Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
Let's consider a possible implementation of an FCI object for a DF file. The data objects contained in the FCI are shown in table. 3.4.
Tab. 3.4. FCI Objects for DF File
The File Descriptor Data Element (Tag '82') specifies to the card operating system that the file in question is a directory.
The File Identifier Data Element (Tag '83') is encoded in two bytes and takes on a value unique to the card (uniqueness must be controlled by the card's operating system during DF file creation). The File Identifier element is used to uniquely identify a DF file from other files in the card's file system. According to ISO 7816-4, the File Identifier data object for an MF file is fixed at '3F00'h.
The DF Name data element is also used to identify the file and is up to 16 bytes long.
The DF Attributes data item contains 3 bytes, of which the first byte is used to encode the value of the DF Nature data item, and the last 2 bytes are used to encode the size of the EEPROM available for the file, expressed in bytes. In many implementations, the DF file is not fixed in size. When creating it, the operating system does not allocate EEPROM areas that will contain files belonging to the DF file. Therefore, in such implementations, the value of the last two bytes of the DF Attributes data item is the same as the size of the entire application-accessible EEPROM.
The DF Nature Data Element (1 byte) contains the following identifiers:
In the IPC for DF and EF files, various conditions are defined under which one or another command associated with creating / deleting a file, creating a file record, processing file data, can be executed. These conditions are called the conditions of access (access conditions). Command access conditions are defined at the IPC file level and are set in the FCI file header.
The coding and designation of all possible access conditions are given in table. 3.5.
Tab. 3.5. Access conditions coding
The content of the command access conditions is defined as follows:
The FCI Proprietary Template Item is required for EMV applications. It defines the data required to select the application and Application Interchange Profile, to display the application name on the terminal display, and the data required to process the transaction using the selected application. (This will be discussed in more detail when describing the application selection command in section 3.10.)
According to ISO 7816-4, there are two ways to reference a DF file in order to select the latter:
1) link using FID (File Identifier). In this case, the terminal must know the file structure of the card, and before it selects the DF file, all directories containing it (parent directories) must first be selected (opened). For example, in the case of the file structure shown in Fig. 3.1, in order to select the DF21 file by FID, the terminal must first select the MF file, then the 0E2 file and only then the 0E21 file;
MasterCard
^? 9
2) link using DF Name. In this case, the terminal can select the DF file without first selecting the directories containing it.
Tab. 3.4. FCI Objects for DF File
| Tag | Data object content |
| '82'h | File Descriptor |
| '83'h | File Identifier |
| '84'h | DF Name (file name) |
| '85'h | DF Attributes |
| '86'h | Conditions for creating DF and EF child files |
| A5'h | FCI Proprietary Template |
The File Descriptor Data Element (Tag '82') specifies to the card operating system that the file in question is a directory.
The File Identifier Data Element (Tag '83') is encoded in two bytes and takes on a value unique to the card (uniqueness must be controlled by the card's operating system during DF file creation). The File Identifier element is used to uniquely identify a DF file from other files in the card's file system. According to ISO 7816-4, the File Identifier data object for an MF file is fixed at '3F00'h.
The DF Name data element is also used to identify the file and is up to 16 bytes long.
The DF Attributes data item contains 3 bytes, of which the first byte is used to encode the value of the DF Nature data item, and the last 2 bytes are used to encode the size of the EEPROM available for the file, expressed in bytes. In many implementations, the DF file is not fixed in size. When creating it, the operating system does not allocate EEPROM areas that will contain files belonging to the DF file. Therefore, in such implementations, the value of the last two bytes of the DF Attributes data item is the same as the size of the entire application-accessible EEPROM.
The DF Nature Data Element (1 byte) contains the following identifiers:
- DF Phase Indicator - indicates the phase in which the DF file is located. Possible indicator values: Personalization Phase, Utilization Phase, Block Phase;
- Payment System Indicator - indicates if the DF file corresponds to any payment application;
- Autonomous Security Management Indicator — Indicates whether the application identified by the DF file is using its own keying system, or whether keys are used that are common to all card applications.
- PIN Management Supported Indicator — Indicates whether the application identified by the DF file uses its own PIN value, or whether a common PIN value is applied across all card applications.
In the IPC for DF and EF files, various conditions are defined under which one or another command associated with creating / deleting a file, creating a file record, processing file data, can be executed. These conditions are called the conditions of access (access conditions). Command access conditions are defined at the IPC file level and are set in the FCI file header.
The coding and designation of all possible access conditions are given in table. 3.5.
Tab. 3.5. Access conditions coding
| Access conditions | Content |
| '0' = (0000) | Is always |
| T = (0001) | AUTH |
| '4' = (0100) | MAC |
| '8' = (1000) | ENC |
| 'C' = (1100) | ENC + МАС |
| * 9 '= (1001) | AUTH + ENC |
| l D '= (1101) | AUTH + ENC + МАС |
| T '= (1111) | Never |
The content of the command access conditions is defined as follows:
- Always - the command is executed without any restrictions;
- AUTH - the command is executed if the command issuer is successfully authenticated;
- МАС - the command is executed if the integrity of the command data is successfully checked;
- ENC - the command is executed taking into account the encryption of its data;
- ENC 4-МАС - the command is executed under the condition of successful verification of the integrity of its data and taking into account the encryption of the command data;
- AUTH + ENC - the command is executed under the condition of successful authentication of the issuer of the command and taking into account the encryption of its data;
- AUTH + ENC + MAC - the command is executed on condition of successful authentication of the command issuer, successful verification of the command data integrity and taking into account the encryption of the command data;
- Never - the command is not executed under any circumstances.
The FCI Proprietary Template Item is required for EMV applications. It defines the data required to select the application and Application Interchange Profile, to display the application name on the terminal display, and the data required to process the transaction using the selected application. (This will be discussed in more detail when describing the application selection command in section 3.10.)
According to ISO 7816-4, there are two ways to reference a DF file in order to select the latter:
1) link using FID (File Identifier). In this case, the terminal must know the file structure of the card, and before it selects the DF file, all directories containing it (parent directories) must first be selected (opened). For example, in the case of the file structure shown in Fig. 3.1, in order to select the DF21 file by FID, the terminal must first select the MF file, then the 0E2 file and only then the 0E21 file;
MasterCard
^? 9
2) link using DF Name. In this case, the terminal can select the DF file without first selecting the directories containing it.
