The following steps describe the procedure followed by an EMV ¢ terminal for verifying the Signed Static Application Data stored in an EMV ¢ card since its personalization.
Step 1: Verify that the length of the Signed Static Application Data (tag 90) data object is N I .
Step 2: Apply the signature verification/recovery algorithm in Appendix F, Section F.3.2 (case 2), where S is the Signed Static Application Data, n S = n I and e S = e I . The length N of the modulus is N I .
The data that is recovered X is parsed as X = B M R H E . The following processing is performed on these items:
Check that E (last byte of X ), which is the recovered data trailer, equals BCh.
Check that B (first byte of X ), which is the recovered data header, equals 6Ah.
Consider the M R as the next N I ˆ’ 22 bytes after B . Parse M R according to the four fields identified in Section 5.8.3.
Check that the signed data format read in field 1 of M R is 03h.
Set up the value of the message M ² to the value represented by the Static Data to Be Authenticated byte string, as currently computed in Section 5.8.2.
Create the message M , representing the static application data to be signed by the issuer, as the concatenation from left to right of the recovered part M R and of the computed part M ² (i.e., M = M R M ² ).
Read the hash algorithm indicator from field 2 of M R . Note that at the moment this value is 01h, corresponding to the SHA-1 algorithm, the only approved hash algorithm in the EMV 2000 specifications (see Annex B3.1 in Book 2 ).
Use the indicated hash algorithm to compute the hash code h of M .
Check that h equals the hash result H , which represents the last 20 bytes in X before E .
If any of the verifications mentioned above failed, the verification of the Signed Static Application Data fails. The terminal rejects the authenticity of the financial data stored in the EMV ¢ card.