UnionPay Integrated Circuit Card Specifications

— Product Specifications

Part II Extended Purchase Specification Based on Contactless Low-value

Payment Application

Version 2014
THIS PAGE IS INTENTIONALLY LEFT BLANK.
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Table of Contents
SUMMARY OF REVISIONS.................................................................................................... 1

1 APPLICATION SCOPE ....................................................................................................... 2

2 REFERENCES ...................................................................................................................... 3

3 TERMS AND DEFINITIONS.............................................................................................. 4

3.1 CAPP records ........................................................................................................................ 4

3.2 Command .............................................................................................................................. 4

3.3 Comprehensive application specified file .............................................................................. 4

3.4 Comprehensive application cyclic file ................................................................................... 4

3.5 Cryptogram ............................................................................................................................ 4

3.6 Deposit deduction .................................................................................................................. 4

3.7 electronic cash (EC)............................................................................................................... 4

3.8 Electronic cash balance ......................................................................................................... 4

3.9 Electronic cash funds limit .................................................................................................... 4

3.10 Identify number ..................................................................................................................... 4

3.11 Proximity payment systems environment .............................................................................. 5

3.12 Load ....................................................................................................................................... 5

3.13 Response ................................................................................................................................ 5

3.14 Offline pre-authorization ....................................................................................................... 5

3.15 offline pre-authorization completion ..................................................................................... 5

3.16 Script ..................................................................................................................................... 5

3.17 section purchase ..................................................................................................................... 5

3.18 Terminal ................................................................................................................................ 5

4 SYMBOLS AND ACRONYMS ........................................................................................... 6

5 TRANSACTION PROCESS OF DEDUCTION BY SEGMENT ................................... 10

5.1 Flow Chart for Deduction by Segment Transactions ........................................................... 11

5.2 Description of Deduction by Segment Transaction Process ................................................ 12

5.2.1 Selection of Applications .......................................................................................... 12

5.2.2 Application Initialization .......................................................................................... 13

UPI Confidential i
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

5.2.3 Process of Deduction by Segment............................................................................. 14

5.2.4 Reading Card Data Content ..................................................................................... 14

5.2.5 Terminal Action Analysis .......................................................................................... 15

5.2.6 Completion Processing ............................................................................................. 15

5.2.7 Support Special Processing of Deduction by Segment and Deposit Deduction

Functions .................................................................................................................. 15

5.3 Description of the transaction process of second-currency deduction by segment .............. 16

5.3.1 Initiate application ................................................................................................... 17

5.3.2 Read Application Data In the second-currency deduction by segment

transaction, the card will carry on with the following procedure after
processing GPO command ....................................................................................... 18

5.3.3 Special Handling in deduction by segment transaction............................................ 18

6 OFFLINE PRE-AUTHORIZATION TRANSACTION PROCESS .............................. 21

6.1 Flow Chart of Offline Pre-authorization Transaction .......................................................... 22

6.2 Description of Offline Pre-authorization Transaction Process ............................................ 23

6.2.1 Selection of Applications .......................................................................................... 23

6.2.2 Application Initialization .......................................................................................... 25

6.2.3 Offline Pre-authorization Process ............................................................................ 27

6.2.4 Read Card Data Contents......................................................................................... 28

6.2.5 Terminal Action Analysis .......................................................................................... 28

6.2.6 Completion Process .................................................................................................. 28

6.2.7 Special Processing for Completion of Offline Pre-authorization Transaction ......... 29

6.2.8 Load and Inquiry Operations for Offline Pre-authorization in Non-completion

State .......................................................................................................................... 29

7 SINGLE DEDUCTION DISCOUNT PROCESS FLOW ................................................ 31

8 SECURITY REQUIREMENTS ........................................................................................ 35

8.1 Description of Key............................................................................................................... 35

8.2 Security Mechanism ............................................................................................................ 35

9 PERSONALIZATION REQUIREMENTS FOR EXTENDED APPLICATION ......... 37

APPENDIX A PROPRIETARY FILE FOR EXTENDED APPLICATION ................ 38

A.1 READ CAPP DATA (read extended application data) Command ...................................... 38

UPI Confidential ii
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

A.1.1 Definition and Scope ................................................................................................ 38

A.1.2 Command Message................................................................................................... 38

A.1.3 Data field of the command message is an ID number of 2 bytes. ............................. 39

A.1.4 Response Message Data field ................................................................................... 39

A.1.5 Status Code of Response Message ............................................................................ 39

A.2 UPDATE CAPP DATA CACHE (Update Data Cache) Command .................................... 40

A.2.1 Definition and Scope ................................................................................................ 40

A.2.2 Command Message................................................................................................... 41

A.2.3 Command Message Data Field ................................................................................ 42

A.2.4 Response Message Data Field.................................................................................. 42

A.2.5 Response Message Status Code ................................................................................ 42

A.3 APPEND RECORD Command ........................................................................................... 43

A.3.1 Definition and Scope ................................................................................................ 43

A.3.2 Command Message................................................................................................... 43

A.3.3 Command Message Data Field ................................................................................ 44

A.3.4 Response Message Data Field.................................................................................. 44

A.3.5 Response Message Status Code ................................................................................ 44

A.4 GET TRANS PROVE (Get Offline Transaction Application Cryptogram) Command ...... 45

A.4.1 Definition and Scope ................................................................................................ 45

A.4.2 Command Message................................................................................................... 45

A.4.3 Command Message Data Field ................................................................................ 45

A.4.4 Response Message Data Field.................................................................................. 45

A.4.5 Response Message Status Code ................................................................................ 45

APPENDIX B PROPRIETARY FILE FOR EXTENDED APPLICATION ................ 47

B.1 Proprietary File for Extended Application ........................................................................... 47

B.2 Cyclic record file for extended application .......................................................................... 48

UPI Confidential iii

Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

APPENDIX C RECOMMENDED DEFINITIONS FOR EXTENDED

APPLICATIONS ................................................................................................................ 49

APPENDIX D DATA ELEMENT ..................................................................................... 50

APPENDIX E (INFORMATIVE ANNEX)...................................................................... 52

E.1 Subway/Railway/Express-way Tolls/Parking Meter Applications ...................................... 52

E.1.1 Subway Billing Application ...................................................................................... 52

E.1.2 Inter-city rail/Expressway Toll Applications ............................................................ 56

E.1.3 Parking Meter Application ....................................................................................... 56

E.2 Public Transportation Day-Pass / Monthly-Pass Transaction Flow Description ................. 57

E.2.1 Public Transportation Day-Pass / Monthly-Pass Application .................................. 57

APPENDIX F (INFORMATIVE ANNEX) INDUSTRY APPLICATION SETUP

GUIDE 60

APPENDIX G NEW IDD ISSUER DISCRETIONARY DATA (9F10) ......................... 61

UPI Confidential iv
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Summary of Revisions

The change listed below is associated with the current version.

Description of Change Where to look

Revised: Updated item “6986” from "It does not meet the
A.1.5
condition for performing the command (it’s not
current EF)" to "Command not allowed (it is not the
A.2.5
current EF; directly read or update the next record)".
Revised: Updated “DF82” to “DF7A”. This document
Revised: Updated “DF83” to “DF7B”. This document
nd
Added: On the 2 step, added “If the CAPP transaction
indicator bit = 1, and READ CAPP DATA command
are not received or correctly answered before 5.2.2
processing the GOP command, then the card will be
processed normally."
Added: Included the value of “DF61” if “DF61” in the 8th
Byte of “9F69” if it is personalized. Otherwise 5.2.6
“DF61” will be filled in with zero if it is not
personalized. Terminal should check the 8th byte of 6.2.6
“9F69” based on the FCI that contains “DF61”.
Added: Included a note after Appendix D Data Element. Appendix D
Added: Appended “If R-MAC is supported, R-MAC will not
be returned when UPDATE CAPP DATE CACHE A.2.5
returns an error.” in A.1.5.
Removed: If the card support SM2 algorithm, the returned
information must include SM2-request indicator (tag
5.2.1
DF69) and PDOL of terminal country code (tag
9F1A).

UPI Confidential 1
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

1 Application Scope

This book applies to all UPI participants.

UPI Confidential 2
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

2 References

UnionPay Integrated Circuit (IC) Card Specifications (All parts)

UPI Confidential 3
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

3 Terms and Definitions

This Standard utilizes the following terms and definitions:

3.1 CAPP records

Specified file records of extended application, including comprehensive application

cyclic file and comprehensive application specified file

3.2 Command

A message that the terminal sent to the card. This message initiate an operation or
request for a response.

3.3 Comprehensive application specified file

A file used to store specific industry application information. It’s usually a

record-structured file of variable length.

3.4 Comprehensive application cyclic file

Comprehensive application cyclic file is loop-structured file used to store log data.
The “UPDATE CAPP DATACACHE” command only update the first record at
each transaction..

3.5 Cryptogram

The calculated result of encryption operation.

3.6 Deposit deduction

Deposit deduction is a mechanism in which the issuer gives the cardholder a certain
deposit amount. And this amount is not accounted for the available electronic cash
balance. But when the available electronic cash balance is not sufficient to
complete a transaction, the cardholder can choose to use the deposit amount to
finish the transaction

3.7 electronic cash (EC)

Small-amount payment instrument developed based on debit/credit application.

3.8 Electronic cash balance

A counter to keep record of how much is available for offline purchase.

3.9 Electronic cash funds limit

The upper limit of electronic cash balance available for offline purchase.

3.10 Identify number

A number used to distinguish industry’s applications in different locations.

UPI Confidential 4
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

3.11 Proximity payment systems environment

A list consisted of the supported application identifier, application tag and

application preference indicator. And the list can also be accessed via contactless
interface. It also includes entrance to all the directories, which is contained in
FCI,in response to the “SELECT PPSE（“2PAY.SYS.DDF01”）” command.

3.12 Load

A method to increase the electronic cash balance. There are several ways to
implement load transaction. Money can be transferred to the electronic cash from
the master account of the card, cash, or the account of other cards. But electronica
cash balance after load transaction is still bounded by the electronic cash funds
limit

3.13 Response

The message returned to the terminal after the IC cards finish the processing of
received command

3.14 Offline pre-authorization

An estimated amount is sent to the card alongside the other parts of the transaction
command. The card approves the transaction after risk analysis and balance check.
And then the estimated amount will be frozen in the current electronic cash
balance.

3.15 Offline pre-authorization completion

The transaction command is sent to the card before the pre-authorization expiry
date. And then the card will approve the transaction after risk analysis and balance
check. And the corresponding amount is deducted from the electronic cash balance.

3.16 Script

One or a series of commands sent from the issuer to the cards.

3.17 Section purchase

This is a variation of standard qUICS transaction flow chart to satisfy the need for
deduction by segment or deduction by time in the quick offline low-value payment
application.

3.18 Terminal

Equipment installed in the sales point to complete financial transactions alongside

IC cards. It should include interface part or other parts (for example other part to
communicate with the host)

UPI Confidential 5
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

4 Symbols and Acronyms

The following table of symbols and acronyms is applicable to this Specification:

AAC Application Authentication Cryptogram

AC Application Cryptogram

AFL Application File Locator

AID Application Identifier

AIP Application Interchange Profile

ARQC Authorization Request Cryptogram

ATC Application Transaction Counter

CAPKI CA Public Key Index

CAPP Extended application

CDA Complex Dynamic Data Authentication / Application Cryptogram Generation

CDOL Card Risk Management Data Object List

CLA Class Byte of the Command Message

CVM Cardholder Verification Method. The Specifications support two cardholder

authentication methods: Online PIN and signature

CVR Card verification Results

CVN Card Verification Number

dCVN Dynamic Card Verification Number is a dynamic signature generated by the

card application. Dynamic CVN replaces static CVN in equivalent data of
magnetic track 2

DDA Dynamic Data Authentication, prevents false card in offline authentication, card
generates RSA signature for specific data in transaction which could be used in
terminal verification.

UPI Confidential 6
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

DDF Directory Definition File

DDOL Dynamic Data Authentication Data Object List

DES Data Encryption Standard

DKI Derivation Key Index

Dynamic Dynamic signature is a signature generated by the card from the dynamic data of
Signature a card and a terminal, and the terminal will prove the authenticity of the card by
verifying the signature. Dynamic application data (Tag '9F4B ') of signatures
shall be referred when using

End Sentinel It is the indicator in the end position of magnetic track 1 and magnetic track 2 of
the magnetic stripe. It will be followed by a longitudinal redundancy check code
- see "LRC". "

FCI File Control Information, responded and returned by card when reader or
terminal selects card application (using SELECT command)

fDDA Fast DDA, a fast DDA in line with EMV and UICSUICS definition of norms.
Used in qUICS transactions, allowing reader to give READ RECORD command
to obtain dynamic data authentication related data from card and execute DDA
calculation after card leaves induction zone.

GPO GET PROCESSING OPTIONS

Hex Hexadecimal

IAC Issuer Action Code. In case it’s determined that an offline transaction is rejected
(IAC Denial), then it will be sent online (IAC Online); if online is infeasible,
then return to offline rejection (IAC Default) conditions

IC IC (Integrated Circuit)

ICC IC card (Integrated Circuit Card)

ICVN Alternative CVN, used as the mirror of equivalent data of personalization in

magnetic track 2 of the chip

Lc In commands of case 3 or case 4, it is the exact length for data field of

commands sent from the terminal application layer (TAL)

UPI Confidential 7
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

IDD Issuer Discretionary Data

Le In commands of case 2 or case 4, it is the expected maximum length of data

responded by the terminal application layer (TAL)

LRC Longitudinal Redundancy Check. It’s used to validate the data to ensure that the
data will not be lost when being read from the physical magnetic stripe

ISO International Standards Organization

LV Low-value payment options of contactless qUICS

MAC Message Authentication Code

MDK Master key (Master DEA Key), is a double length DES key used to derive a
unique key for the card (for online card authentication)

MSI Magnetic Stripe Image, can not be used for contactless magnetic stripe
technology

MSD Magnetic Stripe Data refers to the contactless payment using equivalent data of
magnetic track 2. Magnetic track 1can be built within the equivalent data of
magnetic track 2 and self-defined data of magnetic track 1 and is used for
contactless transactions or online message

MSD Path When a transaction is done through a contactless interface, MSD path is an
application path adopted by the Card, to make the Card action meet the MSD
requirements. The path will be used in case that the Reader supports MSD, the
Card supports MSD, and qUICS is not supported.

P1 Parameter 1

P2 Parameter 2

PAN Primary Account Number

UICSUICS UICSUICS debit/credit application. UICSUICS in the Specifications refers to

application supporting the contact interface and in full compliance with EMV
4.1 requirements.

PDOL Processing Options Data Object List A list of terminal data objects required by
card.

UPI Confidential 8
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

PIN Personal Identification Number

PIX Proprietary Application Identifier Extension

PPSE Proximity Payment Systems Environment is a list of supported application

identifications, application tags and application priority indicators, which can be
accessed through a contactless interface. The list includes all the directory
entries, and will be returned in FCI responded in SELECT PPSE ('2
PAY.SYS.DDF01') by the Card.

PSE Payment System Environment

qUICS Minimized UICSUICS is to ensure a quick transaction can be done through a

contactless interface. The Specifications describe the requirements of such
transaction

RFU Reserved for Future Use

RID Registered Application Provider Identifier

RSA A kind of asymmetric cryptographic algorithm used for encryption and

authentication and developed by the Americans named Rivest, Shamir and
Adleman

SDA Static Data Authentication

SFI Short File Identifier

SW2 Status Word 2 (Status Word Two)

TAL Terminal Application Layer

TC Transaction Certificate, application cryptogram generated when accepting

transaction

TLV Tag, Length, Value

UDK Sub-key (Unique DEA Key) is the only double-length DES key of a Card
derived from the master key, and is used for online certification of the Card

UPI Confidential 9
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

5 Transaction Process of Deduction by Segment

With the continuous spread of financial IC card applications, more and more
industries are beginning to accept financial IC cards. Its security, fast, and offline
payment features are more and more favored by the market.

Due to the special nature of related industries, new requirements have been raised
for quick offline low-value payment applications: billing by time and billing by
segment, where the Cardholder does not know the amount of purchase in advance,
the amount of purchase calculated according to the environmental parameters
before being deducted when the purchase action is completed. Typical scenarios
include subway, highway (billing by segment) and parking meters (billing by time).

As the standard contactless quick payment cannot meet the new demands of these
industries, adjustments and extensions are required for the existing procedures to
accommodate the characteristics of these scenarios.

Based on the original standard qUICS transaction process, UPDATE CAPP DATA
CACHE command is added between the GPO command processing and READ
RECORD command processing to update the extended application data.

Deduction of GPO command and update of UPDATE CAPP DATA CACHE

command must be performed simultaneously, and updated simultaneously when
READ RECORD command successfully reads the last record of AFL.

In deduction by segment transaction mode, issuers may choose to select the deposit
deduction function, which needs to add the two tags, i.e. deduction limit of
deduction by segment (DF62) and the deducted amount of deduction by segment
(DF63) during personalization.

UPI Confidential 10
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

5.1 Flow Chart for Deduction by Segment Transactions

Terminal Card

SELECT Command
Return PDOL, request terminal transaction property
Select applied AID
SELECT Return Value 9F66, which also incl.CAPP transaction indicator bit

PDOL contains
CAPP transaction
indicator bit?

Conduct standard qUICS Does terminal Does it support the

transaction or N support CAPP specific extended
Terminate the transaction transaction? application file?

Y
Y
Read Capp Data Command
Read the specified
Return error N
extended application Return error
status code
N file

Y
Return Read Capp Data Command Contents of returned file
Is contents of
extended
application file Receive GPO instruction,
returned by Card process as per standard
correct? qPBOC transaction

Conduct CAPP transaction based

on qPBOC, set CAPP transaction
Is it approved off-
indicator bit =1 N
line?
Return to
standard
Y qPBOC
Send a GET PROCESSING OPTIONS command, transaction
GET PROCESSING OPTIONS Command
incl.terminal transaction property, transaction amount, GPO
terminal random number, transaction currency code, Is CAPP
CAPP transaction indicator bit transaction
N
indicator bit 1?

If CAPP
transaction
indicator bit is 2 or
Calculate e- 3, conduct offline
Receive returned value from GET GET PROCESSING OPTIONS cash pre-authorization
Y transaction,
PROCESSING OPTINS balance and
Returned value return otherwise, return
to standard
qPBOC
transaction
Update CAPP record contents, update
instruction is protected by security
messages

Send command to update Find MAC key for verification

Update CAPP Data Cache Command
CAPP record acc.to updated file records
Update CAPP Data Cache Return Value SW
Y

Any other records

Buffer CAPP record contents
need to be
pending for updates
updated?

UPI Confidential 11
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Terminal Card

Return AFL retrieving

Read Record Command Read record contents
record acc.to GP

Is it the last Is it the last

record? record?

Return Read Record

Y Y

Card interaction ends N

Anti-pull treatment, process,
Enter terminal complete actual deduction and
verification process CAPP data updates

Return record contents

Check if data is
fail
valid and legal

pass

Conduct off-line
data verification fail
(fDDA test)

pass
Transaction
Record related off-line is
transaction uploading rejected
data

Transaction is
approved

Figure 5-1 Flow Chart for Deduction by Segment Transactions

5.2 Description of Deduction by Segment Transaction Process

The following is the deduction by segment transaction process based on contactless

low-value payment:

5.2.1 Selection of Applications

The terminal will send SELECT PPSE command to select PPSE following qUICS.
According the application information and AID returned from the card. The
terminal will send a SELECT command to select the application, and the card will
return File Control Information (FCI). FCI also includes extension-function
indicator (tag DF61). For example, the first bit of the first byte of DF61 is set as
“1”, it indicates the cards support deduction by segment. If the eighth bit of the
first byte is set as “1”, it indicates the card support R-MAC protection of the
extended application records.

UPI Confidential 12
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

If PDOL data required by FCI data contains CAPP transaction indicator bit, the
terminal will process in order as follows:

—— Determine whether the terminal supports the extended application: if yes,

continue the follow-up process; if no, CAPP transaction will indicate location
"0", and carry out the contactless IC Card transaction or terminate the
transaction as required;
—— The terminal will send a Read Capp Data command to read the specified
variable length record CAPP file, or send a Read Record command to read
the specified cycle record CAPP file, to determine whether the Card supports
the specific extended application;
—— If the specified CAPP file exists in the card, the card will return the file
contents, the terminal will confirm that the card supports the specific
extended application, CAPP transaction will indicate location "1", and then
continue the follow-up processing;
—— If the specified CAPP file does not exist in the card, the card will return an
error status code, indicating that the card does not support the specific
extended application, the terminal will indicate CAPP transaction location
"0", and carry out contactless IC Card transaction or terminate the transaction
as required.

Through the deduction by segment identifier (DF61) = 0x01 in the issuer

discretionary data (BF0C) of the File Control Information (FCI), the terminal will
indicate that the card supports only the deduction by segment application.

For a terminal supporting deposit deduction transaction, it may get electronic cash
balance (9F79) according to actual needs. When the acquired electronic cash
balance (9F79) is greater than or equal to 0, the terminal can select to continue or
terminate the transaction according to business needs.

5.2.2 Application Initialization

The terminal will send a GPO command to the card, and data in the command will
be organized according to the returned PDOL data when the application is selected,
and it is required to contain a CAPP transaction indicator bit.

When a GPO command is received, the card will be process in the following order:

—— Process according to the standard qUICS transaction, and determine whether

to approve offline the transaction : If yes, continue the follow-up process; if
no, handle the GPO command according to the online/ rejection transaction
process of standard qUICS;
—— If the CAPP transaction indicator bit = 1, enter the deduction by segment
transaction process; If the CAPP transaction indicator bit = 1, and READ
CAPP DATA command are not received or correctly answered before
processing the GOP command, then the card will be processed normally.

UPI Confidential 13
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

—— If the card supports the deduction by segment and deposit deduction

functions, the current actually available cash balance = electronic cash
balance (9F79) + deduction limit of deduction by segment (DF62) – deducted
amount of deduction by segment (DF63);
—— If currently available electronic cash balance is less than current transaction
amount, go to the standard qUICS process, and judge whether to refuse the
transaction or to request on-line;
—— If current actually available electronic cash balance is greater than or equal to
current transaction amount, then current actually available electronic cash
balance will replace the electronic cash balance (9F79) for
low-value-payment check and other related operations (except for prepaid
processing, which still uses electronic cash balances (9F79) as the basis for
determination);
—— If the CAPP transaction indicator bit = 2 or 3, then go to the offline
pre-authorization transaction process, for details, please refer to 6.2;
—— If the CAPP transaction indicator bit is of other values, then go to the
standard qUICS transaction process.

5.2.3 Process of Deduction by Segment

During deduction by segment transaction, the terminal will perform the following
processing:

—— Organize and update the contents recorded in CAPP and the terminal will
conduct security protection to the UPDATE CAPP DATA CACHE
command by calculating corresponding MAC with the security module.
—— Send an UPDATE CAPP DATA CACHE command. It’s allowed to send
multiple UPDATE CAPP DATA CACHE commands according to the actual
application.

The card will perform the following processing:

—— According to the file records indicated by the UPDATE CAPP DATA

CACHE command, find corresponding protection key, calculate and verify
the security message.
—— Once the security message authentication is successful, CAPP application
data will be cached, and written into the Card after the completion of the
transaction.

5.2.4 Reading Card Data Content

—— The terminal will send a READ RECORD command to the card according to
the GPO returned AFL, and read corresponding record contents.

UPI Confidential 14
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

—— After the last record is successfully read, the card will simultaneously
complete low-value payment deduction and actually update CAPP records,
and the transaction is completed normally.
—— If the card supports the deposit deduction function, and the electronic cash
balance (9F79) is less than the current transaction amount, then a deposit
deduction will be carried out. Then after the last record is successfully read,
the deducted amount of the deduction by segment after the transaction (DF63)
= the deducted amount of the deduction by segment before the transaction
(DF63) + transaction amount - electronic cash balance before transaction
(9F79 ), while the electronic cash balance after the transaction (9F79) is set to
zero; the transaction is completed.

5.2.5 Terminal Action Analysis

Please refer to the standard qUICS specifications.

5.2.6 Completion Processing

The terminal performs transaction completion steps (i.e., Terminal Authentication

Process) and determines the result of transaction processing (transaction rejection
or transaction approval). It includes the following steps:

—— Check the validity and legitimacy of all related data;

—— Offline data authentication, i.e. fDDA verification;
If the card's fDDA version number is "01", then before generating the dynamic
signature, the card shall dynamically fill the 8th byte of the card verification related
data (9F69) with the value of the card top-up function indicator (DF61) then
making dynamic signature calculations. After fDDA verification is successful, the
terminal shall compare the 8th byte of the card verification related data (9F69) with
the card top-up function indicator (DF61) in the FCI data returned by the card upon
selecting an application, if there is any mismatch, then it shall indicate that the
translation failed.
Fill the 8th byte of 9F69 with value of ‘DF61’ if 'DF61' is personalized and fill
with zero if 'DF61' is not personalized. Terminal should check the 8th byte of
'9F69' based on if FCI contains 'DF61'.

5.2.7 Support Special Processing of Deduction by Segment and Deposit

Deduction Functions

1. Loading operation

The loading procedure of the Issuer in background system should be consistent

with the existing procedure.

When the card receives a script command regarding the modifying balance sent by
the Issuer, First of all, the card does a subtraction to get the difference between the
amount in command “PUT DATA 9F79” and the deducted amount (DF63) after

UPI Confidential 15
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

deduction by segment transaction. If the difference is greater than the electronic

card balance limit, the card will return status”6A80” as a response to “PUT DATA”
command

—— If current electronic cash balance (9F79) is equal to 0:

When the amount specified in the modified balance script is greater than the
deducted amount in the deduction by segment (DF63), the loaded electronic cash
balance (9F79) = the amount specified in the modified balance script - the deducted
amount in the deduction by segment (DF63). Meanwhile, the deducted amount in
the deduction by segment (DF63) shall be cleared to zero;

When the amount specified in the modified balance script is less than or equal to
the deducted amount in the deduction by segment (DF63), the deducted amount in
the deduction by segment (DF63) after loading = the deducted amount in the
deduction by segment (DF63) before loading - the specified amount in the modified
balance script, while the electronic cash balance (9F79) will remain unchanged;

—— If the current electronic cash balance (9F79) is greater than 0, then it will be
handled according to the standard loading process.

2. Query Operation

—— Standard terminal can only support query on electronic cash balances

(9F79) ;
—— Terminal supporting deduction by segment and deposit deduction functions
can be separately used to query electronic cash balances (9F79), deduction
limit of deduction by segment (DF62) and the deducted amount in the billing
segment (DF63), while the query balance will be shown according to the
actual business needs.

3. Operation for Updating Deduction Limit of Deduction by Segment

When a card receives a script command on modifying the deduction limit of

deduction by segment sent by the Issuer, if the deduction limit of deduction by
segment specified in the script on modifying the deduction limit of deduction by
segment is less than the deducted amount in deduction by segment (DF63), then
return to 6A80;

5.3 Description of the transaction process of second-currency deduction by

segment

Second-currency electronic cash deduction by segment is a transaction based on

second-currency qUICS. During the transaction, the card conduct risk management
and balance update using a set of data elements or balance in accordance with the
transaction currency code. The host of the issuer shall be able to differentiate the
electronic cash accounts using the transaction currency code.

UPI Confidential 16
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

This section only describes the differences between the second-currency deduction
by segment and standard deduction by segment. With respect to the other parts,
please refer to the description of standard deduction by segment transaction
process.

5.3.1 Initiate application

low-value

The card starts risk management after receiving GPO command. In the first step of
card risk management (set the indicator of whether the currency is matched or not),
the card will match the transaction currency code, and select the corresponding data
elements. Illustrated as follows:

Terminal CARD
Select AID Select command Return PDOL
Request for three key elements inPDOL
Select the first
Is 5F2A and
Terminal transaction properties, authorized set of data
Send GPO 9F51matched YES
amount, transaction currency code（5F2A） elements
？
NO

Is 5F2A and Select the

Y second set of
DF71matched E
S data
？
elements

NO

Follow the currency

mismatch procedure

Follow UICS.12 Follow UICS.12

procedure procedure

After receiving GPO command, the card will compare the transaction currency
code (tag 5F2A) with the application currency code (tag 9F51). If they are matched,
a set of the first-currency data elements will be used for the following processing. If
not matched, the transaction currency code (tag 5F2A) will be compared with
second-currency code (tag DF71). If they are matched, a set of the second-currency
data elements will be used for the following processing. Otherwise, a set of the
first-currency data elements will be used following the currency mismatch situation
defined in qUICS.

After completing the card risk management, the card follows the rules below to
respond to GPO command.

—— If the available balance for offline purchase (tag 9F5D) is required in the
response data, “9F5D” shall be calculated using either electronic cash
balance (tag 9F79) or the second-currency electronic cash balance (tag

UPI Confidential 17
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

DF79),in accordance with the currency comparison result in the card risk
management.
—— If the electronic cash balance (tag 9F79) or the available balance for offline
purchase (tag 9F5D) is required in the response data, the card shall calculate
it using “9F79” or “DF79” , in accordance with the currency comparison
result in the card risk management.
—— the second-currency deduction by segment is only compliant with the option
of “support small-amount balance check”, while it’s not applicable to either
the option of “support small-amount balance check and CTTA check” or the
option of “support small-amount balance check or CTTA check”. When the
option of “support small-amount balance check and CTTA check” or the
option of “support small-amount balance check or CTTA check” is used, the
card shall disable the second-currency deduction by segment.

5.3.2 Read Application Data In the second-currency deduction by segment

transaction, the card will carry on with the following procedure after
processing GPO command

—— The card shall return the second-currency electronic cash balance (tag DF79)
in response to the terminal’s “GET DATA” command which is intended to
get electronic cash balance (tag 9F79)
—— The card shall return the second-currency electronic cash reset threshold
value (tag DF76) in response to the terminal’s “GET DATA” command
which is intended to get electronic cash reset threshold value (tag 9F6D)
—— The card shall return the second-currency electronic cash funds limit (tag
DF77) in response to the terminal’s “GET DATA” command which is
intended to get electronic cash funds limit (tag 9F77)
—— The card shall return the second-currency electronic cash single transaction
limit (tag DF78) in response to the terminal’s “GET DATA” command which
is intended to get electronic cash single transaction limit (tag 9F78)
—— The card receives no GPO command, or the transaction currency code in the
GPO command does not match with the second currency code (tag DF71) in
the card’s application, the card will process the “GET DATA” command
following qUICS procedure.

This aim of this design is to make the terminal able to identify and get the
corresponding data elements in accordance with the transaction currency without
making modification to the current transaction procedure of the terminal.

5.3.3 Special Handling in deduction by segment transaction

In the second-currency deduction by segment mode, the issuer could choose to

enable the deposit deduction function. And two more tags DF7A (deduction limit
of the second-currency deduction by segment) and DF7B (deducted amount of the
second-currency deduction by segment) shall be added in the card personalization

UPI Confidential 18
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

template. In the meanwhile, special handling is also applied to the card supporting
deposit deduction in parts of the second-currency deduction by segment or
deduction by time transaction process.

1) Select Application

The terminal supporting the second-currency deduction by segment should get the
second-currency electronic cash balance (DF79) before transaction. If the
second-currency electronic cash balance (DF79) is greater than 0, the terminal can
continue to start the transaction, if it’s equal to 0(that’s the balance is 0. Or it has
completed a deduction by segment transaction), the terminal can choose to continue
or terminate the transaction according to its own logic.

2) Initiate Application

After receiving the GPO command, if the card also supports deduction by segment,
the current available electronic cash balance can be calculated as follows:

The current available electronic cash balance = the second-currency electronic cash
balance (DF79) + the second-currency deduction limit (DF7A) – the
second-currency deducted amount (DF7B).

If the card does not support deduction by segment transaction, The current
available electronic cash balance = the second-currency electronic cash balance
（DF79）.

3) Read Card Data

After receiving the AFL from the card, the terminal sends “READ RECORD”
command to the card. If the card supports deposit deduction and the
second-currency electronic cash balance (DF79) is less than the transaction amount,
the deposit deduction is conducted. And the rules below are followed.

The second-currency electronic cash deducted amount after transaction (DF7B) =

the second-currency electronic cash deducted amount before transaction (DF7B) +
transaction amount – the second-currency electronic cash balance (DF79). If the
post-transaction deducted amount (DF79) is less than the second-currency deposit
deduction limit, then the post-transaction deducted amount (DF79) will be updated
after the last record is read, and the second-currency electronic cash balance (DF79)
is set as zero. Otherwise, the transaction will fail.

4) The Load Operation

The load operation follows the current procedure at issuer.

After receiving “PUT DATA DF79” command, the card will carry out the
following procedure:

The second-currency deducted amount (DF7B) is subtracted from the amount in

“PUT DATA DF79” command. If the difference is greater than the

UPI Confidential 19
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

second-currency electronic cash funds limit (DF77), then a status word “6A80” will
be returned in response to the “PUT DATA” command.

—— If the current second-currency electronic cash balance (DF79) is zero:

 If the amount in “PUT DATA DF79” command is greater than the

second-currency deducted amount (DF7B),then the second-currency
deducted amount (DF7B) is set as zero, and the second-currency
electronic cash balance will be the difference between the amount in
“PUT DATA DF79” command and the second-currency deducted amount
(DF7B);

 If the amount in “PUT DATA DF79” command is less than the

second-currency deducted amount (DF7B), the second-currency deducted
amount (DF7B) will be set as the difference between the pre-transaction
second-currency deducted amount (DF7B) and the amount in “PUT
DATA DF79” command.

5) Inquiry Operation

—— The standard terminal only supports the inquiry of the second-currency

electronic cash balance （DF79）;
—— The terminal that supports deduction by segment transaction, also supports
the inquiry of the second-currency electronic cash balance （DF79）, the
inquiry of the second-currency deduction limit (DF7A) and also the inquiry
of the second-currency deducted amount (DF7B). The corresponding balance
will be displayed according to the business requirements.

6) Updating the deduction limit operation

When the card receives the script to change the second-currency deduction limit
(DF7A), the card will make comparison between the deduction limit in the
updating script and the second-currency electronic cash deducted amount in the
card. If the deduction limit in the updating script is less than the deducted amount
in the card, the card will return “6A80”. Otherwise, the updating script will be
executed. And the deduction limit in the card will be set as the deduction limit in
the updating script.

UPI Confidential 20
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

6 Offline Pre-authorization Transaction Process

In order to meet the needs of offline pre-authorization scenario, based on the

original deduction by segment transaction, CAPP transaction indicator bit and the
application file shall be extended, and the following two types of transactions shall
be newly added: offline pre-authorization transaction and offline pre-authorization
completion transaction.

UPI Confidential 21
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application
6.1 Flow Chart of Offline Pre-authorization Transaction
Terminal
Select used AID
Does PDOL contain
CAPP transaction
indicator bit?
Conduct standard
Does terminal support
qUICS transaction or N Read Capp Data
CAPP transaction?
terminate transaction
Y
Retrieve specific
extended application
offline pre-authorization
file
Y
Is specific file contents
returned by Card
normal?
Is Card offline pre-auth
completed?
N Y
Set authorized amount
as actual occurred
amount, set CAPP
transaction indicator
bit=3
Conduct offline pre-auth
transaction based on qPBOC
Send a GET PROCESSING OPTIONS command,
incl.terminal transaction property, transaction amount,
terminal random number, transaction currency code,
CAPP transaction indicator bit
Receive returned value from GET
PROCESSING OPTIONS
UPI Confidential
Card
SELECT Command Return to PDOL, request terminal transaction
property 9F66, which also incl.CAPP transaction
SELECT Return Value indicator bit
Does it support specific off-
line pre-authorization file?
Y
Return error
Return error N
status code
Return file contents
Read Capp Data
Receive GPO instruction,
process as per risk
management rules
regulated for qPBOC
transactions
Is it offline
approved?
N
Set authorized amount
as offline pre-auth Return to standard
amount, set CAPP Y qPBOC transaction
transaction indicator GPO
bit=2
GET PROCESSING OPTIONS
CAPP transaction
indicator bit
Other value
=3
=2
Calculate new e-cash
balance=e-cash balance–
auth amount
Calculate new e-cash
balance=e-cash If CAPP transaction
indicator bit=1,
balance+offline pre-auth
conduct sub-billing
amount –auth amount transaction.
Otherwise, return
to standard qPBOC
transaction GPO
GET PROCESSING OPTIONS Return offline approved GPO
22
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Terminal Card

Update CAPP record contents Find security key based on file

Updating instruction is protected by security record,
messaging And verify security message

Send command to update CAPP Buffer CAPP record contents

Update CAPP Data Cache
record pending for updates
Y Update CAPP Data Cache

Any other records need

to be updated?

Read Record
Retrieve record acc.to GPO returned Retrieve and return
AFL Read Record corresponding record contents

N Is it the last record? Is it the last record?

Read Record
Card interaction process ends Anti-pull treatment,
Enter terminal verification process process

Check if data is valid Update e-cash balance to be

Fail
and legal new e-cash balance

pass

Conduct off-line data

Fail CAPP data update
verification (fDDA test)

pass

Record related off-line transaction Transaction is

uploading data rejected

Transaction is approved

Figure 2 Offline Pre-authorization Transaction Flow Chart

6.2 Description of Offline Pre-authorization Transaction Process

The following is the transaction process for the offline pre-authorization transaction
based on contactless low-value payment:

6.2.1 Selection of Applications

The terminal will send a SELECT command to select the application, and the card
will return File Control Information (FCI).

UPI Confidential 23
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

If PDOL data required by FCI data contains CAPP transaction indicator bit, the
terminal will process in order as follows:

—— Determine whether the terminal supports offline pre-authorization

applications: if yes, continue the follow-up process; otherwise the CAPP
transaction indicator bit shall be set as "0", and carry out a standard qUICS
transaction or terminate the transaction as required;
—— The terminal sends a READ CAPP DATA command to read the specified
variable length record extended application file, or send a Read Record
command to read the specified cyclic record file, to determine whether the
card supports the offline pre-authorization application or not;
—— If there exists a specified offline pre-authorization application file in the card,
the card will return the contents of the file, and the terminal will confirm that
the card supports the specified offline pre-authorization application;
—— If there does not exist a specified CAPP file in the card, the card will return
an error status code, indicating that the card does not support the offline
pre-authorization application, the terminal will set the CAPP transaction
indicator bit as "0", and conduct a standard qUICS transaction or terminate
the transaction as required;
—— The terminal will determine according to the offline pre-authorization status
in the read specified offline pre-authorization application data, the offline
pre-authorization amount and the offline pre-authorization date or the validity
(data in the offline pre-authorization application file is defined by the
industry, but it is recommended to contain the offline pre-authorization status,
the offline pre-authorization amount and the offline pre-authorization date or
the validity), and the determination rules shall be set up by related industries
according to their own actual needs. If it’s determined that the transaction is
an offline pre-authorization transaction, the terminal will set the CAPP
transaction indicator bit as 2, set the authorization amount as the new offline
pre-authorization amount, and conduct a new offline pre-authorization
transaction; if it’s determined that it’s an offline pre-authorization completion
transaction, the terminal will set the CAPP transaction indicator bit as 3, set
the authorization amount as the actual transaction amount, and conduct an
offline pre-authorization completion transaction;
—— After completing the offline data authentication, the terminal will save all
related transaction information for uploading. It’s suggested that relevant
information should contain the terminal ID Number and the merchant ID
number of the terminal conducting the offline pre-authorization transaction,
as well as related information of the local machine completing the offline
pre-authorization transaction.

Otherwise, the terminal will perform the standard qUICS transaction or terminate
the transaction as required.

UPI Confidential 24
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

The card requests the CAPP transaction indicator bit to the terminal through PDOL
in the returned File Control Information (FCI), indicating that the selected
application supports the deduction by segment transaction or the offline
pre-authorization transaction based on contactless low-value payment.

6.2.2 Application Initialization

The terminal will send a GPO command to the card, and data in the command will
be organized according to the returned PDOL data when the application is selected,
and it is required to contain a CAPP transaction indicator bit. When a GPO
command is received, the card will be processed in the following order:

—— In case the transaction type is an offline pre-authorization completion

transaction, the balance participating in card risk management should be the
current balance plus the offline pre-authorization amount, and determine
whether the transaction shall be approved offline according to the card risk
management rules provided by qUICS: If yes, continue the follow-up process;
if no, process the GPO command according to the online/rejection transaction
process of standard qUICS;
—— Determine whether the CAPP transaction indicator bit is contained in the
GPO command data field, and set as "2" or "3". If CAPP transaction indicator
bit is set as “2” or “3” and the card receive no READ CAPP DATA
command or does not respond to READ CAPP DATA command correctly
before the GPO command, the card should return “6985”. If the CAPP
transaction indicator bit is 2, the calculated new electronic cash balance =
electronic cash balance - authorization amount, and the offline
pre-authorization amount is recorded in the card for the offline
pre-authorization completion transaction (currently it can support three
offline pre-authorization transactions simultaneously, corresponding to three
different internal offline pre-authorization amounts. In case the card receives
a GPO command for the fourth offline pre-authorization transaction, the card
will return '6971'); if the CAPP transaction indicator bit is 3, the calculated
new electronic cash balance = electronic cash balance + offline
pre-authorization amount – the pre-authorization amount;
—— If the CAPP transaction indicator bit is 2, continuous offline
pre-authorization transactions are not allowed to occur in the same
application and in the same industry (i.e., the same ID under the same SFI) ,
and if the card receives a continuous offline pre-authorization transaction, it
will return '6972';
—— If the CAPP transaction indicator bit is 3, but the card can not find
corresponding offline pre-authorization transaction, the card will return
'6973';
—— If the CAPP transaction indicator bit is 1, then it will enter the deduction by
segment transaction process, for details please refer to 5.2;

UPI Confidential 25
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

—— If CAPP is of other value, then it will enter into the standard qUICS
transaction process;
—— If the transaction is an offline pre-authorization transaction, the card will not
return TC in case that offline transaction is approved; if it is an offline
pre-authorization completion transaction, the card will return TC in case that
the offline transaction is approved.

Table 6-1 GPO response necessities and conditional data based on the extended
application transaction of contactless low-value payment

Mandatory (M) or
Tag Data Elements
conditional (C)

‘82’ M AIP

‘94’ M AFL

‘9F36’ M ATC

C If the transaction type is

the offline
‘9F26’ Application Cryptogram
pre-authorization
completion transaction

'9F10 ' M Application data of the Issuer

C If the equivalent data of Except equivalent data of magnetic track 2 is a

magnetic track 2 is not a part of static data pending for signature, it’s
'57'
part of static data pending necessary to have equivalent data of magnetic
for signature track 2

'5F34 ' C If it appears in the card Application PAN Sequence Number

C If it is supported fDDA
and the ICC key length is
'9F4B ' Signed Dynamic Application Data
less than or equal to 1024
bits

'9F6C ' C If it appears in the card Card Transaction Property

UPI Confidential 26
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Mandatory (M) or
Tag Data Elements
conditional (C)

The offline purchase amount can be used

C If it’s allowed to show
the offline amount and the
'9F5D '
ICC key length is less than
or equal to 1024 bits
unless the tag '9F5D' has been personalized
and its value is '1', and the card shall not return
this data element in the GPO response.
Moreover, the Issuer should also give the card
an additional process (byte 1 and bit 1) and
personalize it to '1', indicating that the amount
will be calculated and included in all
contactless transactions. Tag '9F5D' will be
personalized into '1', also indicating that the
data element can be read by using the GET
DATA command. The contents will be
calculated according to the Issuer’s instruction
and the definition in the chapter and section
regarding the additional process for the card
(low-value-payment, low-value-payment and
CTTA, low-value-payment or CTTA).

Note to the cardholder’s name: the

'5F20 ' O cardholder’s name is an required data element
in the debit/credit application

6.2.3 Offline Pre-authorization Process

Once offline pre-authorization transaction is entered, the terminal will perform the
following processing:

—— In case the offline pre-authorization completion transaction takes place in the

same terminal of the offline pre-authorization transaction, the terminal will
use the transaction data generated by the offline pre-authorization completion
transaction to cover the offline pre-authorization transaction data, and update
the offline pre-authorization completion transaction record.
—— For offline pre-authorization transactions, the terminal will update the offline
pre-authorization amount and the date and time when the offline
pre-authorization happens into CAPP records; for offline pre-authorization
completion transaction, the terminal will use the offline pre-authorization
amount and the date and time when the offline pre-authorization happens to
cover the original CAPP record.
—— Organize and update the contents recorded in CAPP, and the terminal will
conduct security protection to the UPDATE CAPP DATA CACHE
command by calculating corresponding MAC with the security module.
—— Send an UPDATE CAPP DATA CACHE command, and buffer the CAPP
record contents pending for update. It’s allowed to send multiple UPDATE
CAPP DATA CACHE commands according to the actual application.

UPI Confidential 27
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

—— The card will perform the following processing:

—— According to the file records indicated by the UPDATE CAPP DATA
CACHE command, find corresponding protection key, calculate and verify
the security message.
—— Once the security message authentication is successful, CAPP application
data will be cached, and written into the Card after the completion of the
transaction.

6.2.4 Read Card Data Contents

—— The terminal will send a READ RECORD command to the card according to
the GPO returned AFL, and read corresponding record contents.
—— The balance is not allowed to be updated by the card until the MAC in the
UPDATE CAPP DATA CACHE command is successfully verified.
—— When the last record is read, the card will check and ensure that the file
updated by current UPDATE CAPP DATA CACHE must be consistent with
the file of the last READ CAPP DATA (the same SFI and the same ID), after
the successful update, the card will update the new electronic cash balance,
and clear the corresponding pre-authorization amount at the same.
—— The card will update the CAPP record contents. The above data update
process is an atomic operation.

6.2.5 Terminal Action Analysis

Please refer to the standard qUICS specifications.

6.2.6 Completion Process

The terminal performs transaction completion steps (i.e., Terminal Authentication

Process) and determines the result of transaction processing (transaction rejection
or transaction approval). It includes the following steps:

—— Check the validity and legitimacy of all related data;

—— Offline data authentication, i.e. fDDA verification;
—— After the terminal completes offline data verification, it stores all relevant
transaction data for ease of upload. It is recommended that the relevant data
shall include the terminal id and merchant id for the terminal where the
pre-authorization offline transaction occurs, as well as the relevant data of the
terminal where the pre-authorization offline transaction is completed.

If the card's fDDA version number is "01", then before generating the dynamic
signature, the card shall dynamically fill the 8th byte of the card verification related
data (9F69) with the value of the card top-up function indicator (DF61) then
making dynamic signature calculations. After fDDA verification is successful, the
terminal shall compare the 8th byte of the card verification related data (9F69) with
the card top-up function indicator (DF61) in the FCI data returned by the card upon

UPI Confidential 28
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

selecting an application, if there is any mismatch, then it shall indicate that the
translation failed.

Fill the 8th byte of 9F69 with value of ‘DF61’ if 'DF61' is personalized and fill
with zero if 'DF61' is not personalized. Terminal should check the 8th byte of
'9F69' based on if FCI contains 'DF61'.

6.2.7 Special Processing for Completion of Offline Pre-authorization

Transaction

—— During completion of offline pre-authorization transaction, if the offline

pre-authorization completion amount is greater than or equal to the offline
pre-authorization amount, then electronic cash balance = electronic cash
balance + offline pre-authorization amount - offline pre-authorization
completion amount;
—— During completion of offline pre-authorization transaction, if the offline
pre-authorization completion amount is less than the offline pre-authorization
amount, and the deducted amount of deduction segment (DF63) is greater
than 0, then offline pre-authorization remaining amount = offline
pre-authorization amount - offline pre-authorization completion amount;
—— If offline pre-authorization remaining amount is greater than the deducted
amount of deduction segment (DF63), then zero out the deducted amount of
deduction segment (DF63), concurrently set current electronic cash balance
(9F79) = offline pre-authorization remaining amount - deducted amount of
deduction segment (DF63); if the offline pre-authorization remaining amount
is less than the deducted amount of deduction segment (DF63), then set the
deducted amount of deduction segment (DF63) = deducted amount of
deduction segment (DF63) - current offline pre-authorization remaining
amount.

6.2.8 Load and Inquiry Operations for Offline Pre-authorization in

Non-completion State

—— Load Operation
Issuer backend load process remains consistent with existing process;
When the card receives the PUT DATA 9F79 command, the following processing
should occur:
—— The card first determines the difference between the amount in the PUT
DATA 9F79 command and the deducted amount of deduction by segment
(DF63), checks whether it is greater than the electronic cash funds limit
(9F77), and if so, then the card sends response code '6A80' for the PUT
DATA command;
—— The card determines the amount in the PUT DATA 9F79 command, adds the
not-yet-completed offline pre-authorization transaction amount (or total
amount of multiple such transactions) on the card, then subtract the deducted

UPI Confidential 29
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

amount of deduction by segment (DF63). The card checks whether this is

greater than the electronic cash funds limit (9F77), if so, then the card sends
response code '6A76' for the PUT DATA command;
If the current electronic cash balance (9F79) is 0:
 If the amount in the PUT DATA 9F79 command is greater than the deducted
amount of deduction by segment (DF63), then the card sets the deducted
amount of deduction by segment (DF63) to zero. The card then sets the
electronic cash balance (DF79) to the amount in the PUT DATA 9F79
command minus the deducted amount of deduction by segment (DF63);
 If the amount in the PUT DATA 9F79 command is less than or equal to the
deducted amount of deduction by segment (DF63), then the card sets the
deducted amount of deduction by segment (DF63) to the current deducted
amount of deduction by segment (DF63) minus the amount in the PUT DATA
9F79 command;
—— If the current electronic cash balance (DF79) is greater than 0, then the card
sets the electronic cash balance (DF79) to the amount in the PUT DATA
9F79 command. The electronic cash balance (7F79) or available offline
purchasing amount (9F5D) returned by the card in response to GET DATA
command or GPO command shall not include available balance to be deducted for
not-yet-completed offline pre-authorization amount(s). The second-currency
electronic cash balance (DF79) returned by the card in response to GET DATA
command or GPO command also shall not include available balance to be deducted
for not-yet-completed offline pre-authorization amount(s).

UPI Confidential 30
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

7 Single Deduction Discount Process Flow

Single deduction discount refers to reading the extended application custom

file data at transaction time to determine whether the card requires discount
processing flow. Single deduction discounts are mostly applicable for bus
transfer discounts, student cards, and senior citizen cards.

Description

Single deduction discount transactions have the following basic flow: read
extended application custom file, determine whether the card supports discount
application, if so, determine whether the discount period has expired; if not,
calculate the purchase amount according to the discount rules, then continue with
the other steps of the discount transaction.

UPI Confidential 31
 Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Flow Chart

The single deduction discount transaction flow is shown in Figure 3 below

Terminal Card
SELECT command Return the application data and AID
Select PPSE SELECT command return value saved in PPSE

SELECT command Return PDOL, request terminal transaction

Select AID used qualifier 9F66, and include the CAPP
SELECT command return value transaction indicator bit

Read specified CAPP

file with variable length READ CAPP DATA command
record structure

Yes Is discount
No application CAPP Yes
file supported?
Are there other
Return error status Return file content
records to read
code

No
Proceed with other Determine whether the
transaction or No card supports discount
terminate transaction application

Return file content

Yes

As needed, read the

corresponding CAPP
log file with circular
READ RECORD command Return file content
record structure

Yes

Based on discount rules,

determine whether it is necessary
to continue sending READ
RECORD command to read the
next record?

No

Determine whether the

No Yes
discount time is still valid?

Set toll amount to Calculate toll

be the toll amount amount based on
with no discount
discount conditions

Send GET Receive GPO command,

process according to
PROCESSING GET PROCESSING OPTIONS command standard qPBOC
OPTIONS command transaction

Proceed with other GPO command

transaction or terminate Return offline approval
transaction response
Yes
As needed, update the CAPP record content, with update command using
secure message protection. Note: For public transportation transfer
discount applications, must record each transaction time as the basis for
calculating transaction amount in subsequent transactions.

UPDATE CAPP DATA CACHE command

Send UPDATE CAPP DATA CACHE
command, update the CAPP custom file with Based on file record, search for
security key, verify secure message
variable length record structure

Yes
Are there other
Cache the CAPP record content to
variable length
be updated
records to update?

No

As needed, send UPDATE CAPP DATA CACHE Based on file record, search for
command, update the first record in the CAPP log record security key, verify secure
file with the corresponding circular record structure UPDATE CAPP DATA CACHE command message

Yes Cache the CAPP record

content to be updated<
UPDATE CAPP DATA CACHE command
Are there other response
A No variable length
records to update?

UPI Confidential 32
 Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Terminal Card
A

Return AFL based on

READ RECORD command Read record content
GPO

Yes

Are there other

records to read? Is it the last
record?

No
Yes
Terminal Did the terminal
abnormal No authentication No
processing Complete deduction, CAPP
pass?
data update, and store TC

Yes

Complete transaction
Return record content

Figure 3 Single deduction discount transaction flow

Note: Single deduction discounts may involve checking the last or the last several
transaction records (as in the case of bus transfers), so besides the CAPP variable
length record file used by discount applications for general records, an additional
CAPP log record file that uses circular record file structure may be added. By using
the two files in conjunction, various discount plans could be realized.

Flow Description

When the cardholder uses contactless financial IC card for single deduction
discount transactions in a discount application environment, the terminal will
process it as follows:

—— Terminal first selects and activates the card, then through response data
determine whether the card supports extended application transactions based
on contactless micro-payments.
—— The terminal sends a READ CAPP RECORD command to check the variable
length structure discount application CAPP custom file, to determine whether
the card supports discount applications. If supported, the terminal sends one
or more READ CAPP RECORD commands to read record content as needed
from the circular record structure log record CAPP custom file: if the
discount rules requires checking the recent several transactions, then the
terminal must read the last several records from the circular file, as the basis

UPI Confidential 33
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

of the purchase amount calculation, otherwise only read the last log record as
basis; if this does not meet discount conditions, then transaction amount is
the non-discounted standard amount, otherwise, calculate purchase amount
based on discount rules, then enter the deduction transaction flow.
—— Terminals that support discounts can calculate discount purchase amount by
checking the recent several purchases. But avoid making the design overly
complex, to limit impact on transaction speed.

Note: If the card supports extended application record R-MAC protection, then the
terminal shall check and verify R-MAC. Specific methods are described in the fee
deduction by segment and offline pre-authorization transaction flows.

UPI Confidential 34
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

8 Security Requirements

8.1 Description of Key

The qUICS application supporting extended application transactions will pre-set

the proprietary file for the extended application specified in the specifications when
personalizing (for details please refer to Appendix A). Each extended application
file corresponds to one industry application, and the opening of each industry
application will be protected by an access key in the way of security message.
Access keys for these applications are derived from the same application access
master key.

Table 8-1 Key Type Description

Key Type Usage Length Management

Application Application access keys generated

opening master through derivation are used to 16 bytes Issuer
key protect the extended application file

Industry It’s used to control the authorization

Industry
application to modify data for industry 16 bytes
partners
governance key application record

Note 1: The derived generation mechanism of application access key must ensure
that the access key for each extended application file is unique.

Note 2: The generation and management of governance key for industry application
shall be defined by the industry partner.

8.2 Security Mechanism

The terminal uses the APPEND RECORD command to add new application
records in the extended application file of specified industry application, i.e. open a
new industry application. The commands of using the APPEND RECORD
command to add a new application in a variable-length record file, and the
UPDATE CAPP DATA CACHE command to update the application file data are
mandatory to contain security messages, so that the card is able to determine that
the command is from a legitimate terminal.

The security message uses '00 '| | '00' | | '00 '| | '00' | | '00 '| | '00' | | ATC as the initial
vector to participate in the MAC calculation. For MAC calculation method, please
refer to the description on message authentication codes in UnionPay Integrated
Circuit Card Specifications 0025.7. Before sending the APPEND RECORD and
UPDATE CAPP DATA CACHE command, the ATC can be obtained either by
GET DATA, or through the returned value of GPO.

UPI Confidential 35
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

In APPEND RECORD command, the settings of governance keys for the industry
applications are attached. After the opening of an industry application, the
authorization to modify the application data of this industry application shall be
controlled by the corresponding industry application governance key in the manner
of security message. The terminal modifies industry application data with the
UPDATE CAPP DATA CACHE command. The extended application supports the
deletion function, i.e., the application validity identification shall be set to zero by
the industry terminal when updating the industry data.

UPI Confidential 36
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

9 Personalization Requirements for Extended Application

UICS debit/credit applications supporting extended application transactions based

on contactless low-value payment adopts the personalization methods of EMV card
Personalization Specification (CPS) and the UICSUICS 2.0 Debit/Credit
Application Personalization Guide.

For cards only supporting deduction by segment applications, when the data is
personalized, the Issuer should write a deduction by segment identifier (DF61) =
0x01 in the issuer discretionary data (BF0C) in the file control information (FCI)
returned by SELECT AID.

For cards only supporting deduction by segment applications, in the opening

process, the terminal should set the extended application identifier to 1 when
adding a record to the proprietary file of extended application.

When personalization is used in PDOL of contactless interface, it shall contain the

CAPP transaction indicator bit. For a contactless interface, if there is a CAPP
transaction indicator bit in the PDOL returned by the card, it indicates that the card
supports the comprehensive purchase transaction based on contactless low-value
payment. If the terminal also supports the comprehensive purchase transaction, the
GPO command will provide a CAPP transaction indicator bit, which will be set
with a corresponding value; If the terminal does not support the comprehensive
purchase transaction, the CAPP transaction indicator bit set as 0 will be provided to
the card with the GPO command.

The issuer will create ahead of time a extended application file during
personalization, and write in the initial key. Before using, it shall be opened by the
cardholder on the industry devices, i.e., the industry will create a record
corresponding to the file, and write in the read-write key of the industry to the
record.

For cyclic record files, the files shall be created ahead of time by the Issuer in
personalization process. If the industry needs to use the cyclic record file, a new
record can be added with the APPEND RECORD command when opening the
business by the cardholders, and then records in the file will be updated through
UPDATE CAPP DATA CACHE. This file corresponds to one industry key.

UPI Confidential 37
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Appendix A Proprietary File for Extended Application

A.1 READ CAPP DATA (read extended application data) Command

A.1.1 Definition and Scope

READ CAPP DATA command is used in the extended application transactions,

where the terminal will retrieve information such as whether the card supports the
extended application and information of last time extended application purchase
transaction.

The terminal will determine the specified record of certain extended application file
to be read through specifying the ID number of the extended application (generally
the area code) and the industry type of extended application.

Once the card receives a READ CAPP DATA command, it will perform the
following operations:

—— Select the corresponding EF file according to SFI specified by P2. If the file
does not exist, the card will return the status code '6A82 '(file not found).
—— If EF file is not a variable length record file, the card will return a status word
'6981' (file type does not match).

A.1.2 Command Message

This command message is as follows:

Table 7-1 Command Message of READ CAPP DATA

Code Value

CLA '80'

INS 'B4'

P1 '00'

P2 Refer to Table 7-2

Lc '02'

Data ID #

Le Not exist

The reference control parameter P2 in this command message is defined in the

following table:

Table 7-2 Definition of the reference control parameter P2 in READ CAPP DATA
command message

UPI Confidential 38
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

B8 B7 B6 B5 B4 B3 B2 B1 Meaning

0 0 0 0 0 - - - RFU

X X X X X - - - SFI

1 1 1 1 1 - - - RFU

Record appears in the first area

- - - - - 0 0 0
code

Record appears in the next area

- - - - - 0 0 1
code

- - - - - X X X RFU

Other values RFU

A.1.3 Data field of the command message is an ID number of 2 bytes.

Data field of the command message is an ID number of 2 bytes.

A.1.4 Response Message Data field

Specify the record content of ID number.

A.1.5 Status Code of Response Message

Status code for successful performing of the command is '9000'.

Error status codes that may be returned by the IC card are as follows:

SW1 SW2 Meaning

'65' '81' Memory failure (modification failed)

'67' '00' Length error (Lc field is blank)

'69' '81' Command is incompatible with the file structure

Command not allowed (it is not the current EF; directly read or update the next
'69' '86'
record)

'6A' '81' This feature is not supported

'6A' ‘82’ File not found

UPI Confidential 39
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

'6A' '83' Record not found

'6A' '84' Storage space of the file is not enough

‘94’ '07' The application is prohibited

A.2 UPDATE CAPP DATA CACHE (Update Data Cache) Command

A.2.1 Definition and Scope

UPDATE CAPP DATA CACHE command is used to update the application data
cache in the extended application purchase transactions. Cached data will be used
by the last READ RECORD command to rewrite related records in the proprietary
files of the extended application. After the card receives the UPDATE CAPP
DATA CACHE command, it will perform the following operations:

—— Select the corresponding EF file according to SFI specified by P2. If the file
does not exist, the card will return the status code '6A82' (file not found), and
the terminal shall terminate the extended application purchase transaction.
—— Check the condition for using the proprietary file of the extended application,
if the previous command of this command is not a GPO command or is
another UPDATE CAPP DATA CACHE command, it will return status code
'6985' (the using conditions are not met). The terminal shall terminate this
extended application purchase transaction.
—— If the proprietary file of the extended application pending for updating is a
variable length record file, according to the ID number in the command data
field, check whether there is a record of the same ID number in the
proprietary file of the extended application. If it does not exist, return a status
code '6A83 '(No Record found). The terminal shall terminate this extended
application purchase transaction.
—— Check whether the data field length of command is greater than the
corresponding length recorded in the proprietary file of the extended
application. If it’s greater, return a status code '6A84' (file storage space is
not enough). If it’s less, return the state '6A80' (data field is not correct). The
terminal shall terminate this extended application purchase transaction.

After passing the above-mentioned checks, the card shall temporarily save the SFI,
record number and data field in the command. This command can't be used to
update the corresponding data recorded in the proprietary file of the extended
application.

An UPDATE CAPP DATA CACHE command is allowed to be performed for

multiple times to update several records.

UPI Confidential 40
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

The proprietary file of the extended application can be of either variable-length

record structure, or cyclic record structure. If it’s of variable-length record structure,
before using the UPDATE CAPP DATA CACHE command to update the extended
application data, it must be ensured that there is a corresponding record in the file;
if it’s of cyclic record structure, each time when executing the command, it shall
update the latest record and then use it in cycle.

In extended applications for contactless low-value payment, the command must

utilize the security messaging mode.

A.2.2 Command Message

This command message is as follows:

Table 7-3 UPDATE CAPP DATA CACHE Command Message

Code Value

CLA '84'

INS 'DE'

P1 '00'

P2 Refer to Table 7-4

Lc Length of follow-on data field

Data For details please refer to the description

Le Command does not exist

The reference control parameter P2 in this command message is defined in the

following table:

Table 7-4 Definition of Reference Control Parameter P2 in the UPDATE CAPP

DATA CACHE Command Message

B8 B7 B6 B5 B4 B3 B2 B1 Meaning

0 0 0 0 0 - - - RFU

X X X X X - - - SFI

1 1 1 1 1 - - - RFU

The record for the first appeared

ID number (variable-length
- - - - - 0 0 0
record file) or the latest record
(cyclic record file)

UPI Confidential 41
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

B8 B7 B6 B5 B4 B3 B2 B1 Meaning

Record of the next appeared ID

- - - - - 0 0 1 number (variable-length record
files)

- - - - - X X X RFU

Other values RFU

A.2.3 Command Message Data Field

Command message data field contains record content and security message.

If the current file is a variable-length record file, the record contents shall contain
the ID number, record length, and other extended application information and data;
if the current file is a cyclic record file, the command message data field shall
contain the extended application data.

A.2.4 Response Message Data Field

Response message data field does not exist.

A.2.5 Response Message Status Code

Status code for successful performing of the command is '9000'.

Error status codes that may be returned by the IC card are as follows:

SW1 SW2 Meaning

'65' '81' Memory failure (modification failed)

'67' '00' Length error (Lc field is blank)

'69' '81' Command is incompatible with the file structure

Command not allowed (it is not the current EF; directly read
'69' '86'
or update the next record)

'6A' '80' Data field is not correct

'6A' '81' Function is not supported

'6A' ‘82’ File not found

'6A' '83' Record not found

'6A' '84' Storage space of the file is not enough

‘94’ '07' The application is prohibited

UPI Confidential 42
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

If R-MAC is supported, R-MAC will not be returned when UPDATE CAPP

DATE CACHE returns an error.

A.3 APPEND RECORD Command

A.3.1 Definition and Scope

APPEND RECORD command is used to add extended application record to the

extended application file when opening the extended application. It can be used to
add records to the cyclic record file, also initialize the first record in the cyclic
record file to the extended application.

After the card receives the APPEND RECORD command, it will perform the
following processing:

—— Determine whether the newly added record length exceeds the maximum
length of file record, if it exceeds, the card will return the status word
"6A80";
—— Determine whether remaining space of the file is sufficient, if the space is
insufficient, the card will return status word "6A84";

Through the above determinations, the card will allocate the record spaces
according to the record data length of the command data field, and write new
record data into the file.

A.3.2 Command Message

This command message is as follows:

Table 7-5 APPEND RECORD Command Message

Code Value

CLA '04'

INS 'E2'

P1 '0'

P2 Please refer to Table 7-6

Lc Length of follow-on data field

16-byte record modifying key (encrypted by the initial key) +

Data
newly added record content + MAC

Le Does not exist

The reference control parameter P2 in this command message is defined in the

following table:

UPI Confidential 43
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Table 7-4 Definition of Reference Control Parameter P2 in APPEND RECORD

Command Message

B8 B7 B6 B5 B4 B3 B2 B1 Meanings

0 0 0 0 0 - - - RFU

X X X X X - - - SFI

1 1 1 1 1 - - - RFU

- - - - - X X X RFU

Other values RFU

A.3.3 Command Message Data Field

This command message is composed by 16-byte record modifying key, newly

added record contents (extended application data) and MAC.

A.3.4 Response Message Data Field

Response message data field does not exist.

A.3.5 Response Message Status Code

Status code for successful performing of the command is '9000'. Error status codes
that may be returned by the IC card are as follows:

SW1 SW2 Meaning

'65' '81' Memory failure (modification failed)

'67' '00' Length error (Lc field is blank)

'69' '81' Command is incompatible with the file structure

It does not meet the conditions for performing the command (is
'69' '86'
not current EF)

'6A' '81' Function is not supported

'6A' ‘82’ File not found

'6A' '83' Record not found

'6A' '84' Storage space of the file is not enough

‘94’ '07' The application is prohibited

UPI Confidential 44
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

A.4 GET TRANS PROVE (Get Offline Transaction Application Cryptogram)

Command

A.4.1 Definition and Scope

GET TRANS PROVE command is used to obtain TC (offline transaction

application cryptogram) of extended application transaction corresponding to
specific ATC (application transaction counter). The usage scenario is, in case the
terminal cannot receive the response data of latest transaction command, it will
re-power and send such command to obtain the TC of last failed transaction. If the
response to the command succeeds, the terminal will determine that the last
transaction is successful; otherwise, it will process according to transaction failed.
This command can only obtain the TC of the latest extended application transaction
that is the successfully completed by the card recently. If the latest transaction is a
pre-authorization transaction, all the returned TC shall be zero.

A.4.2 Command Message

This command message is as follows:

Table 9-3 GET TRANS PROVE Command Message

Code Value

CLA '80'

INS '5A'

P1 '00'

P2 '00'

Lc '02'

Data Transaction ATC specified by the terminal

Le '08'

A.4.3 Command Message Data Field

Command message data field is composed by transaction ATC specified by the

terminal.

A.4.4 Response Message Data Field

Response message data field returns the TC (8 bytes) corresponding to transaction

ATC specified by the terminal.

A.4.5 Response Message Status Code

Status code for successfully performing of command is '9000'. Error status codes
that may be returned by the IC card are shown in the following table:

UPI Confidential 45
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

SW1 SW2 Meaning

65 81 Memory failure

67 00 Length error

69 85 Usage conditions are not met

6D 00 Command does not exist

6E 00 Command type is not supported

94 06 Required TC is not available

UPI Confidential 46
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Appendix B Proprietary File for Extended Application

B.1 Proprietary File for Extended Application

Proprietary file for extended application is usually of variable-length record

structure, but according to the application requirements, such as in the transfer
discount application mode, a cyclic record file for extended application, which is of
cyclic record structure, is also needed to save the information as corresponding
transfer records. (For the application examples in the specifications, all the
proprietary files for extended application without special notes are of
variable-length record structure). For details, refer to the table below:

If an proprietary file for extended application is of variable-length record structure,

the proprietary file for extended application shall be created according to the
information in below table.

Variable-length proprietary Variable-length

Document Name Document Type :
file for extended application record file

SFI (for recommended

Document Identifier value, please refer to File Size Self-defined
Appendix B)

Maximum length of
Self-defined
a single record

Read Open
File authorization
Update Protected

Record Coding

Byte Data element Length (bytes)

1-2 ID (area code) 2

3 Record length (length of follow-up data) 1

4 Application effective ID (0 indicates invalid; 1 indicates valid) 1

Extended application identifier (1 indicates that this

5 application applies the deduction by segment; 2 indicates that 1
the application applies offline pre-authorization purchase)

Application block flag (0 indicates that the application is not

6 1
blocked; 1 indicates that the application is blocked)

7-n Application Data n-6

For specific definition of short file identifier of extended application, please refer to
Appendix B.

UPI Confidential 47
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

B.2 Cyclic record file for extended application

Cyclic record file for extended application is of cyclic record structure. For each
transaction, UPDATE CAPP DATACACHE command can only update the first
record, and is only stored as logging data record. It’s suggested to create a
proprietary file for extended application according to the information in below
table.

This document can also be used for other self-defined applications of the industry.

cyclic record files for

Document Name Document Type : cyclic record files
extended application

Document Identifier SFI=0x1E File Size Self-defined

Read Open
File authorization
Update Protected

Record Coding

Byte Data element Length (bytes)

1-n Extended application data n

The application supporting transfer discount should record the details of this
transaction in the cyclic record file for extended application. For transfer discount,
it is required to read the contents in cyclic record file as the basis for discount
transfer.

UPI Confidential 48
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Appendix C Recommended Definitions for Extended Applications

According to the actual application needs of current several common extended

applications, and combined with the realization modes of applications in the
specifications, the recommended definitions of the short file identifier (SFI) and the
access key of extended application are as below. For details, please refer to table
below

Extended application
Extended application type Access key
file SFI

Ordinary subway application 0x15 Pre-set

Ordinary bus application 0x16 Pre-set

Non-stop fare charging for

0x17 Pre-set
Highway

Parking fare charging for meter

0x18 Pre-set
application (internal balance)

Railway (High Speed Rail)

0x19 Pre-set
application (internal balance)

General bus daily ticket/monthly

0x1A Pre-set
ticket application

General subway daily

0x1B Pre-set
ticket/monthly ticket application

Other extended applications

0x1C Pre-set
(internal balance)

UPI Confidential 49
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Appendix D Data Element

Those data elements referred to in this Specification, but not defined or modified in
UICSUICS specifications will be defined in this Appendix.

Format
Name Tag Requirements Description Retrieve Value
Length

0: Indicates that the

terminal does not
support the extended
application
1: Indicates that the
terminal supports
Conditions deduction by
If the card segment transactions
Specify the
F: b8 supports a CAPP 2: Indicates that the
CAPP CAPP
comprehensive terminal supports
transaction T: DF60 transaction type N/A
transaction, it is offline
indicator bit L: 1 supported by the
required to pre-authorization
terminal
specify the data transactions
in PDOL 3: Indicates that the
terminal supports
offline
pre-authorization
completion
transactions

If the card only

Returned in
supports It’s used to 1: Indicates that the
the Issuer
deduction by distinguish the card only supports
Deduction by discretionary
F: b8 segment capability of the deduction by
Segment data BF0C in
T: DF61 applications, the card in segment applications
Application the file control
L: 1 Issuer will supporting 2: Indicates that the
Identifier information
conduct the extended card supports the
(FCI)
personalization applications extended application
in BF0C

UPI Confidential 50
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

If the card
It indicates the
supports the
Deduction F: n12 maximum
deduction by It can be
limit of deductible
T: DF62 segment returned
deduction by amount for
L: 6 deduction through the
segment for deduction by
Format: function, it will Get Data
electronic segment
cn support the Get command
cash transactions
Data and Put
Data commands.

If the card
supports the
deduction
The deducted F: n12 function of It can be
amount of Indicates the
T: DF63 deduction by returned
electronic current deducted
L: 6 segment, it will through the
cash amount of the
support the Get Get Data
deduction by Format: card
Data command, command
segment cn
but not the Put
Data command.

Note1: If ‘DF61’ indicator doesn’t support extended application transaction, but

terminal request an extended application transaction in GPO. To be compatible
with terminal, card will still support extended application transaction.

Note2: If ‘DF61’ indicator doesn’t support R-MAC, but when terminal request
R-MAC, card is allowed to return R-MAC to complete transaction.

UPI Confidential 51
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Appendix E (Informative Annex)

Example deduction by segment transaction applications

This appendix provides examples based on contactless micro-payment for

deduction by segment transactions in specific application environments, describing
the actual application modes for deduction by segment transactions.

Note: The following example description has the pre-condition that the terminal
supports the specified deduction by segment transaction application.

E.1 Subway/Railway/Express-way Tolls/Parking Meter Applications

Subway/railway/expressway toll applications utilize fee billing by segment model;

parking meter applications utilize fee billing by time, but all the applications above
use the same transaction flow. This section will go in-depth into description of a
specific contactless micro-payment based deduction by segment application's
transaction flow, using a subway billing application as the example. The entire
transaction is divided into a gate-entry transaction (or toll zone entry transaction)
and a gate-exit transaction (or toll zone exit transaction). Regarding the CVM
settings on the terminal, implement in line with the electronic cash requirements.

E.1.1 Subway Billing Application

E.1.1.1 Gate-entry transaction flow

Description

The basic flow for the gate-entry transaction is: Select the PPSE payment
environment, then select the qUICS application, read the extended application
custom file, then determine whether the last transaction was completed successfully.
If the last transaction was completed successfully, then engage in purchasing and
update the file; otherwise return an error prompt, to show that the cardholder is not
permitted to enter the toll zone.

Terminal can also engage in pre-processing based on actual circumstances, for

example can preemptively obtain the card balance, to determine whether to permit
the cardholder to enter the station.

UPI Confidential 52
 Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Flow Chart

Terminal Card

SELECT command
Select PPSE Return the application data and AID saved in PPSE
SELECT return value

SELECT command Return PDOL, request terminal transaction qualifier

Select AID used 9F66, and include the CAPP transaction indicator bit
SELECT return value

Read designated
READ CAPP DATA command
CAPP file

Yes
Is subway CAPP file
supported?
Are there other No Yes
records to read?

No Return error Return file

status code content
Terminate transaction,
Determine whether the
permission denied to leave
toll zone, and prompt No card supports subway
toll application?
cardholder

Yes

Was the last

No transaction a normal Yes
toll zone entry?< READ CAPP DATA
command response

Yes
Receive GPO command,
Send GET PROCESSING OPTIONS command process according to standard
No 注：交易金额必须为0 qPBOC transaction

Return offline GPO command

approval response

Yes

Update CAPP record content

Update command utilizes secure message protection
Note: For subway toll application, must record the
gate-exit transaction gate code, gate-exit transaction
amount, and other data

Based on file record, search

Send UPDATE CAPP
UPDATE CAPP DATA CACHE command for security key, verify secure
DATA CACHE command message

No Yes

Are there other Cache the CAPP record

records to update? UPDATE CAPP DATA CACHE response
content to be updated

No

Based on GPO return AFL

read record
READ RECORD command Read record content

No

Is it the last Is it the last

record record?

Yes Yes

完成实际扣款和 No
Did the terminal
authentication pass? CAPP数据更新

Yes
Return record
Permit toll zone exit, and prompt cardholder content

Figure E.1 Gate-entry transaction flow for subway toll application

UPI Confidential 53
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Flow Description

When the cardholder uses contactless financial IC card for gate-entry transactions
in a subway toll application environment, the terminal will process it as follows:

—— Terminal first selects and activates the card, then through response data
determine whether the card supports extended application transactions based
on contactless micro-payments through AID selection.
—— Terminal sends READ CAPP RECORD command inquiry, to determine
whether the card supports subway toll application. If supported, the terminal
shall read this specified custom data, and process according to the data, for
determining whether the last transaction was leaving the toll zone, etc. If the
processing result is that the gate-entry transaction is not permitted, then the
terminal shall notify the cardholder. If the processing result permits the
gate-entry transaction, the terminal proceeds to fee deduction by segment
transaction, with transaction amount of 0.
—— Based on its particular circumstances, the terminal, in UPDATE CAPP
DATA CACHE, updates the subway toll custom data, fills in the city code,
operator code, record format version number, transaction label, toll zone
entry transaction time, toll zone entry line code, toll zone entry transaction
station code, toll zone entry transaction gate code, toll zone entry transaction
serial number, custom TAC, and other fields, and save the toll zone exit
transaction time, toll zone exit transaction line code, toll zone exit transaction
station code, toll zone exit transaction gate code, toll zone exit transaction
amount, toll zone exit transaction serial number, and other original record
values.
—— At the end of the transaction, the terminal applies dynamic data
authentication on the card based on the data returned by the card during the
transaction process. Only after the card passes authentication would the
terminal permit the cardholder to enter the toll zone.

E.1.1.2 Gate-exit transaction flow

Description

Gate-exit transaction has the basic flow: Select the PPSE payment environment,
then select the qUICS application, read the extended application custom file,
determine whether file content is correct, if so, based on gate-entry data, calculate
the toll amount. Then proceed to deduct the toll, and update the extended
application custom file, indicate normal transaction completion, while also
prompting the cardholder to exit the toll zone.

UPI Confidential 54
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Flow Chart

Terminal Card

SELECT command
Select PPSE Return the application data and AID saved in PPSE
SELECT return value

SELECT command Return PDOL, request terminal transaction qualifier

Select AID used< 9F66, and include the CAPP transaction indicator bit
SELECT return value

Read designated
READ CAPP DATA command
CAPP file

Yes Is subway CAPP file

No supported?
Yes
Are there other
records to read? Return error Return file
status code content
No

Terminate transaction, Determine whether the

permission denied to leave
toll zone, and prompt No card supports subway
cardholder toll application?

Yes
Was the last READ CAPP DATA
No transaction a normal command response
toll zone entry?

Yes

Receive GPO command,

Based on gate-entry data, calculate toll amount
GET PROCESSING OPTIONS command process according to standard
No Send GET PROCESSING OPTIONS command qPBOC transaction

Return offline GPO command

approval response

Yes

Update CAPP record content

Update command utilizes secure message protection
Note: For subway toll application, must record
the gate-exit transaction gate code, gate-exit
transaction amount, and other data

Based on file record, search

Send UPDATE CAPP
UPDATE CAPP DATA CACHE command for security key, verify
DATA CACHE command
secure message
No
Yes

Are there other Cache the CAPP record

UPDATE CAPP DATA CACHE command response
records to update? content to be updated

No

Based on GPO return AFL

read record
READ RECORD command Read record content

No
Is it the last
record?
Is it the last record

Yes
Yes
Complete deduction,
CAPP data update, No
and store TC
Is it the last
record
Return record
Yes content

Permit toll zone exit, and prompt cardholder

Figure E.2 Gate-exit transaction flow for subway toll application

UPI Confidential 55
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Flow Description

When the cardholder uses contactless financial IC card for gate-exit transactions in
a subway toll application environment, the terminal will process it as follows:

—— Terminal first selects and activates the card, then through response data
determine whether the card supports extended application transactions based
on contactless micro-payments through AID selection.
—— Terminal sends READ CAPP RECORD command inquiry, to determine
whether the card supports subway toll application. If supported, the terminal
shall read the subway toll custom data, and process according to the data, to
determine whether the last transaction was a normal toll zone entry, etc, if so,
then calculate the toll amount based on the gate-entry data in the extended
application custom file. If the processing result is that the gate-exit
transaction is not permitted, then the terminal shall notify the cardholder. If
the processing result is that toll zone exit transaction is permitted, the
terminal proceeds with deduction by segment transaction, and updates the
extended application custom file, with the transaction amount being the toll
amount calculated.
—— Based on its particular circumstances, the terminal, in UPDATE CAPP
DATA CACHE, updates the subway toll custom data, fills in the toll zone
exit transaction time, toll zone exit line code, toll zone exit transaction station
code, toll zone exit transaction gate code, toll zone exit transaction amount,
toll zone exit transaction serial number, custom TAC, and other fields, and
saves the city code, operator code, record format version number, transaction
label, toll zone entry transaction time, toll zone entry transaction line code,
toll zone entry transaction station code, toll zone entry transaction gate code,
toll zone entry transaction serial number, and other original record values.
—— At the end of the transaction, the terminal applies dynamic data
authentication on the card based on the data returned by the card during the
transaction process. Only after the card passes authentication would the
terminal permit the cardholder to exit the toll zone.

E.1.2 Inter-city rail/Expressway Toll Applications

Inter-city rail toll / expressway toll applications use the same transaction flow as
subway toll applications, also dividing the transaction into gate-entry transaction
and gate-exit transaction, with the only difference being the toll standard. Each of
them charges based on route segment, so at the time of gate-entry transaction, the
recording of gate-entry transaction gate code and gate-entry transaction line code is
very important, as these data are the basis for calculating toll amount at gate-exit.

E.1.3 Parking Meter Application

Parking meter application transaction flow is the same as that of the subway toll
application, with the transaction divided into parking transaction and toll collection

UPI Confidential 56
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

transaction, equivalent to gate-entry transaction and gate-exit transaction. But

subway toll application bills based on the segment ridden by the passenger, while
the parking meter application bills based on the amount of parking time for the
customer. So, for parking meter applications, at the time of the parking transaction,
the recording of the transaction meter code and the parking transaction time is very
important, as these data are the basis for calculating toll amount at the time of the
toll collection transaction.

E.2 Public Transportation Day-Pass / Monthly-Pass Transaction Flow Description

Besides transactions that deduct by time or by segment, extended application can

also realize public transportation day-pass / monthly-pass application functionality
through reading the extended application custom file.

E.2.1 Public Transportation Day-Pass / Monthly-Pass Application

Description

Extended applications include the following two types in the public transportation
day/month pass domain: limited-use type and unlimited-use type. Whereby,
limited-use type means limiting the number of uses of the day/month pass during
the day/month, engaging in equal amount tolls, with the toll amount being the
proportional value of the day/month pass total amount and the limited number of
uses; unlimited-use type means there is no limit to the number of uses for the
day/month pass during the day/month, and deducts the entire day/month amount on
the first use, thereafter engaging in 0 amount tolls on subsequent uses.

The basic flow for the day/month pass transaction is: Read the extended application
custom file, determine whether the card supports public transportation day/month
pass application, if yes, determine whether the public transportation day/month pass
has been used already; if not yet used, then proceed to day/month pass toll
transaction; if already used, then based on initial usage time and (/or) number of
uses, determine whether the day/month pass has already expired, if expired, then
notify the cardholder that the day/month pass has expired, otherwise continue with
day/month pass toll transaction.

UPI Confidential 57
 Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Flow Chart

Terminal Card
SELECT command Return the application data and AID
Select PPSE
SELECT return value saved in PPSE

SELECT command Return PDOL, request terminal transaction

Select AID used qualifier 9F66, and include the CAPP
SELECT return value transaction indicator bit

Read designated
READ CAPP DATA command
CAPP file

Yes
Is day/month pass
CAPP file supported?
No
Are there other Yes
records to read?

No Return error Return file

status code content
Proceed with standard Success returned, and
qPBOC transaction or No card supports day/month
terminate transaction pass application?

READ CAPP DATA

Yes Yes command response

Determine whether Determine whether

day/month pass has Yes day/month pass has
already been used?
Yes expired

No
Prompt
cardholder
that day/ No Receive GPO command,
month pass Calculate toll amount according to rules
GET PROCESSING OPTIONS command process according to standard
has expired Send GET PROCESSING OPTIONS command qPBOC transaction

Return offline GPO command

approval response

Yes

Update CAPP record content

Update command utilizes secure message protection
Note: For day/month pass application, must record day/
month pass type, monthly pass valid period, initial usage
time, and number of uses, other relevant data, as the
basis for subsequent transactions

Send UPDATE CAPP Based on file record, search for

UPDATE CAPP DATA CACHE command security key, verify secure
DATA CACHE command message

Yes
Cache the CAPP
Are there other
UPDATE CAPP DATA CACHE command response record content to be
records to update?
updated

No

Based on GPO return

READ RECORD command Read record content
AFL read record

No

Is it the last
Is it the last
record?
record

Yes Yes

Not permitted
Complete deduction, No
CAPP data update, and
to board, and Did the terminal store TC
prompt No authentication pass?
cardholder

Yes
Return record content
Permitted to board, and prompt cardholder

Public transportation day/month pass toll transaction flow chart

UPI Confidential 58
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Flow Description

When the cardholder uses contactless financial IC card for public transportation
day/month pass transactions in a day/month pass application environment, the
terminal will process it as follows:

—— Terminal first selects and activates the card, then through response data
determine whether the card supports extended application transactions based
on contactless micro-payments.
—— Terminal sends READ CAPP RECORD command to inquire the industry file,
to determine whether the card supports public transportation day/month pass
application. If supported, the terminal shall read the public transportation
day/month pass custom data, then process based on the data: first determine
whether the public transport day/month pass has already been used: if not
used, then based on the rules, calculate the toll amount and proceed with
day/month pass toll transaction; if already used, then based on the initial
usage time and (/or) number of uses, determine whether the day/month pass
has expired, if expired, then terminate the transaction and notify the
cardholder that the day/month pass has expired, if not expired then calculate
the toll amount based on the rules and continue with day/month pass toll
transaction.
—— For day/month pass applications, the extended application custom file must
record the day/month pass type, day/month pass effective period, initial usage
time, number of times used, and other relevant data, as the basis for
subsequent transactions.
—— If the day/month pass must be used on specific day/month, then the CAPP
file can be updated during card top-up/issuance.

UPI Confidential 59
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Appendix F (Informative Annex) Industry Application Setup Guide

Setting up an industry application master key is generally managed by the issuer,

and each industry application is controlled by independent industry application
setup master keys, so as to ensure the independence of each industry. For IC card
application setup key derivation method, see the description for sub-key derivation
in UICS, with industry application setup master key derived with financial
application PAN number and PAN serial number.

Industry application management and setup process is as follows:

—— Issuer generates the industry application setup master key with its IC card
key management system.
—— When the issuer is preparing the IC card data, the industry application setup
master key is derived with the financial application PAN number and PAN
serial number to obtain the IC card industry application setup key.
—— During issuer personalization, extended application file is preemptively
created, setting up the corresponding IC card industry application setup key.
—— The cardholder, on the designated terminal and under the protection of the
industry application setup key, adds industry application record through the
APPEND RECORD command to setup the industry application.

Industry applications can be setup through the following route:

1) Terminal has the means of authentication to setup the industry application:

Terminal contains the industry application setup master key, through PAN number
and PAN serial number derivation, obtains the IC card industry application setup
key. The terminal, under the control of the IC card industry application setup key,
creates the industry application record (industry application management key is
generated by the issuer or industry cooperative, encrypted using the IC card
industry application setup key, and written into the IC card).

2) Use issuer backend authentication means to setup industry application: The

terminal does not contain the industry application setup master key, but rather the
industry application setup master key is stored on the issuer backend, with the card
and issuer backend engaging in online interactive authentication, with the same
application flow for industry application setup as for the terminals with the means
of authentication. This method is suitable for remote setup of industry applications.

UPI Confidential 60
Part II Extended Purchase Specification
Based on Contactless Low-value Payment Application

Appendix G New IDD issuer discretionary data (9F10)

For issuer discretionary data (9F10) in contactless IC card micro-payment extended

application's offline pre-authorization, add data with IDD ID of 0x06, with data
adding new IDD issuer discretionary data as in Table G.1 below:

Table G.1 new IDD issuer discretionary data

Issuer Length (byte) IDD Financial Field MAC

discretionary ID Byte Size
data option

Authorized 10 0x06 Tag "9F02" value 4

Transaction (lower 5 bytes)
Amount

For offline pre-authorization completion and deduction by segment transactions

with issuer discretionary data (9F10) from original qUICS, contactless IC card
micro-payment extend applications, use the original IDD ID01~05 data.

Through the newly added IDD ID, the issuer can undertake special processing for
not-yet-completed offline pre-authorization transactions. This processing requires
support from the corresponding issuer backend system.

UPI Confidential 61