Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
The microprocessor card, like the terminal, can support several applications. The terminal stores a list of AID values for the applications supported by the terminal. When a cardholder is going to complete an IPC transaction, he, together with the terminal, must first select the card application with which the transaction will be processed. The selected application, obviously, must be supported by both the card and the terminal at the same time. The Application Selection procedure marks the beginning of any transaction using the IPC and consists of two stages.
The purpose of the first stage is to build a list of applications supported by the card and the terminal at the same time. This list is called the candidate list. The second step is to select an application from the list of candidate applications with which the operation will be performed.
There are two ways to select an application (more precisely, how to build a list of candidate applications):
When using the direct application selection method, the card application identifier is retrieved by the terminal from the data field of the DF Name object (Tag '84') - The data field of the DF Name object is the same as the AID of the application. The DF Name object is a required object in the FCI Template object contained in the response to the SELECT command.
When using implicit selection, card application identifiers are retrieved from ADF Name objects (Tag '4F'), which are a required object of Application Template compound objects (Tag '61') corresponding to the card ADF files (see 3.7).
For the case of direct selection of the application, selection by the criterion of partial matching of names is allowed when the terminal AID value is the beginning of the data field of the DF Name (Tag '84') / ADF Name (Tag '4F') object. As described in the description of the SELECT command (see section 3.10), the card and the terminal can support the procedure for selecting an application by a partial name (for a card, this method of selecting an application is optional). In this case, the terminal has the opportunity to reduce the time for selecting an application (for example, when the card supports only one application of the payment system, and the terminal supports all applications of this payment system).
When using the partial application name match criterion, the card must:
4.2.1. Building a list of candidate applications using PSE
The algorithm described below follows the description in section 12.3.2 of book 1 of the EMV 4.2 standard.
Step 1. Checking the presence of the PSE directory on the card. The terminal sends a SELECT command to the card with the parameters DF Name = 1PAY.SYS.DDF01, P2 = '00'h, Lc =' OE'h.
If the response to the SELECT command contains SWlSW2 = '6A81'h (incorrect parameters P1 and P2; the function is not supported), then this means that either the card is locked or it does not support the SELECT command with a link by file name.
If the response to the SELECT command contains SWlSW2 = '6A82'h (incorrect parameters P1 and P2; file not found), then this means that the card does not support PSE and in this case the direct method of selecting the application should be used to build the list of candidate applications, described in the next section.
If the response to the SELECT command contains SWlSW2 = '6283'h (the state of the non-volatile memory has not changed, the selected file is locked), then this means that the PSE directory on the card exists, but is locked. In this case, the direct application selection method should be used to build the list of candidate applications.
If the response to the SELECT command contains SWlSW2 = '9000'h, then the terminal determines the SFI value of the DIR directory file from the FCI Template contained in the response to the SELECT command.
In case of receiving responses to commands directed to the card in steps 2-5 other than '9000'h and' 6A83'h, the terminal should erase the list of candidate applications it has created and start using the direct application selection method.
Step 2. Using the READ RECORD command, the terminal sequentially reads all records of the DIR file, starting from record number 1 and continuing to read until it receives a response with SWlSW2 = '6A83'h in response to the READ RECORD command.
This response means that the DIR file does not contain records with the specified number, that is, the terminal has already read all records of the DIR file. Each record read by the terminal is processed in accordance with steps 3-5 of this algorithm.
If a response with SWlSW2 = '6A83'h comes to the READ RECORD command intended to read the first record of the DIR file (i.e. there are no records in the DIR file), then the transition to step 5 occurs.
Step 3. Each record of the DIR file (AEF Data Template, Tag '70'h) consists of Application Template (Tag' 61 '), corresponding to ADF and DDF files. Let the Application Template processed by the terminal refer to the ADF file. Then, if the data field of the ADF Name object (Tag '4F') in the Application Template matches the value of one of the AIDs of the list of applications supported by the terminal, then this AID value, along with the rest of the information contained in the Application Template, is included in the list of candidate applications.
Step 4. If the Application Template processed by the terminal refers to a DDF file, the terminal finds the required DDF Name element (Tag '9D') in the Application Template. Using the SELECT command with a choice by the name DDF Name, the terminal determines the name of the SFI file of the directory of the DDF file and then repeats steps 2-5 of this algorithm to search for card applications whose AID values match the value of one of the AIDs in the list of applications supported by the terminal. After completing the analysis of all applications in this DDF directory, the terminal starts analyzing the next Application Template in order.
Step 5. The algorithm stops building the list of candidate applications after analyzing all the Application Template in the DIR file. After that, the procedure for selecting an application from the constructed list of candidate applications starts.
The procedure for selecting candidate applications from the PSE is effective when there are a large number of applications in the card.
4.2.2. Building a list of candidate applications using a direct selection procedure
The algorithm described below follows the description in section 12.3.3 of book 1 of the EMV 4.2 standard. This method is effective if the number of application identifiers in the list of applications supported by the terminal is small.
Step 1. Sequentially, starting from the first AID of the list of applications supported by the terminal, the terminal sends a SELECT command to the card with the DF Name - AID and P2 = '00'h parameters.
Step 2. If the processing of the command fails because the card is locked or does not support the SELECT command with choice by name (SWlSW2 = '6A81'h), the terminal terminates the session established with the card, and the transaction is not processed further (transition is possible into fallback mode on the magnetic stripe).
Step 3. If the SELECT command is processed successfully (SWlSW2 = '9000'h or SWlSW2 =' 6283'h), then the terminal compares the terminal identifier AID with the value of the data field of the DF Name object (Tag '84') obtained from the FCI Template object, which is contained in the response to the command. The AID can either be identical to the DF Name data field, or it can be the start of the DF Name data field, which is longer than the AID. If the AID and the DF Name data field are identical, the terminal proceeds to step 4 of this algorithm. Otherwise, the card treats the SELECT command as a partial name select command, for which the terminal goes to step 6.
If the response to the SELECT command contains SW1SW2 values other than '6A81'h,' 9000'h, '6283'h, then the terminal goes to step 5.
Step 4. If the response to the SELECT command contains the value SWlSW2 = '9000'h, then the terminal adds the AID to the list of candidate applications and proceeds to step 5. If the response to the SELECT command contains the value SWlSW2 =' 6283'h, which means that the application is blocked, the terminal does not add the AID to the list of candidate applications and proceeds to step 5.
Step 5. If the list of applications supported by the terminal has not ended yet, the terminal selects the next AID from the list and sends a SELECT command to the card with the DF Name = AID and P2 = '00'h parameters, repeating the steps of this algorithm, starting from step 3 If the list of applications has been exhausted, the terminal starts the procedure for selecting an application from the constructed list of candidate applications.
Step 6. The terminal checks the Application Selection Indicator value corresponding to the considered AID value. If the value requires a full name match criterion, then the application is not added to the list of candidate applications and the terminal proceeds to step 5.
If the Application Selection Indicator indicates that the criterion for partial matching of names and applications is used.
G
MasterCard
^? 9
If the application is not blocked (SW1SW2 = '9000'h), then it is added to the list of candidate applications and the terminal goes to step 7.
If the Application Selection Indicator indicates that the partial name matching criterion is used and the application is locked (SW1SW2 '9000'h), then the application is not added to the application candidate list and the terminal proceeds to step 7.
Step 7. The terminal sends a SELECT command to the card with the same AID value, but P2 = '02'h (Select Next). If the card returns a response with SWlSW2 = '9000'h, SWlSW2 =' 62xx'h, SWlSW2 = '63xx'h, then the terminal returns to step 3. If the card returns any other response, the terminal returns to step 5.
4.2.3. Final application selection
The algorithm below follows the description in Section 12.4 of Book 1 of the EMV 4.2 standard. It is assumed that the terminal has built a list of candidate applications mutually supported by the card and the terminal.
Step 1. If the list of candidate applications is empty, the transaction ends.
Step 2. If the application candidate list contains the only application simultaneously supported by the card and the terminal, then the terminal checks the value of the b8 bit in the Application Priority Indicator, if the latter is present in the FCI Proprietary Template of the candidate application.
If b8 = 0, the terminal selects this application.
If b8 = 1, then the terminal asks the cardholder to confirm the choice of the application. If the terminal is unable to request confirmation (for example, the terminal does not have a display) or if the terminal does not receive confirmation from the cardholder in response to its request, it completes the transaction without selecting an application.
Step 3. If the list of candidate applications contains several applications, the terminal can prompt the cardholder to choose an application in accordance with the description of step 4 of this algorithm, or it can select it independently according to the description of step 5. The first approach (selection of step 4) is more preferable.
Step 4. A list of candidate applications is submitted for consideration by the cardholder to select an application. The list should be presented in the order that the higher priority application is listed before the lower priority application. If the FCI Proprietary Template objects of the card applications do not contain the Application Priority Indicator, the applications shall be presented to the cardholder in the order in which they occur to the terminal on the card, unless the terminal has specified its preference in the application presentation.
The same application presentation rule applies within a group of candidate applications that have the same priority and a group of applications for which the Application Priority Indicator is not defined in the FCI Proprietary Template. In this case, the terminal can either define its own order of presentation of such applications within the group, or display applications within the group in the order in which they appear on the card. The groups themselves are ordered by the terminal according to their priorities (an application group with an undefined priority is considered the lowest priority).
Applications are presented on the terminal display using the Application Preferred Name (if present on the card) in the encoding specified by the Issuer Code Table Index. If the Application Preferred Name element is not present on the card, the required Application Label data element is used to represent the application on the terminal display.
Step 5. The terminal can select the application without the help of the card holder. There are two cases.
In the first case, the terminal has the ability to ask the cardholder to confirm the application selected by the terminal. The application with the highest priority is then selected from the list of candidate applications. If the b8 bit of the Application Priority Indicator for the selected application is 0, the terminal selects this application. If b8 - 1 is executed, the terminal displays on the terminal display either the Application Preferred Name of the application in the encoding specified by the Issuer Code Table Index, if these
Chapter 4. PROCESSING TRANSACTION BY MICROPROCESSOR CARD 289 data items are present, or Application Label of the application selected by the terminal. Only after the cardholder confirms the choice of the terminal, this application is considered finally selected.
In the second case, the terminal is not able to ask the cardholder to confirm the application selected by the terminal. And the list of application candidates is narrowed down to the list of applications for which the b8 bit of the Application Priority Indicator is 0.
The purpose of the first stage is to build a list of applications supported by the card and the terminal at the same time. This list is called the candidate list. The second step is to select an application from the list of candidate applications with which the operation will be performed.
There are two ways to select an application (more precisely, how to build a list of candidate applications):
- direct or explicit application selection (Direct or Explicit Application Selection), when the terminal sequentially sends SELECT commands to the card with file names equal to those AID values that are in the list of application identifiers supported by the terminal. If the card's response confirms that the card supports an application with the file name specified in the SELECT command, then this application (more precisely, its identifier) is placed by the terminal in the list of candidate applications;
- Indirect or Implicit Application Selection, when the PSE directory is used to select an application. This application selection method is not recommended (but not prohibited) by EMV. In this case, the terminal sends a SELECT command to the card, specifying the DF Name equal to 1PAY.SYS.DDF01. After receiving the SFI name of the DIR file (DEF file of the PSE directory) in response to the SELECT command, the terminal sequentially using the READ RECORD command reads the records of this file, extracting from them the Application Template (Tag '61') with information about all ADF files, contained in PSE. Based on this information, the terminal builds a list of candidate applications.
When using the direct application selection method, the card application identifier is retrieved by the terminal from the data field of the DF Name object (Tag '84') - The data field of the DF Name object is the same as the AID of the application. The DF Name object is a required object in the FCI Template object contained in the response to the SELECT command.
When using implicit selection, card application identifiers are retrieved from ADF Name objects (Tag '4F'), which are a required object of Application Template compound objects (Tag '61') corresponding to the card ADF files (see 3.7).
For the case of direct selection of the application, selection by the criterion of partial matching of names is allowed when the terminal AID value is the beginning of the data field of the DF Name (Tag '84') / ADF Name (Tag '4F') object. As described in the description of the SELECT command (see section 3.10), the card and the terminal can support the procedure for selecting an application by a partial name (for a card, this method of selecting an application is optional). In this case, the terminal has the opportunity to reduce the time for selecting an application (for example, when the card supports only one application of the payment system, and the terminal supports all applications of this payment system).
When using the partial application name match criterion, the card must:
- supported the procedure for partial selection of the application;
- did not have applications whose identifier would match the partial name from the list of terminal applications.
4.2.1. Building a list of candidate applications using PSE
The algorithm described below follows the description in section 12.3.2 of book 1 of the EMV 4.2 standard.
Step 1. Checking the presence of the PSE directory on the card. The terminal sends a SELECT command to the card with the parameters DF Name = 1PAY.SYS.DDF01, P2 = '00'h, Lc =' OE'h.
If the response to the SELECT command contains SWlSW2 = '6A81'h (incorrect parameters P1 and P2; the function is not supported), then this means that either the card is locked or it does not support the SELECT command with a link by file name.
If the response to the SELECT command contains SWlSW2 = '6A82'h (incorrect parameters P1 and P2; file not found), then this means that the card does not support PSE and in this case the direct method of selecting the application should be used to build the list of candidate applications, described in the next section.
If the response to the SELECT command contains SWlSW2 = '6283'h (the state of the non-volatile memory has not changed, the selected file is locked), then this means that the PSE directory on the card exists, but is locked. In this case, the direct application selection method should be used to build the list of candidate applications.
If the response to the SELECT command contains SWlSW2 = '9000'h, then the terminal determines the SFI value of the DIR directory file from the FCI Template contained in the response to the SELECT command.
In case of receiving responses to commands directed to the card in steps 2-5 other than '9000'h and' 6A83'h, the terminal should erase the list of candidate applications it has created and start using the direct application selection method.
Step 2. Using the READ RECORD command, the terminal sequentially reads all records of the DIR file, starting from record number 1 and continuing to read until it receives a response with SWlSW2 = '6A83'h in response to the READ RECORD command.
This response means that the DIR file does not contain records with the specified number, that is, the terminal has already read all records of the DIR file. Each record read by the terminal is processed in accordance with steps 3-5 of this algorithm.
If a response with SWlSW2 = '6A83'h comes to the READ RECORD command intended to read the first record of the DIR file (i.e. there are no records in the DIR file), then the transition to step 5 occurs.
Step 3. Each record of the DIR file (AEF Data Template, Tag '70'h) consists of Application Template (Tag' 61 '), corresponding to ADF and DDF files. Let the Application Template processed by the terminal refer to the ADF file. Then, if the data field of the ADF Name object (Tag '4F') in the Application Template matches the value of one of the AIDs of the list of applications supported by the terminal, then this AID value, along with the rest of the information contained in the Application Template, is included in the list of candidate applications.
Step 4. If the Application Template processed by the terminal refers to a DDF file, the terminal finds the required DDF Name element (Tag '9D') in the Application Template. Using the SELECT command with a choice by the name DDF Name, the terminal determines the name of the SFI file of the directory of the DDF file and then repeats steps 2-5 of this algorithm to search for card applications whose AID values match the value of one of the AIDs in the list of applications supported by the terminal. After completing the analysis of all applications in this DDF directory, the terminal starts analyzing the next Application Template in order.
Step 5. The algorithm stops building the list of candidate applications after analyzing all the Application Template in the DIR file. After that, the procedure for selecting an application from the constructed list of candidate applications starts.
The procedure for selecting candidate applications from the PSE is effective when there are a large number of applications in the card.
4.2.2. Building a list of candidate applications using a direct selection procedure
The algorithm described below follows the description in section 12.3.3 of book 1 of the EMV 4.2 standard. This method is effective if the number of application identifiers in the list of applications supported by the terminal is small.
Step 1. Sequentially, starting from the first AID of the list of applications supported by the terminal, the terminal sends a SELECT command to the card with the DF Name - AID and P2 = '00'h parameters.
Step 2. If the processing of the command fails because the card is locked or does not support the SELECT command with choice by name (SWlSW2 = '6A81'h), the terminal terminates the session established with the card, and the transaction is not processed further (transition is possible into fallback mode on the magnetic stripe).
Step 3. If the SELECT command is processed successfully (SWlSW2 = '9000'h or SWlSW2 =' 6283'h), then the terminal compares the terminal identifier AID with the value of the data field of the DF Name object (Tag '84') obtained from the FCI Template object, which is contained in the response to the command. The AID can either be identical to the DF Name data field, or it can be the start of the DF Name data field, which is longer than the AID. If the AID and the DF Name data field are identical, the terminal proceeds to step 4 of this algorithm. Otherwise, the card treats the SELECT command as a partial name select command, for which the terminal goes to step 6.
If the response to the SELECT command contains SW1SW2 values other than '6A81'h,' 9000'h, '6283'h, then the terminal goes to step 5.
Step 4. If the response to the SELECT command contains the value SWlSW2 = '9000'h, then the terminal adds the AID to the list of candidate applications and proceeds to step 5. If the response to the SELECT command contains the value SWlSW2 =' 6283'h, which means that the application is blocked, the terminal does not add the AID to the list of candidate applications and proceeds to step 5.
Step 5. If the list of applications supported by the terminal has not ended yet, the terminal selects the next AID from the list and sends a SELECT command to the card with the DF Name = AID and P2 = '00'h parameters, repeating the steps of this algorithm, starting from step 3 If the list of applications has been exhausted, the terminal starts the procedure for selecting an application from the constructed list of candidate applications.
Step 6. The terminal checks the Application Selection Indicator value corresponding to the considered AID value. If the value requires a full name match criterion, then the application is not added to the list of candidate applications and the terminal proceeds to step 5.
If the Application Selection Indicator indicates that the criterion for partial matching of names and applications is used.
G
MasterCard
^? 9
If the application is not blocked (SW1SW2 = '9000'h), then it is added to the list of candidate applications and the terminal goes to step 7.
If the Application Selection Indicator indicates that the partial name matching criterion is used and the application is locked (SW1SW2 '9000'h), then the application is not added to the application candidate list and the terminal proceeds to step 7.
Step 7. The terminal sends a SELECT command to the card with the same AID value, but P2 = '02'h (Select Next). If the card returns a response with SWlSW2 = '9000'h, SWlSW2 =' 62xx'h, SWlSW2 = '63xx'h, then the terminal returns to step 3. If the card returns any other response, the terminal returns to step 5.
4.2.3. Final application selection
The algorithm below follows the description in Section 12.4 of Book 1 of the EMV 4.2 standard. It is assumed that the terminal has built a list of candidate applications mutually supported by the card and the terminal.
Step 1. If the list of candidate applications is empty, the transaction ends.
Step 2. If the application candidate list contains the only application simultaneously supported by the card and the terminal, then the terminal checks the value of the b8 bit in the Application Priority Indicator, if the latter is present in the FCI Proprietary Template of the candidate application.
If b8 = 0, the terminal selects this application.
If b8 = 1, then the terminal asks the cardholder to confirm the choice of the application. If the terminal is unable to request confirmation (for example, the terminal does not have a display) or if the terminal does not receive confirmation from the cardholder in response to its request, it completes the transaction without selecting an application.
Step 3. If the list of candidate applications contains several applications, the terminal can prompt the cardholder to choose an application in accordance with the description of step 4 of this algorithm, or it can select it independently according to the description of step 5. The first approach (selection of step 4) is more preferable.
Step 4. A list of candidate applications is submitted for consideration by the cardholder to select an application. The list should be presented in the order that the higher priority application is listed before the lower priority application. If the FCI Proprietary Template objects of the card applications do not contain the Application Priority Indicator, the applications shall be presented to the cardholder in the order in which they occur to the terminal on the card, unless the terminal has specified its preference in the application presentation.
The same application presentation rule applies within a group of candidate applications that have the same priority and a group of applications for which the Application Priority Indicator is not defined in the FCI Proprietary Template. In this case, the terminal can either define its own order of presentation of such applications within the group, or display applications within the group in the order in which they appear on the card. The groups themselves are ordered by the terminal according to their priorities (an application group with an undefined priority is considered the lowest priority).
Applications are presented on the terminal display using the Application Preferred Name (if present on the card) in the encoding specified by the Issuer Code Table Index. If the Application Preferred Name element is not present on the card, the required Application Label data element is used to represent the application on the terminal display.
Step 5. The terminal can select the application without the help of the card holder. There are two cases.
In the first case, the terminal has the ability to ask the cardholder to confirm the application selected by the terminal. The application with the highest priority is then selected from the list of candidate applications. If the b8 bit of the Application Priority Indicator for the selected application is 0, the terminal selects this application. If b8 - 1 is executed, the terminal displays on the terminal display either the Application Preferred Name of the application in the encoding specified by the Issuer Code Table Index, if these
Chapter 4. PROCESSING TRANSACTION BY MICROPROCESSOR CARD 289 data items are present, or Application Label of the application selected by the terminal. Only after the cardholder confirms the choice of the terminal, this application is considered finally selected.
In the second case, the terminal is not able to ask the cardholder to confirm the application selected by the terminal. And the list of application candidates is narrowed down to the list of applications for which the b8 bit of the Application Priority Indicator is 0.
