5.9 Verifying the Signed Static Application Data

The following steps describe the procedure followed by an EMV ¢ terminal for verifying the Signed Static Application Data stored in an EMV ¢ card since its personalization.

Step 1: Verify that the length of the Signed Static Application Data (tag 90) data object is N _I .
Step 2: Apply the signature verification/recovery algorithm in Appendix F, Section F.3.2 (case 2), where S is the Signed Static Application Data, n _S = n _I and e _S = e _I . The length N of the modulus is N _I .

The data that is recovered X is parsed as X = B M _R H E . The following processing is performed on these items:
1. Check that E (last byte of X ), which is the recovered data trailer, equals BCh.
2. Check that B (first byte of X ), which is the recovered data header, equals 6Ah.
3. Consider the M _R as the next N _I ˆ’ 22 bytes after B . Parse M _R according to the four fields identified in Section 5.8.3.
4. Check that the signed data format read in field 1 of M _R is 03h.
5. Set up the value of the message M ² to the value represented by the Static Data to Be Authenticated byte string, as currently computed in Section 5.8.2.
6. Create the message M , representing the static application data to be signed by the issuer, as the concatenation from left to right of the recovered part M _R and of the computed part M ² (i.e., M = M _R M ² ).
7. Read the hash algorithm indicator from field 2 of M _R . Note that at the moment this value is 01h, corresponding to the SHA-1 algorithm, the only approved hash algorithm in the EMV 2000 specifications (see Annex B3.1 in Book 2 [1]).
8. Use the indicated hash algorithm to compute the hash code h of M .
9. Check that h equals the hash result H , which represents the last 20 bytes in X before E .

If any of the verifications mentioned above failed, the verification of the Signed Static Application Data fails. The terminal rejects the authenticity of the financial data stored in the EMV ¢ card.