Você está na página 1de 182
Welcome to Visa Integrated Circuit Card Application Overview The Visa Integrated Circuit Card (ICC) Application
Welcome to Visa Integrated Circuit Card Application Overview The Visa Integrated Circuit Card (ICC) Application

Welcome to

Visa Integrated Circuit Card Application Overview

The Visa Integrated Circuit Card (ICC) Application Overview has been updated. Please see the Chapter 1, Section 1.6, “Impact Summary” for information on what has changed from Visa ICC Specification (VIS) version 1.3.2.

This document is the final copy of the Visa ICC Specification version 1.4.0. It reflects changes from the copy published on the Visa website in April 2001. These changes are noted in a separate changes list available on the Visa website. It is important that Visa staff, members, and vendors review the changes list.

If you have any comments regarding this manual, please contact your regional representative. Your opinion is important to us.

Effective:

31 October 2001

Visa Integrated Circuit Card  Visa International 1998, 1999, 2001 Application Overview Version 1.4.0 Effective:

Visa Integrated Circuit Card

Visa International 1998, 1999, 2001

Application Overview Version 1.4.0

Effective: 31 October 2001

5101-03

1998, 1999, 2001 Visa International Service Association. All rights reserved. Permission to copy and implement the material contained herein is granted subject to the conditions that (i) any copy or re-publication must bear this legend in full, (ii) any derivative work must bear a notice that it is not the Visa Integrated Circuit Card Specification published by Visa, and (iii) Visa shall have no responsibility or liability whatsoever to any other party arising from the use or publication of the material contained herein.

Visa makes no representation or warranty regarding whether any particular physical implementation of any part of this Specification does or does not violate, infringe, or otherwise use the patents, copyrights, trademarks, trade secrets, know-how, and/or other intellectual property of third parties, and thus any person who implements any part of this Specification should consult an intellectual property attorney before any such implementation. Any party seeking to implement this Specification is solely responsible for determining whether their activities require a license to any technology including, but not limited to, patents on public key encryption technology. Visa International Service Association shall not be liable for any party’s infringement of any intellectual property right.

shall not be liable for any party’s infringement of any intellectual property right. Printed on recycled

Printed on recycled paper.

Contents

Chapter 1 • About This Specification

1.1 Audience

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–2

1.2 VIS Update

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–2

1.3 Terminology

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–3

 

1.3.1 Mandatory/Required/Recommended/Optional

 

.

.

.

.

.

.

.

.

.

.

.

1–3

1.3.2 Card/Integrated Circuit

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–3

1.3.3 Terminated Transactions .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–3

1.4 Document Structure .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–4

 

1.4.1 Volume Overview

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–4

1.4.2 Chapter Overview

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–4

1.4.3 Subheading Overview .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–6

1.5 Revisions to This Specification .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–6

1.6 Impact Summary

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–7

 

1.6.1

Terminal

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–7

 

1.6.1.1 Mandatory .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–7

1.6.1.2 Optional .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–7

 

1.6.2

Card

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–8

 

1.6.2.1 Mandatory .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–8

1.6.2.2 Optional .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–8

Draft 12/18/00

Contents

Visa Integrated Circuit Card Application Overview, Version 1.4.0

 

1.7

Reference Materials

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–10

 

1.7.1 International Organisation for Standardisation (ISO) Documents .

.

.

.

1–10

1.7.2 EMV Documents

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–11

1.7.3 Visa Documents

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

1–11

Chapter 2 • Processing Overview

 
 

2.1 Functional Overview

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–1

 

2.1.1 Application Selection (mandatory) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–1

2.1.2 Initiate Application Processing/Read Application Data (mandatory) .

.

.

. 2–2

2.1.3 Offline Data Authentication

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–2

2.1.4 Processing Restrictions (mandatory) .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–3

2.1.5 Cardholder Verification (mandatory) .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–3

2.1.6 Terminal Risk Management (mandatory)

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–3

2.1.7 Terminal Action Analysis (mandatory)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–4

2.1.8 Card Action Analysis (mandatory) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–4

2.1.9 Online Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–4

2.1.10 Issuer-to-Card Script Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–5

2.1.11 Completion (mandatory) .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–5

 

2.2 Mandatory and Optional Functionality

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–7

 

2.2.1 Card Functional Requirements .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–7

2.2.2 Terminal Functional Requirements

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 2–9

2.2.3 Command Support Requirements .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–11

 

2.3 Visa Low-Value Payment (VLP) Feature .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–12

 

2.3.1

Overview

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

2–12

Chapter 3 • Application Selection

 
 

3.1 Card Data

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 3–2

3.2 Terminal Data .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 3–3

3.3 Commands .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 3–3

Draft 12/18/00

Visa Integrated Circuit Card

Contents

Application Overview, Version 1.4.0

 

3.4 Building the Candidate List

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–4

3.5 Identifying and Selecting the Application .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–4

3.5.1 Terminal Makes Application Decision .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–4

 

3.5.2 Cardholder Makes Account Decision

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–5

 

3.5.2.1 Terminal Supports Cardholder Confirmation .

.

.

.

.

.

.

.

.

.

3–5

3.5.2.2 Terminal Supports Cardholder Selection

 

.

.

.

.

.

.

.

.

.

.

.

3–5

 

3.6 Flow

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–6

3.7 Subsequent Related Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

3–7

Chapter 4 • Initiate Application Processing

 
 

Card Data .

4.1 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–2

Terminal Data

4.2 .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–3

4.3 GET PROCESSING OPTIONS Command

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–3

4.4 Terminal Processing .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–3

4.5 Card Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–4

4.6 Terminal Processing .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–4

4.7 Flow

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–5

4.8 Prior Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–6

4.9 Subsequent Related Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

4–6

Chapter 5 • Read Application Data

 
 

5.1 Card Data .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–2

5.2 Terminal Data

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

5.3 READ RECORD Command .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

5.4 Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–3

5.5 Flow

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–4

5.6 Prior Related Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–5

5.7 Subsequent Related Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

5–5

Draft 12/18/00

Contents

Visa Integrated Circuit Card Application Overview, Version 1.4.0

Chapter 6 • Offline Data Authentication

 

6.1 Keys and Certificates

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–3

 

6.1.1 Visa Certificate Authority (CA)

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–3

6.1.2 RSA Key Pairs

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–3

 

6.1.2.1 Visa Public/Private Keys

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–3

6.1.2.2 Issuer Public/Private Keys

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–3

6.1.2.3 ICC Public/Private Keys

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–4

 

6.1.3 SDA Key, Certificate, and Signature Relationships

 

.

.

.

.

.

.

.

.

.

. 6–4

6.1.4 DDA Key, Certificate, and Signature Relationships

 

.

.

.

.

.

.

.

.

.

. 6–5

 

6.2 Determining Whether to Perform SDA or DDA

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–7

6.3 Static Data Authentication (SDA)

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–8

 

6.3.1

SDA Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

. 6–9

 

6.4 Dynamic Data Authentication (DDA)

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–11

 

6.4.1 Data Elements for DDA Processing

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–11

6.4.2 Standard DDA Processing .

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–13

6.4.3 Combined DDA/AC Generation Processing

.

.

.

.

.

.

.

.

.

.

.

.

6–14

 

6.5 Prior Related Processing

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–16

6.6 Subsequent Related Processing .

 

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

6–16

Chapter 7 • Processing Restrictions

 
 

7.1 Card Data

.