UnionPay Integrated Circuit Card Specifications

— Product Specifications

Part V IC Card Internet Multipurpose Terminal Specification

Version 2014
THIS PAGE IS INTENTIONALLY LEFT BLANK.
Part V IC Card Internet Multipurpose Terminal Specification

Table of Contents
Summary of Revisions.................................................................................................................1

1 Application Scope ..................................................................................................................2

2 Normative Reference .............................................................................................................3

3 Terms and Definitions ...........................................................................................................4

3.1 Application ....................................................................................................................4

3.2 Asymmetric Encryption Technique...............................................................................4

3.3 Authentication ...............................................................................................................4

3.4 Card ...............................................................................................................................4

3.5 Certificate ......................................................................................................................4

3.6 Certificate Authority......................................................................................................4

3.7 Certification Authority Root Certificate ........................................................................4

3.8 Command ......................................................................................................................4

3.9 Cryptogram....................................................................................................................5

3.10 Encryption Algorithm....................................................................................................5

3.11 Decryption .....................................................................................................................5

3.12 Digital Signature ...........................................................................................................5

3.13 Distinguished Name ......................................................................................................5

3.14 Encryption .....................................................................................................................5

3.15 Financial IC Card ..........................................................................................................5

3.16 Handshake Protocol.......................................................................................................5

3.17 Integrated Circuits .........................................................................................................5

3.18 Integrated Circuit(s) Card (ICC) ...................................................................................5

3.19 IC Card Internet Terminal .............................................................................................5

3.20 Interface Device ............................................................................................................6

3.21 Management Command ................................................................................................6

3.22 Pin Encryption Certificate .............................................................................................6

3.23 Private Key ....................................................................................................................6

3.24 Processing Center ..........................................................................................................6

UPI Confidential i
Part V IC Card Internet Multipurpose Terminal Specification

3.25 Public Key .....................................................................................................................6

3.26 Public Key Certificate ...................................................................................................6

3.27 Load...............................................................................................................................6

3.28 Record Protocol .............................................................................................................6

3.29 Response........................................................................................................................7

3.30 Response Code ..............................................................................................................7

3.31 Secure Channel ..............................................................................................................7

3.32 Script .............................................................................................................................7

3.33 Secure Channel Command ............................................................................................7

3.34 Symmetric Encryption Technique .................................................................................7

3.35 Terminal Certificate ......................................................................................................7

3.36 Transaction Command ..................................................................................................7

3.37 Trusted server certificate Trusted server certificate ......................................................7

3.38 Trusted platform module ...............................................................................................7

3.39 UUID .............................................................................................................................8

4 Symbols and Abbreviations ..................................................................................................9

5 Requirements for Terminal Hardware Specifications .....................................................11

5.1 Requirements for Terminal Security ...........................................................................11

5.2 Secure Module Requirements .....................................................................................11

5.3 Hardware Composition................................................................................................12

5.3.1 IC Card Reader Module .................................................................................12

5.3.2 Display Screen ...............................................................................................12

5.3.3 Keyboard ........................................................................................................12

5.3.4 Communication with Upper Computer ..........................................................12

5.4 Power Supply ..............................................................................................................12

5.5 Electromagnetic Compatibility....................................................................................13

5.6 Reliability ....................................................................................................................13

5.7 Terminal Types ...........................................................................................................13

UPI Confidential ii
Part V IC Card Internet Multipurpose Terminal Specification

6 General requirements .........................................................................................................15

6.1 Transaction type ..........................................................................................................15

6.2 Supported Card Mediums ............................................................................................15

6.3 Download Management ..............................................................................................15

7 Terminal Personalization....................................................................................................16

7.1 Terminal Personalization Data ....................................................................................16

7.1.1 Terminal Data ................................................................................................16

7.1.2 Terminal Certificate .......................................................................................17

7.1.3 Root CA Certificate ........................................................................................17

7.1.4 PIN Encryption Certificate ............................................................................17

7.2 Terminal Public Key ...................................................................................................17

7.3 Terminal Personalization Procedures ..........................................................................17

7.4 Certificate Application and Issuance Procedures ........................................................18

7.4.1 Root CA Certificate ........................................................................................18

7.4.2 Terminal Certificate .......................................................................................18

7.4.3 Trusted server certificates ..............................................................................19

7.4.4 PIN Encryption Certificate ............................................................................19

8 Ceritificate Update ..............................................................................................................20

8.1 Certificate Files ...........................................................................................................20

8.2 Cerfificate Update Flow ..............................................................................................20

8.2.1 CA Root Certificate Updates..........................................................................20

8.2.2 PIN Encryption Certificate Update................................................................20

8.2.3 Terminal Certificate File update ....................................................................20

9 Security System....................................................................................................................21

9.1 Certification System ....................................................................................................21

9.1.1 CA System Structure .......................................................................................21

9.1.2 Private Key Algorithm ...................................................................................21

9.2 Secure Channel ............................................................................................................21

9.2.1 Message Code ................................................................................................22

UPI Confidential iii

Part V IC Card Internet Multipurpose Terminal Specification

9.2.2 Channel Certificate update ............................................................................28

9.2.3 Handshake Protocol Operation Principle......................................................28

9.2.4 Record Layer Protocol Working Principles ...................................................30

10 Terminal Transaction Flow ................................................................................................32

10.1 Transaction Initialization .............................................................................................32

10.2 Application Selection ..................................................................................................32

10.3 Application Initialization/ Reading of Application Data .............................................32

10.4 Offline Data Authentication ........................................................................................32

10.5 Processing Limits ........................................................................................................32

10.6 Cardholder Authentication ..........................................................................................32

10.7 Terminal Risk Management ........................................................................................32

10.8 Terminal Behavior Analysis ........................................................................................32

10.9 Card Behavior Analysis...............................................................................................32

10.10 Online Processing ........................................................................................................33

10.11 Transaction Conclusion ...............................................................................................33

10.12 Issuer Script Processing...............................................................................................33

11 Terminal Interface Protocols..............................................................................................34

11.1 USB Interface Protocols ..............................................................................................34

11.2 BlueTooth Interface Protocol ......................................................................................34

11.2.1 Service Compliance .......................................................................................34

11.2.2 Bluetooth Name Compliance .........................................................................35

11.2.3 Other compliance ...........................................................................................35

11.3 USB OTG Interface Protocols .....................................................................................35

11.4 Other Interface Protocols.............................................................................................35

Appendix A (Normative Appendix) Terminal Command Set .......................................36

A.1 Terminal Command Set Overview ..............................................................................36

A.2 Management Command ..............................................................................................40

A.2.1 READ TERMINAL INFO Command ..............................................................40

A.2.2 MANAGE BUZZER Command ......................................................................45

UPI Confidential iv
Part V IC Card Internet Multipurpose Terminal Specification

A.2.3 MANAGE LED Command .............................................................................46

A.2.4 CONFIG DISPLAY FORMAT Command.......................................................48

A.2.5 EXCHANGE STATUS Command ...................................................................49

A.2.6 GET TERMINAL RESPONSE Command ......................................................50

A.2.7 MULTIPLE INSTRUCTION Command .........................................................51

A.3 Secure Channel Command ..........................................................................................52

A.3.1 ADD CERTIFICATE Command ....................................................................52

A.3.2 UPDATE CERTIFICATE Command..............................................................53

A.3.3 DELETE CERTIFICATE Command ..............................................................55

A.3.4 READ CERTIFICATE Command ..................................................................56

A.3.5 GET CERT RESPONSE Command ................................................................58

A.3.6 GET CLIENT HELLO Command...................................................................58

A.3.7 HASH SERVER CERTIFICATE Command ...................................................60

A.3.8 VERIFY SERVER CERTIFICATE Command ................................................61

A.3.9 CLIENT SIGN Command ...............................................................................63

A.3.10 EXPORT MASTERKEY Command ................................................................64

A.3.11 HMAC Command ...........................................................................................65

A.3.12 TRANSMIT ENCRYPTED COMMAND Command .......................................66

A.3.13 CLOSE SECURE CHANNEL Command .......................................................68

A.3.14 READ NON-PBOC PIN Command................................................................69

A.4 Transaction Command ................................................................................................70

A.4.1 CREDIT FOR LOAD Command ....................................................................70

A.4.2 DEBIT FOR PURCHASE Command .............................................................74

A.4.3 GET ELECTRONIC CASH BALANCE Command.........................................79

A.4.4 GET PRIMARY BALANCE Command ...........................................................80

A.4.5 GET DOL VALUE Command .........................................................................84

A.4.6 GET REVERSAL INFO Command.................................................................86

A.4.7 READ CARDHOLDER INFO Command ......................................................89

A.4.8 GET CARD TRADE RECODE Command .....................................................91

UPI Confidential v
Part V IC Card Internet Multipurpose Terminal Specification

A.4.9 CREDIT CARD PAYMENT Command ...........................................................92

A.4.10 VERITY OFFLINE PIN Command ................................................................96

A.4.11 TRANSFER Command ...................................................................................97

A.5 Terminal Command Response Status Code Table ....................................................107

Appendix B (Informative Appendix) Basic Encryption Algorithms ..........................108

B.1 RSA encryption algorithm.........................................................................................108

B.2 RSA signature algorithm ...........................................................................................108

B.3 Symmetric encryption algorithm ...............................................................................109

Appendix C (Normative Appendix) MAC Algorithm ..................................................112

C.1 Block algorithm based MAC .....................................................................................112

C.2 HASH algorithm based on HMAC............................................................................113

Appendix D (Informative Appendix) Certificate Format Table .................................115

Appendix E (Informative Appendix) Secure Channel Establishment Procedure

Example 118

Appendix F (Normative Referrence) Requirements for Terminal Support of

Dual Processing Centers ...................................................................................................120

F.1 Terminal Processing Procedures ...............................................................................120

F.2 DN Rules ...................................................................................................................121

F.3 Terminal Personalization Differences .......................................................................121

Appendix G (Normative Appendix) List of Command Status Code ...........................123

Appendix H (Normative Appendix) Terminal Version Number Defination And

Upgrade Rules....................................................................................................................128

H.1 Version Number Defination ......................................................................................128

H.2 Upgrade Rule.............................................................................................................128

Appendix I (Normative Appendix) Certificate Update Flow .....................................129

I.1 CA Certificate Update Flow ......................................................................................129

I.2 PIN Encryption Certificate Update Flow ..................................................................130

I.3 Terminal Certificate Update Flow .............................................................................131

I.4 Channel Certificate Configuration Reqirement .........................................................132

UPI Confidential vi
Part V IC Card Internet Multipurpose Terminal Specification

Appendix J (Informative Appendix) Transaction Type..............................................134

Appendix K (Informative Appendix) Platform Access And Communicate

Interface Code....................................................................................................................135

UPI Confidential vii

Part V IC Card Internet Multipurpose Terminal Specification

Summary of Revisions

The change listed below is associated with the current version.

Description of Change Where to look

Added: Chapter 8 Certificate Update processing Chapter 8
Revised: Certificate Verify Message 9.2.1
Added: Channel certificate update description 9.2.3
Revised: Step (6) of handshake protocol operation principle 9.2.3
Revised: P2=0x01 table with more detailed information A.2.1.4
Revised: Change Table A.17 ‘1000’ value to Terminal
A.3.2.2
Certificate
Revised: Update Table A.25 values A.3.6.4
Revised: Update IC Card Internal Terminal definitions and
3.19
new name
Added: Bluetooth interface protocols 11.2
Added: USB OTG protocols 11.3
Added: Appendix H Appendix H
Added: Appendix I Appendix I
Added: Appendix J Appendix J
Added: Appendix K Appendix K

UPI Confidential 1
Part V IC Card Internet Multipurpose Terminal Specification

1 Application Scope

This book applies to all UPI participants.

UPI Confidential 2
Part V IC Card Internet Multipurpose Terminal Specification

2 Normative Reference

The clauses in the following documents become the clauses of these Specifications
after being quoted by UICS. For the dated references, all their subsequent
modifications (excluding contents of the corrigendum) or the revisions are not
applicable to these Specifications. However, all the Parties reaching an agreement
according to these Specifications are encouraged to study whether the latest version
of these documents can be used. For the undated references, their latest versions are
applicable to these Specifications.

ISO 9564-1:2002 Banking -- Personal Identification Number (PIN)

management and security -- Part 1: Basic principles and requirements for online
PIN handling in ATM and POS systems

IEC 60950-1999 Safety of information technology equipment

CISPR 22-2006 Information technology equipment— Radio

disturbance characteristics— Limits and methods of measurement

ISO 7810-1985 Identification cards -- Physical characteristics

ISO 7811-5-1985 Identification cards -- Recording technique -- Part 5:

Location of read-write magnetic track -- Track 3

ISO8583-1987 Bank card originated messages -- Interchange

message specifications -- Content for financial transactions

ISO/IEC 7812-1:1993 Identification cards -- Identification of issuers -- Part

2: Application and registration procedures

ISO/IEC 7813:1995 Identification cards -- Financial transaction cards

UICS UnionPay Integrated Circuit Card Specifications

ISO/IEC 8859 8-bit single-byte coded graphic character sets

ISO/IEC 9797-1 Information technology -- Security techniques --

Message Authentication Codes (MACs) -- Part 1: Mechanisms using a block cipher

Technical Specifications on Bankcard Interoperability (Version 2.1)

UPI Confidential 3
Part V IC Card Internet Multipurpose Terminal Specification

3 Terms and Definitions

The following terms and definitions are applicable to these Specifications:

3.1 Application

The application protocol and relevant datasets shared by card and terminal.

3.2 Asymmetric Encryption Technique

The usage of two interrelated encryption transformation techniques: public

transformation (defined by public keys) and private transformation (defined by
private keys). These two types of transformations are unique in that when
undergoing public transformation a private transformation cannot be calculated.

3.3 Authentication

The process by which an entity is confirmed to have the identity that it claims to
have.

3.4 Card

Card in these Specifications refers to consumer devices with contact and

contactless payment application and interaction function with payment terminal.

3.5 Certificate

A signature process applied to entity's public key, identifying information and other
relevant information by the authentication centre which generates certificate using
private keys, thus producing unforgeable data.

3.6 Certificate Authority

A trustworthy third party institution that authenticates the public keys and other
relevant information of a given entity; this term is simplified in these specifications
are “CA Authentication Center” or “CA Center”; unless otherwise stated, the term
“CA Center” in these specifications refer to UnionPay while “CA Center Server"
refers to the financial IC card internet terminal certificate management system,
simplified as "RA System”.

3.7 Certification Authority Root Certificate

The starting point of a chain of trust whereby the CA authentication center gives
itself an unsigned public key certificate or self-signing certificate.

3.8 Command

A message sent from a terminal to an IC card that either initiates a process or

requests a response.

UPI Confidential 4
Part V IC Card Internet Multipurpose Terminal Specification

3.9 Cryptogram

The result of an encryption operation.

3.10 Encryption Algorithm

A transformation algorithm that either hides or displays the informational content

of data.

3.11 Decryption

The reverse operation of an encryption.

3.12 Digital Signature

A type of asymmetric encryption transformation performed on data. This

transformation allows for the receiver of data to confirm the source and integrity of
the data, protects the sender and receiver of the data from being modified by a
third-party, and also protects against data being modified by the receiver.

3.13 Distinguished Name

A uniquely identifying certificate user name for digital certificates.

3.14 Encryption

A process by which an encryption algorithm is used to perform a reversible

transformation of data to create a ciphertext.

3.15 Financial IC Card

Integrated circuit cards issued by merchant banks in compliance with UICS

requirements.

3.16 Handshake Protocol

The processes used before an actual transmission of data whereby the identity of all
parties are authenticated, encryption algorithms are determined, encryption keys are
exchanged, etc.

3.17 Integrated Circuits

Electronic devices capable of processing and storing information.

3.18 Integrated Circuit(s) Card (ICC)

A card that is packed internally with one or more ICs used for processing and
storage.

3.19 IC Card Internet Terminal

A small card reading device that utilized an internet channel to complete an IC card
transaction together with an IC card; the device includes interface devices and all
relevant components and interfaces (such as computer interfaces, etc.). |Based on

UPI Confidential 5
Part V IC Card Internet Multipurpose Terminal Specification

this specification, all internet terminal products developed by UnionPay are named
as ‘MiniPay’.

3.20 Interface Device

The mechanical and electronic components of a terminal for accepting IC input.

3.21 Management Command

Operational commands used by terminals for receiving terminal parameter data and
controlling terminal prompts.

3.22 Pin Encryption Certificate

A digital certificate issued by Root CA Center used to encrypt online PIN digital
certificates in X.509 format.

3.23 Private Key

An asymmetric key used by an entity on data containing identifying entity

information; also used to apply digital signatures.

3.24 Processing Center

A system used to receive, process, and transmit terminal transaction request

information as well the transmission of transaction result information back to
terminals; within the standard, all references to processing centers refer to the
UnionPay Micropayment Service Processing System.

3.25 Public Key

One of the key of an entity's asymmetrical key pair which could be disclosed. Used
for authentication of digital signatures.

3.26 Public Key Certificate

Unforgeable entity public key information signed by the authentication authority.

3.27 Load

The process of increasing an electronic cash balance. There are multiple load
methods; transferring from a primary account, cash deposit, or fund transfers from
other accounts. However the final post-loading balance could not exceed the
electronic cash limit.

3.28 Record Protocol

Basic functionality based on a dependable transmission protocol that support data

packaging, compression, and encryption for application layer protocols.

UPI Confidential 6
Part V IC Card Internet Multipurpose Terminal Specification

3.29 Response

The message sent to a terminal by an IC card signalling that it has processed a

received command message.

3.30 Response Code

Also called an answer code; a code sent by a receiver of a request or notification

that indicates to the sender the result of how that request or notification was
processed.

3.31 Secure Channel

A secure communication channel formed between an IC internet terminal and

processing center.

3.32 Script

A command or command sequence sent from an issuer, used for inputting that
command into an IC card.

3.33 Secure Channel Command

A command used by a terminal to construct a secure channel with a processing

center and manage electronic signatures.

3.34 Symmetric Encryption Technique

An encryption technique whereby the sender and receiver both use the same
encryption key for data transformation; without this key it is impossible to derive
the data transformation conducted either by the sender or receiver.

3.35 Terminal Certificate

A unique digital certificate compliant with X.509 formatting used to identify a

terminal device; each terminal device will have this certificate written into it during
pre-personalization.

3.36 Transaction Command

The commands used by terminals to execute transaction initialization and online

processing of debit/credit application procedures.

3.37 Trusted server certificate Trusted server certificate

A unique digital certificate compliant with X.509 formatting used to identify

processing center system servers; each processing center server has its own unique
trusted server certificate.

3.38 Trusted platform module

Trusted platform module is a device that can perform key generation, encryption
and decryption independently with independent internal processor and memory cell,

UPI Confidential 7
Part V IC Card Internet Multipurpose Terminal Specification

and can store keys and the featured data, providing encryption and security
certification service for the equipment. It uses security chip for encryption and the
key is stored in the hardware so that the stolen data cannot decrypted, thus
protecting commercial privacy and data security.

3.39 UUID

Universally Unique Identifier.

UPI Confidential 8
Part V IC Card Internet Multipurpose Terminal Specification

4 Symbols and Abbreviations

The following table of symbols and abbreviations is applicable to these

Specifications:

AID Application Identifier

an Alphanumeric

APDU Application Protocol Data Unit

ATC Application Transaction Counter

BCD Binary Coded Decimal

CA Certificate Authority

CBC Cipher Block Chaining

CLA Class Byte of the Command Message

CCID USB Chip/Smart Card Interface Devices-USB

DES Data Encryption Standard

DN Distinguished Name

DOL Data Object List

FIPS Federal Information Processing Standard

HMAC Keyed-Hash Message Authentication Code

INS Instruction Byte of Command Message

LED Light Emitting Diode

MAC Message Authentication Code

n Numeric

P1 Parameter 1

UPI Confidential 9
Part V IC Card Internet Multipurpose Terminal Specification

P2 Parameter 2

PAN Primary Account Number

PIN Personal Identification Number

RA Register Authority

RSA Rivest, Sharmir and Adleman Asymmetric Key Algorithm

SHA-1 Secure Hash Algorithm

Terminal Terminal in these Specifications refers to UICS IC card internet

terminal

USB Universal Serial BUS

X.509 Digital Certificate Standard defined by the Telecommunication

Standardization Bureau of the International Telecommunication Union

UPI Confidential 10
Part V IC Card Internet Multipurpose Terminal Specification

5 Requirements for Terminal Hardware Specifications

5.1 Requirements for Terminal Security

Financial IC card Internet terminal adopts the hardware encryption module to

ensure the secure input and encrypted processing of sensitive information, such as
personal identification code (PIN), support the establishment of security channel
with the processing center, and perform the encryption and decryption operations
for data interacting with external entities, and the validity and integrity verification.
Terminal could store keys in security, prohibit direct access and output of keys, and
prevent illegal injection, replacement and use of keys through effective security
mechanism. It shall ensure that the firmware and software of terminals will not be
illegally injected or updated.

Terminal shall store and transmit sensitive information, such as bankcard number,
card verification code, PIN and card validity period, in ciphertext.

Only asterisks should be displayed and not plaintext whenever a cardholder inputs a
password into a terminal.

When a cardholder is asked to input the PIN, the terminal should not allow the
cardholder to skip this process; in the other words, PIN bypass is not allowed;
only after the cardholder has inputted the six digits PIN, should the terminal allow
for the continuation of the transaction process.

At the very least, the secure memory space of a terminal should satisfy the
requirement for storing transaction certificates and keys that are discussed in other
sections of these specifications.

Terminals should only response to the instruction requests that are contained within
the scope and definitions defined by the command instruction set of these
specifications; all instructions outside of this instruction set should be ignored.

5.2 Secure Module Requirements

Terminals should use secure modules that are capable of performing both key
generation and digital signature calculations, guarantee that sensitive operations are
only performed within these secure modules, and guard against both the leakage of
sensitive information and detrimental influences to security functions.

Secure modules should contain unreadable areas that are used to store unique
terminal information such as terminal private keys. The following mechanisms are
not allowed: the capability to output private key or PIN plaintext or the ability to
use leaked keys to encrypt PINs or other keys.

The random number used during key calculations should be generated within the
secure module; the randomness of this number should be in accordance with the

UPI Confidential 11
Part V IC Card Internet Multipurpose Terminal Specification

requirements set by international general hardware-generated random number

standards.

5.3 Hardware Composition

5.3.1 IC Card Reader Module

Terminals should be equipped with an IC card reader module; this module should
be capable of communicating command data with IC cards and support both
contact and contactless IC cards. This module should include mechanical, electrical,
and logical protocol components; for specific requirements please see UICS.

Terminals should be equipped with markings that illustrate how to insert contact IC
cards or read contactless IC cards.

5.3.2 Display Screen

Terminals should be reequipped with display screens that allow for the monitoring
of transaction process, input of data, and the setup, selection, and confirmation of
transaction data. Terminals should support ISO8859 basic character sets. The
display screen should be capable of displaying Chinese, English, and numbers.

5.3.3 Keyboard

Terminals should be equipped with button keyboards that allow for the input of
transaction amounts, PIN numbers, command selections, and execution
functionality. For digital keyboard, letter button, command button, function button,
and button layout requirements, see UICS. If colored command buttons are used,
the following colors are recommended.

Command button colors: Enter – green; cancel – red; clear – yellow.

Financial IC card internet terminal keyboards should have at least 10 number

buttons, and an appropriate number of function buttons; function buttons must
include cancel, clear, and enter as well as up and down function buttons. Keyboard
output passwords should be displayed but only in a meaningless form that represent
the inputted digits of the password.

5.3.4 Communication with Upper Computer

Communication port shall at least support USB communication methods:

5.4 Power Supply

Terminal shall at least support power supply in the form of USB. According to the
exisitng requirements for USB power supply, power supply voltage should be DC
5V±5%, and current should be less than 500mA; if having built-in battery, terminal
shall meet the relevant certification requirements imposed by China’s compulsory
product certification system.

UPI Confidential 12
Part V IC Card Internet Multipurpose Terminal Specification

5.5 Electromagnetic Compatibility

Radio interference limit shall comply with A level ITE stipulations in CISPR
22-2006.

Electromagnetic sensitivity shall comply with the stipulations in HP 765 -1977.

5.6 Reliability

Unless otherwise specified for special parts, the consecutive operation time
between failures shall be no less than 50,000 hours.

5.7 Terminal Types

After connecting to a computer using a USB interface, financial IC card internet

terminals typically enumerates the name of the terminal and then uses this terminal
name to identify the terminal type. The terminal name rules are as follows:

‘CUP_R’+ terminal type + ‘_’ + vendor code + ‘_’ + vendor type number

Table 1 Terminal Type Table

Terminal Type Meaning

1 General Contact Reader

2 LCD and Keyboard-Equipped Contact Reader

3 General Dual Interface Reader

4 LCD and Keyboard-Equipped Dual Interface Contact Reader

5 General Contactless Reader

6 LCD and Keyboard-Equipped Contactless Reader

Notes: 1. ‘_’ indicates a blank space;

2. Merchant code and merchant type number must be a string consisting of English
letters and numbers; the total length of the merchant type number must be smaller
than 20 bytes.

For hardware requirements for various types of terminal, please refer to Table 2.

Table 2 Hardware Requirements for Terminal Types

UPI Confidential 13
Part V IC Card Internet Multipurpose Terminal Specification

Hardware
Contact financial IC Contactless financial Dual interface IC
Types
S/N card internet IC card internet card internet
Hardware
terminal terminal terminal
module

1 Keyboard Mandatory Mandatory Mandatory

2 Display Screen Mandatory Mandatory Mandatory

Contact IC card reader

3 Mandatory None Mandatory
module

Contactless IC card
4 None Mandatory Mandatory
reader module

Host Communication
5 Mandatory Mandatory Mandatory
module

6 Security module Mandatory Mandatory Mandatory

UPI Confidential 14
Part V IC Card Internet Multipurpose Terminal Specification

6 General requirements

6.1 Transaction type

Financial IC card internet terminal shall at least support transactions such as E-cash
load, electronic cash balance inquiry and debit/credit primary account balance
inquiry.

6.2 Supported Card Mediums

Terminals should support the reading and writing of financial IC cards and industry
IC cards but not support magstrip cards.

6.3 Download Management

Terminal shall be able to provide the secure download, update and deletion of
certificate, terminal program and parameters.

Download method shall be online remote download. Terminal shall ensure the
security of download control. Only the authorized or approved party could
download data to terminal, and it is not allowed to modify contents in the terminal
without authorization. Terminal shall also be able to confirm the security of
downloaded data, verify the integrity and correctness of terminal download
program and ensure that the sensitive and crucial key data will not be disclosed in
the download process.

For terminal firmware that has been released to users, the manufacturers could
determine at its sole discretion whether to update the terminal firmware through the
method of automatic download by terminals. The format of the firmware could be
determined by the manufacturers themselves as well.

UPI Confidential 15
Part V IC Card Internet Multipurpose Terminal Specification

7 Terminal Personalization

7.1 Terminal Personalization Data

Terminal personalization data shall at least include terminal data, terminal

certificate, Root CA certificate and PIN encryption certificate.

7.1.1 Terminal Data

Terminal data is comprised of the following information: affiliated institution code,

affiliated institution self-defined data (including merchant identifier code and
terminal manufacture date), and terminal identifier code. Terminal data should be
preset before it leaves its manufacturing facility and must not be modified
afterwards.

Affiliated Institution Code: this code consists of 8 digits and consists of bank code
+ area code. If the 4-digit area code is not defined then it can be replaced with 0000;
for instance, 01022900 represents the Shanghai branch of ICBC, 01045800
represents the Guangdong branch of BOC, 00010000 represents UnionPay, etc.

Merchant Identifier Code: this code consists of 3 numbers and is distributed by

UnionPay to each merchant.

Terminal Manufacture Date: this code consists of 4 numbers with a format of

YYMM; for instance, a manufacture data of August 2011 will be represented as
1108;

Terminal Identifier Code: this code consists of 8 bytes of numbers or letters;

terminal identifier codes are created when a terminal’s affiliated institution applies
for them from UnionPay, which distributes them uniformly. Affiliated institutions
then either hand them over to the terminal vendor they have for terminal
personalization, or UnionPay itself can directly hand over the terminal identifier
code to the terminal vendor chosen by the affiliated institution for personalization.

Table 3 Terminal Data

Explanation Length (in bytes) Type

Affiliated Institution
8 n
Code

Merchant Identifier Code 3 n

Terminal Manufacture
4 n
Date

Terminal Identifer Code 8 ans

UPI Confidential 16
Part V IC Card Internet Multipurpose Terminal Specification

7.1.2 Terminal Certificate

Terminal certificates must be attained through an application to UnionPay by a

terminal’s affiliated institution and are issued by UnionPay using the RA system as
X.509 format public key certificate; see Appendix D – Certificate Format Table for
format content details. This certificate is used to identify a terminal's legal and
unique public key certificate, the public key of which is generated by the terminal.

7.1.3 Root CA Certificate

Root CA certificates are issued and managed by UnionPay using the RA system,
where they must also be downloaded. They are primarily used to verify terminal
certificates, trusted server certificates, and the legality of PIN encryption
certificates throughout the transaction process.

7.1.4 PIN Encryption Certificate

PIN certificates are attained by an application submitted to and downloaded from

the CA center by the processing center; they are primarily used for online PIN
encryption. For two UICS format public keys of different lengths (1024 and 2048
bits), two certificates will be generated by a UnionPay encryption device (HSM).
For a terminal contains more than one PIN encryption certificate then the terminal
will choose the PIN encryption certificate to encrypt the online PIN according to
the CN value of the trusted server certificate’s DN field. For DN field rules and
double processing center processing requirements see Appendix F.

7.2 Terminal Public Key

Terminal public keys are generated by the terminal before the terminal download of
the terminal certificate. Terminal generated public keys are submitted to CA for
creation of certificates; terminal private keys should be stored within the terminal
secure module and not be exported at any time.

7.3 Terminal Personalization Procedures

Terminal personalization occurs before a terminal leaves its manufacturing facility

and consists of terminal personalization data being written into the terminal; of this
data, the Root CA certificate, terminal certificate, and PIN encryption certificate
must be downloaded from CA Center servers.

Specific procedures are as follows:

 Terminal data is written into the terminal;

 Terminal certificates are installed into the terminal device;

 Root CA certificates are installed into the terminal device;

 PIN encryption certificates are installed into the terminal device.

UPI Confidential 17
Part V IC Card Internet Multipurpose Terminal Specification

7.4 Certificate Application and Issuance Procedures

Certificates associated with financial IC card internet terminals include trusted

server certificates, terminal certificates, Root CA certificates, and PIN encryption
certificates.

7.4.1 Root CA Certificate

Root CA certificates are used to verify the authenticity and legality of trusted server
certificates, terminal certificates and PIN encryption certificates and they must be
written into the secure communication devices of financial IC card internet devices
and processing centers during the personalization process. Root CA certificate
downloads are negotiated and set by UnionPay and terminal affiliated institutions
together.

7.4.2 Terminal Certificate

Before applying for a certificate, terminals must conduct a security appraisal of the
certificate applicatoon channel; only if this appraisal is successful should the
terminal initiate certificate application and issuance processes. Once CA Center
appraisal is successful, application and issuance procedures proceed as shown in
the image below.

Terminal CA Center

1. Application for terminal certificate

2. Application for
audit

3. Sending of key generation command

4. Generation
of key pair

5. Export of terminal public key

6. Generation of
terminal
certificate

7. Signing of terminal certificate

8. Terminal
certificate is
written into
terminal.

Chart 1 Terminal Certificate Issuance Procedures

Specific procedures are as follows:

1) Terminal submits terminal certificate application;

UPI Confidential 18
Part V IC Card Internet Multipurpose Terminal Specification

2) CA Center audits the terminal certificate application;

3) CA Center issues terminal key pair generation command;

4) Terminal generates public/private key pair;

5) Terminal exports terminal public key;

6) CA Center generates terminal certificate;

7) CA Center signs terminal certificate;

8) Terminal certificate is written into terminal.

The terminal vendors shall develop the download tools according to the interfacee
defined by CA center; terminal certificates can only be downloaded from the RA
system directly into internal storage of a terminal using these download tools; no
other download method is permitted and only terminals may conduct such
downloads.

7.4.3 Trusted server certificates

Trusted server certificates can be used to verify the authenticity of processing

center servers, guard against server fraud, and server authentication during secure
communication with terminal devices. Certificates are standard X.509 certificates;
see Appendix D – Certificate Formats for format content information. Trusted
server certificates are preset in processing center servers, which each receive a
unique server certificate. The issuance processes for these certificates is the same as
for terminal certificates and are only appropriate for self-constructed processing
center institutions.

7.4.4 PIN Encryption Certificate

Used by financial IC card internet terminals to protect financial transaction PINs

during transactions. Financial IC card internet terminals must be preset with PIN
encryption certificates before they leave the factory, and the application and
issuance processes are the same as those for terminal certificates; for dual
processing centers or multi-processing center modes, UnionPay PIN encryption
certificates should be set first and PIN encryption certificates of other institutions
be set later.

UPI Confidential 19
Part V IC Card Internet Multipurpose Terminal Specification

8 Ceritificate Update

8.1 Certificate Files

In the daily usage of terminal, it has to support the update of certificates: CA root
certificate, Channel certificate and PIN encryption certificate.

8.2 Cerfificate Update Flow

8.2.1 CA Root Certificate Updates

The update of CA root certificate and Terminal certificate happen at the same time.
During the update of terminal certificate, backend system decides if CA ceritifcate
file needs to be updated based on the CA certificate serial number returned by
terminal, and distributes new CA root certificate before distributing new terminal
certificate. The detailed update flow refers to Appendix I.1.

8.2.2 PIN Encryption Certificate Update

The update PIN encryption certificate depends on MiniPay transacation system.

MiniPay transaction system decides if PIN encryption certificate file needs to be
updated based on certificate serial number in the terminal. The whole update
process will be performed under secure channel. The detailed update flow refers to
Appendix I.2.

8.2.3 Terminal Certificate File update

After secure channel is established, backend system requests terminal to generate

P10 certificate request file based on the validation date of terminal certification
returned by terminal, connects RA system to distribute new certificate, and sends
terminal certificate to terminal device. The detailed update flow refers to Appendix
I.3.

UPI Confidential 20
Part V IC Card Internet Multipurpose Terminal Specification

9 Security System

9.1 Certification System

9.1.1 CA System Structure

CA Center

Terminal certificate
registration system
（RA）

Terminal Trusted server PIN encryption

certificate certificate certificate

Chart 2 Terminal CASystem Structure

As shown in the image above, the terminal certificate registration system (RA) is
primarily used to audit applications from terminal merchants and processing centers
and then issue certificates to terminals and processing centers once auditing is
completed.

9.1.2 Private Key Algorithm

Key Algorithms use UICS approved symmetrical, asymmetrical, and hash

algorithms with simultaneous key length support of 1024 and 2048 bits; the RSA
algorithm and signature algorith used for the generation of certificate public and
private keys within these specifications use SHA-1 and support SHA256
expansion.

9.2 Secure Channel

Financial IC card Internet terminal accesses to processing center through the

networking devices (such as PC) that it connects to, and establishes the
terminal-to-terminal logic secure channel with the processing center through the
networking device adopting handshake mechanism. Its overall framework is shown
in Chart 3

UPI Confidential 21
Part V IC Card Internet Multipurpose Terminal Specification

Logic Secure Channel

Physical Channel Physical Channel Physical Channel Processing

Terminal Host Internet
Center

Chart 3 Secure Channel Chart

The protocol establishment of secure channel is composed of two parts: Handshake

Protocol and Record Layer Protocol. Handshake Protocol is used to complete the
two-way identification between terminal and server and the exchange process of
session key. Record Layer Protocol is used to complete the encrypted transmission
of application data.

9.2.1 Message Code

The basic data unit in protocol interaction process is called message. Message
includes three parts of message type, message length and message body. In these
Specifications, the definition of message code shall be described in C language
format. Basic message unit is defined as follows:

struct {

MessageType msg_type;

WORD length;

BYTE body[ ];

} Message;

Wherein, message type msg_type is a 1 byte value of enumeration type, message

length (length) is a 2 bytes nonnegative integer, and message body is a
variable-length data structure and shall be defined according to different message
type. Message type is defined as follows:

enum{

client_hello = 0x80,

server_hello = 0x81,

server_certificate = 0x82,

client_certificate = 0x83,

certificate_verify = 0x84,

client_key_exchange = 0x85,

server_finished = 0x86,

client_finished = 0x87,

UPI Confidential 22
Part V IC Card Internet Multipurpose Terminal Specification

error_message= 0x88,

application_data = 0x89

} MessageType;

Message can be divided into three types according to different functions of message
in protocol interaction process, i.e., handshake protocol message, error information
message and record protocol message.

(1) Handshake Protocol Message

Handshake protocol message is used to complete the two-way identification

between terminal and Internet server and the exchange process of session key,
defined as follows:

struct {

MessageType msg_type;

WORD length;

switch ( MessageType ) {

case client_hello : ClientHello;

case server_hello: ServerHello;

case server_certificate: ServerCertificate;

case client_certificate: ClientCertificate;

case certificate_verify: CertificateVerify;

case client_key_exchange: ClientKeyExchange;

case server_finished: ServerFinished ;

case client_finished: ClientFinished;

} body;

} Message;

 ClientHello Message

32-byte random number generated by terminal is defined as follows; for

cryptographic algorithm, please refer to Table 3 cipherSuite.

struct {

BYTE random[32];

BYTE cipherSuite[2];

} ClientHello;

UPI Confidential 23
Part V IC Card Internet Multipurpose Terminal Specification

The first byte is used in the Specifications. The second byte shall be reserved. For
the definition of the first byte of cipherSuite, please refer to Table 4.

Table 4 CipherSuite

B7 B6 B5 B4 B3 B2 B1 B0 Algorithm

X X X X * * X 1 RSA

X X X X * * 1 X ECC

X X X 1 * * X X 3DES

X X 1 X * * X X AES-128

X 1 X X * * X X 3DES

1 X X X * * X X AES-128

Note: B2 and B3 bit in cipherSuite byte shall be reserved. Corresponding position

in ClientHello being 1 represents the cryptographic algorithm set the terminal
supports. Similarly for ServerHello, corresponding position being 1 represents the
cryptographic algorithm selected by the server terminal. ServerHello message is
defined as follows:

 ServerHello Message

32-byte random number generated by server terminal is defined as follows; for

cryptographic algorithm, please refer to Table 4 cipherSuite.

struct {

BYTE random[32];

BYTE cipherSuite;

} ServerHello;

 ClientCertificate Message

X.509 certificate of terminal is defined as follows. Including RSA public key of

client, used to verify the CertificateVerify message.

struct {

BYTE certificate[ ];

} ClientCertificate;

 ServerCertificate Message

UPI Confidential 24
Part V IC Card Internet Multipurpose Terminal Specification

X.509 identification certificate of server terminal is defined as follows, including

RSA public key of server, and the client uses such public key to encrypt the sharing
secrets.

struct {

BYTE certificate[ ];

} ServerCertificate;

 CertificateVerify Message

The Client adopts RSA private key to sign the results of linking ClientHello and
ServerHello messages. For signature algorithm, please refer to Appendix B.2.
Signature result: signature = Sign (Master_secret||ClientHello||ServerHello) as
message main body.

struct {

BYTE signature[ ];

} CertificateVerify;

 ClientKeyExchange Message

It is 48-byte master_secret that uses server terminal certificate public key for
encryption. For cryptographic algorithm, please refer to Appendix B.1.

struct {

BYTE encryptedSharedSecret[ ];

} ClientKeyExchange;

 ServerFinished Message

Verification message of server terminal for handshake process is defined as

follows:

message_MAC = HMAC(master_secret, Finish_label ||

Hash(handshake_messages))

For HAMC algorithm, please refer to Appendix C.2, among which, master_secret
is the master secret, Finish_label is the 6-byte ASCII code value “SERVER”, and
Hash algorithm adopts the SHA-1. Handshake_messages is the link of handshake
message:

handshake_messages =

(ClientHello||ServerHello||

Hash(ServerCertificate)||

Hash(ClientCertificate)||

UPI Confidential 25
Part V IC Card Internet Multipurpose Terminal Specification

CertificateVerify||ClientKeyExchange);

struct {

BYTE message_MAC[32];

} ServerFinished;

 ClientFinished Message

Verification message of client for handshake process is defined as follows:

message_MAC = HMAC(master_secret, Finish_label ||

Hash(handshake_messages))

For HAMC algorithm, please refer to Appendix C.2, among which, master_secret
is the master secret, Finish_label is the 6-byte ASCII code value “CLIENT”, and
Hash algorithm adopts the SHA-1. Handshake_messages is the link of handshake
message:

handshake_messages =

(ClientHello||ServerHello||

Hash(ServerCertificate)||

Hash(ClientCertificate)||

CertificateVerify||ClientKeyExchange);

struct {

BYTE message_MAC [32];

} ClientFinished;

(2) Error information message

Error information message is used for the error processing in protocol interactive
process. It is defined as follows:

struct {

MessageType msg_type = error_message;

WORD length;

BYTE body;

} Message;

Wherein, for the definition of message type and message body, please refer to
Table 5:

Table 5 Definition of Error Information Message

UPI Confidential 26
Part V IC Card Internet Multipurpose Terminal Specification

Message body
Name of message body Definitions of message body
code

Sent by server, indicating the terminal password algorithm

ClientCiperSuiteError 01
cipherSuite error.

Sent by terminal, indicating server terminal password

ServerCiperSuiteError 02
algorithm cipherSuite error.

Sent by server, indicating terminal certificate verification

ClientCerttificateError 03
error.

Sent by terminal, indicating server terminal certificate

ServerCertificateError 04
verification error.

Sent by server, indicating handshake authentication sent by

ClientHandshakeError 05
terminal error.

Sent by terminal, indicating handshake authentication sent

ServerHandshakeError 08
by server terminal error.

Sent by server or terminal, indicating record layer protocol

RecordError 09
data transmission error.

(3) Record layer protocol message

Handshake protocol will enter record layer protocol after completing the key
agreement. Record layer message is used for application data transmission, defined
as follows:

struct{

MessageType msg_type = application_data;

WORD length;

BYTE encryptedData [ ];

BYTE dataMac[8];

} Record;

Wherein, encryptedData is the application data transmitted in secure channel after

encryption. For data cryptographic algorithm, please refer to Appendix B.1.
dataMac is the 8-byte message authentication code of data. For message
authentication code algorithm, please refer to Appendix B.2. Length is the total
length of encryptedData and dataMac.

UPI Confidential 27
Part V IC Card Internet Multipurpose Terminal Specification

9.2.2 Channel Certificate update

Channel certificate update is configured and changed by backend system. To meet

the requirements of different terminal configurations, backend system needs to
support different certificate types with different encryption key length.
Configuration flow and related detailed requirments refer to Appendix I.3.

9.2.3 Handshake Protocol Operation Principle

Handshake protocol is used to complete mutual identification between terminal and

server and the exchange process of session key.

Basic procedure of handshake protocol

Terminal Processing Center

1. Setup of algorithm
identifier A1 and
generation of random
number r1
5. Verification of channel certificate
and generation of 48-byte random
number for shared main key M1;
channel certificate public key
encrypted with shared main key to
create E1
6. Signature of terminal
random number and
processing center random
number to create S1
2. Sending of terminal random number r1 and
2.发送终端随机数r1和终端算法标识A1
terminal algorithm identifier A1
3. Terminal algorithm
4. Sending of channel certificate and support inspection and
4.发送渠道证书，处理中心随机数r2
processing center random number r2 generation of random
number r2
7. Sending of signature value S1, E1,
7.发送签名值S1、E1和终端证书
and terminal certificate
8. Verification of terminal certificate,
signature value S1, decryption of E1
yielding M1, and generation of
processing center handshake
completion information

9. Generation of processing
10. Sending of processing center handshake
center handshake completion
10.发送处理中心握手完成消息
completion information information
11. Verification of
processing center
handshake information 12. Sending of terminal handshake
and generation of 12.发送终端握手完成消息
completion information
terminal handshake
13. Verification of terminal
completion information
handshake completion information
14. Generation of and calculation of session key
session key
15. Completion of handshake and exchange of data
15.完成握手，交换数据信息

Chart 4 Handshake Protocol Message SequenceSerious Diagram

Handshake protocol working steps

1) Terminal acquires algorithm identifier A1 and produces random number r1; r1

and A1 are combined to produce R1 (R1=r1|A1), depending on the algorithm
support settings of the terminal, the following steps will require the usage of
either symmetrical or assymetrical algorithms;

2) Terminal sends random number and algorithm information to the processing

center, thus initiating the handshake protocol;

3) The processing center selects algorithm identifier A2 and produces random

number r2; r2 and A2 are combined to create R2. The processing center
checks if it can support the algorithm information provided by terminal; if
the processing center supports the algorithm then it will then initiate the

UPI Confidential 28
Part V IC Card Internet Multipurpose Terminal Specification

encryption algorithm; if not supported the processing center will return an

error message and break the connection;

4) The processing center transmits a random number and processing center’s

trusted server certificate;

5) The terminal uses a preset Root CA certificate to verify the authenticity of the
received processing center trusted server certificate; if the verification is not
successful then an error message will be generated and the connection will be
stopped; otherwise, the terminal will generate a 48-byte random number to act
as a shared main key M1, the card will then use the assymetrical algorithm
established before using the public key provided by processing center trusted
server certificate to encrypt M1 and generate E1;

6) M1 connects with R1 and R2, then create R3; the terminal will use digest
algorithm on R3 to create H1, then use it’s own private key to sign H1, and
creating S1;

7) The terminal sends S1, E1, and terminal certificate to the processing center;

8) The processing center uses rhe Root CA certificate to verify the legality of the
terminal certificate; If the verification fails then an error message will be
produced and the connection will be stopped; if verification succeeds then the
terminal certificate will be used to verify S1. If S1 verification fails then then
an error message will produced and the connection will be stopped; otherwise,
E1 will be decrypted to yield shared main key M1;

9) The processing center will conduct a summary operation on the trusted server
certificate to obtain H2 and on the terminal certificate to obtain H3. R1, R2,
H2, H3, S1, and E1 are connected to obtain T1 (T1=R1||R2||H2||H3||S1||E1); a
digest operation will then be conducted on T1 to obtain H4; ASCII code
“SERVER” and H4 are connected to yield D1; the first 16 bytes of M1 are
used to conduct HMAC on D1 to obtain F1 (See Appendix C.2 foe HMAC
calculation algorithms);

10) The processing center sends verification of handshake competion F1 to the

terminal;

11) The terminal will verify F1 sent from the processing center; if verification is
not successful then then an error message will be produced and the connection
will be stopped; if verification succeeds then the terminal will produce
handshake verification message F2; F2 calculation is performed differently
than that used for F1 and only requires that the ASCII code “SERVER”
obtained during F1 to be changed to ASCII code “CLIENT”;

12) The terminal sends verification of handshake competion F2 to the processing

center;

UPI Confidential 29
Part V IC Card Internet Multipurpose Terminal Specification

13) The processing center will use the same calculation process to verify F2. if
verification is not successful then then an error message will be produced and
the connection will be stopped;

14) Once the handshake procedure above is successful then both sites will use the
following method to calculate a session key:

X = HMAC(M1, key_label||R1||R2) (M1 uses its first 16 bytes)

Key_label is the 3-byte ASCII code “key” ;see Appendix B.2 for HMAC
algorithm. X1X2…X20 are the first twenty bytes of X and encryption key
SKey is: SKey = X1X2…X16; MAC key MKey is: MKey = X5X6…X20;

15) Handshake completed.

9.2.4 Record Layer Protocol Working Principles

After successful handshake, both parties could conduct the data transmission in the
established secure channel

Data encryption method of record layer protocol

Add data block length (2-byte) before the transmitted data (Data) to form data
block D= (Length||Data). Use encryption key Skey to encrypt D according to
cryptogrphic algorithm specified by the processing center and the terminal.
Namely:

EData = ESKey (D);

Method for Protection of Data Integrity of record layer protocol

In the transmission process of record layer protocol, designate a record serial

number for each sending and receiving record at both sender and receiver. Its initial
value Seq0 shall be generated as:

The first 8 bytes of multi-interface card random number Random1 are acquired as
well as the first 8 bytes of processing center random number Random2, thus
Seq0=Random1 || Random2.

For each record of a sent or received message, the record serial number will add a 1,
namely Seqi = Seqi-1 + 1. Note that all parties must maintain serial number
syncronization.

The integrity of application data from both parties should be protected using
information authentication code MAC; MAC is generated using the following
method:

DataMAC = MAC( MKey, Seqi || EData) (MKey uses its front 16 bytes)

EData is the transmitted encrypted application data; Seqi is the current record serial
number. See Appendix C.1 for MAC calculation method. Once the terminal or

UPI Confidential 30
Part V IC Card Internet Multipurpose Terminal Specification

processing center has received data it will then verify MAC authenticity; if verified
successfully then processing will continue; if not, an error message will be
generated and the connection will be terminated..

UPI Confidential 31
Part V IC Card Internet Multipurpose Terminal Specification

10 Terminal Transaction Flow

This section describes online transaction procedures for financial IC card internet
terminals; these transaction processing procedures occur after the terminal and
processing center have authenticated each other and created a secure channel.

10.1 Transaction Initialization

Once the terminal and processing center have established a secure channel, the
terminal will begin to analyze the transaction based on the commands received
from the processing center (see Appendic A.4 for command details); if there are no
processing errors then the debit/credit transaction processing procedures will be
initiated.

For load transactions, the terminal should automatically check electronic cash
upper balance limits and inform the cardholder of the maximum allotted load
balance.

10.2 Application Selection

Refer to UICS for description.

10.3 Application Initialization/ Reading of Application Data

Refer to UICS for description.

10.4 Offline Data Authentication

MiniPay only supports online transactions; terminals do not support offline data
authentication.

10.5 Processing Limits

See UICS for description.

10.6 Cardholder Authentication

When MiniPay is undergoing online transaction procedures it must enact online

PIN verification. Terminals should display transaction balances and indicate the
cardholder input online PIN on the terminal.

10.7 Terminal Risk Management

Terminal risk management setup requires this transaction to be conducted online;

see UICS for a description of other risk management methods..

10.8 Terminal Behavior Analysis

See UICS for description.

10.9 Card Behavior Analysis

Refer to UICS for description.

UPI Confidential 32
Part V IC Card Internet Multipurpose Terminal Specification

10.10 Online Processing

Refer to UICS for description.

10.11 Transaction Conclusion

Refer to UICS for a detailed description. Terminals should use light and sound to
notify cardholders that a transaction is completed.

10.12 Issuer Script Processing

Regarding successful online issuer transactions, should an authorization response

message contain scripts then the terminal must derive script commands from the
script and send them to the IC card for execution.

For load transactions, should a terminal receive an explicit script failure or issuer
authentication failure then it should initiate a reversal; otherwise terminals should
not initiate reversal procedures, including for IC card issuer script response
time-out situations.

UPI Confidential 33
Part V IC Card Internet Multipurpose Terminal Specification

11 Terminal Interface Protocols

11.1 USB Interface Protocols

Terminal uses the USB interface and adopts CCID protocol. For the the command
format sent to terminal by the Host, please refer to the following Table:

Table 6 Command Format Sent to Terminal by the Host

Information field Identifier Byte length Meanings

Type 1 CCID command

Length 4 Length of Abdata

Slot 1 Card slot number

Communication data head
Bseq 1 Result number

bBwi 1 Block waiting time

Level Param 2 Selection of communication mode

Command Abdata Data sent to terminal

Example of the random number command read by financial IC card:

6F 05000000 00 F1 00 0000 0084000008

↓ ↓ ↓ ↓ ↓ ↓ ↓

Type Length Slot Bseq bBwi Level Abdata

11.2 BlueTooth Interface Protocol

11.2.1 Service Compliance

Bluetooth communication requires terminal to support 3.0 or 4.0 protocol,

Bluetooth 3.0 does not have service compliance, and Bluetooth 4.0 reads and writes
service need to follow below compliance:

Table 7 Bluetooth 4.0 Service Compliance Code

Service Name Code(UUID)
Read Service b80ef097-5332-482a-a0bb-795402319a2f
Write Service 1193439d-c7cf-4494-83ce-7dc7079c7b3f
Read characteristic 5712bd0c-6ffd-4890-ad1e-90a4c0f9ceec
Write characteristic 25ccb710-151b-4d8e-b328-38f3fb42dc2e

UPI Confidential 34
Part V IC Card Internet Multipurpose Terminal Specification

11.2.2 Bluetooth Name Compliance

CUP + XXX (Manufacture identifier) + X (Terminal Charactristic) +

XXXXXXXX(The last 8 digits of Terminal Serial Number)

Terminal characteristic compliance is defined in below table:

Table 8 Terminal Characteristic Compliance

Terminal characteristic Code
Dual mode + CCID 1
Dual mode + T1 2
Single mode 3.0 + CCID 3
Single mode 3.0 + T1 4
Single mode 4.0 + CCID 5
Single mode 4.0 + T1 6

11.2.3 Other compliance

Under RSA-1024 certificate system, the interaction time between bluetooth 4.0 and
SecurePay gateway should be within 5 seconds

11.3 USB OTG Interface Protocols

Android USB OTG interface, Apple Lightning, Apple 30-pin dock interface, refer
to 11.1 USB interface protocol to implement.

11.4 Other Interface Protocols

Other interface protocols are not specifically defined in these Specifications.

UPI Confidential 35
Part V IC Card Internet Multipurpose Terminal Specification

Appendix A
(Normative Appendix)
Terminal Command Set

A.1 Terminal Command Set Overview

Refer to UICS for the APDU format of terminal command and response..

The terminal command set is divided into two parts; special commands and normal
commands.

 Special Command Set: refers to all APDU commands with message-type (CLA)
7E or 7F mentioned within these specifications. 7E refers to plaintext
transmission data; 7F refers to encrypted transmission data, keys (including
session keys (for data encryption) and MAC keys; keys are generated by
mutual consensus using secure channels. Terminal special commands are
divided into five categories based on their function: secure channel commands,
transaction commands, issuer retention commands, and specification retention
commands. For special command defitions, see the table below.

 Normal command set: refers to all other APDU commands aside from the
special commands described in these specifications.

Notes:

1) Management Commands: Define the retrieval of terminal parameter data,

control of terminal notifications, etc.

2) Secure Channel Commands: Defines secure channels created between

terminals and processing centers, management of electronic certificates, etc.

3) Transaction Commands: Defines initation and online processing commands of

some debit/credit applications transactions

4) Issuer Retention Commands: Usage defined by issuer.

5) Current Specification Retention Commands: Reserved for future use.

Table A.1 Terminal Special Command Defintions

CLA Command Type INS Instruction Code Usage

7E/7F 10-1F Management command

7E/7F 20-2F Secure channel command

7E/7F 40-4F Transaction command

7E/7F 50-6F Issuer Retention

UPI Confidential 36
Part V IC Card Internet Multipurpose Terminal Specification

CLA Command Type INS Instruction Code Usage

7E/7F Other Current Specification Retention

For all special command sets mentioned in these specifications that are not
specifically defined, datatype is defined by UICS. For terminal commands defined
by these specifications, see the following table:

UPI Confidential 37
Part V IC Card Internet Multipurpose Terminal Specification

Table A.2 Terminal Special Command Set

Mandato
Command CL IN
No. Description of Function ry(M)/Op
Name A S
tional(O)

READ Used to retrieve terminal data, transaction IC

TERMINAL 7E 10 card card numbers, hardware version M
INFO numbers, device status, etc.

MANAGE
7E 11 Used to control buzzer status O
BUZZER

MANAGE LED 7E 12 Used to control LED status O

CONFIG
Used to control display indiciator
Management DISPLAY 7E 13 O
information and format
Commands FORMAT

EXCHANGE Used for exchange of processing center and

7E 14 M
STATUS terminal statuses.

GET CARD
TERMINAL 7E 15 Retrieval of terminal response data. M
RECODE

MULTIPLE
7E 16 Multiple instruction processing command. M
INSTRUCTION

ADD
7E 20 Used to install certificate into terminals. M
CERTIFICATE

UPDATE Used to update certificates stored within a

7E 21 M
CERTIFICATE terminal.

DELETE Use to retrieve (delete) certificates stored

7E 22 M
CERTIFICATE within a terminal.
Channel
Commands
READ Used to read certificates stored within a
7E 23 M
CERTIFICATE terminal.

GET CERT Used to read data returned due to READ

7E 24 M
RESPONSE CERTIFICATE command.

UPI Confidential 38
Part V IC Card Internet Multipurpose Terminal Specification

Mandato
Command CL IN
No. Description of Function ry(M)/Op
Name A S
tional(O)

Used to retrieve terminal algorithm identifier

GET CLIENT
7E 25 and terminal random number for M
HELLO
establishment of secure channel.

HASH SERVER Used to conduct hash calculation of trusted

7E 26 M
CERTIFICATE server certificate information.

VERIFY
Used to verify legality of trusted server
SERVER 7E 27 M
certificate.
CERTIFICATE

CLIENT SIGN 7E 28 Uses terminal private key to sign input data. M

EXPORT
7E 29 Exports shared main key in ciphertext form. M
MASTERKEY

Used to generate terminal MAC and verify

HMAC 7E 2A processing center HMAC/dispersion process M
keys.

TRANSMIT
Used to transmit post-encryption APDU
ENCRYPTED 7F 2B M
commands.
COMMAND

CLOSE
SECURE 7E 2C Used to close secure channel. M
CHANNEL

READ Used to read non-PBOC financial IC card

7E 2D O
NON-PBOC PIN PINs.

CREDIT FOR Used for online processing of financial IC

7E 40 M
LOAD card load transactions.

DEBIT FOR Used for online processing of financial IC

7E 41 M
Transaction PURCHASE card spending transactions.
Commands
GET
ELECTRONIC Used to inspect financial IC card electronic
7E 42 O
CASH cash balances.
BALANCE

UPI Confidential 39
Part V IC Card Internet Multipurpose Terminal Specification

Mandato
Command CL IN
No. Description of Function ry(M)/Op
Name A S
tional(O)

GET PRIMARY Used to inspect financal IC card primary

7E 43 M
BALANCE account balance.

GET DOL Used to retrieve data object content in

7E 45 M
VALUE accordance with inputted data object list.

GET REVERSE Used to retrieve reversal information or script

7E 46 M
INFO execution result information.

READ
Used to retrieve cardholder information and
CARDHOLDER 7E 47 M
other transaction process information.
INFO

GET CARD
Used to retrieve financial IC card card
TRADE 7E 48 M
transaction logs.
RECODE

GREDIT CARD Used for online processing of financial IC

7E 49 M
PAYMENT card debt repayment transactions.

VERITY Used to initiate terminal verification of

7E 4A M
OFFLINE PIN offline card PIN.

Used for online processing of financial IC

TRANSFER 7E 4B
card transfer transactions.

A.2 Management Command

A.2.1 READ TERMINAL INFO Command

A.2.1.1 Definition and Scope

READ TERMINAL INFO command is used to acquire the terminal manufacturer

information, including firmware version number, terminal status, etc.

A.2.1.2 Command Message

See Table A.3 for the encoding of READ TERMINAL INFO command message:

UPI Confidential 40
Part V IC Card Internet Multipurpose Terminal Specification

Table A.3 READ TERMINAL INFO Command Message

Code Value

CLA 7E

INS 10

P1 00

P2 00: Read status of terminal device /01: Read information of terminal device

Lc Not Available

Data Not Available

Le Refer to the descriptions

A.2.1.3 Data Field of Command Message

Data field of command message does not exist.

A.2.1.4 Data Field of Response Message

P2=0x00:

It indicates to acquire the status of terminal, return 1-byte status information,

Le=0x01. The definition of status byte is shown as follow:

Table A.4 Terminal Status Byte Definitions

B7 B6 B5 B4 B3 B2 B1 B0 Remarks

1 Terminal data already set

0 Terminal data not yet set

1 Root CA certificate already installed

0 Root CA certificate not yet installed

X Reserved

1 PIN encryption certificate already

installed

UPI Confidential 41
Part V IC Card Internet Multipurpose Terminal Specification

B7 B6 B5 B4 B3 B2 B1 B0 Remarks

0 PIN encryption certificate not yet

installed

1 Terminal certificate already installed

0 Terminal certificate not yet installed

0 0 Terminal status: power on

1 0 Terminal status: transaction allowed

X X Other values are Reserved

X Reserved

P2=0x01:

It indicates to acquire the terminal data, firmware version number and the number
of financial IC card.

Output data is in TLV form. Response data is defined in the table below:

Table A.5 READ TERMINAL INFO Response Message Data Fields

Explanation Length (in bytes) Remarks

Terminal data label 1 Tag value: 01

Terminal data length 1

Terminal Data 23

Terminal firmware version

1 Tag value: 02
number data label

Terminal firmware version

1
number data length

Terminal firmware version

1-16
number

Public key version number

1 Tag value: 03
data label

UPI Confidential 42
Part V IC Card Internet Multipurpose Terminal Specification

Explanation Length (in bytes) Remarks

Public key version number

1
data length

Public key version number 2 00-99

IC card card number data label 1 Tag value: 04

IC card card number data

1
length

IC card card number 14-19

Reversal identifier bit data

1 Tag value: 05
label

Reversal identifier bit data

1
length

0x30: No reversal information, 0x31: Reversal

Reversal identifier bit 1
information

Terminal type number data

1 Tag value: 06
label

Terminal type number data

1
length

Terminal type number 1-16

Terminal issuer institution

1 Tag value: 07
code label

Terminal issuer institution

1
code length

The issuer institution code indicates the

institution that issued a given terminal, which
Terminal issuer institution
8 is used to diffentiate the notion - acquirer.
code
Code rules are the same as those for “affiliated
institution codes".

UPI Confidential 43
Part V IC Card Internet Multipurpose Terminal Specification

Explanation Length (in bytes) Remarks

Tag value: 08
Note: To guarantee certificate security,
PIN certificate serial number
1 response messages will only contain this data
code label
field after a secure channel has been
established.

PIN certificate serial number

1
code length

A PIN certificate's “certificate serial number”

data field is used to uniquely identify that PIN
certificate; the MiniPay processing system
PIN certificate serial number
VAL uses this serial number to retrieve detailed
code
information about that certificate and judge
whether or not the PIN certificate requires
upgrading.

Tag value: 09
CA certificate serial number
1 CA certificates are the father certificates of
label
terminal and trusted server certificates

CA certificate serial number

1
length

‘Serial Number’filed in CA certificate is

unique among all CA certificate, MiniPay
CA certificate serial number
VAL processing system uses CA certificate serial
content
number and PIN certificate serial number to
evaluate if upgrade is necessary

Initial transaction platform

and communication interface 1 Label value ‘0x0A’
code label

Initial transaction platform

and communication interface 2
code label

UPI Confidential 44
Part V IC Card Internet Multipurpose Terminal Specification

Explanation Length (in bytes) Remarks

Initial transaction platform and

Initial transaction platform
and communication interface
code
communication interface code is used to
differeitial transacation platform and the used
2 interface type, the first byte represents
platform, the second byte represents
communication interface, detailed format
refer to Appendix K

Terminal certificate validation Label value ‘0x0B’, terminal certificate

1
date label validation date

Terminal certificate validation

VAL
date length

Terminal certificate validation

VAL asc code
date content

A.2.1.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’

See Appendix A.5 List of Terminal Command Response Status Code for the error
information which may be returned by the terminal

A.2.2 MANAGE BUZZER Command

A.2.2.1 Definition and Scope

MANAGE BUZZER command is used to control the state of buzzer. This

command is an optional command.

A.2.2.2 Command Message

See Table A.6 for the MANAGE BUZZER command message encoding:

Table A.6 MANAGE BUZZER Command Message

Code Value

CLA 7E

INS 11

P1 00

P2 00

UPI Confidential 45
Part V IC Card Internet Multipurpose Terminal Specification

Code Value

Lc 01

Data Buzzer status code

Le Not Available

A.2.2.3 Data Field of Command Message

See Table A.7 for the data field encoding of command message:

Table A.7 MANAGE BUZZER Data Field Encoding

Value Meanings

00 Close

01 Buzz one time

02 Continuously buzz

03 Intermittently buzz

Other Reserved

A.2.2.4 Data Field of Response Message

The data field of response message doesn’t exist.

A.2.2.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

See Appendix A.5 List of Terminal Command Response Status Code for the error
information which may be returned by the terminal

A.2.3 MANAGE LED Command

A.2.3.1 Definition and Scope

The MANAGE LED command is used to set the status of LED. It reports the
cardholder’s transaction state in a simple and explicit way by setting the status of
LED.

A.2.3.2 Command Message

See Table A.8 for the MANAGE LED command message encoding:

UPI Confidential 46
Part V IC Card Internet Multipurpose Terminal Specification

Table A.8 MANAGE LED Command Message

Code Value

CLA 7E

INS 12

P1 00

P2 00

Lc 01

Data LED status setting information

Le Not Available

A.2.3.3 Data Field of Command Message

See Table A.9 for the data field encoding of command message:

Table A.9 MANAGE LED Data Field Encoding

Value Meanings

00 Turn off LED

01 Light LED one time

02 Light LED for extended period

03 Blink LED

Other Reserved

A.2.3.4 Data Field of Response Message

The data field of response message doesn’t exist.

A.2.3.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

See Appendix A.5 List of Terminal Command Response Status Code for the error
information which may be returned by the terminal

UPI Confidential 47
Part V IC Card Internet Multipurpose Terminal Specification

A.2.4 CONFIG DISPLAY FORMAT Command

A.2.4.1 Definition and Scope

CONFIG DISPLAY FORMAT is used to control display of terminal screen. The

command is an optional command.

A.2.4.2 Command Message

See Table A.10 for the CONFIG DISPLAY FORMAT command message
encoding:

Table A.10 CONFIG DISPLAY FORMAT Command Message

Code Value

CLA 7E

INS 13

P1 Line number of displayed information

P2 Offset of displayed information

Lc Length of displayed information

Data Displayed information

Le Not Available

Data field of command message

The data field of command message represents the character contents shown in the
display.

A.2.4.3 Data Field of Response Message

The data field of response message doesn’t exist.

A.2.4.4 Status Code of Response Message

The status code for successful execution of this command is ‘9000’

Refer to Appendix A.5 Terminal Command Response Status Code for the error
information which may be returned by the terminal

UPI Confidential 48
Part V IC Card Internet Multipurpose Terminal Specification

A.2.5 EXCHANGE STATUS Command

A.2.5.1 Definition and Scope

EXCHANGE STATUS Command is used to exchange status between processing

center and terminal

A.2.5.2 Command Messages

EXCHANGE STATUS command message codes are described in the table below:

Table A.11 EXCHANGE STATUS Command Messages

Code Value

CLA 7E

INS 14

P1 Status (status exchange between processing center and terminal)

P2 Reserved

Lc Not Available

Data Not Available

Le 00

A.2.5.3 Command Message Data Fields

Does not exist.

A.2.5.4 Response Message Data Fields

Does not exist.

A.2.5.5 Response Message Status Codes

“90XX” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

Note: For 0x90XX, XX is the transmission value of P1. For example: 0x7E 47 01
00 00; return: 0x9001

UPI Confidential 49
Part V IC Card Internet Multipurpose Terminal Specification

A.2.6 GET TERMINAL RESPONSE Command

A.2.6.1 Definition and Scope

When a transaction instruction returns 61XX, the server will use this instruction to
retrieve terminal response data.

A.2.6.2 Command Messages

See the table below for information on GET CARD TERMINAL RESPONSE
command message codes:

Table A.12 GET TERMINAL RESPONSE Command Messages

Code Value

CLA 7E

INS 15

P1 00

P2 00

Lc Not Available

Data Not Available

Le Expected response data length

A.2.6.3 Command Message Data Fields

Command message data fields do not exist.

A.2.6.4 Response Message Data Fields

Response message data field length is determined by the Le value.

A.2.6.5 Response Message Status Codes

“90XX” or “61XX” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

UPI Confidential 50
Part V IC Card Internet Multipurpose Terminal Specification

A.2.7 MULTIPLE INSTRUCTION Command

A.2.7.1 Definition and Scope

The MULTIPLE INSTRUCTION processing command is used to bundle multiple

card instructions; the terminal will analyze these instructions and execute them one
by one until either all commands have been executed successfully or and error
appears, then return either the execution result or error of the last executed
instruction.

A.2.7.2 Command Messages

Refer to the table below for information on MULTIPLE INSTRUCTION command

message codes:

Table A.13 MULTIPLE INSTRUCTION Command Messages

Code Value

CLA 7E

INS 16

P1 00

P2 00

Lc Data field byte length

Data Multiple instruction contents

Le ‘00’

A.2.7.3 Data Field of Command Message

Command message data fields include either several terminal instructions or

several card instructions with each command separated by a “,”. During the
instruction execution process, should execution of a command be unsuccessful then
the terminal will halt the process and transmit the command serial number and
response code of the last executed command.

For example: 7E160000 18 00A4040007A0000003330101 2C 0084000004 2C

0084000008

UPI Confidential 51
Part V IC Card Internet Multipurpose Terminal Specification

A.2.7.4 Response Message Data Fields

The response message data field is the response data of the last instruction of a
multiple instruction command; should command execution fail, then the instruction
serial code and card error response code will be returned.

A.2.7.5 Response Message Status Codes

“9000” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.3 Secure Channel Command

A.3.1 ADD CERTIFICATE Command

A.3.1.1 Definition and Scope

ADD CERTIFICATE is used to add the public key certificate for the terminal.

A.3.1.2 Command Message

See Table A.14 for the ADD CERTIFICATE command message encoding:

Table A.14 ADD CERTIFICATE Command Message

Code Value

CLA 7E

INS 20

P1 High 4bit represents certificate type and low 4bit represents offset value

P2 Offset value (low 8bit)

Lc Certificate bundle length

Data Certificate bundle data

Le Not Available

The high 4-bit information of P1 defines the certificate type, is defined as follows:

Table A.15 Definition of Certificate Types

B7 B6 B5 B4 Explanation

UPI Confidential 52
Part V IC Card Internet Multipurpose Terminal Specification

B7 B6 B5 B4 Explanation

0 0 0 1 Level 1 Root CA Certificate

0 0 1 0 Level 2 Root CA Certificate

0 1 0 0 PIN Encryption Certificate

1 0 0 0 Reserved

The low 4-bit of P1 and the P2 byte form the 12-bit shift byte and the shift range is
0-4095 bytes.

A.3.1.3 Data Field of Command Message

Command message data field content includes certificate datagrams.

Limited by communication agreements, certificate data must be transmitted in

segments; this means that ADD CERTIFICATE commands probably will be
executed multiple times.

A.3.1.4 Data Field of Response Message

The data field of response message doesn’t exist.

A.3.1.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.3.2 UPDATE CERTIFICATE Command

A.3.2.1 Definition and Scope

UPDATE CERTIFICATE command is used to update the existing public key

certificate in the terminal

A.3.2.2 Command Message

Refer to Table A.16 for the UPDATE CERTIFICATE command message

encoding:

Table A.16 UPDATE CERTIFICATE Command Message

Code Value

CLA 7E

UPI Confidential 53
Part V IC Card Internet Multipurpose Terminal Specification

Code Value

INS 21

P1 High 4bit represents certificate type and low 4bit represents offset value

P2 Offset value (low 8bit)

Lc Certificate bundle length

Data Certificate bundle data

Le Not Available

The high 4-bit information of P1 defined enhanced certificate type is defined as

follows:

Table A.17 Definition of Certificate Types

B7 B6 B5 B4 Explanation

0 0 0 1 Level 1 Root CA Certificate

0 0 1 0 Level 2 Root CA Certificate

0 1 0 0 PIN Encryption Certificate

1 0 0 0 Terminal Certificate

The low 4-bit of P1 and the P2 byte form the 12-bit shift byte and the shift range is
0-4095 bytes.

A.3.2.3 Data Field of Command Message

The content of command message data field includes the data of new certificate.

As limited by the maximum number of bytes in one communication, it is possible

to transfer certificate data by splitting it into messages and execute Add
CERTIFICATE for several times.

A.3.2.4 Data Field of Response Message

The data field of response message doesn’t exist.

UPI Confidential 54
Part V IC Card Internet Multipurpose Terminal Specification

A.3.2.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 List of Terminal Command Response Status Code for the
error information which may be returned by the terminal

A.3.3 DELETE CERTIFICATE Command

A.3.3.1 Definition and Scope

DELETE CERTIFICATE command is used to delete the existing public key

certificate in the terminal

A.3.3.2 Command Message

Refer to Table A.18 for the DELETE CERTIFICATE command message encoding:

Table A.18 DELETE CERTIFICATE Command Message

Code Value

CLA 7E

INS 22

P1 Certificate type identifier (Refer to explanation of Appendix A.17)

P2 00

Lc Data field data length

Data Terminal information

Le Not Available

The high 4-bit information of P1 defined enhanced certificate type is defined as

follows:

Table A.19 Definition of Certificate Types

B7 B6 B5 B4 Explanation

0 0 0 1 Level 1 Root CA Certificate

0 0 1 0 Level 2 Root CA Certificate

UPI Confidential 55
Part V IC Card Internet Multipurpose Terminal Specification

B7 B6 B5 B4 Explanation

0 1 0 0 PIN Encryption Certificate

1 0 0 0 Reserved

A.3.3.3 Command Message Data Fields

Terminals conduct verification of the information sent by the processing center; if

verification results are the same, then the terminal will delete the selected
certificate category; otherwise this command execution will fail.

Table A.20 DELETE CERTIFICATE Command Data Fields

Data Length (in bytes) Remarks

Terminal number 23

Hardware version number 1-16

A.3.3.4 Data Field of Response Message

The data field of response message doesn’t exist.

A.3.3.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 List of Terminal Command Response Status Code for the
error information which may be returned by the terminal

A.3.4 READ CERTIFICATE Command

A.3.4.1 Definition and Scope

READ CERTIFICATE is used to read the existing public key certificate in the
terminal.

A.3.4.2 Command Message

Refer to Table A.21 for the READ CERTIFICATE command message encoding:

Table A.21 READ CERTIFICATE Command Message

Code Value

CLA 7E

UPI Confidential 56
Part V IC Card Internet Multipurpose Terminal Specification

Code Value

INS 23

P1 00: Read the certificate; 01: read certificate hash value

P2 See explanation of control parameters

Lc Not Available

Data Not Available

Le See Description

Table A.22 Control Parameter Set Value Description

P2 Read content Remarks

0x00 Terminal Certificate

Level 1 Root CA
0x01
Certificate

Level 2 Root CA
0x02
Certificate

0x03 PIN Encryption Certificate

A.3.4.3 Command Message Data Fields

Command message data field does not exist.

A.3.4.4 Response Message Data Fields

Response message data field does not exist.

A.3.4.5 Response Message Status Codes

A "61FF" code means that this command has been executed successful and
indicates that GET CERT RESPONSE should be used to read response data.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

UPI Confidential 57
Part V IC Card Internet Multipurpose Terminal Specification

A.3.5 GET CERT RESPONSE Command

A.3.5.1 Definition and Scope

The GET CERT RESPONSE Command is used to read the response data as
returned by READ CERTIFICATE

A.3.5.2 Command Message

Refer to Table A.23 for the GET CERT RESPONSE command message encoding:

Table A.23 GET CERT RESPONSE Command Message

Code Value

CLA 7E

INS 24

P1 00

P2 00

Lc Not Available

Data Not Available

Le Expected certificate data bundle length

A.3.5.3 Data Field of Command Message

The data field of command message doesn’t exist.

A.3.5.4 Data Field of Response Message

It is the certificate data returned as per the specified length.

A.3.5.5 Status Code of Response Message

“9000” indicates that this command has been executed successfully; a "61XX”
code indicates that XX amount of data remains to be read.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.3.6 GET CLIENT HELLO Command

A.3.6.1 Definition and Scope

GET CLIENT HELLO is used to acquire algorithm identifier and random number
supported by the terminal

UPI Confidential 58
Part V IC Card Internet Multipurpose Terminal Specification

A.3.6.2 Command Message

Refer to Table A.24 for the GET CLIENT HELLO command message encoding:

Table A.24 GET CLIENT HELLO Command Message

Code Value

CLA 7E

INS 25

P1 00

P2 00

Lc Not exist

Data Not exist

Le 0x21

A.3.6.3 Data Field of Command Message

The data field of command message does not exist.

A.3.6.4 Data Field of Response Message

Response data includes 0x01-byte algorithm identifiers and 0x20-byte random

numbers. Refer to the table below for algorithm descriptions.

Table A.25 Byte Definition of Algorithm Descriptor

B7 B6 B5 B4 B3 B2 B1 B0 Algorithm

* * * * * * * 1 RSA

* * * * * * 1 * ECC

* * * 1 * * * * 3DES

* * 1 * * * * * Reserved

* 1 * * * * * * 1-CA 2048, 0-CA 1024

1 * * * * * * * 1-Reserved, 0-RSA

UPI Confidential 59
Part V IC Card Internet Multipurpose Terminal Specification

A.3.6.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.3.7 HASH SERVER CERTIFICATE Command

A.3.7.1 Definition and Scope

The HASH SERVER CERTIFICATE command is used to conduct summary

operations on trusted server certificates; this summary result is compared against
the decryption result of the VERIFY CERTIFICATE command.

A.3.7.2 Command Message

See Table A.26 for the HASH SERVER CERTIFICATE command message
encoding:

Table A.26 HASH SERVER CERTIFICATE Command Message

Code Value

CLA 7E

INS 26

P1 00

P2 00: SHA-1 algorithm; Other; retain

Lc Length of input data

Data Input data

Le Not Available

A.3.7.3 Data Field of Command Message

The structure of input data is as follow: 1-byte flag bit + 1-byte extracting
information offset value + server certificate message data

The 1-byte flag bit is defined as follow:

Table A.27 Meaning of Various Bits of the Mark Bit

B7 Flag bit for starting message of segmented certificate information

UPI Confidential 60
Part V IC Card Internet Multipurpose Terminal Specification

B6 Flag bit for ending message of segmented certificate information

B5 Flag bit for OU field to be extracted in the current data

B4 Flag bit for public key field to be extracted in the current data

B3 Reserved

B2 Reserved

B1 Reserved

B0 Reserved

Byte for 1-byte extracting information offset value: If it is required to extract OU

field or public key filed in the message data, it indicates the shift length from the
first byte in the message data, so that the terminal firmware can rapidly extract this
information.

A.3.7.4 Data Field of Response Message

The response message data does not exist.

A.3.7.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.3.8 VERIFY SERVER CERTIFICATE Command

A.3.8.1 Definition and Scope

The VERIFY SERVER CERTIFICATE command is used to decrypt trusted server

certificate signature values; the decryption result is compared against the HASH
SERVER CERTIFICATE summary value within the terminal; if the values are the
same then the trusted server certificate is passed.

A.3.8.2 Command Message

Refer to Table A.28 for the VERIFY SERVER CERTIFICATE command message
encoding:

UPI Confidential 61
Part V IC Card Internet Multipurpose Terminal Specification

Table A.28 VERIFY SERVER CERTIFICATE Command Message

Code Value

CLA 7E

INS 27

P1 00

P2 00: RSA algorithm; Other; Reserved

Lc Length of input data

Data Input Data

Le Not Available

A.3.8.3 Data Field of Command Message

The structure of input data is as follow: 1-byte flag bits + 1-byte offset value +
signature value message data

The byte for 1-byte flag bits are defined as follow:

Table A.29 Meaning of Various Bits of the Mark Bit

B7 Flag bit for starting message of signature value

B6 Flag bit for ending message of signature value

B5 Reserved

B4 Reserved

B3 Reserved

B2 Reserved

B1 Reserved

B0 Reserved

As the transferred certificate signature value is in the TLV encoding format, the
offset value represents the offset length of Value from the starting address of
message

UPI Confidential 62
Part V IC Card Internet Multipurpose Terminal Specification

A.3.8.4 Data Field of Response Message

The response message data doesn’t exist.

A.3.8.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command

A.3.9 CLIENT SIGN Command

A.3.9.1 Definition and Scope

The CLIENT SIGN Command uses a terminal private key to sign designated data
and return a signature value.

A.3.9.2 Command Message

Refer to Table A.30 for the CLIENT SIGN command message encoding:

Table A.30 CLIENT SIGN Command Message

Code Value

CLA 7E

INS 28

P1 00

P2 00

Lc Length of input data

Data Input data

Le 00

A.3.9.3 Data Field of Command Message

For source data please refer to Section 8.3.1.

A.3.9.4 Data Field of Response Message

Signed data

A.3.9.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

UPI Confidential 63
Part V IC Card Internet Multipurpose Terminal Specification

Refer to Appendix A.5 List of Terminal Command Response Status Code for the
error information which may be returned by the terminal

A.3.10 EXPORT MASTERKEY Command

A.3.10.1 Definition and Scope

EXPORT MASTERKEY Command is used to acquire master key generated by the

terminal, and use the public key of the trusted server certificate for encryption.

A.3.10.2 Command Message

See Table A.31 for the EXPORT MASTERKEYcommand message encoding:

Table A.31 EXPORT MASTERKEY Command Message

Code Value

CLA 7E

INS 29

P1 00

P2 00

Lc Not Available

Data Not Avaliable

Le 00

A.3.10.3 Data Field of Command Message

The command message data does not exist.

A.3.10.4 Data Field of Response Message

Master key information encrypted by the public key of trusted server certificate.

A.3.10.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

UPI Confidential 64
Part V IC Card Internet Multipurpose Terminal Specification

A.3.11 HMAC Command

A.3.11.1 Definition and Scope

HMAC command is used to:

1) Extract the HMAC value generated after the handshake process with terminal,
which is then sent to the processing center for verification.

2) Input the HMAC value generated in the process of handshake with the
processing center, which is then sent to the terminal for verification.

3) The terminal generates Session Key internally via HMAC algorithm.

Refer to the detailed definition of protocol process in Section 8.2.1 and 8.2.2 in the
specification for the details of above contents.

A.3.11.2 Command Message

See Table A.32 for the HMAC command message encoding:

Table A.32 HMAC Command Message

Code Value

CLA 7E

INS 2A

P1 00

P2 Control parameters (see explanation)

Lc Set value according to P2, see explanation below

Data Set value according to P2, see explanation below

Le Set value according to P2, see explanation below

Table A.33 Control Parameter Set Value Table

P2 Lc Data Le Remarks

Not HMAC value generated by completion of

0x00 Not Available 0x14
Available terminal handshake

UPI Confidential 65
Part V IC Card Internet Multipurpose Terminal Specification

HMAC value will be verified by

Processing center
0x01 0x14 0x00 terminal, which is generated after the
HMAC value
processing center handshake completion

Not HMAC algorithm internal generation of

0x02 Not Available 0x00
Available session key

A.3.11.3 Data Field of Command Message

Refer to Table A.33 Control parameter set value table

A.3.11.4 Response Message Data Fields

When P2=00, the response message data field will be the HMAC value calculated
by the terminal. Refer to Section 8.2.1 for details regarding HMAC data elements
generated by terminals.

When P2=01 and P2=02, there are no response message data fields.

A.3.11.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.3.12 TRANSMIT ENCRYPTED COMMAND Command

A.3.12.1 Definition and Scope

The TRANSMIT ENCRYPTED COMMAND command is used for encrypted

transmissions between the processing center and terminals.

A.3.12.2 Command Message

Refer to Table A.34 for the TRANSMIT ENCRYPTED COMMAND Command

Message Encoding:

Table A.34 TRANSMIT ENCRYPTED COMMAND Command Message

Code Value

CLA 7F

INS 2B

P1 00

P2 00: Non-cascade mode; 01: Cascade mode

UPI Confidential 66
Part V IC Card Internet Multipurpose Terminal Specification

Code Value

Lc Length of input data

Data Input data

Le 00

For P2 = 0x00, the information message of secure channel is transmitted in the

non-cascade mode or the information message has reached the last frame of
cascade data

For P2 = 0x01, the information message of secure channel is transmitted in the

non-cascade mode and the succeeding data is present

A.3.12.3 Data Field of Command Message

SKey encrypted command and MAC Key calculated with MKey from processing
center.

A.3.12.4 Data Field of Response Message

Encrypted command response data and MAC

A.3.12.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 List of Terminal Command Response Status Code for the
error information which may be returned by the terminal.

Notes:

(1) Transaction commands can only be transmitted to terminals using this

encryption command; that is to say that terminal transactions can only be
conducted after a secure channel has been established.

(2) Terminal commands are transmitted using this command, and will be
executed after decryption; execution results and response codes must be
encrypted before they are sent to the processing center, and return codes must
be sent directly after return ciphertexts in plaintext format.

Example: the ‘【】’ (brackets) below indicate APDU command data fields; this field
includes two parts; the encrypted plaintext data within the brackets as well as MAC
ciphertext. Refer to Section 8.2.2 for a specific explanation of how the content of
thie data field is calculated.

Processing center command: 7F 2B 00 00 10 【00 05 7E 2C 00 00 00】

Terminal return data: 【90 00】90 00 90 00

UPI Confidential 67
Part V IC Card Internet Multipurpose Terminal Specification

A.3.13 CLOSE SECURE CHANNEL Command

A.3.13.1 Definition and Scope

CLOSE SECURE CHANNEL commands are used to close secure channels and
destroy all keys used within that channel.

A.3.13.2 Command Messages

See the table below for information on CLOSE SECURE CHANNEL command
message codes:

Table A.35 CLOSE SECURE CHANNEL Command Messages

Code Value

CLA 7E

INS 2C

P1 00

P2 00

Lc Not Available

Data Not Available

Le 00

A.3.13.3 Data Field of Command Message

The data field of command message does not exist.

A.3.13.4 Status Code of Response Message

The data field of response message does not exist.

A.3.13.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

UPI Confidential 68
Part V IC Card Internet Multipurpose Terminal Specification

A.3.14 READ NON-PBOC PIN Command

A.3.14.1 Definition and Scope

READ NON-PBOC PIN is used to read the PIN of non-UICS financial IC card,
such as industry card PIN. The PIN of financial IC card or financial account is not
allowed to be read. This command is an optional command.

A.3.14.2 Command Message

See Table A.36 for READ NON-PBOC PINcommand message coding:

Table A.36 READ NON-PBOC PIN Command Message

Code Value

CLA 7E/7F

INS 2D

P1 00

P2 00

Lc Not Available

Data Not Available

Le Expected PIN length

A.3.14.3 Data Field of Command Message

The data field of command message does not exist.

A.3.14.4 Data Field of Response Message

The data field of response message contains six-digit of non-financial IC card PIN.

A.3.14.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

UPI Confidential 69
Part V IC Card Internet Multipurpose Terminal Specification

A.4 Transaction Command

A.4.1 CREDIT FOR LOAD Command

A.4.1.1 Definition and Scope

The CREDIT FOR LOAD command is used to support financial IC card online
load transactions; permits financial IC card primary account funds to be transferred
to an electronic cash account and completes IC card electronic cash balance update
operations. Load amounts are inputted at the terminal. During the transaction the
terminal will automatically check load limits and inform the cardholder of the
maximum allotted load amount.

A.4.1.2 Command Message

For CREDIT FOR LOAD command message encoding please refer to Table A.37:

Table A.37 CREDIT FOR LOAD Command Message

Code Value

CLA 7E

INS 40

P1 00/01

When P1=00 and P2=00: Start transaction, read data as defined in Table A.36;
P2 When P1=00 and P2=01: read data as defined in Table A.37;
When P1=01 and P2=00: Online response data

Lc Length of Data field

Data Refer to explanation of command message data fields

Le 00

A.4.1.3 Command Message Data Fields

When P1=00 and P2=00:

Start load transaction; see the command message data field table below:

UPI Confidential 70
Part V IC Card Internet Multipurpose Terminal Specification

Table A.38 Start Load Transaction Command Message Data Fields

Data Length (in bytes) Remarks

Transaction Amount 6 Set to 0

Transaction Date YYMMDD 3 Current date at processing center

Transaction Time HHMMSS 3 Current time at processing center

Other Transaction Data Variable (VAR) See notes below table

“Other transaction data” finish Content set as

11
indicator (Tag FF01) “\x12\x34\x56\x78\x90\xAB\xCD\xEF”

Minimum load amount (Tag

9 TLV
FF02)

Notes: Other transaction date refers to processing center data; during abnormal
transactions (such as reversals, script notifications, etc.) this data must be sent back
to the processing center in abnormal (such as reversals and script notifications)
transaction messages. Terminals do not need to analyze this data. Other transaction
processing methods are the same.

When P1=00 and P2=01:

The command message does not contain data fields.

When P1=01:

Online returned data; see the table below for command message data fields:

Table A.39 Load Online Data Command Message Data Fields

Data Length (in bytes) Remarks

Online Connection Result 1 00: Normal connection; 01: Unable to connect

Issuer Authorization Data (Tag

10-18 TLV format
91)

Authorization Response Code

4 TLV format
(Tag 8A)

71 Script Data (Tag 71) Variable TLV format

UPI Confidential 71
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

72 Script Data (Tag 72) Variable TLV format

A.4.1.4 Response Message Data Fields

When P1=00 and P2=00:

Start load transaction; see the response message data field table below:

Table A.40 Start Load Transaction Response Message Data Fields

Data Length (in bytes) Remarks

Load amount 6 Actual load amount

01: Transaction declined;

Transaction result 1
02: Request for online transaction

Terminal Verification
7 TLV format
Result (TVR) (Tag 95)

Transaction Date (Tag 9A) 5 TLV format

Random Number (Tag 9F37) 7 TLV format

Application Interchange Profile

4 TLV format
(AIP) (Tag 82)

Application Transaction Code

5 TLV format
(ATC) Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

Cardholder Verification Method

6 TLV format
(CVM) Result (Tag 9F34)

UPI Confidential 72
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Transaction Sequence Counter

5-7 TLV format
(Tag 9F41)

Specialized Document Name

7-18 TLV format
(Tag 84)

Application Version Number

5 TLV format
(Tag 9F09)

Authorized Balance (Tag

9 Actual load balance
9F02)

When P1=00 and P2=01:

Read PAN, PAN serial number, and related information: see the command
response data field table below:

Table A.41 Response Message Data Fields

Data Length (in bytes) Remarks

Application primary account, TLV

PAN (Tag 5A) Maximum 12
format

Application primary account serial

PAN Serial Number (Tag 5F34) 4
number, TLV format

Magstrip-Equivalent Data (Tag Magstripe track 2 equivalent data,

Maximum 21
57) TLV format

Online PIN Ciphertext (Tag 99) 130 Ciphertext data encrypted by PIN

When P1=01:

Returned online data sent from terminal to processing center; see the response
message data field table below:

Table A.42 Load Online Response Message Data Fields

UPI Confidential 73
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

00: Transaction approved; 01:

Transaction result 1
Transaction declined

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

A.4.1.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.4.2 DEBIT FOR PURCHASE Command

A.4.2.1 Definition and Scope

DEBIT FOR PURCHASE command is used to support online purchase

transactions of financial IC card, allowing the cardholder to use financial IC card to
complete purchases on the Internet and receive related services.

A.4.2.2 Command Message

For DEBIT FOR PURCHASE command message encoding please refer to Table
A.43:

UPI Confidential 74
Part V IC Card Internet Multipurpose Terminal Specification

Table A.43 DEBIT FOR PURCHASE Command Message

Code Value

CLA 7E

INS 41

P1 00/01

When P1=00 and P2=00: Start transaction, read data as defined in Table A.42;
P2 When P1=00 and P2=01: read data as defined in Table A.43;
When P1=01 and P2=00: Online data return

Lc Data field data length

Data See explanation of command message data fields

Le 00

A.4.2.3 Command Message Data Fields

When P1=00 and P2=00:

Start online purchase transaction; see the command message data field table below:

Table A.44 Command Message Data Fields

Data Length (in bytes) Remarks

Transaction Amount 6 Spending amount

Transaction Date YYMMDD 3 Current date at processing center

Transaction Time HHMMSS 3 Current time at processing center

Other Transaction Data Variable (VAR) See notes below table

Notes: Other transaction date refers to processing center data; during abnormal
transactions (such as reversals, script notifications, etc.) this data must be sent back
to the processing center in abnormal (such as reversals and script notifications)
transaction messages. Terminals do not need to analyze this data.

When P1=00 and P2=01:

The command message does not contain data fields.

UPI Confidential 75
Part V IC Card Internet Multipurpose Terminal Specification

When P1=01:

Online returned data; see the table below for command message data fields:

Table A.45 Command Message Data Fields

Data Length (in bytes) Remarks

00: Normal connection; 01: Unable to

Online Connection Result 1
connect

Issuer Authorization Data

10-18 TLV format
(Tag 9F)

Authorization Response
4 TLV format
Code (Tag 8A)

71 Script Data (Tag 71) Variable TLV format

72 Script Data (Tag 72) Variable TLV format

A.4.2.4 Response Message Data Fields

When P1=00 and P2=00:

Start online purchase transaction; see the command message data field table below:

Table A.46 Response Message Data Fields

Data Length (in bytes) Remarks

01: Transaction declined; 02: Request

Transaction result 1
Online connection

Terminal Verification
7 TLV format
Result (TVR) (Tag 95)

Transaction Date (Tag 9A) 5 TLV format

Random Number (Tag 9F37) 7 TLV format

Application Interchange Profile

4 TLV format
(AIP) (Tag 82)

UPI Confidential 76
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Application Transaction Code

5 TLV format
(ATC) Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

Cardholder Verification Method

6 TLV format
(CVM) Result (Tag 9F34)

Transaction Sequence Counter

5-7 TLV format
(Tag 9F41)

Special File Name (Tag 84) 7-18 TLV format

Application Version Number

5 TLV format
(Tag 9F09)

When P1=00 and P2=01:

Read PAN, PAN serial number, and related information: see the command
response data field table below:

Table A.47 Response Message Data Fields

Data Length (in bytes) Remarks

Application primary account number,

PAN (Tag 5A) Maximum 12
TLV format

Application primary account number

PAN Serial Number (Tag 5F34) 4
serial number, TLV format

Magstrip-Equivalent Data (Tag Magstripe track 2 equivalent data,

Maximum 21
57) TLV format

UPI Confidential 77
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

online PIN ciphertext encrypted by

Online PIN Ciphertext (Tag 99) 130
PIN key

When P1=01:

Returned online data sent from terminal to processing center; see the response
message data field table below:

Table A.48 Response Message Data Fields

Data Length (in bytes) Remarks

00: Transaction approved; 01:

Transaction result 1
Transaction refused

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

A.4.2.5 Response Message Status Codes

“9000” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

UPI Confidential 78
Part V IC Card Internet Multipurpose Terminal Specification

A.4.3 GET ELECTRONIC CASH BALANCE Command

A.4.3.1 Definition and Scope

GET ELECTRONIC CASH BALANCE command is used to inquire electronic

cash balance of IC card via the terminal, and the transaction is operated offline.

A.4.3.2 Command Message

For GET ELECTRONIC CASH BALANCE command message encoding please

refer to Table A.49:

Table A.49 GET ELECTRONIC CASH BALANCE Command Message

Code Value

CLA 7E

INS 42

P1 00: Display electronic cash balance

P2 00

Lc Not Exist

Data Not Exist

Le 00

A.4.3.3 Data Field of Command Message

The data field of command message does not exist.

A.4.3.4 Response Message Data Fields

See table below for financial IC card electronic cash balance/response message data
fields:

Table A.50 GET ELECTRONIC CASH BALANCE Response Message Data Fields

Explanation Length (in bytes) Remarks

Electronic Cash Balance 6 BCD Code

A.4.3.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

UPI Confidential 79
Part V IC Card Internet Multipurpose Terminal Specification

Refer to Appendix A.5 List of Terminal Command Response Status Code for the
error information which may be returned by the terminal

A.4.4 GET PRIMARY BALANCE Command

A.4.4.1 Definition and Scope

GET PRIMARY BALANCE command is used to inquire primary debit/credit

account balance via online channel.

A.4.4.2 Command Message

GET PRIMARY BALANCE Command Message encoding is shown in Table

A.51:

Table A.51 GET PRIMARY BALANCECommand Message

Code Value

CLA 7E

INS 43

P1 00/01

When P1=00 and P2=00: Start transaction, read data as defined in Table A.50;
P2 When P1=00 and P2=01: read data as defined in Table A.51;
When P1=01 and P2=00: Online data return

Lc Data field data length

Data See the description of the data field of command message

Le 00

A.4.4.3 Command Message Data Fields

When P1=00 and P2=00:

Begins debit/credit primary account balance inspection transaction; see command

message data field table below:

Table A.52 Command Message Data Fields

Data Length (in bytes) Remarks

Transaction Amount 6 Balance set as 0

UPI Confidential 80
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Transaction Date YYMMDD 3 Current date at processing center

Transaction Time HHMMSS 3 Current time at processing center

Other Transaction Data Variable (VAR) See notes below table

Notes: Other transaction data is processing center data; during abnormal

transactions (such as reversals, script notifications, etc.) this data must be sent back
to the processing center in abnormal transaction messages(such as reversals and
script notifications) . Terminals do not need to analyze this data.

When P1=00 and P2=01:

The command message does not contain data fields.

When P1=01:

Online returned data; see the table below for command message data fields:

Table A.53 Command Message Data Fields

Data Length (in bytes) Remarks

00: Normal connection;

Connection Result 1
01: Unable to connect

BCD

Primary account Balance 6 Debit card: Primary account balance

Credit card: Used amount

Issuer Authorization Data

10-18 TLV format
(Tag 9F)

Authorization Response
4 TLV format
Code (Tag 8A)

71 Script Data (Tag 71) Variable TLV format

72 Script Data (Tag 72) Variable TLV format

00: Debit card;

Card Type (Tag FF01) 4
01: Credit card

UPI Confidential 81
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

TLV format
Available balance (Tag Debit card: Does not have this data
9
FF02) field
Credit card: Available limit

Note: For debit cards, micropayment will only display "Primary Account Balance";
if the card is a debit card then the micropayment will only display "Available
Balance", “Used Amount”.

A.4.4.4 Response Message Data Fields

When P1=00 and P2=00:

Start debit/credit primary account balance inspection transaction; see command

message data field table below:

Table A.54 Response Message Data Fields

Data Length (in bytes) Remarks

01: Transaction declined;

Transaction result 1
02: Online Connection request

Terminal Verification
7 TLV format
Result (TVR) (Tag 95)

Transaction Date (Tag 9A) 5 TLV format

Random Number (Tag 9F37) 7 TLV format

Application Interchange Profile

4 TLV format
(AIP) (Tag 82)

Application Transaction Code

5 TLV format
(ATC) Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

UPI Confidential 82
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

Cardholder Verification Method

6 TLV format
(CVM) Result (Tag 9F34)

Transaction Sequence Counter

5-7 TLV format
(Tag 9F41)

Special File Name (Tag 84) 7-18 TLV format

Application Version Number

5 TLV format
(Tag 9F09)

When P1=00 and P2=01:

Read PAN, PAN serial number, and related information: see the command
response data field table below:

Table A.55 Response Message Data Fields

Data Length (in bytes) Remarks

PAN (Tag 5A) Maximum 12 Application primary account number

Application primary account serial

PAN Serial Number (Tag 5F34) 4
number

Magstrip-Equivalent Data (Tag

Maximum 21 Magstrip track 2 equivalent data
57)

online PIN ciphertext encrypted by

Online PIN Ciphertext (Tag 99) 130
PIN key

When P1=01:

Returned online data sent from terminal to processing center; see the response
message data field table below:

UPI Confidential 83
Part V IC Card Internet Multipurpose Terminal Specification

Table A.56 Response Message Data Fields

Data Length (in bytes) Remarks

00: Transaction approved; 01:

Transaction result 1
Transaction refused

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

A.4.4.5 Response Message Status Codes

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.4.5 GET DOL VALUE Command

A.4.5.1 Definition and Scope

The GET DOL TAGE VALUE is used to retrieve data object content in accordance
with inputted data object list.

A.4.5.2 Command Messages

See the table below for information on GET DOL VALUE command message
codes:

UPI Confidential 84
Part V IC Card Internet Multipurpose Terminal Specification

Table A.57 GET DOL VALUE Command Messages

Code Value

CLA 7E

INS 45

P1 00

P2 00

Lc Data field length

Data Refer to A.4.5.3 explanation of command message data fields

Le 00

A.4.5.3 Command Message Data Fields

See table below for input data object list format:

Table A.58 GET DOL VALUE Command Message Data Field Format

Tag 1 Length 1 Tag 2 Length 2 …… Tag n Length n

Note: Length indicates required length of read label value; see explanation of DOL
format.

A.4.5.4 Response Message Data Fields

Response message data field are the data objects of BER-TLV code. These data
objects must be in accordance with the following format codes:

Table A.59 GET DOL VALUE Response Message Data Field Format

Tag 1 Length 1 Value 1 Tag 2 Length 2 Value 2 …… Tag 3 Length 3 Value 3

A.4.5.5 Response Message Status Codes

“9000” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

UPI Confidential 85
Part V IC Card Internet Multipurpose Terminal Specification

A.4.6 GET REVERSAL INFO Command

A.4.6.1 Definition and Scope

The GET REVERSAL INFO command is used to retrieve financial IC card

reversal information or script execution result notifications saved during abnormal
online transactions.

A.4.6.2 Command Message

GET REVERSAL INFO Command Message encoding is shown in Table A.60:

Table A.60 GET REVERSAL INFOCommand Message

Code Value

CLA 7E

INS 46

P1 00: Read information; 01: Clear information

P2 00: Reversal information; 01: Script notification

Lc Not Available

Data Not Available

Le 00

A.4.6.3 Data Field of Command Message

The data field of command message does not exist.

A.4.6.4 Response Message Data Fields

When P1=00 and P2=00:

Read transaction reversal information; see table below for command response data
fields:

Table A.61 Read Reversal Information Command Response Data Field Formats

Data Length (in bytes) Remarks

00: Transaction approved; 01: Transaction

Transaction result 1
declined; 02: Request connection

UPI Confidential 86
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Transaction Amount 6 Original transaction amount

Transaction Date YYMMDD 3 Origina transaction date

Transaction Time HHMMSS 3 Original transaction time

Other Transaction Data Variable (VAR) Data saved at time of transaction

Application primary account number, TLV

PAN (Tag 5A) Maximum 12
format

Application primary account serial number,

PAN Serial Number (Tag 5F34) 4
TLV format

Magstrip-Equivalent Data (Tag

Maximum 21 Magstrip track 2 equivalent data, TLV format
57)

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

When P1=00 and P2=01:

Command message data fields do not exist.

When P1=01 and P2=00:

Read script execution result notification information; see table below command
response data fields:

UPI Confidential 87
Part V IC Card Internet Multipurpose Terminal Specification

Table A.62 Read Script Execution Notification Command Response Data Field Formats

Data Length (in bytes) Remarks

00: Transaction approved;

Transaction result 1 01: Transaction refused;
02: Request connection

Transaction Amount 6 Original Transaction Amount

Transaction Date YYMMDD 3 Origina Transaction Date

Transaction Time HHMMSS 3 Original transaction time

Other Transaction Data Variable (VAR) Data saved at time of transaction

Application primary account number,

PAN (Tag 5A) Maximum 12
TLV format

Application primary account serial

PAN Serial Number (Tag 5F34) 4
number, TLV format

Magstrip-Equivalent Data (Tag Magstripe track 2 equivalent data,

Maximum 21
57) TLV format

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

UPI Confidential 88
Part V IC Card Internet Multipurpose Terminal Specification

When P1=01 and P2=01:

Command message data fields do not exist.

A.4.6.5 Status Code of Response Message

The status code for successful execution of this command is ‘9000’.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.4.7 READ CARDHOLDER INFO Command

A.4.7.1 Definition and Scope

The READ CARDHOLDER INFO command is used to read from the device other
information about the cardholder participating in the current transaction. The
cardholder will input appropriate cardholder information in accordance with the
instructions displayed by on the device display screen. Cardholder information
includes cardholder phone number, cardholder ID number, cellphone dynamic
password, etc; the cardholder must input and confirm this information during the
transaction process.

A.4.7.2 Command Messages

See the table below for REVERSAL INFO command message codes:

Table A.63 READ CARDHOLDER INFO Command Messages

Code Value

CLA 7E

INS 47

P1 Display information display parameters (See Table A.64)

P2 00 (Reserved)

Lc Display length of user input data

Data Display information

Le 00

UPI Confidential 89
Part V IC Card Internet Multipurpose Terminal Specification

Table A.64 Display Format Parameter Table

Display Format Code Explanation

00 Align to upper-left, normal mode display

05 Align to upper-left, display “*”

10 Align to lower-left, normal mode display

15 Alight to lower-left, display “*”

20 Align centrally to left, normal mode display

25 Alight centrally to left, display “*”

40 Align to upper-right, normal mode display

45 Alight to upper-right, display “*”

50 Align to lower-right, normal mode display

55 Alight to lower-right, display “*”

60 Align centrally to right, normal mode display

65 Alight centrally to right, display “*”

80 Align to upper center, normal mode display

85 Alight to upper center, display “*”

90 Align to lower center, normal mode display

95 Alight to lower center, display “*”

A0 Align to center, normal mode display

A5 Alight to center, display “*”

A.4.7.3 Command Message Data Fields

Command message data fields do not exist.

UPI Confidential 90
Part V IC Card Internet Multipurpose Terminal Specification

A.4.7.4 Response Message Data Fields

X(1): Cardholder information length

X(n): Cardholder information (ASCII)

A.4.7.5 Response Message Status Codes

“9000” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.4.8 GET CARD TRADE RECODE Command

A.4.8.1 Definition and Scope

The GET CARD TRADE RECODE command is used on IC card transaction detail
record files.

A.4.8.2 Command Messages

See the table below for information on GET CARD TRADE RECODE command
message codes:

Table A.65 GET CARD TRADE RECODE Command Messages

Code Value

CLA 7E/7F

INS 48

P1 00

P2 Control Parameters (See response message data fields)

Lc Not Exist

Data Not Exist

Le 00

Le = ’00’: Indicates maximum byte number required (256 bytes)

A.4.8.3 Command Message Data Fields

Command message data fields do not exist.

UPI Confidential 91
Part V IC Card Internet Multipurpose Terminal Specification

A.4.8.4 Response Message Data Fields

When P2=01, response data is the card log record format data element.

When P2=00, response data format is as follows:

Data Field Explanation

Total record length 2 bytes (length does not include number of records)

Number of Record N 1 Byte

Record 1
See UnionPay IC Card Specifications Part 5 – UICS
……
for record file content format
Record N

Note: When response data is greater than 255 bytes then it must be transmitted in
bundles and the response message status code will be 61XX (successive data
length). When a server receives a status response of 61XX it must use the GET
TERMINAL RESPONSE instruction to retrieve the record data and combine it into
a complete message.

A.4.8.5 Response Message Status Codes

“90XX” or “61XX” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.4.9 CREDIT CARD PAYMENT Command

A.4.9.1 Definition and Scope

Credit card payment transaction command.

A.4.9.2 Command Messages

See the table below for CREDIT CARD PAYMENT command message codes:

Table A.66 CREDIT CARD PAYMENT Command Messages

Code Value

CLA 7E/7F

INS 49

P1 00/01

UPI Confidential 92
Part V IC Card Internet Multipurpose Terminal Specification

Code Value

When P1=00 and P2=00: Start transaction, read data as defined in Table A.69;
P2 When P1=00 and P2=01: read data as defined in Table A.70;
When P1=01 and P2=00: Online data return

Lc Data field data length

Data See explanation of command message data fields

Le ‘00

A.4.9.3 Command Message Data Fields

When P1=00 and P2=00:

Start credit payment transaction; see the command message data field table below:

Table A.67 Command Message Data Fields

Data Length (in bytes) Remarks

Transaction Amount 6 payment amount

Transaction Date YYMMDD 3 Current date at processing center

Transaction Time HHMMSS 3 Current time at processing center

Credit Card Account Number 28 Pad from right with spaces if not 28

Other Transaction Data Variable (VAR) See notes below table

Notes: Other transaction date refers to processing center data; during abnormal
transactions (such as reversals, script notifications, etc.) this data must be sent back
to the processing center in abnormal transaction messages (such as reversals and
script notifications). Terminals do not need to analyze this data.

When P1=00 and P2=01:

The command message does not contain data fields.

When P1=01:

Online returned data; see the table below for command message data fields:

UPI Confidential 93
Part V IC Card Internet Multipurpose Terminal Specification

Table A.68 Command Message Data Fields

Data Length (in bytes) Remarks

00: Normal connection;

Connection Result 1
01: Unable to connect

Issuer Authorization Data (Tag

10-18 TLV format
9F)

Authorization Response Code

4 TLV format
(Tag 8A)

71 Script Data (Tag 71) Variable TLV format

72 Script Data (Tag 72) Variable TLV format

A.4.9.4 Response Message Data Fields

When P1=00 and P2=00:

Start credit card repayment transaction; see the command message data field table
below:

Table A.69 Response Message Data Fields

Data Length (in bytes) Remarks

01: Transaction declined;

Transaction result 1
02: Online Connection request

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Transaction Date (Tag 9A) 5 TLV format

Random Number (Tag 9F37) 7 TLV format

Application Interchange Profile

4 TLV format
(AIP) (Tag 82)

Application Transaction Code

5 TLV format
(ATC) Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

UPI Confidential 94
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

Cardholder Verification Method

6 TLV format
(CVM) Result (Tag 9F34)

Transaction Sequence Counter

5-7 TLV format
(Tag 9F41)

Special File Name (Tag 84) 7-18 TLV format

Application Version Number

5 TLV format
(Tag 9F09)

When P1=00 and P2=01:

Read PAN, PAN serial number, and related information: see the command
response data field table below:

Table A.70 Response Message Data Fields

Data Length (in bytes) Remarks

Application primary account number, TLV

PAN (Tag 5A) Maximum 12
format

Application primary account number serial

PAN Serial Number (Tag 5F34) 4
number, TLV format

Magstrip-Equivalent Data (Tag

Maximum 21 Magstrip track 2 equivalent data, TLV format
57)

PIN/public key encrypted-online PIN

Online PIN Ciphertext (Tag 99) 130
ciphertext

When P1=01:

Returned online data sent from terminal to processing center; see the response
message data field table below:

UPI Confidential 95
Part V IC Card Internet Multipurpose Terminal Specification

Table A.71 Response Message Data Fields

Data Length (in bytes) Remarks

00: Transaction approved;

Transaction result 1
01: Transaction declined

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

A.4.9.5 Response Message Status Codes

“9000” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.4.10 VERITY OFFLINE PIN Command

A.4.10.1 Definition and Scope

The VERITY OFFLINE PIN command is used by the terminal to verify an offline
PIN. The verification command causes the IC card to compare the transaction PIN
data contained within the command message data field and the corresponding
parameter PIN data. The verification method is determined by the IC card
application.

A.4.10.2 Command Messages

See the table below for information on VERITY OFFLINE PIN command message
codes:

UPI Confidential 96
Part V IC Card Internet Multipurpose Terminal Specification

Table A.72 VERITY OFFLINE PIN Command Messages

Code Value

CLA 7E

INS 4A

P1 00

P2 00

Lc Not Exist

Data Not Exist

Le 00

A.4.10.3 Command Message Data Fields

Command message data fields do not exist.

A.4.10.4 Response Message Data Fields

Response message data fields do not exist.

A.4.10.5 Response Message Status Codes

“9000” designates that this command was executed successfully.

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.4.11 TRANSFER Command

A.4.11.1 Definition and Scope

The TRANSFER command is used for account transfer transactions. Transfer

transactions come in two modes: IC card transfers and card-not-present channel
transfers.

A.4.11.2 Command Messages

TRANSFER command message codes are described in the table below:

UPI Confidential 97
Part V IC Card Internet Multipurpose Terminal Specification

Table A.73 TRANSFER Command Messages

Code Value

CLA 7E

INS 4B

P1 00/01/02/03

IC Card transfer procedures:

When P1=00 and P2=00: Start transaction, read data as defined in Table A.79;
When P1=00 and P2=01: read data as defined in Table A.80;
When P1=01 and P2=00: Online data return
P2 Card-not-present channel transfer procedures:
When P1=02 and P2=00: Start transaction, read data as defined in Table A.82;
When P1=02 and P2=01: read data as defined in Table A.83;
When P1=03 and P2=00: Online data return
When P1=03 and P2=01: online return of transfer transaction result

Lc Data field data length

Data See explanation of command message data fields

Le 00

Notes:

1) In IC card transfer mode, execute the “IC card transfer procedures” defined in
Table A.61.

2) In card-not-present transfer mode, execute the “card-not-present channel

transfer procedures” defined by Table A.61. In this mode, first utilize “primary
account balance inspection transaction” to complete IC card verification and
then complete “card-not-present channel transfer transaction”.

A.4.11.3 Command Message Data Fields

IC Card transfer procedures:

When P1=00 and P2=00:

Start “IC card transfer procedures” ; see the command message data field table
below:

UPI Confidential 98
Part V IC Card Internet Multipurpose Terminal Specification

Table A.74 Command Message Data Fields

Data Length (in bytes) Remarks

Transaction Amount
Transfer amount
When this field is all 0 then utilize the terminal
6
to input transfer amount; when not all 0, the
terminal will confirm the transfer amount.

Transaction Date YYMMDD 3 Current date at processing center

Transaction Time HHMMSS 3 Current time at processing center

Pad from right with spaces if insufficient

Transfer Target Account
20 Maximum card number length is currently 16
Number
bytes with 1 byte being RFU

Transfer Target Cardolder Numbers and Chinese characters are

20
Name permitted; pad from left when insufficient.

Other Transaction Data Variable (VAR) See notes below table

Notes: Other transaction data is processing center data; during abnormal

transactions (such as reversals, script notifications, etc.) this data must be sent back
to the processing center in abnormal transaction messages (such as reversals and
script notifications). Terminals do not need to analyze this data.

When P1=00 and P2=01:

The command message does not contain data fields.

When P1=01:

Online returned data; see the table below for command message data fields:

Table A.75 Command Message Data Fields

Data Length (in bytes) Remarks

00: Normal connection;

Connection Result 1
01: Unable to connect

Issuer Authorization Data (Tag

10-18 TLV format
9F)

Authorization Response Code

4 TLV format
(Tag 8A)

UPI Confidential 99
Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

71 Script Data (Tag 71) Variable TLV format

72 Script Data (Tag 72) Variable TLV format

Card-not-present channel transfer procedures:

When P1=02 and P2=00:

Start “card-not-present channel transfer procedures” ; see the command message

data field table below:

Table A.76 Command Message Data Fields

Data Length (in bytes) Remarks

Transaction Amount
Transfer amount
When this field is all 0 then utilize the terminal
6
to input transfer amount; when not all 0, the
terminal will confirm the transfer amount.

Transaction Date YYMMDD 3 Current date at processing center

Transaction Time HHMMSS 3 Current time at processing center

Pad from right with spaces if insufficient

Transfer Account Number 20 Maximum card number length is currently 16
bytes with 1 byte being RFU

Transfer Target Cardolder Numbers and Chinese characters are

20
Name permitted; pad from left when insufficient.

Other Transaction Data Variable (VAR) See notes below table

Notes:

1) Other transaction date refers to processing center data; during abnormal

transactions (such as reversals, script notifications, etc.) this data must be sent
back to the processing center in abnormal transaction messages(such as
reversals and script notifications). Terminals do not need to analyze this data.

When P1=02 and P2=01:

The command message does not contain data fields.

UPI Confidential 100

Part V IC Card Internet Multipurpose Terminal Specification

When P1=03 and P2=00:

Online returned data; see the table below for command message data fields:

Table A.77 Command Message Data Fields

Data Length (in bytes) Remarks

00: Normal connection;

Connection Result 1
01: Unable to connect

Primary account Balance 6 BCD

Issuer Authorization Data

10-18 TLV format
(Tag 9F)

Authorization Response
4 TLV format
Code (Tag 8A)

71 Script Data (Tag 71) Variable TLV format

72 Script Data (Tag 72) Variable TLV format

Notes:

1) During “card-not-present channel transfer procedures”, “primary account

balance inspection” is only used to verify user PIN and allow the terminal to
receive the primary account balance; the primary account balance is not
displayed.

When P1=03 and P2=01:

Online return of transfer results; see the table below for command message data
fields:

Table A.78 Command Message Data Fields

Data Length (in bytes) Remarks

00: Normal connection;

Connection Result 1
01: Unable to connect

TLV format
Authorization Response
4 Card-not-present channel transfer
Code (Tag 8A)
transaction authorization response code

UPI Confidential 101

Part V IC Card Internet Multipurpose Terminal Specification

A.4.11.4 Response Message Data Fields

IC Card transfer procedures:

When P1=00 and P2=00:

Start “IC card transfer procedures”; see the command message data field table
below:

Table A.79 Response Message Data Fields

Data Length (in bytes) Remarks

01: Transaction declined;

Transaction result 1
02: Request online transaction

Transaction Amount 6 Transfer amount

Terminal Verification
7 TLV format
Result (TVR) (Tag 95)

Transaction Date (Tag 9A) 5 TLV format

Random Number (Tag

7 TLV format
9F37)

Application Interchange
4 TLV format
Profile (AIP) (Tag 82)

Application Transaction
5 TLV format
Code (ATC) Tag 9F36)

Ciphertext Information
4 TLV format
Type (CID) (Tag 9F27)

Application Ciphertext
11 TLV format
(AC) (Tag 9F26)

Issuer Application Data

Maximum 35 TLV format
(Tag 9F10)

Cardholder Verification
Method (CVM) Result 6 TLV format
(Tag 9F34)

UPI Confidential 102

Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Transaction Sequence
5-7 TLV format
Counter (Tag 9F41)

Special File Name (Tag 84) 7-18 TLV format

Application Version
5 TLV format
Number (Tag 9F09)

Notes:

1) Terminal must return “transaction amount”; transfer amount is determined by

this terminal response.

When P1=00 and P2=01:

Read PAN, PAN serial number, and related information: see the command
response data field table below:

Table A.80 Response Message Data Fields

Data Length (in bytes) Remarks

Application account number, TLV

PAN (Tag 5A) Maximum 12
format

Application account number serial

PAN Serial Number (Tag 5F34) 4
number, TLV format

Magstrip-Equivalent Data (Tag Magstrip track 2 equivalent data, TLV

Maximum 21
57) format

PIN/public key encrypted-online PIN

Online PIN Ciphertext (Tag 99) 130
ciphertext

When P1=01:

Returned online data sent from terminal to processing center; see the response
message data field table below:

UPI Confidential 103

Part V IC Card Internet Multipurpose Terminal Specification

Table A.81 Load Online Response Message Data Fields

Data Length (in bytes) Remarks

00: Transaction approved;

Transaction result 1
01: Transaction declined

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

Cardless channel transfer procedures:

When P1=02 and P2=00:

Start “card-not-present channel transfer procedures”; see the command message

data field table below:

Table A.82 Response Message Data Fields

Data Length (in bytes) Remarks

01: Transaction declined;

Transaction result 1
02: Online Connection request

Terminal Verification
7 TLV format
Result (TVR) (Tag 95)

Transaction Date (Tag 9A) 5 TLV format

Random Number (Tag 9F37) 7 TLV format

UPI Confidential 104

Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Application Interchange Profile

4 TLV format
(AIP) (Tag 82)

Application Transaction Code

5 TLV format
(ATC) Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

Cardholder Verification Method

6 TLV format
(CVM) Result (Tag 9F34)

Transaction Sequence Counter

5-7 TLV format
(Tag 9F41)

Special File Name (Tag 84) 7-18 TLV format

Application Version Number

5 TLV format
(Tag 9F09)

When P1=02 and P2=01:

Read PAN, PAN serial number, and related information: see the command
response data field table below:

Table A.83 Response Message Data Fields

Data Length (in bytes) Remarks

PAN (Tag 5A) Maximum 12 Application primary account number

Application primary account serial

PAN Serial Number (Tag 5F34) 4
number

Magstrip-Equivalent Data (Tag

Maximum 21 Magstrip-equivalent data
57)

UPI Confidential 105

Part V IC Card Internet Multipurpose Terminal Specification

Data Length (in bytes) Remarks

Online PIN ciphertext encrypted by

Online PIN Ciphertext (Tag 99) 130
PIN Key

When P1=03 and P2=00:

Returned online data sent from terminal to processing center; see the response
message data field table below:

Table A.84 Response Message Data Fields

Data Length (in bytes) Remarks

00: Transaction approved;

Transaction result 1
01: Transaction declined

Transaction Amount 6 Transfer amount

Script Execution Result (Tag

8 TLV format
DF31)

Terminal Verification Result

7 TLV format
(TVR) (Tag 95)

Application Transaction Code

5 TLV format
(ATC) (Tag 9F36)

Ciphertext Information Type

4 TLV format
(CID) (Tag 9F27)

Application Ciphertext (AC)

11 TLV format
(Tag 9F26)

Issuer Application Data (Tag

Maximum 35 TLV format
9F10)

1) Terminal must return “transaction amount” for successive card-not-present

channel transfer transactions; transfer amount is determined by this terminal
response.When P1=03 and P2=01:

No response data.

A.4.11.5 Response Message Status Codes

“9000” designates that this command was executed successfully.

UPI Confidential 106

Part V IC Card Internet Multipurpose Terminal Specification

Refer to Appendix A.5 – Terminal Command Response Status Code Table for
possible error codes for this command.

A.5 Terminal Command Response Status Code Table

Table A.85 Terminal Command Response Status Code Table

SW1 SW2 Meaning

‘90’ ‘00’ Normal processing

Normal processing, ‘XX’ indicates the additional

‘61’ ‘XX’ data length that can be retrieved using successive
commands

Length error (Le inaccurate, ‘XX’ indicates

‘6C’ ‘XX’
actual length)

‘65’ ‘81’ Terminal device error

‘69’ ‘82’ Security status insufficient

‘69’ ‘85’ Usage requirements insufficient

‘69’ ‘86’ Command not permitted

‘69’ ‘88’ Security message data object inaccurate

‘67’ ‘00’ Data length error

‘6A’ ‘80’ Data object does not exist

‘6A’ ‘84’ Terminal memory capacity insufficient

‘6A’ ‘86’ P1, P2 parameters inaccurate

‘6D’ ‘00’ INS unsupported or error

‘6E’ ‘00‘ CLA unsupported or error

UPI Confidential 107

Part V IC Card Internet Multipurpose Terminal Specification

Appendix B
(Informative Appendix)
Basic Encryption Algorithms

B.1 RSA encryption algorithm

RSA public key is used to encrypt the plaintext message. Encryption standard uses
RSAES-PKCS1-V1_5 in the encryption mode of PKCS # 1 specification.

 Algorithm parameter

M Plaintext

mLen Length of M

EM Encoded plaintext message

C Cryptogram message

K Length of RSA public key modulus

 Steps of algorithm

1. Message encoding:

a) Generate a non-zero random byte string PS with the length of k - mLen - 3; PS

has at least 8 bytes.

b) Connect PS and M in the following way, and generate a k-byte encoded

message EM

EM = 0x00 || 0x02 || PS || 0x00 || M

2. Encryption: Use RSA public key to encrypt EM and generate cryptogram C.

B.2 RSA signature algorithm

Use RSA private key to sign the message abstract. Signature standard uses
RSASSA-PKCS1-V1_5 signature mode in the PKCS # 1 spcifications. Message
abstract uses SHA-1 algorithm.

 Algorithm parameter

M Plaintext

EM Encoded plaintext message

C Cryptogram message

UPI Confidential 108

Part V IC Card Internet Multipurpose Terminal Specification

M Plaintext

K Length of RSA public key modulus

 Steps of algorithm

1. Calculate message abstract H of message M, where Hash algorithm uses

SHA-1:

H = SHA-1(M)

2. Message encoding:

a) Generate DER encoding T of H information, with the length of tLen:

T = (0x) 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 || H

b) Generate a byte string PS, which is composed by (k－tLen－3) 0xFF

c) Connect PS and T by the following method, generating a k-byte encoding

message EM

EM = 0x00‖0x01‖PS‖0x00‖T

3. Signature:

Use RSA private key to sign on EM.

B.3 Symmetric encryption algorithm

In this specification, cipher block chaining (CBC) mode using the block cipher
algorithm is used for data encryption and protection. Among which, the encryption
algorithm can use AES algorithm with 128-bit key length or 3DES algorithm.
Block length using AES encryption is 128 bits, and block length using 3DES
encryption is 64 bits.

 Algorithm parameter

M Plaintext

C Cryptogram message

K Encrypted key

IV Initial vector

EK(M) Use key K to encrypt M

DK(C) Use Key K to decrypt C

UPI Confidential 109

Part V IC Card Internet Multipurpose Terminal Specification

 Steps of algorithm

AES block algorithm

1. Padding and grouping

Add 0x80 to the plaintext M, then pad a minimum 0x00 on the right, so after
padding, length of message M ( M= (M||80||00||00||…||00) ) will be an integer
multiple of 16. Divide M into 16-byte blocks, which are M1, M2, ..., Mn.

2. Encryption calculation

Use key K under CBC mode to encrypte the plaintext block M1, M2, ..., Mn to
encryption block C1, C2,…,Cn using AES-128 algorithm. Where, the initial vector
IV = (00 || 00 || 00 || 00 || 00 || 00 || 00 || 00).

CBC mode encryption process is as follows:

C0 = IV

Ci = EK(Mi⊕Ci-1) , i = 1, 2, . . . , n

C = (C1 || C2 || . . . || Cn)

3. Decryption calculation

Use key K under CBC mode to decrypte the cryptogram into block C1, C2,…,Cn to
plaintext block M1, M2,…,Mn. using AES-128 algorithm,Where, the initial vector
IV = (00 || 00 || 00 || 00 || 00 || 00 || 00 || 00).

CBC mode decryption process is as follows:

C0 = IV

Mi = DK(Ci)⊕Ci-1, i = 1, 2, . . . , n

M = (M1 || M2 || . . . || Mn)

3DES block algorithm

1. Padding and grouping

Add 0x80 to the plaintext M, then pad a minimum 0x00 on the right, so after
padding, length of message M (M = (M||80||00||00||…||00) ) will be an integer
multiple of 8. M is divided into 8-byte blocks, which are M1, M2, ..., Mn

2. Encryption calculation

Use the key under CBC mode to encrypt the plaintext block M1, M2, ..., Mn to
encryption block C1, C2,…,Cn.using 3DES algorithm. Where, the initial vector IV
= (00 || 00 || 00 || 00 || 00 || 00 || 00 || 00).

CBC mode encryption process is as follows:

UPI Confidential 110

Part V IC Card Internet Multipurpose Terminal Specification

C0 = IV

Ci =EK(Mi⊕Ci-1) , i = 1, 2, . . . , n

C = (C1 || C2 || . . . || Cn)

3. Decryption calculation

Use the key under CBC mode to decrypt the cryptogram block C1, C2,…,Cn to
plaintext block M1, M2,…,Mn using 3DES algorithm. Where, the initial vector IV
= (00 || 00 || 00 || 00 || 00 || 00 || 00 || 00).

CBC mode decryption process is as follows:

C0 = IV

Mi =DK(Ci)⊕Ci-1, i = 1, 2, . . . , n

M =(M1 || M2 || . . . || Mn)

UPI Confidential 111

Part V IC Card Internet Multipurpose Terminal Specification

Appendix C
(Normative Appendix)
MAC Algorithm

C.1 Block algorithm based MAC

In accordance with ISO/IEC 9797-1 specification, MAC algorithm uses symmetric

encryption algorithm with a key length of 128 bits under CBC mode to calculate
the 8-byte MAC value for any length messages.

 Algorithm parameter

Table C.1 Description of MAC Algorithm Parameter

M Plaintext

C Cryptogram message

MAC Message authentication code

K MAC key

IV Initial vector

EK(M) Use key K to encrypt M

DK(C) Use Key K to decrypt C

 Steps of algorithm

Padding

Add 0x80 to the plaintext M, then pad a minimum 0x00 on the right, so after
padding, length of message M (M = (M||80||00||00||…||00)) will be an integer
multiple of 8. Divide M into 16-byte blocks, which are M1, M2, ..., Mn.

MAC calculation

Use the left 8-byte KL of key K under CBC mode through 3DES algorithm to
encrypt block M1, M2, ..., Mn. Where, the initial vector IV = (00 || 00 || 00 || 00 ||
00 || 00 || 00 || 00).

CBC mode encryption process is as follows:

C0 = IV

Ci = E KL (Mi⊕Ci-1) , i = 1, 2, . . . , n

UPI Confidential 112

Part V IC Card Internet Multipurpose Terminal Specification

The method to use the last block of to calculate the message authentification code is
as follows:

MAC =EKL(DKR(Cn))

C.2 HASH algorithm based on HMAC

 Algorithm parameter

According to FIPS specification, HMAC algorithm uses SHA-1 algorithm to

generate HAMC.

Table C.2 Description of HMAC Algorithm Parameter

ipad Pad the byte string, the content is: repeat padding 64 times of the 8-bit byte 0x36

opad Pad the byte string, the content is: repeat padding 64 times of the 8-bit byte 0x5c

text Input data whose MAC needs to be calculated, excluding the padded byte string

K MAC key

t Generated MAC byte length

Hash
secure
Use key K to encrypt M
HASH
algorithm

DK(C) See FIPS 180-3

 Algorithm parameter

Use the following formula to calculate MAC value of data text:

MAC(text)t = HMAC(K, text)t = Hash ((K0⊕opad) || Hash ((K0⊕ipad) || text) )

Detailed description is as follows:

1. If K = 64, make K0 = K. Go to Step 4;

2. If K> 64, make K0 = Hash (K). Go to Step 4;

3. If K <64, pad 0x00 byte at the end of K, and generate 64-byte K0;

4. XOR operation of K0 and ipad produces a 64-byte string: K0⊕ipad;

5. Add text to the end of string K0⊕ipad generated from Step 4: (K0⊕ipad)||text;

6. Apply Hash algorithm to string generated from step 5 and get: Hash((K0⊕
ipad)||text);

UPI Confidential 113

Part V IC Card Internet Multipurpose Terminal Specification

7. XOR operation of K0and opad: K0⊕opad;

8. Add the result generated from step 6 to the end of the result from step 7:

(K0⊕ opad) | | Hash ((K0⊕ ipad) | | text)

9. Apply Hash algorithm to the result of step 8 and get:

Hash((K0⊕ opad) | | Hash((K0⊕ ipad) | | text)).

10. Hash value generated from Step 9 is taken as MAC value.

UPI Confidential 114

Part V IC Card Internet Multipurpose Terminal Specification

Appendix D
(Informative Appendix)
Certificate Format Table

Table 9 Certificate Format Table

Certificate Field
Meaning Explanation Segment Content (Example)
Name

Version Certificate version

Version V3
number number

Serial Determined by issuing

Serial Number Certificate Serial Number
number institution

Signature In accordance with

Signature In accordance with national standards
Algorithm national standards

C Country CN
Issuer Issuer
O Unit Issuer institution

Validity
Validity X months
expiration

Start date of
notBefore Date of issuance YYMMDD + HHMMSS
validity

End date of
notAfter Start date + x months YYMMDD + HHMMSS
validity

C Country CN

O Institution Issuing institution

Institution
OU XX bank or XX institution
name
Subject Subject

Certificate
OU Includes all 4 integer types
Type

Device name, domain name or IP,

CN General name
manufacturer name etc.

UPI Confidential 115

Part V IC Card Internet Multipurpose Terminal Specification

Certificate Field
Meaning Explanation Segment Content (Example)
Name

Includes encryption
Subject Public Uses RSA algorithm; key length greater or
Public Key algorithm and public
Key Information equal to 1024
key value

Extension
Extensions
field

Digital Signature,

Key usage
KeyUsage Key extension keyEncipherment;
method

Other required algorithms

If key usage method is limited to indicate

Extension
extKeyUsage usage only then the label is crucial; otherwise
key usage
the label is not.

Basic CA certificate label is crucial, actual terminal

basicConstraints
constraints certificate label is not crucial

SubjectKeyIdentifi Subject Key

Key extension Hash value of user certificate public key
er Identifier

Authority
AuthorityKeyIdent
Key Key extension Authority certificate public key hash value
ifier
Identifier

[1]CRL Distribution Point

Distribution Point Name:
Full Name:
Directory Address:
CRL DN…
CRLDistributionP
Distribution Key extension
oints
Points [2]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://ldap.xxca.org.cn/crl/
caxcrlxx.crl

UPI Confidential 116

Part V IC Card Internet Multipurpose Terminal Specification

Certificate Field
Meaning Explanation Segment Content (Example)
Name

Algorithm used to
SignatureAlgorith Signature electronically sign
m Algorithm certificate basic
information

Issuer electronic
Issuer
Issuer’s Signature signature of certificate Electronic signature value
Signature
basic information

UPI Confidential 117

Part V IC Card Internet Multipurpose Terminal Specification

Appendix E
(Informative Appendix)
Secure Channel Establishment Procedure Example

The host sends a GET CLIENT HELLO command to the terminal; terminal
responds with a 1-byte algorithm identifier and 32-byte random number;

The host uses the 1-byte algorithm identifier sent by the terminal to acquire the list
of supported symmetrical and assymetrical algorithms; this identifer is transmitted
to the processing center which uses the list to determine if the signature algorithm
and symmetrical algorithm used by the processing center trusted server certificate
is supported;

The random number is used after this point for verification purposes and generation
of authentication information.

The server then sends the trusted server certificate, algorithm identifier, and
32-byte random number to the terminal.

At this point, the terminal should first inspect the legality of the trusted server
certificate using HASH SERVER CERTIFICATE and VERIFY SERVER
CERTIFICATE commands;

The HASH SERVER CERTIFICATE command is used to conduct a hash

operation on the main body of the trusted server certificate and then save the result
of the hash operation within the terminal;

The VERIFY SERVER CERTIFICATE command use Root CA certificate to

decrypts the trusted server certificate and then compares it to the hash result of the
HASH SERVER CERTIFICATE command; this determines the legality of the
trusted server certificate;

Once the legality of the trusted server certificate has been determined terminal will
generate a 48-byte random number as a shared main key and then encrypt this key
using the trusted server certificate; the EXPORT MASTERKEY command will
then complete the encryption of the shared main key by the trusted server
certificate and return a 128-byte ciphertext;

The terminal certificate will then be read using the READ CERTIFICATE and
GET CERT RESPONSE commands; because certificates are larger than the
maximum transmission bytes admissible by CCID, making it impossible to read a
terminal certificate using a single command. The GET CERT RESPONSE
command can be used multiple times until the entire terminal certificate has been
read; for command details, refer to A.3;

To authenticate the terminal the processing center must verify the terminal private
key signature. The terminal will use the CLIENT SIGN command to conduct a
hash operation and signature of the connection value of the random number inputed

UPI Confidential 118

Part V IC Card Internet Multipurpose Terminal Specification

from the terminal and the terminal’s own random number, then return the 128-byte
signature data;

The terminal then sends the 128-byte shared main key ciphertext, terminal
certificate, and 128-byte signature value to the processing center.

Ths server uses the root certificate to verify the legality of the terminal certificate;
if successful then it will verify the signature value with the terminal public key and
thus verify the legality of the terminal itself; once the terminal has been
authenticated the trusted server certificate private key will be used to decrypt the
shared main key ciphertext and acquire the 48-byte shared main key; here, a server
authentication completion message must be sent; so as to guard against this
message being fraudulent it must be completed using an HMAC calculation; the
first 16 values of the 48-byte shared main key serves as the key with the data
consisting of ASCII“SERVER”, the terminal random number, the processing center
random number, the trusted server certificate hash value, the terminal certificate
hash value, the signature value sent from terminal to the server, and the shared
main key ciphertext;

The processing center sends the handshake completion information—the HMAC

value calculated by the processing center—and sends it to the terminal.

Once the terminal has received the HMAC it will use the HMAC (P2=0x01)
command to verify the HMAC value produced by the server during handshake
completition. Then the HMAC (P2=0x00) command will be used to return the
HMAC value to the terminal; this process is the same as used by the processing
center to generate an HMAC value, but changes ASCII“SERVER” to “CLIENT”;

The processing center sends the handshake completion information—the HMAC

value calculated by the processing center—and sends it to the terminal;

The terminal will then use the HMAC (P2=0x02) command to generate a dialogue
key; this dialogue key will only be stored within the terminal and will not be
exported; in the case of a power failure this key must be regenerated.

The processing center then verifies the terminal handshake completion information
and generates a session key.

Finally, both the processing center and the termnal will have a 48-byte shared main
key and a 20-byte session key; the first 16 bytes of the 20-byte session key acts as
the encryption key while the last 16-bytes act as the key used to calculate MAC.

UPI Confidential 119

Part V IC Card Internet Multipurpose Terminal Specification

Appendix F
(Normative Referrence)
Requirements for Terminal Support of Dual Processing Centers

The terminal should be capable of processing transactions with two different

processing center systems. Terminals can determine the unique identity of a
processing center using the distinguished name (DN) of that processing center’s
trusted server certificate.

F.1 Terminal Processing Procedures

When a terminal connects to a processing center and conducts and online

transaction, the terminal must determine the identity of the connected processing
center and conduct all necessary terminal functions; this includes terminal
transaction application processes and choosing of appropriate channel PIN
encryption certificates and encrypted PIN data.

Transaction
Initialization

Establishment of
secure channel

Assessment of
Channel Certificate A channel certificate Channel Certificate B
CN

Processing Center A Processing Center B

Application Procedures Application Procedures

Transaction Complete

Chart F.1 - Terminal Processing Procedures

1) Cardholder begins online transaction;

2) Processing center and terminal establish secure channel;

3) The terminal uses the trusted server certificate general name content of the
DN field retrieved during the establishment of the secure channel to verify

UPI Confidential 120

Part V IC Card Internet Multipurpose Terminal Specification

the identity of the processing center. If the trusted server certificate is for
processing center A, then the terminal will enter into processing center A
terminal application procedures; if the trusted server certificate is for
processing center B, then the terminal will enter into processing center B
terminal application procedures;

4) The terminal will then execute processing center terminal applications in

accordance with step 3 (including usage of PIN encryption certificates,
reversal mechanisms, display information prompts, and all other mechanisms
appropriate for that processing center);

5) Transaction procedures are completed and the transaction ends.

F.2 DN Rules

See Table D. 1 for DN characteristics and meanings.

Table F.1 DN Characteristics

DN
Meaning Remarks
Characteristics

C Company Country Name C = CN

O Certificate Issuing Institution Example: CFCA

OU Certificate Application Institution Terminal Device Manufacturer

OU Certificate Type Example: UP Reader

1、 Standard name main entity of entity institution

Certificate Holder (Terminal
CN
Device) General Name
certificate
2、 Certificate main device domain name or IP of
server certificate
3、 Terminal device code of terminal certificate

F.3 Terminal Personalization Differences

The terminal data and certificate system of a terminal that supports dual processing
centers are the same as those used for terminals that only support a single
processing center, but the number of certificates used for terminal personalization is
very different. See Table D.1 for personalization certificate amounts.

UPI Confidential 121

Part V IC Card Internet Multipurpose Terminal Specification

Table F.2 Personalization Certificate Amounts

Terminal
Capabilities Single Processing Center
Dual Processing Center Terminal
Terminal
Certificate Type

Terminal Certificate 1 1

Root CA Certificate 1 1

PIN Encryption Certificate 1 2

Personalization not
Trusted server certificates Personalization not required
required

Note: Trusted server certificates established during the establishment of a secure

channel are sent to the terminal by the processing center for verification.

UPI Confidential 122

Part V IC Card Internet Multipurpose Terminal Specification

Appendix G
(Normative Appendix)
List of Command Status Code

Table 10 Terminal Command- List of Return Code

GET ELECTRONIC CASH BALANCE

MANAGE SECURE CHANNEL
Default Meaning of Status Code

CONFIG DISPLAY FORMAT

ENCRYPT ISO COMMAND

GET PRIMARY BALANCE

UPDATE TERMINAL PIN
READ TERMINAL INFO

DEBIT FOR PURCHASE

SET APP PARAMETERS

UPDATE CERTIFICATE

DELETE CERTIFICATE

GET PBOC TAG VALUE

READ NON-PBOC PIN

CREDIT FOR LOAD

ADD CERTIFICATE
MANAGE BUZZER

MANAGE LED
SW1

SW2

Normal
61 XX
processing

No information
62 00
provided

Returned data
62 81
may be wrong

Length of file <

62 82
Le

Selected file
62 83 √ √ √ √ √ √ √ √ √
invalid

FCI format does

62 84 not match that
specified by P2

Authentication
63 00 √ √ √ √ √ √ √ √ √
failure

Verification fails,
63 CX X attempts
remaining

Status mark bit is

64 00
unchanged

65 81 Memory error √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √

UPI Confidential 123

Part V IC Card Internet Multipurpose Terminal Specification

GET ELECTRONIC CASH BALANCE

MANAGE SECURE CHANNEL
Default Meaning of Status Code

CONFIG DISPLAY FORMAT

ENCRYPT ISO COMMAND

GET PRIMARY BALANCE

UPDATE TERMINAL PIN
READ TERMINAL INFO

DEBIT FOR PURCHASE

SET APP PARAMETERS

UPDATE CERTIFICATE

DELETE CERTIFICATE

GET PBOC TAG VALUE

READ NON-PBOC PIN

CREDIT FOR LOAD

ADD CERTIFICATE
MANAGE BUZZER

MANAGE LED
SW1

SW2

67 00 Length error √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √

Do not support
68 82
secure message

69 00 Unable to process √ √ √ √ √ √ √ √ √ √ √ √ √ √ √

Command
69 01 unaccepted
(invalid)

Command
69 81 incompatible
with file structure

Security status is
69 82 √ √ √ √ √ √ √ √ √ √ √
not met

Verification
69 83 √ √ √ √ √ √ √ √ √ √ √
method lockup

Reference data
69 84
invalid

The application
69 85 conditions are not √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
met

Does not meet

the conditions for
69 86 command
execution
(non-current EF)

Security message
69 87 √ √ √ √ √ √ √ √ √ √ √
data missing

UPI Confidential 124

Part V IC Card Internet Multipurpose Terminal Specification

GET ELECTRONIC CASH BALANCE

MANAGE SECURE CHANNEL
Default Meaning of Status Code

CONFIG DISPLAY FORMAT

ENCRYPT ISO COMMAND

GET PRIMARY BALANCE

UPDATE TERMINAL PIN
READ TERMINAL INFO

DEBIT FOR PURCHASE

SET APP PARAMETERS

UPDATE CERTIFICATE

DELETE CERTIFICATE

GET PBOC TAG VALUE

READ NON-PBOC PIN

CREDIT FOR LOAD

ADD CERTIFICATE
MANAGE BUZZER

MANAGE LED
SW1

SW2

Data objects of
security
69 88
information is
incorrect

Data field
6A 80 parameter is
incorrect

Functions not
6A 81 √ √ √ √ √ √ √ √ √ √ √
support

6A 82 File not found

6A 83 No records found

No enough
6A 84 storage space in
file

P1, P2 parameter
6A 86 √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
is incorrect

Reference data
6A 88
not found

Parameter error
6B 00 (offset address
outside the EF)

Length error (Le

6C XX error; 'XX' is the
actual length)

6F 00 Invalid data √ √ √ √ √ √ √ √ √ √ √ √ √ √ √

UPI Confidential 125

Part V IC Card Internet Multipurpose Terminal Specification

GET ELECTRONIC CASH BALANCE

MANAGE SECURE CHANNEL
Default Meaning of Status Code

CONFIG DISPLAY FORMAT

ENCRYPT ISO COMMAND

GET PRIMARY BALANCE

UPDATE TERMINAL PIN
READ TERMINAL INFO

DEBIT FOR PURCHASE

SET APP PARAMETERS

UPDATE CERTIFICATE

DELETE CERTIFICATE

GET PBOC TAG VALUE

READ NON-PBOC PIN

CREDIT FOR LOAD

ADD CERTIFICATE
MANAGE BUZZER

MANAGE LED
SW1

SW2

PIN code not

6F 01 √ √ √ √ √ √ √ √
entered

Successful
90 00 execution, no √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
error

Insufficient
93 01
amount

Insufficient
93 02
amount

Application
93 03 permanently √ √ √ √ √ √ √ √ √ √ √
locked

Insufficient
94 01 √
amount

Transaction
counter reaches
94 02
the maximum
value

Key index not

94 03 √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
support

Required MAC is
94 06
not usable

Types not
6E 00 supported: CLA √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
error

UPI Confidential 126

 SW1

66
66
66
66
66
6D
SW2

04
03
02
01
00
00

UPI Confidential
received

incorrect
character
Default Meaning of Status Code

Receiving

Checksum

has no FCI
not supported

under current DF
response time out

is

Current DF file

No SF or KF
Parity error of
Instruction code
√
READ TERMINAL INFO

√
MANAGE BUZZER
√
MANAGE LED
√

CONFIG DISPLAY FORMAT

√

ADD CERTIFICATE
√

UPDATE CERTIFICATE
√

DELETE CERTIFICATE
√

ENCRYPT ISO COMMAND

Part V IC Card Internet Multipurpose Terminal Specification

MANAGE SECURE CHANNEL

√

READ NON-PBOC PIN

√

UPDATE TERMINAL PIN

√

CREDIT FOR LOAD

√

DEBIT FOR PURCHASE

√

GET ELECTRONIC CASH BALANCE

√

GET PRIMARY BALANCE

√

SET APP PARAMETERS

√

GET PBOC TAG VALUE

127
Part V IC Card Internet Multipurpose Terminal Specification

Appendix H
(Normative Appendix)
Terminal Version Number Defination And Upgrade Rules

H.1 Version Number Defination

Terminal firmware version number is formatted as follow:

A.B.C.D

And, A\B\C\D are all decimal based, range 0-99, and code is ASCII character, e.g.:
‘1.1.1.1’.

H.2 Upgrade Rule

If terminal firmware version is Ac, Bc, Dc, Dc, and firmware version on firmware
upgrade platform is As.Bs.Cs.Ds, then upgrade rules should be:

1) If As>Ac, then upgrade, if As<Ac, then do not upgrade, if As=Ac, go to

step 2)

2) If Bs>Bc, then upgrade, if As<Ac, then do not upgrade, if Bs=Bc, go to step

3)

3) If Cs>Cc, then upgrade, if As<Ac, then do not upgrade, if Cs=Cc, go to step

4)

4) If Ds>Dc, then upgrade, if As<Ac, then do not upgrade.

Notes: 1) all comparision above are based on number, but not string; e.g.: if based
on string comparison ‘9’ is greater than ‘10’, but if based on number comparison,
10 is greater than 9, and this specification is based on number comparison.

UPI Confidential 128

Part V IC Card Internet Multipurpose Terminal Specification

Appendix I
(Normative Appendix)
Certificate Update Flow

I.1 CA Certificate Update Flow

After secure channel established, MiniPay transaction processing system will use
terminal CA certificate serial number to decide whether update or not, detailed
update flow are defined as follow:

MiniPay Transaction
System MiniPay

1. Setup secure tunnel

2. Get device information

3. Return CA certificate SN

4. Evalute if need update

5. Distribute CA certificate file

6. Return execute result

7. Finish sending data

8. Return update result

Figure I.1 CA certificate udpate flow

Steps:

1) After secure channel established, before online transcation starts, MiniPay

system sends command 7E10 to get terminal information;

2) MiniPay system gets CA certificate serial number from terminal information;

3) MiniPay system compares CA certificate serial number, and evaluates certificate

validation date;

4) If CA certificate already expired, or out of supported range, then new CA

certificate will be distributed to terminal.

UPI Confidential 129

Part V IC Card Internet Multipurpose Terminal Specification

I.2 PIN Encryption Certificate Update Flow

After secure channel established, MiniPay system will use terminal PIN public key
certificate serial number to decide if need update, detailed flow as below:

MiniPay Transaction
System MiniPay

1. Setup secure tunnel

2. Return PIN public key certificate SN and CA certificate SN

3. Evalute if need update

5. Distribute PIN certificate data

6. Return execute result

7. Finish sending data

8. Return update result

Figure I.2 PIN certificate udpate flow

Steps:

1) After secure channel established, before online transcation starts, MiniPay

system send command 7E10 to get terminal information;

2) MiniPay system gets PIN certificate serial number and CA certificate serial
number from terminal information;

3) MiniPay system uses PIN certificate serial number and CA certificate serial
number to evaluate if terminal needs to update PIN public key and will choose
update PIN certificate file, CA certificate and PIN certificate which match each
other. MiniPay system uses CA certificate serial number to choose
corresponding PIN public key certificate file;

4) MiniPay system compares selected PIN public key certificate file serial number
and PIN certificate serial number returned by terminal, it will distribute new
PIN public key certificate if they are different, or continue if they are the same;

5) After data is received, terminal uses CA certificate to validate new PIN public
key certificate. Terminal will remove old certificate file if the validation

UPI Confidential 130

Part V IC Card Internet Multipurpose Terminal Specification

succeeds, and new PIN certificate encryption will be used in the following
transactions.

I.3 Terminal Certificate Update Flow

After secure channel established, MiniPay system uses terminal returned terminal
certificate validation date to decide if terminal certificate needs update. When
update terminal certificate, MiniPay system will check if CA root certificate needs
update. If yes, the system will update CA root certificate, then update terminal
certificate. CA root certificate update and terminal certificate update need happen at
the same time.

The detailed processing flows refer to below diagram:

RA System MiniPay Processing System Control MiniPay

1.Secure Tunnel Established

2. Get device information

3.Transfer command

4.Return device information

5.Transfer returned data

6.Evaluate if need update terminal certificate

7.Request to generate P10 certificate

8.Request to generate P10

9.Return P10

10.Transfer P10

11.P10 request certificate

12.Return two code

13.Request certificate

14.Return new certificate file

15.Distribute new certificate file 16.Transfer certificate file

18.Return update results 17.Validate certificate file

19.Return update results

Figure I.3 Terminal certificate update flow

Steps:

1) After secure channel established, MiniPay processing system requests terminal to

update terminal certificate

UPI Confidential 131

Part V IC Card Internet Multipurpose Terminal Specification

2) Terminal generates new public/private key pairs, format PKCS#10 certificate

request file

3) Terminal returns PKCS#10 file

4) MiniPay processing system links RA system to request two code

5) RA system returns two code

6) MiniPay processing system uses two code, downloads public key certificate

7) RA system retursn new publich key certificate file

8) Server retruns new publich key certificate file, and use scontrol to transfer to
terminal

9) Terminal validates new public key certificate signature, if success then deletes
old terminal certificate file and private key file, complete update. During
terminal update certificate process, if update failed, then terminal will save old
terminal certificate and private key, until update success, then delete old
terminal certifidate and private key file.

I.4 Channel Certificate Configuration Reqirement

In order to adapt terminal devices with different CA certificate length, SecurePay

gateway server will use ‘7E25’ command to identify the certificate type supported
by terminal, then choose proper length channel certificate to communication.
Detailed process refers to below diagram:

SecurePay
MiniPay
Gateway
1.Get device information

2. Return supported RA certficate type

3. Select corresponding lenght channel certificate file

4. Return authorization result

Figure I.4 Channel certificate self-adjust processing flow

Steps:

UPI Confidential 132

Part V IC Card Internet Multipurpose Terminal Specification

1) SecurePay gateway uses 7E25 command to get the CA certificate type supported
by terminal

2) SecurePay gateway checks terminal CA certificate type, and chooses

corresponding channel certificate to authenticate the device at the server side.

3) The Device end configures a suite of CA certificate, which is used to

authenticate the channel certificate, in order to accomplish dual direction
authentication between channel server and terminal certificate.

UPI Confidential 133

Part V IC Card Internet Multipurpose Terminal Specification

Appendix J
(Informative Appendix)
Transaction Type

Table J.1 Transaction Type Defination

Value Transaction Type
0x00 Online Purchase
0x60 Recharge
0x31 PAN balance inquery
0x40 Remittance
0x47 Credit card repayment

UPI Confidential 134

Part V IC Card Internet Multipurpose Terminal Specification

Appendix K
(Informative Appendix)
Platform Access And Communicate Interface Code

Table K.1. Platform Access Code

Platform Access (7E25 P1) 7E25 P1 code
windows 00
mac OS 01
windows 10
windows Pad 11
mac OS 12
iOS iPad 13
iOS iPhone 14
Android Pad 15
Android Phone 16
Set Top Box 02
Others 03(Linux)

Table K.2. Communication Interface Code

Transaction Communication Interface Type Interface Type Code
USB 00
Acoustic 01
Bluetooth 02
APPLET 03
NFC 04
Set Top Box 05
Others 06

UPI Confidential 135