Index
A
Access control, 369
Accumulators, 281-83
application off-line, 283
application period, 282
card off-line, 283
card period, 282
limit parameters, 282-83
See also Card risk management (CRM)
Acquirer
in counterfeit transactions, 234-35
defined, 15
fallback requirements, 233
in fraudulent transactions, 235
host (AH), 37
in message flows, 41-45
node (AN), 37
parameters, 197-98
security policies, 203
Action codes, 201-3
issuer, 201-2
terminal, 203
Administration-to-consumer (A2C) payment, 1
AES block cipher, 402-4
AFL, 141-42
AEF file entries, 141-42
defined, 141
EMV ¢ debit/credit, 154-56
EMV ¢ debit/credit, processing, 156-58
See also Signed static application data
Algorithmic state machines (ASM), 67
Amount authorized per cycle period parameter, 23
Amount remaining this cycle parameter, 23
Anonymity, 300-302
Answer-to-reset (ATR), 93
Application Cryptogram (AC)
case 1 computation, 213-14
case 2 computation, 214-15
computation, 208-17
defined, 204, 212
generation, 211
generation conditions, 161
master key for, 213
verification, 215-17
Application definition files (ADFs), 84-86
as application data container, 85
Application Label (tag 50), 101
Application Preferred Name (tag 9F12), 101
Application Priority Indicator (tag 87), 101-2
defined, 99
DF Name (tag 84), 100
direct application selection service and, 103
directory entries, 114
elements, 84-85
in EMV ¢ file system, 99-106
FCI Issuer Discretionary Data (tag BF0C), 102-3
FCI of, 100
Insert Code Table Index (tag 9F11), 101
Language Preference (tag 5F2D), 101
partial name selection, 103-6
Processing Options Data Object List (tag 9F38), 102
referencing, 84
structure, 99
Application Effective Date, 178, 272-73
Application elementary files (AEFs), 83
AFL, 141-42
data template example, 109
defined, 106
EMV ¢ debit/credit application, 148
in EMV ¢ file system, 106-8
with SFI in range of 1 to 10, 106-7
with SFI in range of 11 to 20, 107-8
with SFI in range of 21 to 30, 107-8
storing directory file, 108
Application Expiration Date, 178, 272-73
Application Interchange Profile (AIP)
defined, 87
EMV ¢ debit/credit, 154-56
Application protocols (layer 7), 65
Applications. See Card applications; E-commerce applications
Application Transaction Counter (ATC), 74, 154
Application Usage Control, 175-78, 271-72
Application Version Number, 174-75, 272
Asymmetric cryptographic support, 87-90
Asymmetric encryption, 375-76
Asymmetric PIN verification, 390-91
ATM terminal
payment message forwarding, 12
processing, 10-11
RAM, 10
Authentication
cardholder account, 303
data, 301-2, 367
data (SET), 320
dynamic card, 368
dynamic data (DDA), 94, 148, 165-74
entity, 302-3
entity (SET), 320
issuer, 221-22, 368
issuer, error, 276, 283-84
off-line card, 368
on-line card, 368
signed dynamic data, 173-74
static card, 368
terminal, 368
Authentication services (AS), 301-2
Authorization
in EMV ¢ debit/credit transaction, 151
message, 13
on-line, not completed, 276
payment (SET), 323, 328-31
request/response, 218-21, 353-54
request response message, 47
Authorization request cryptogram (ARQC), 204
Authorization Response Code (ARC), 220
AuthReq, 328-29, 353
AuthRes, 329-31, 354
Implementing Electronic Card Payment Systems (Artech House Computer Security Series)
ISBN: 1580533051
EAN: 2147483647
EAN: 2147483647
Year: 2003
Pages: 131
Pages: 131
Authors: Cristian Radu