Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
Below is a list of commands used in EMV applications:
In addition to the above commands, VISA and MasterCard payment systems use additional PUT DATA and UPDATE RECORD commands in their applications, which are used to change the card data by the issuer.
READ RECORD
The command is intended for reading a record in a linear file and has the following structure:
The most significant five bits of the value of the control parameter P2 (b8-b4) are equal to the name of the elementary file SFI, the record of which is read by the terminal. The last three bits form the sequence '100' indicating that parameter P1 is the record number.
For SFI values between 1 and 10, the card response data field to a successful READ RECORD command contains the read record in the following BER-TLV format.
GET DATA
The command is intended for reading ATC objects (Tag '9F36'), LATC (Tag '9F13'), PTC (Tag '9F17') and has the following structure:
The response to a successfully executed GET DATA command contains the read parameter. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
GET PROCESSING OPTIONS
The command initiates the card's execution of the transaction and provides the card application with the data it requests in the PDOL object. The map response contains AIP (Application Interchange Profile) and AFL (Application File Locator) data objects. The command has the following format:
The data field of the card's response to the GET PROCESSING OPTIONS command contains the data objects represented in the PDOL (Processing Options Data Object List). The PDOL can be stored in the FCI Proprietary Template of the selected card application and passed to the terminal in response to the SELECT command.
The data field of the response to the GET PROCESSING OPTIONS command consists of a BER-TLV encoded data object. Two presentation formats are possible.
Format 1. The data object returned in response to the GET PROCESSING OPTIONS command is a primitive data object with Tag '80'. The value field consists of Application Interchange Profile (AIP) and Application File Locator (AFL) concatenated without separators. The format of the returned data object is as follows:
Format 2. The data object returned in response to the GET PROCESSING OPTIONS command is a composite data object with Tag '77'. The value field can contain several BER-TLV encoded objects, among which the presence of AIP and AFL objects is mandatory.
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
GET CHALLENGE
The command is used to receive a random number from the card by the terminal, which is necessary for performing various cryptographic procedures. For example, in the EMV standard, the command is used in the procedure for encrypting the PIN-block when it is transmitted from the terminal to the card.
The command execution result (random number) is available for use only by the command following the GET CHALLENGE command. The command has the following format:
The card response data field to the GET CHALLENGE command contains a random number. For a successfully completed command SW1 = '90'h, SW2 =' 00'h.
SELECT
The command is used to select PSE, DDF or ADF files by file name. The command has the following format:
Chapter 3. FILE STRUCTURE, COMMANDS AND DATA PROTECTION MECHANISMS ... 217
di
MasterCa k
The following are the possible values for P2 (the six most significant bits are always 0):
P2 = '02'h is used in the partial file name selection procedures. The card may not support this P2 value.
The data field of the R-APDU returned in response to the SELECT command when the DDF file is selected is:
The data field of the R-APDU returned in response to the SELECT command when the ADF file is selected is:
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
INTERNAL AUTHENTICATE
The command initiates the calculation by the card of a digital signature (Signed Dynamic Application Data) under the data provided by the terminal and necessarily containing a random number, and is used in the dynamic card authentication procedure. The card response contains a digital signature and has the following format:
The command data field contains the values of the data items defined by the card issuer in a Dynamic Data Authentication List (DDOL) object stored in the card application.
There are two possible formats for the data field returned in the card's response to the INTERNAL AUTHENTICATE command.
Format 1. The returned data object is a primitive object with Tag '80' containing in the Value field the value of the Signed Dynamic Application Data signature.
Format 2. The returned data object is a compound object with Tag '77' containing in the Value field several BER-TLV encoded objects, among which the Signed Dynamic Application Data object must be present.
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
EXTERNAL AUTHENTICATE
The command asks the card application to verify the cryptogram of the card issuer. It is used in the card issuer authentication procedure and has the format shown below.
The Data field contains the Issuer Authentication Data (Tag '91') data object containing a mandatory cryptogram of 8 bytes and additional optional 1-8 bytes of information specified by the card issuer.
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
VERIFY
The command is used to check the value of the PIN-code in the offline verification procedure of the cardholder Offline PIN. The VERIFY command is used if the Offline PIN method is selected from the Cardholder Verification Method List.
The command has the following format:
Parameter P2 can take the following values:
The PIN block has the format:
С N R R R R P / FP / FP / FP / FP / FP / FP / FP / FF F. The meaning of the PIN block characters is defined in the following table:
If the command is successfully completed, the status words can take on the following meanings:
If the PIN-code verification procedure is blocked, then the VERIFY command receives a response with SWl = '69'h, SW2 =' 83'h.
GENERATE APPLICATION CRYPTOGRAM
(GENERATE AC)
This command is used to get the transaction cryptogram from the card. To do this, in the command data field, the terminal transmits to the card the transaction and terminal data required by the card application to make a decision on the result of the operation completion (the data is defined in the CDOL object stored on the card), as well as its proposal on the result of the operation completion. In this case, the type of cryptogram returned by the card may differ from the type of cryptogram requested by the terminal in the GENERATE AC command.
The command has the following format:
The control parameter P1 takes the following values in the command:
Bits b8 and b7 of parameter P1 determine the type of cryptogram requested by the terminal. If the terminal requests the card to perform the dynamic card authentication procedure using the Combined DDA / AC Generation method, then bit b6 of the P1 parameter is set equal to 1. In the case when the data sent by the terminal to the card contains the Terminal Capabilities data object (Tag '9F33'), the value bit b6 of parameter P1 can be left equal to 0, since in this case the card is able to independently determine that the Combined DDA / AC Generation method will be used. This method of choosing the card authentication method is called the implicit choice of the Combined DDA / AC Generation method.
The command response data field consists of a BER-TLV encoded data object. There are two possible formats for presenting the response data field.
Format 1. The data object returned in the response message to the AC GENERATE command is a primitive data object with Tag '80'. Field
The Value of this object consists of the following data objects, concatenated without delimiters:
Format 2. The data field of the R-APDU response block to the AC GENERATE command is a composite data object - a template with Tag '77'. The Value field of this object can contain multiple BER-TLV encoded objects. In this case, the presence of data objects Cryptogram Information Data, Application Transaction Counter and a cryptogram calculated by the card are required. If the format of the cryptogram is defined by the issuer, then the interpretation and use of the optional template data is outside the scope of the EMV specification.
Format 2 is mandatory when using the Combined Dynamic Data Authentication / GENE-RATE AC card authentication method.
The Cryptogram Information Data object returned in response to the AC GENERATE command has the following structure:
MasterCard to A
Note that the values of bits b6 and b5 in the EMV specifications are 0. For a successful command SWl = '90'h, SW2 =' 00'h.
APPLICATION BLOCK (post-issuance command)
The APPLICATION BLOCK command blocks the selected application. The command has the following format:
Only status bytes are present in the command response. The value SWl = '90'h, SW2 =' 00'h means that the command was executed successfully, regardless of whether the application was blocked before the command started executing.
APPLICATION UNBLOCK (post-issuance command)
The command unlocks a previously locked application. Upon successful completion of the APPLICATION UNBLOCK command, the restrictions set by the APPLICATION BLOCK command are removed. The command has the following format:
The response contains only status bytes. The value SWl = '90'h, SW2 =' 00'h means that the command was successfully executed.
CARD BLOCK (post-issuance command)
The command permanently blocks all map applications, including those that can be implicitly selected. The command has the following format:
The response contains only status bytes. The value SWl = '90'h, SW2-'00'h means that the command was successfully executed regardless of whether the card was already locked before starting the command.
After the successful execution of the CARD BLOCK command, all subsequent SELECT commands are completed with the response 'Function not supported' (SWlSW2 = '6A81'h) and no actions related to such commands are performed.
PIN CHANGE / UNBLOCK
(post-issuance command)
The command allows the issuer to either only unblock the PIN-code verification procedure, or simultaneously unlock the PIN-code verification procedure and change its value. In the process of executing the command, the card must perform the following actions:
MasterCard to A
The command has the following format:
In the EMV standard, P2 is' 00'h. The values 'Ol'h or' 02'h of parameter P2 are reserved for use by payment systems. If the encrypted value of the PIN-block is absent in the command data field, this means that only the unlocking of the PIN-code verification procedure is required. In this case, the value of the PIN does not change.
There is no data field in the command response. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
UPDATE RECORD (post-issuance command)
The command allows the issuer to change the entry in the linear file and has the following format:
The most significant five bits of the value of the control parameter P2 (b8-b4) are equal to the name of the elementary SFI file, the record of which is changed by the issuer. The last three bits form the sequence '100' indicating that parameter P1 is the record number.
The data field of the command contains the data to be recorded and the value of the Message Authentication Code (MAC) used to ensure the integrity of the data transmitted by the issuer and to authenticate the issuer.
There is no data field in the command response. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
PUT DATA (post-issuance command)
The command allows the issuer to modify data that is not stored in linear files, and has the following structure:
The command data field contains the new parameter value and the value of the Message Authentication Code (МАС) used to ensure the integrity of the data transmitted by the issuer and to authenticate the issuer.
There is no data field in the command response. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
| CLA | INS | Meaning |
| '8x' | ТЕ’ | APPLICATION BLOCK |
| '8x' | '18' | APPLICATION UNBLOCK |
| '8x' | '16' | CARD BLOCK |
| 'Ox' | '82' | EXTERNAL AUTHENTICATE |
| '8x' | 'AE' | GENERATE APPLICATION CRYPTOGRAM |
| 'Ox' | '84' | GET CHALLENGE |
| '8x' | 'CA | GET DATA |
| '8x' | A8 ' | GET PROCESSING OPTIONS |
| 'Ox' | '88' | INTERNAL AUTHENTICATE |
| '8x' | '24' | PERSONAL IDENTIFICATION NUMBER (PIN) CHANGE / UNBLOCK |
| 'Ox' | 'IN 2' | READ RECORD |
| 'Ox' | A4 ' | SELECT |
| 'Ox' | '20' | VERIFY |
| '8x' | 'Dx' | Reserved for the payment system |
| '8x' | 'Ex' | Reserved for the payment system |
| '9x' | 'xx' | Reserved for card makers |
| 'Ex' | 'xx' | Reserved for the issuer |
In addition to the above commands, VISA and MasterCard payment systems use additional PUT DATA and UPDATE RECORD commands in their applications, which are used to change the card data by the issuer.
READ RECORD
The command is intended for reading a record in a linear file and has the following structure:
| Code | Meaning |
| CLA | '00'h |
| INS | 'B2'h |
| Pl | Record number to be read |
| P2 | Control parameter |
| Lc | Absent |
| Data | Absent |
| Le | '00'h |
The most significant five bits of the value of the control parameter P2 (b8-b4) are equal to the name of the elementary file SFI, the record of which is read by the terminal. The last three bits form the sequence '100' indicating that parameter P1 is the record number.
For SFI values between 1 and 10, the card response data field to a successful READ RECORD command contains the read record in the following BER-TLV format.
| Thad 70 ' | Length | Read entry |
GET DATA
The command is intended for reading ATC objects (Tag '9F36'), LATC (Tag '9F13'), PTC (Tag '9F17') and has the following structure:
| Code | Meaning |
| CLA | '00'h |
| INS | 'CA'h |
| Pl, P2 | Read parameter tag |
| Lc | Absent |
| Data | Absent |
| Le | '00'h |
The response to a successfully executed GET DATA command contains the read parameter. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
GET PROCESSING OPTIONS
The command initiates the card's execution of the transaction and provides the card application with the data it requests in the PDOL object. The map response contains AIP (Application Interchange Profile) and AFL (Application File Locator) data objects. The command has the following format:
| Code | Meaning |
| CLA | '80'h |
| INS | A8'h |
| Pl | '00'h; other values are reserved |
| P2 | '00'h; other values are reserved |
| Lc | Variable |
| Data | Data according to PDOL |
| Le | '00'h |
The data field of the card's response to the GET PROCESSING OPTIONS command contains the data objects represented in the PDOL (Processing Options Data Object List). The PDOL can be stored in the FCI Proprietary Template of the selected card application and passed to the terminal in response to the SELECT command.
The data field of the response to the GET PROCESSING OPTIONS command consists of a BER-TLV encoded data object. Two presentation formats are possible.
Format 1. The data object returned in response to the GET PROCESSING OPTIONS command is a primitive data object with Tag '80'. The value field consists of Application Interchange Profile (AIP) and Application File Locator (AFL) concatenated without separators. The format of the returned data object is as follows:
| '80' | Length | AIP | AFL |
Format 2. The data object returned in response to the GET PROCESSING OPTIONS command is a composite data object with Tag '77'. The value field can contain several BER-TLV encoded objects, among which the presence of AIP and AFL objects is mandatory.
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
GET CHALLENGE
The command is used to receive a random number from the card by the terminal, which is necessary for performing various cryptographic procedures. For example, in the EMV standard, the command is used in the procedure for encrypting the PIN-block when it is transmitted from the terminal to the card.
The command execution result (random number) is available for use only by the command following the GET CHALLENGE command. The command has the following format:
| Code | Meaning |
| CLA | '00'h |
| INS | • 84'h |
| Pl | '00'h |
| P2 | '00'h |
| Lc | Absent |
| Data | Absent |
| Le | '00'h |
The card response data field to the GET CHALLENGE command contains a random number. For a successfully completed command SW1 = '90'h, SW2 =' 00'h.
SELECT
The command is used to select PSE, DDF or ADF files by file name. The command has the following format:
| Code | Meaning |
| CLA | '00'h |
| INS | 'A4'h |
| Pl | 00000100 (select by name) |
| P2 | '00'h or' 02'h |
| Lc | '05' - '10'h |
| Data | File Name (PSE, DDF, or AID) |
| Le | '00'h |
Chapter 3. FILE STRUCTURE, COMMANDS AND DATA PROTECTION MECHANISMS ... 217
di
MasterCa k
The following are the possible values for P2 (the six most significant bits are always 0):
| B8 | B7 | B6 | B5 | B4 b3 | B2 | NS | Meaning |
| 0 | 0 | First or only occurrence | |
| 1 | 0 | Next occurrence |
P2 = '02'h is used in the partial file name selection procedures. The card may not support this P2 value.
The data field of the R-APDU returned in response to the SELECT command when the DDF file is selected is:
| Tag | Meaning | Presence | |||
| '6F' | FCI Template | Necessarily | |||
| '84' | DF Name | Necessarily | |||
| A5 ' | FCI Proprietary Template | Necessarily | |||
| '88' | SFI file directory | Necessarily | |||
| 'BFOC' | FCI Issuer Discretionary Data | Optional | |||
| 'XXXX' (Tag) | One or more additional data items for the application provider, issuer, card manufacturer, etc. | Optional |
The data field of the R-APDU returned in response to the SELECT command when the ADF file is selected is:
| Tag | Meaning | Presence | ||
| '6F' | FCI Template | Necessarily | ||
| '84' | DF Name | Necessarily | ||
| 'A5' | FCI Proprietary Template | Necessarily | ||
| '50' | Application Label | Necessarily | ||
| '87' | Application Priority Indicator | Optional | ||
| '9F38' | PDOL | Optional | ||
| '5F2D' | Language Preference | Optional | ||
| '9F11' | Issuer Code Table Index | Optional | ||
| '9F12' | Application Preferred Name | Optional | ||
| 'BFOC' | FCI Issuer Discretionary Data | Optional | ||
| 'XXXX' (Tag) | One or more additional data items for the application provider, issuer, card manufacturer, etc. | Optional |
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
INTERNAL AUTHENTICATE
The command initiates the calculation by the card of a digital signature (Signed Dynamic Application Data) under the data provided by the terminal and necessarily containing a random number, and is used in the dynamic card authentication procedure. The card response contains a digital signature and has the following format:
| Code | Meaning |
| CLA | '00'h |
| INS | '88'h |
| Pl | '00'h |
| P2 | '00'h |
| Lc | Length of data transmitted to the card |
| Data | Terminal data |
| Le | '00'h |
The command data field contains the values of the data items defined by the card issuer in a Dynamic Data Authentication List (DDOL) object stored in the card application.
There are two possible formats for the data field returned in the card's response to the INTERNAL AUTHENTICATE command.
Format 1. The returned data object is a primitive object with Tag '80' containing in the Value field the value of the Signed Dynamic Application Data signature.
Format 2. The returned data object is a compound object with Tag '77' containing in the Value field several BER-TLV encoded objects, among which the Signed Dynamic Application Data object must be present.
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
EXTERNAL AUTHENTICATE
The command asks the card application to verify the cryptogram of the card issuer. It is used in the card issuer authentication procedure and has the format shown below.
The Data field contains the Issuer Authentication Data (Tag '91') data object containing a mandatory cryptogram of 8 bytes and additional optional 1-8 bytes of information specified by the card issuer.
| Code | Meaning |
| CLA | '00'h |
| INS | '82'h |
| Pl | '00'h |
| P2 | '00'h |
| Lc | 8-16 |
| Data | Issuer Authentication Data |
| Le | Absent |
For a successfully completed command SWl = '90'h, SW2 =' 00'h.
VERIFY
The command is used to check the value of the PIN-code in the offline verification procedure of the cardholder Offline PIN. The VERIFY command is used if the Offline PIN method is selected from the Cardholder Verification Method List.
The command has the following format:
| Code | Meaning |
| CLA | '00'h |
| INS | '20'h |
| Pl | '00'h |
| P2 | Link to data |
| Lc | Variable length |
| Data | Transaction PIN Data |
| Le | Absent |
Parameter P2 can take the following values:
| B8 | B7 | B6 | B5 | B4 | bz | B2 | NS | Meaning |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | Beyond EMV |
| 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | Open PIN |
| 1 | 0 | 0 | 0 | 0 | X | X | X | Reserved for EMV |
| 1 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | Encrypted PIN |
| 1 | 0 | 0 | 0 | 1 | 0 | X | X | Reserved for EMV |
| 1 | 0 | 0 | 0 | 1 | 1 | X | X | Reserved for the payment system |
| 1 | 0 | 0 | 1 | X | X | X | X | Reserved for the issuer |
The PIN block has the format:
С N R R R R P / FP / FP / FP / FP / FP / FP / FP / FF F. The meaning of the PIN block characters is defined in the following table:
| Name | Meaning | |
| WITH | Control field | Binary deuce ('0010'b) |
| N | PIN length | 4-bit binary number with valid binary values from '0100'b to' 1100'b (4 to 12 decimal) |
| R | PIN number | 4-bit representation of the PIN number with valid values from '0000'b to' 1001'b (from 0 to 9 in decimal notation) |
| P / F | PIN digit / placeholder | Determined by the length of the PIN |
| F | Aggregate | 4-bit binary '1111'b |
If the command is successfully completed, the status words can take on the following meanings:
| SW1 | SW2 | Meaning |
| '90'h | 'OO'h | If the command is successful |
| '63'h | 'Cx'h | х - the number of remaining attempts to verify the PIN |
| '63'h | 'CO'h | There are no more attempts to verify the PIN, the verification procedure must be blocked |
If the PIN-code verification procedure is blocked, then the VERIFY command receives a response with SWl = '69'h, SW2 =' 83'h.
GENERATE APPLICATION CRYPTOGRAM
(GENERATE AC)
This command is used to get the transaction cryptogram from the card. To do this, in the command data field, the terminal transmits to the card the transaction and terminal data required by the card application to make a decision on the result of the operation completion (the data is defined in the CDOL object stored on the card), as well as its proposal on the result of the operation completion. In this case, the type of cryptogram returned by the card may differ from the type of cryptogram requested by the terminal in the GENERATE AC command.
The command has the following format:
| Code | Meaning |
| CLA | '80'h |
| INS | 'AE'h |
| Pl | Control parameter |
| P2 | '00'h |
| Lc | Variable length |
| Data | Transaction data |
| Le | '00'h |
The control parameter P1 takes the following values in the command:
| B8 | B7 | B6 | B5 | B4 | B3 | B2 | B1 | Meaning |
| 0 | 0 | AAS | ||||||
| 0 | 1 | TS | ||||||
| 1 | 0 | ARQC | ||||||
| 1 | 1 | Reserved | ||||||
| 0 | Concatenated DDA / AC, implicitly requested | |||||||
| 1 | Combined DDA / AC, explicitly requested | |||||||
| X | X | X | X | X | Reserved |
Bits b8 and b7 of parameter P1 determine the type of cryptogram requested by the terminal. If the terminal requests the card to perform the dynamic card authentication procedure using the Combined DDA / AC Generation method, then bit b6 of the P1 parameter is set equal to 1. In the case when the data sent by the terminal to the card contains the Terminal Capabilities data object (Tag '9F33'), the value bit b6 of parameter P1 can be left equal to 0, since in this case the card is able to independently determine that the Combined DDA / AC Generation method will be used. This method of choosing the card authentication method is called the implicit choice of the Combined DDA / AC Generation method.
The command response data field consists of a BER-TLV encoded data object. There are two possible formats for presenting the response data field.
Format 1. The data object returned in the response message to the AC GENERATE command is a primitive data object with Tag '80'. Field
The Value of this object consists of the following data objects, concatenated without delimiters:
| Meaning | Availability |
| Cryptogram Information Data | Necessarily |
| Application Transaction Counter (АТС) | Necessarily |
| Application Cryptogram (AC) | Necessarily |
| Issuer Application Data | Not necessary |
Format 2. The data field of the R-APDU response block to the AC GENERATE command is a composite data object - a template with Tag '77'. The Value field of this object can contain multiple BER-TLV encoded objects. In this case, the presence of data objects Cryptogram Information Data, Application Transaction Counter and a cryptogram calculated by the card are required. If the format of the cryptogram is defined by the issuer, then the interpretation and use of the optional template data is outside the scope of the EMV specification.
Format 2 is mandatory when using the Combined Dynamic Data Authentication / GENE-RATE AC card authentication method.
The Cryptogram Information Data object returned in response to the AC GENERATE command has the following structure:
| B8 | B7 | B6 | B5 | B4 | bs | B2 | NS | Meaning |
| 0 | 0 | AAS | ||||||
| 0 | 1 | TS | ||||||
| 1 | 0 | ARQC | ||||||
| 1 | 1 | AAR | ||||||
| X | X | Payment system-defined cryptogram | ||||||
| 0 | Advice not required | |||||||
| 1 | Advice required | |||||||
| X | X | X | Reason / advice / referral code | |||||
| 0 | 0 | 0 | Information not provided | |||||
| 0 | 0 | 1 | Service not allowed | |||||
| 0 | 1 | 0 | The number of attempts to enter the PIN code has been exceeded | |||||
| 0 | 1 | 1 | Issuer authentication failed | |||||
| X | X | X | Other values are reserved |
MasterCard to A
Note that the values of bits b6 and b5 in the EMV specifications are 0. For a successful command SWl = '90'h, SW2 =' 00'h.
APPLICATION BLOCK (post-issuance command)
The APPLICATION BLOCK command blocks the selected application. The command has the following format:
| Code | Meaning |
| CLA | '8C'h or' 84'h |
| INS | 'lE'h |
| Pl | '00'h; other values are reserved |
| P2 | '00'h; other values are reserved |
| Lc | 4-8 bytes |
| Data | Message Authentication Code (MAC) |
| Le | Absent |
Only status bytes are present in the command response. The value SWl = '90'h, SW2 =' 00'h means that the command was executed successfully, regardless of whether the application was blocked before the command started executing.
APPLICATION UNBLOCK (post-issuance command)
The command unlocks a previously locked application. Upon successful completion of the APPLICATION UNBLOCK command, the restrictions set by the APPLICATION BLOCK command are removed. The command has the following format:
| Code | Meaning |
| CLA | '8C'h or' 84'h |
| INS | '18'h |
| Pl | '00'h; other values are reserved |
| P2 | '00'h; other values are reserved |
| Lc | 4-8 bytes |
| Data | Message Authentication Code (MAC) |
| Le | Absent |
The response contains only status bytes. The value SWl = '90'h, SW2 =' 00'h means that the command was successfully executed.
CARD BLOCK (post-issuance command)
The command permanently blocks all map applications, including those that can be implicitly selected. The command has the following format:
| Code | Meaning |
| CLA | '8C'h or' 84'h |
| INS | T6'h |
| Pl | '00'h; other values are reserved |
| P2 | '00'h; other values are reserved |
| Lc | 4-8 bytes |
| Data | Message Authentication Code (MAC) |
| Le | Absent |
The response contains only status bytes. The value SWl = '90'h, SW2-'00'h means that the command was successfully executed regardless of whether the card was already locked before starting the command.
After the successful execution of the CARD BLOCK command, all subsequent SELECT commands are completed with the response 'Function not supported' (SWlSW2 = '6A81'h) and no actions related to such commands are performed.
PIN CHANGE / UNBLOCK
(post-issuance command)
The command allows the issuer to either only unblock the PIN-code verification procedure, or simultaneously unlock the PIN-code verification procedure and change its value. In the process of executing the command, the card must perform the following actions:
- set the value of the counter PIN Try Counter equal to the value of PIN Try Limit;
- if required, change the PIN-code value.
MasterCard to A
The command has the following format:
| Code | Meaning |
| CLA | * 8C'h or '84'h |
| INS | '24'h |
| Pl | '00'h |
| P2 | '00', '01' or '02'h |
| Lc | 4-16 bytes |
| Data | Encrypted PIN + MAC value |
| Le | Absent |
In the EMV standard, P2 is' 00'h. The values 'Ol'h or' 02'h of parameter P2 are reserved for use by payment systems. If the encrypted value of the PIN-block is absent in the command data field, this means that only the unlocking of the PIN-code verification procedure is required. In this case, the value of the PIN does not change.
There is no data field in the command response. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
UPDATE RECORD (post-issuance command)
The command allows the issuer to change the entry in the linear file and has the following format:
| Code | Meaning |
| CLA | '04'h |
| INS | 'DC'h |
| Pl | Record number |
| P2 | Control parameter |
| Lc | Number of bytes in the Data field |
| Data | Recorded data + MAC |
| Le | Absent |
The most significant five bits of the value of the control parameter P2 (b8-b4) are equal to the name of the elementary SFI file, the record of which is changed by the issuer. The last three bits form the sequence '100' indicating that parameter P1 is the record number.
The data field of the command contains the data to be recorded and the value of the Message Authentication Code (MAC) used to ensure the integrity of the data transmitted by the issuer and to authenticate the issuer.
There is no data field in the command response. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
PUT DATA (post-issuance command)
The command allows the issuer to modify data that is not stored in linear files, and has the following structure:
| Code | Meaning |
| CLA | '04'h |
| INS | 'DA'h |
| Pl, P2 | Modified parameter tag |
| Lc | Variable value |
| Data | New parameter value |
| Le | Absent |
The command data field contains the new parameter value and the value of the Message Authentication Code (МАС) used to ensure the integrity of the data transmitted by the issuer and to authenticate the issuer.
There is no data field in the command response. For a successfully completed command SWl = '90'h, SW2 =' 00'h.
