Emvpub

EMV Terminal Public Key
Management Requirements
EMVCo, LLC
Version 1.0
March 31, 1999
Copyright 1999 EMVCo, LLC. All rights reserved. This document contains proprietary
information of EMVCo, LLC. Permission to copy the materials contained herein is granted
subject to the following conditions: (i) that all pages of all copies must reproduce this
paragraph in full; and (ii) that EMVCo, LLC shall not have any responsibility or liability
whatsoever to any other party from the use or publication of the material contained herein.
These materials and the information they contain are provided AS IS WHERE IS and WITH
ALL FAULTS and EMVCo, LLC neither assumes nor accepts any liability for any errors or
omissions contained in these materials. EMVCO, LLC MAKES NO REPRESENTATIONS OR
WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, WITH RESPECT TO THE MATERIALS AND
INFORMATION CONTAINED HEREIN. EMVCO, LLC SPECIFICALLY DISCLAIMS ALL REPRESENTATIONS
AND WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.
WITHOUT LIMITATION, EMVCO, LLC SPECIFICALLY DISCLAIMS ALL REPRESENTATIONS AND
WARRANTIES WITH RESPECT TO INTELLECTUAL PROPERTY SUBSISTING IN OR RELATING TO THESE
MATERIALS OR ANY PART THEREOF, INCLUDING BUT NOT LIMITED TO ANY AND ALL IMPLIED
WARRANTIES OF TITLE, NON-INFRINGEMENT OR SUITABILITY FOR ANY PURPOSE (WHETHER OR NOT
EMVCO HAS BEEN ADVISED, HAS REASON TO KNOW, OR IS OTHERWISE IN FACT AWARE OF ANY
INFORMATION). Users of the information contained in these materials are solely responsible
for identifying and obtaining any and all patent or other intellectual property licenses that may
be needed for products or services developed in connection with these materials.
March 31, 1999
Version 1.0
TABLE OF CONTENTS
1. SCOPE
2. REFERENCES
3. CERTIFICATION AUTHORITY PUBLIC KEY INTRODUCTION
4. CERTIFICATION AUTHORITY PUBLIC KEY STORAGE
5. CERTIFICATION AUTHORITY PUBLIC KEY USAGE
6. CERTIFICATION AUTHORITY PUBLIC KEY WITHDRAWAL
Copyright 1999 EMVCo, LLC. All rights reserved. This document contains proprietary information of EMVCo, LLC.
Permission to copy the materials contained herein is granted subject to the following conditions: (i) that all pages of all copies
must reproduce this paragraph in full; (ii) that any copy of all or any part of these materials be accompanied by the legal notice
in the form appearing on the first page of these materials; and (ii) that EMVCo, LLC shall not have any responsibility or liability
whatsoever to any other party from the use or publication of the materials contained herein.
March 31, 1999
1.
Version 1.0
Scope
Static data authentication and dynamic data authentication as specified in Part IV of the
EMV 96 IC Card Specification for Payment Systems, Version 3.1.1 requires the presence
in terminals of Payment System specific Certification Authority Public Keys necessary to
verify the Signed Static Application Data and Signed Dynamic Application Data.
This document specifies the requirements for the management by the Acquirers of the
Certification Authority Public Keys in the terminals. The requirements cover the following
phases:
Introduction of a Certification Authority Public Key in a terminal
Storage of a Certification Authority Public Key in a terminal
Usage of a Certification Authority Public Key in a terminal
Withdrawal of a Certification Authority Public Key from a terminal.
For more details on the management of the Certification Authority Public Keys in general,
see EMV Public Key Revocation Principles and Policies, Version 1.0.
March 31, 1999
2.
Version 1.0
References
EMVCo, LLC
Integrated Circuit Card Specification for Payment Systems,

version 3.1.1, 31 May 1998
EMVCo, LLC
Integrated Circuit Card Terminal Specification for Payment

Systems, version 3.1.1, 31 May 1998
EMVCo, LLC
Integrated Circuit Card Application Specification for

Payment Systems, version 3.1.1, 31 May 1998
EMVCo, LLC
EMV Public Key Revocation Principles and Policies,

version 1.0, March 31, 1999
March 31, 1999
3.
Version 1.0
Certification Authority Public Key

Introduction
When a Payment System has decided that a new Certification Authority Public Key is to
be introduced, a process is executed that ensures the distribution of the new key from the
Payment System to each Acquirer. It is then the Acquirers responsibility to ensure that
the new Certification Authority Public Key and its related data (see Section 4) is conveyed
to its terminals.
The following principles apply to the introduction of a Certification Authority Public Key
from an Acquirer to its terminals:
The terminal must be able to verify that it received the Certification Authority Public
Key and its related data error-free from the Acquirer.
The terminal must be able to verify that the received Certification Authority Public
Key and related data originated from its legitimate Acquirer.
The Acquirer must be able to confirm that the new Certification Authority Public Key
was indeed introduced correctly in its terminals.
March 31, 1999
4.
Version 1.0
Certification Authority Public Key Storage
Terminals that support Static Data Authentication and/or Dynamic Data Authentication
shall provide support for six Certification Authority Public Keys per Registered
Application Provider Identifier (RID) for Europay, MasterCard and Visa debit/credit
applications based on EMV 96 IC Card Specification for Payment Systems, Version
3.1.1.
Each Certification Authority Public Key is uniquely identified by the 5-byte RID that
identifies the Payment System in question, and the 1-byte Certification Authority Public
Key Index, unique per RID and assigned by that Payment System to a particular
Certification Authority Public Key.
For each Certification Authority Public Key, the minimum set of data elements that has to
be available in the terminal is specified in Table 1.
The RID and the Certification Public Key Index together uniquely identify the
Certification Authority Public Key and associate it with the proper Payment System.
The Certification Authority Public Key Algorithm Indicator identifies the digital signature
algorithm to be used with the corresponding Certification Authority Public Key. The only
currently acceptable value is hexadecimal 01, indicating the usage of the RSA algorithm
in the digital signature scheme as specified in the annexes E2.1 and F2.1 of the EMV 96,
Integrated Circuit Card Specification for Payment Systems, Version 3.1.1. The Hash
Algorithm Indicator specifies the hashing algorithm to produce the Hash-Result in the
digital signature scheme. The only currently acceptable value is hexadecimal 01,
indicating the usage of the SHA-1 algorithm.
The Certification Authority Public Key Check Sum is the technique specified in the EMV
96, Integrated Circuit Card Terminal Specification for Payment Systems, Version
3.1.1, to ensure that a Certification Authority Public Key and its related data is received
error-free. The terminal may use this data element to subsequently re-verify the integrity of
a Certification Authority Public Key and its related data. Alternately, the terminal may use
another technique to ensure the integrity of this data.
The terminal implementation shall ensure that the environment in which the Certification
Authority Public Keys are stored satisfies the security requirements specified the EMV 96
Integrated Circuit Card Terminal Specification for Payment Systems, Version 3.1.1,
when applicable.
The integrity of the stored certification Authority Public Keys should be verified
March 31, 1999
Version 1.0
periodically.
Name
Length
Description
Format
Registered Application Provider

Identifier (RID)
Identifies the Payment System to

which the Certification Authority
Public Key is associated

Index
Identifies the Certification

Authority Public Key in
conjunction with the RID
Certification Authority Hash

algorithm Indicator1
Identifies the hash algorithm used

to produce the Hash Result in the
digital signature scheme

Algorithm Indicator1
Identifies the digital signature

algorithm to be used with the

Modulus
Var.
Value of the modulus part of the

(max 248)
Exponent
1 or 3
Value of the exponent part of the

Certification Authority Public Key,
equal to 2, 3 or 216+1

Check Sum
20
A check value calculated on the

concatenation of all parts of the
certification Authority Public Key
(RID, Certification Authority
Public Key Index, Certification
Authority Public Key Modulus,
Exponent) using SHA-1
Table 1 Minimum Set of Certification Authority Public Key Related Data

The Certification Authority Hash Algorithm and Public Key Algorithm Indicators are new
data elements. Use of these data elements is not specified in the EMV 96 Integrated Circuit
Card Specifications for Payment Systems, Version 3.1.1, but will be addressed in the next
release of the specifications.
1
March 31, 1999
Version 1.0
Elements to be Stored in the Terminal
March 31, 1999
5.
Version 1.0
Certification Authority Public Key Usage
The usage of a Certification Authority Public Key during a transaction shall be as specified
in the EMV 96 Integrated Circuit Card Specification for Payment Systems,Version 3.1.1,
and the EMV96 Integrated Circuit Card Application Specification for Payment Systems,
Version 3.1.1.
March 31, 1999
6.
Version 1.0
Certification Authority Public Key Withdrawal
When a Payment System has decided to revoke one of its Certification Authority Public
Keys, an Acquirer must ensure that this Certification Authority Public Key can no longer
be used in its terminals for Static and Dynamic Data Authentication during transactions as
of a certain date.
The following principles apply for the withdrawal by an Acquirer of Certification
Authority Public Keys from its terminals:
The terminal must be able to verify that it received the withdrawal notification errorfree from the Acquirer.
The terminal must be able to verify that the received withdrawal notification
originated from its legitimate Acquirer.
The Acquirer must be able to confirm that a specific Certification Authority Public
Key was indeed withdrawn correctly from its terminals.
For more details on Certification Authority Public Key revocation and the corresponding
timescales involved, see EMV Public Key Revocation Principles and Policies, Version
1.0.

Emvpub

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Emvpub

Transféré par

Droits d'auteur :

Formats disponibles

EMV Terminal Public Key

March 31, 1999

3. CERTIFICATION AUTHORITY PUBLIC KEY INTRODUCTION

4. CERTIFICATION AUTHORITY PUBLIC KEY STORAGE

5. CERTIFICATION AUTHORITY PUBLIC KEY USAGE

6. CERTIFICATION AUTHORITY PUBLIC KEY WITHDRAWAL

March 31, 1999

March 31, 1999

Integrated Circuit Card Specification for Payment Systems,

Integrated Circuit Card Terminal Specification for Payment

Integrated Circuit Card Application Specification for

EMV Public Key Revocation Principles and Policies,

March 31, 1999

Certification Authority Public Key

March 31, 1999

Certification Authority Public Key Storage

March 31, 1999

Registered Application Provider

Identifies the Payment System to

Certification Authority Public Key

Identifies the Certification

Certification Authority Hash

Identifies the hash algorithm used

Certification Authority Public Key

Identifies the digital signature

Certification Authority Public Key

Value of the modulus part of the

Value of the exponent part of the

Certification Authority Public Key

A check value calculated on the

Table 1 Minimum Set of Certification Authority Public Key Related Data

March 31, 1999

Elements to be Stored in the Terminal

March 31, 1999

Certification Authority Public Key Usage

March 31, 1999

Certification Authority Public Key Withdrawal

Vous aimerez peut-être aussi