sb84 cpa verify clarification 20101222060000706
TRANSCRIPT
-
8/3/2019 SB84 CPA Verify Clarification 20101222060000706
1/4
1994-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials) shall bepermitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at
http://www.emvco.com/.
Page 1
Specification Bulletin No. 84First Edition December 2010
CPA Specification UpdateThis specification update clarifies the sequence of checking performed by a CPA
compliant card in performing Offline Enciphered PIN.
Applicability
This Specification Update Bulletin applies to:
EMV Integrated Circuit Card Specifications for Payment Systems Common PaymentApplication Specification Version 1.0
Description
EMV Book 2 Security and Key ManagementSection 7.2 defines the sequence of checkingto be performed for Offline Enciphered PIN. The CPA specification is less clear on thissequence, and the related flow chart is incorrect.
The purpose of this Specification Bulletin is to clarify this checking in the CPA specificationand to correct the flow chart. Although this bulletin is immediately applicable it has no impacton functional testing.
Specification Change Notice
In the CPA specification, Section 12.7.2.2 please replace the text shown on the followingpage with the label 'Original text' with the text shown below with the label 'Replacement text':
http://www.emvco.com/http://www.emvco.com/http://www.emvco.com/ -
8/3/2019 SB84 CPA Verify Clarification 20101222060000706
2/4
1994-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials) shall bepermitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at
http://www.emvco.com/.
Page 2
Original text:
Req 12.30 (Check format of recovered data):After deciphering the Transaction PIN Data, if the recovered data does not meetbothofthe following conditions:
the recovered ICC Unpredictable Number matches the ICC Unpredictable Number
sent in the response to the GETCHALLENGEcommand immediately preceding theVERIFYcommand,
andthe recovered Data Header has the value '7F',then the application:
shall fail PIN Verification
shall set the Offline PIN Verification Performed and PIN Not Successfully Verified bitin the CVR to the value 1b.
shall discontinue processing the VERIFYcommand, shall respond with an SW1 SW2that indicates an error, and should respond with SW1 SW2 = '6984' (Command notallowed; referenced data invalidated).
Otherwise the application shall continue with verification of the recovered PIN Block.
Replacement text:
Req 12.30 (Check format of recovered data):After deciphering the Transaction PIN Data, the application shall check that the recoveredICC Unpredictable Number matches the ICC Unpredictable Number sent in the response tothe GETCHALLENGEcommand immediately preceding the VERIFYcommand.
If the recovered ICC Unpredictable Number does not match the ICC Unpredictable Numbersent in the GETCHALLENGEresponse, then the application shall not check the value of therecovered Data Header. Otherwise, the application shall check the value of the recoveredData Header.
The application shall continue with verification of the recovered PIN block only ifbothof thefollowing are true:
the recovered ICC Unpredictable Number matches the ICC Unpredictable Numbersent in the GETCHALLENGEresponse immediately preceding the VERIFYcommand,
andthe recovered Data Header has the value '7F'.Otherwise the application:
shall fail PIN Verification
shall set the Offline PIN Verification Performed and PIN Not Successfully Verified bitin the CVR to the value 1b.
shall discontinue processing the VERIFYcommand, shall respond with an SW1 SW2that indicates an error, and should respond with SW1 SW2 = '6984' (Command notallowed; referenced data invalidated).
http://www.emvco.com/http://www.emvco.com/http://www.emvco.com/ -
8/3/2019 SB84 CPA Verify Clarification 20101222060000706
3/4
1994-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials) shall bepermitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at
http://www.emvco.com/.
Page 3
The lower section of the flow diagram on CPA Page 12-23 (shown below) shows thechecking process in a different order from what EMV Book 2requires. Please replace thissection of this original flow diagram with the replacement flow diagram section shown on thefollowing page.
Original section of flow diagram on Page 12-23:
http://www.emvco.com/http://www.emvco.com/http://www.emvco.com/ -
8/3/2019 SB84 CPA Verify Clarification 20101222060000706
4/4
1994-2010 EMVCo, LLC (EMVCo). All rights reserved. Any and all uses of the EMV Specifications (Materials) shall bepermitted only pursuant to the terms and conditions of the license agreement between the user and EMVCo found at
http://www.emvco.com/.
Page 4
Replacement section of flow diagram:
decipherPIN
data
Y
SetOfflinePINVerificationPerformedandPINNot
SuccessfullyVerifiedin
CVRto1b
Recovered
data[10-17]
(challenge)=
ICCUnpredictable
Numbersentin
GETCHALLENGE
response?
Recovered
data[1](header)
='7F'?
PIN check
N
sw12='6984'
sw12='6984'
12.7.2.2.12.7.2.2.
12.7.2.2.
12.7.2.2.
N
Y
http://www.emvco.com/http://www.emvco.com/http://www.emvco.com/