card Payment Systems (Artech House Computer Security Series)
ISBN: 1580533051
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 131
Pages: 131
Authors: Cristian Radu