Implementing Electronic Card Payment Systems (Artech House Computer Security Series)

2017-07-07 02:10:07

A

Access control, 369

Accumulators, 281-83

application off-line, 283

application period, 282

card off-line, 283

card period, 282

limit parameters, 282-83

See also Card risk management (CRM)

Acquirer

in counterfeit transactions, 234-35

defined, 15

fallback requirements, 233

in fraudulent transactions, 235

host (AH), 37

in message flows, 41-45

node (AN), 37

parameters, 197-98

security policies, 203

Action codes, 201-3

issuer, 201-2

terminal, 203

Administration-to-consumer (A2C) payment, 1

AES block cipher, 402-4

AFL, 141-42

AEF file entries, 141-42

defined, 141

EMV ¢ debit/credit, 154-56

EMV ¢ debit/credit, processing, 156-58

See also Signed static application data

Algorithmic state machines (ASM), 67

Amount authorized per cycle period parameter, 23

Amount remaining this cycle parameter, 23

Anonymity, 300-302

Answer-to-reset (ATR), 93

Application Cryptogram (AC)

case 1 computation, 213-14

case 2 computation, 214-15

computation, 208-17

defined, 204, 212

generation, 211

generation conditions, 161

master key for, 213

verification, 215-17

Application definition files (ADFs), 84-86

as application data container, 85

Application Label (tag 50), 101

Application Preferred Name (tag 9F12), 101

Application Priority Indicator (tag 87), 101-2

defined, 99

DF Name (tag 84), 100

direct application selection service and, 103

directory entries, 114

elements, 84-85

in EMV ¢ file system, 99-106

FCI Issuer Discretionary Data (tag BF0C), 102-3

FCI of, 100

Insert Code Table Index (tag 9F11), 101

Language Preference (tag 5F2D), 101

partial name selection, 103-6

Processing Options Data Object List (tag 9F38), 102

referencing, 84

structure, 99

Application Effective Date, 178, 272-73

Application elementary files (AEFs), 83

AFL, 141-42

data template example, 109

defined, 106

EMV ¢ debit/credit application, 148

in EMV ¢ file system, 106-8

with SFI in range of 1 to 10, 106-7

with SFI in range of 11 to 20, 107-8

with SFI in range of 21 to 30, 107-8

storing directory file, 108

Application Expiration Date, 178, 272-73

Application Interchange Profile (AIP)

defined, 87

EMV ¢ debit/credit, 154-56

Application protocols (layer 7), 65

Applications. See Card applications; E-commerce applications

Application Transaction Counter (ATC), 74, 154

Application Usage Control, 175-78, 271-72

Application Version Number, 174-75, 272

Asymmetric cryptographic support, 87-90

Asymmetric encryption, 375-76

Asymmetric PIN verification, 390-91

ATM terminal

payment message forwarding, 12

processing, 10-11

RAM, 10

Authentication

cardholder account, 303

data, 301-2, 367

data (SET), 320

dynamic card, 368

dynamic data (DDA), 94, 148, 165-74

entity, 302-3

entity (SET), 320

issuer, 221-22, 368

issuer, error, 276, 283-84

off-line card, 368

on-line card, 368

signed dynamic data, 173-74

static card, 368

terminal, 368

Authentication services (AS), 301-2

Authorization

in EMV ¢ debit/credit transaction, 151

message, 13

on-line, not completed, 276

payment (SET), 323, 328-31

request/response, 218-21, 353-54

request response message, 47

Authorization request cryptogram (ARQC), 204

Authorization Response Code (ARC), 220

AuthReq, 328-29, 353

AuthRes, 329-31, 354

Категории

Search