JCB IC Card Specification

Version 2.0 April, 2008

2008 JCB Co., Ltd. All rights reserved. All rights regarding this documentation are reserved by JCB Co., Ltd. (JCB). This documentation contains confidential and exclusive information, patents, copyrights, trademarks, trade secrets, know-how or other intellectual property rights, or any other rights of JCB and/or JCB International Co., Ltd. (JCBI). You shall accept and agree to all of the terms and conditions herein before viewing, downloading or otherwise using all or any part of this documentation (written, graphics or otherwise) appearing whether in whole or in part, regardless of form. JCBI is authorized to conduct JCBs business outside Japan, and the word of JCB in this documentation can be construed JCB and/or JCBI in each context. You are prohibited from copying for any third party, distributing, assigning, lending, displaying, publishing or disclosing or modifying (including but not limited to translating), all or any part of this documentation (written, graphics or otherwise) appearing whether in whole or in part, regardless of form, without the prior written permission of JCB. Certain parts of this documentation are produced by referring to documentations of EMVCo, LLC (EMVCo) and this documentation may contain any information regarding patents, copyrights, trademarks, trade secrets, know-how or other intellectual property rights, or any other rights of any third party including EMVCo. Regardless of such reference, JCB makes no representation, warranty or guarantee expressly nor impliedly whether all or any part of this documentation (written, graphics or otherwise) appearing whether in whole or in part, regardless of form, does or does not violate, infringe or otherwise use the information, patents, copyrights, trademarks, trade secrets, know-how or other intellectual property rights, or any other rights of third parties including EMVCo. You shall be solely responsible for determining whether your activities require license or permission from third parties including EMVCo. JCB shall not be liable for your or any third partys infringement of any intellectual property rights or any other rights of any third parties including EMVCo. While JCB uses reasonable efforts to include accurate and up-to-date information in this documentation, JCB makes no representation, warranty or guarantee expressly nor impliedly regarding the accuracy or finality of this documentation (written, graphics or otherwise) appearing whether in whole or in part, regardless of form and JCB shall not be liable for any product or service developed or produced in compliance with this documentation. JCB shall assume no liability for any typographical or other errors or omissions in the content of this documentation (written, graphics or otherwise) appearing whether in whole or in part, regardless of form. This documentation may contain links to other sites. JCB is not responsible for the content or practices of such sites. To the extent permitted by applicable law, in no event JCB, its officers, employees, affiliates, agents, or contractors, shall be liable to you or any third parties for any damages direct or indirect consequential, incidental, or punitive damages arising from the use of or inability to use this documentation, including without limitation, damages for loss of profit, business interruption, loss of information, damages arising from third partys claim, even if JCB has been advised of the possibility of such damages.

JCB IC Card Specification Revision History The revision histories to the version in April 2002 are as follows.
Item number 1 2 3 Date of revision Chapter Contents of revision

Apr, 2008 Apr, 2008 Apr, 2008 Apr, 2008

All All 1.4.3(1) 1.5 Table1-1 1.6 4.1.3 5.9.3.1.2 4.2.6.2 4.2.7.2 5.5.2 5.6.2 Table 5-18 5.9.2 Table 5-27 5.12.2 Table 5-44 5.9.3.1.1 Table 5-37 5.12.3.2.1 Table 5-49 5.10.1 Table 5-41 Annex A Annex B

Updated JCB specification change information (Release version in June, 2006). Changed the reference specifications to EMV4.1. part of EMV

Changed JCB Terminal Specification Version 2.0 to JCB Terminal Requirements Version 1.0. Deleted the Application Authorisation Referral (AAR). Added the Recommended requirement for the PUT DATA/UPDATE RECORD command. Fixed Application Version Number value. Changed the Application Default Action (ADA) data to Mandatory.

5 6

Apr, 2008 Apr, 2008 Apr, 2008

Apr, 2008
8

Clarified the requirement for PIN Verification Not Performed Checking.

Apr, 2008
9

Added JCB specification Annex (Release version in March, 2004).

10 11

JCB IC Card Specification

Contents

Table of Contents
1 Introduction .................................................................................................................1-1 1.1 Objective .....................................................................................................1-1 1.2 Target Audience and Scope ........................................................................1-1 1.3 Structure......................................................................................................1-1 1.4 Related Materials ........................................................................................1-2 1.4.1 ISO Materials ..............................................................................................1-2 1.4.2 EMV Materials............................................................................................1-2 1.4.3 JCB Materials..............................................................................................1-3 1.5 Definition of Terms.....................................................................................1-3 1.6 Abbreviations............................................................................................1-12 Basic Requirements .......................................................................................................2-1 2.1 IC Card Requirements.................................................................................2-1 2.1.1 Magnetic Stripe Encoding and Embossing .................................................2-1 2.1.2 Electromechanical Characteristics, Logical Interface and Transmission Protocols .....................................................................................................2-1 2.2 Application Status.......................................................................................2-2 2.3 Application ID and Version Number..........................................................2-2 File Structure and Data Requirements ...........................................................................3-1 3.1 File Structure...............................................................................................3-1 3.2 Data .............................................................................................................3-2 3.2.1 Data Retrievable with GET DATA Command ............................................3-2 3.2.2 Data Retrievable with GET PROCESSING OPTIONS Command............3-2 3.2.3 Data Updatable with Issuer Script Commands ...........................................3-2 Command Requirements................................................................................................4-1 4.1 Transaction Commands ..............................................................................4-1 4.1.1 Supporting Conditions ................................................................................4-1 4.1.2 EXTERNAL AUTHENTICATE Command ...............................................4-2 4.1.3 GENERATE APPLICATION CRYPTOGRAM Command .......................4-2 4.1.4 GET CHALLENGE Command ..................................................................4-3 4.1.5 GET DATA Command ................................................................................4-3 4.1.6 GET PROCESSING OPTIONS Command................................................4-3 4.1.7 INTERNAL AUTHENTICATE Command ................................................4-3 4.1.8 READ RECORD Command.......................................................................4-3 4.1.9 SELECT Command ....................................................................................4-3 4.1.10 VERIFY Command.................................................................................4-3 4.2 Issuer Script Commands .............................................................................4-4 4.2.1 Supporting Conditions ................................................................................4-4 4.2.2 APPLICATION BLOCK Command...........................................................4-4 4.2.3 APPLICATION UNBLOCK Command.....................................................4-5 4.2.4 PIN CHANGE/UNBLOCK Command ......................................................4-5 4.2.5 CARD BLOCK Command .........................................................................4-5

JCB Confidential

April 2008

JCB IC Card Specification

Contents

4.2.6 PUT DATA Command ................................................................................4-5 4.2.7 UPDATE RECORD Command ..................................................................4-6 Functional Requirements ...............................................................................................5-1 5.1 Application Selection..................................................................................5-1 5.1.1 Definition and Conditions of Execution .....................................................5-1 5.1.2 Processing Data...........................................................................................5-1 5.1.3 Processing ...................................................................................................5-3 5.2 Initiate Application Processing ...................................................................5-4 5.2.1 Definition and Conditions of Execution .....................................................5-4 5.2.2 Processing Data...........................................................................................5-4 5.2.3 Processing ...................................................................................................5-4 5.3 Read Application Data................................................................................5-5 5.3.1 Definition and Conditions of Execution .....................................................5-5 5.3.2 Processing Data...........................................................................................5-5 5.3.3 Processing ...................................................................................................5-5 5.4 Offline Data Authentication........................................................................5-6 5.4.1 Definition and Conditions of Execution .....................................................5-6 5.4.2 Processing Data...........................................................................................5-7 5.4.3 Processing .................................................................................................5-10 5.5 Processing Restrictions .............................................................................5-11 5.5.1 Definition and Conditions of Execution ................................................... 5-11 5.5.2 Processing Data......................................................................................... 5-11 5.5.3 Processing .................................................................................................5-12 5.6 Cardholder Verification ............................................................................5-13 5.6.1 Definition and Conditions of Execution ...................................................5-13 5.6.2 Processing Data.........................................................................................5-14 5.6.3 Processing .................................................................................................5-15 5.7 Terminal Risk Management......................................................................5-17 5.7.1 Definition and Conditions of Execution ...................................................5-17 5.7.2 Processing Data.........................................................................................5-17 5.7.3 Processing .................................................................................................5-18 5.8 Terminal Action Analysis .........................................................................5-19 5.8.1 Definition and Conditions of Execution ...................................................5-19 5.8.2 Processing Data.........................................................................................5-19 5.8.3 Processing .................................................................................................5-19 5.9 Card Action Analysis................................................................................5-20 5.9.1 Definition and Conditions of Execution ...................................................5-20 5.9.2 Processing Data.........................................................................................5-24 5.9.3 Processing .................................................................................................5-29 5.10 Online Processing .....................................................................................5-42 5.10.1 Definition and Conditions of Execution ...............................................5-42 5.10.2 Processing Data.....................................................................................5-42 5.10.3 Processing .............................................................................................5-43

JCB Confidential

ii

April 2008

JCB IC Card Specification

Contents

Issuer Script ..............................................................................................5-44 5.11.1 Definition and Conditions of Execution ...............................................5-44 5.11.2 Processing Data.....................................................................................5-44 5.11.3 Processing .............................................................................................5-44 5.12 Completion................................................................................................5-45 5.12.1 Definition and Conditions of Execution ...............................................5-45 5.12.2 Processing Data.....................................................................................5-46 5.12.3 Processing .............................................................................................5-47 6 Security Requirements...................................................................................................6-1 6.1 Security Requirements Using Asymmetric Algorithm ...............................6-1 6.1.1 Certification Authority Service ...................................................................6-1 6.1.2 Processing ...................................................................................................6-1 6.2 Security Requirements Using Symmetric Algorithm .................................6-2 6.2.1 Types of Algorithm .....................................................................................6-2 6.2.2 Definition of Encryption Keys....................................................................6-2 6.2.3 Definition of Cryptogram Version Number ................................................6-3 6.2.4 Key Derivation............................................................................................6-4 6.2.5 AC Generation ............................................................................................6-7 6.2.6 ARPC Generation .......................................................................................6-8 6.2.7 Secure Messaging .......................................................................................6-9 Annex A. JCB Proprietary Data List.......................................................................... A-1 Annex B. Transaction Flow........................................................................................ B-1

5.11

JCB Confidential

iii

April 2008

JCB IC Card Specification

1. Introduction

Introduction
This chapter describes the objective, target audience, scope and structure of this specification, related materials, definitions of terms and abbreviations.

1.1

Objective
This specification contains the requirements for IC Cards. The purpose of this specification is: (1) To define the JCB proprietary requirements for developing the IC Cards conforming to EMV4.1. (2) To describe the requirements for IC Cards that ensure proper and mutually secure operation of Terminals and IC Cards.

1.2

Target Audience and Scope

The target audience of this specification is the JCB partners and parties involved in the issuance of IC Cards. It is presumed that IC Cards conforming to this specification shall conform to all applicable areas of EMV4.1. The scope of this specification is limited to the minimum additions and restrictions that have been made relative to EMV4.1 in order to define JCB proprietary requirements regarding new items that emerge with the migration of current magnetic stripe cards to IC Cards.

1.3

Structure
Chapter 1 Introduction This chapter describes the objective, target audience, scope and structure of this specification, related materials, definitions of terms and abbreviations. Chapter 2 Basic Requirements This chapter defines hardware requirements such as magnetic stripe encoding, embossing, and electromechanical characteristics. Software requirements such as the implementation requirements of the IC Card are defined as well. Chapter 3 File Structure and Data Requirements This chapter defines the file structure of the IC Card. Data supported and the corresponding update methods are defined, as well.

JCB Confidential

1-1

April 2008

JCB IC Card Specification

1. Introduction

Chapter 4

Command Requirements

This chapter defines transaction commands and Issuer Script commands supported by cards. Chapter 5 Functional Requirements This chapter shows definitions, conditions of execution, processing data and processing regarding functions supported by IC Cards. Chapter 6 Security Requirements This chapter defines security requirements for asymmetrical and symmetrical algorithms. Annex A Annex B JCB Proprietary Data List Transaction Flow This Annex shows JCB Proprietary Data List. This Annex shows sample functional processing prescribed by the credit application requirements.

1.4
1.4.1

Related Materials
ISO Materials ISO materials relating to this specification are as follows: (1) ISO/IEC 7813:1995, Identification cards - Financial transaction cards (2) ISO/IEC 7816-4:1995, Identification cards, Integrated circuit(s) cards with contacts, Part 4, inter-industry commands for interchange

1.4.2

EMV Materials EMV materials relating to this specification are as follows. The term EMV4.1 refers to the following four documents: (1) EMV4.1 Book1: EMV Integrated Circuit Card Specification for Payment Systems Book1 - Application Independent ICC to Terminal Interface Requirements Version 4.1 May, 2004 (2) EMV4.1 Book2: EMV Integrated Circuit Card Specification for Payment Systems Book2 - Security and Key Management Version 4.1 May, 2004 (3) EMV4.1 Book3: EMV Integrated Circuit Card Specification for Payment

JCB Confidential

1-2

April 2008

JCB IC Card Specification

1. Introduction

Systems Book3 - Application Specification Version 4.1 May, 2004 (4) EMV4.1 Book4: EMV Integrated Circuit Card Specification for Payment Systems Book4 - Cardholder, Attendant, and Acquirer Interface Requirements Version 4.1 May, 2004

1.4.3

JCB Materials JCB materials relating to this specification are as follows: (1) JCB Terminal Requirements Version 1.0

1.5

Definition of Terms
The terms and notations relating to this specification are defined in the Table 1-1. Alphanumeric characters (0 to 9, A to F) enclosed in single quotation marks () represent hexadecimal numbers.

JCB Confidential

1-3

April 2008

JCB IC Card Specification

1. Introduction

Table 1-1
A

Terms and Abbreviations

AAC Application Authentication Cryptogram AC Application Cryptogram ADA Application Default Action AFL Application File Locator AID Application Identifier AIP Application Interchange Profile Application Application Block Application Effective Dates Checking

An Application Cryptogram declining offline / online transactions, generated by the IC Card in response to a GENERATE AC command.

An enciphered value, generated using transaction related data, such as TC, AAC, and ARQC. It is generated by an IC Card after receiving a GENERATE AC command from an IC Terminal. Parameters set by an Issuer, used for judgment in the CAA and Completion, and showing optional functions to be performed. Data stored in an IC Card, which indicates the storage location of card data to be used in a Transaction. A code that specifies the application provider and the production type of application. Data stored in an IC Card, which indicates whether the specific functions are supported by the IC Card. The combination of a program and set of data that functions on an IC Card or an IC Terminal. An Issuer Script command which blocks a specific Application on an IC Card. One of the compatibility checks of Processing Restrictions, which confirm whether the transaction date is the same as or past the effective date of the application.

JCB Confidential

1-4

April 2008

JCB IC Card Specification

1. Introduction

Application Expiration Dates Checking Application PAN Application Primary Account Number Application Selection Application Version Number ARPC Authorisation ResPonse Cryptogram ARQC Authorisation ReQuest Cryptogram ATC Application Transaction Counter AUC Application Usage Control

One of the compatibility checks of Processing Restrictions, which confirm whether the transaction date is prior to the expiration date of the application. An account number primarily stored in an IC Card Application. When it is padded to the right with F, the padding is ignored. A process to select the application for an IC Transaction. A version number respectively assigned to an Application of both an IC Card and an IC Terminal. A cryptogram generated by an Issuer host and passed to an IC Card through the Authorisation Response message. The IC Card verifies authenticity of ARPC by executing Issuer Authentication processing. An Application Cryptogram generated by an IC Card for Transactions requesting Online Authorisation in response to a GENERATE AC Command. A counter of Transactions maintained in an IC Card.

Data stored in an IC Card which specifies the restrictions designated by an Issuer on the IC Card Application usage.

CA Certification Authority CAA Card Action Analysis

A trusted central administration, operated by JCB, which operates and maintains JCB/CA Public Key Pairs. A function of an IC Card to determine whether to approve a Transaction, decline a Transaction, or issue an Online Authorisation request, based on verification results from a Terminal and within the IC Card itself.

JCB Confidential

1-5

April 2008

JCB IC Card Specification

1. Introduction

CAAI Card Action Analysis Indicators CAASI Card Action Analysis Support Information CAC Card Action Code CAV Card Authentication Value Card Block Card Floor Limit Cardholder Cardholder Verification CDA "Combined Dynamic Data Authentication/ Application Cryptogram Generation" CID Cryptogram Information Data Completion

Data in an IC Card that records the results of the previous Transactions.

Data set in an IC Card, which specifies the supporting conditions of check items for CAA. Data set in an IC Card to determine whether to respond ARQC regardless of the CAA result, when the Terminal requests the IC Card to generate ARQC. A 3-digit security code encoded in track 1 and track 2 of the magnetic stripe of JCB Card and in Track 1 Discretionary Data and Track 2 Equivalent Data stored in J/Smart loaded onto the IC chip of JCB Card. An Issuer Script command, which blocks all Applications on an IC Card. One of the parameters set in an IC Card to indicate the maximum sum that can be processed offline in a single Transaction. An individual who presents an IC Card at the point of Transaction. The function performed to ensure that the person presenting the IC Card is the person to whom the application in the card was issued. An Offline Data Authentication in which a Terminal verifies the authenticity of an IC Card by using static application data stored in the IC Card and a random number specific to each transaction. GENERATE AC command is used to obtain dynamic signature data from the card. Data stored in an IC Card which indicates the type of Application Cryptogram returned by an IC Card in response to a GENERATE AC Command. A function of an IC Card to make the final judgment of whether to approve or decline a Transaction as a result of all the preceding processes. This function completes the Transaction.

JCB Confidential

1-6

April 2008

JCB IC Card Specification

1. Introduction

CVM Cardholder Verification Method CVM List CVR Card Verification Results

A method of Cardholder Verification, such as Offline Enciphered PIN, Offline Plaintext PIN, Online Enciphered PIN, and Signature. A list set in an IC Card, which specifies CVM supported by the card. Temporarily saved data of the card-check results for a particular transaction.

DDA Standard Dynamic Data Authentication

Offline Data Authentication, in which a Terminal verifies the authenticity of an IC Card by using static application data stored in the IC Card and a random the card. number specific to each Transaction. The INTERNAL AUTHENTICATE command is used to obtain dynamic signature data from

DES Algorithm DKI Derivation Key Index

One of the algorithms in which a symmetric key is used for encryption and decryption. An index that indicates which master key is used in AC and ARPC generation.

First GENERATE AC command

A GENERATE AC command issued by an IC Terminal to an IC Card after TAA.

GENERATE AC command

A command issued by an IC Terminal to an IC Card, which requests the IC Card to generate TC, ARQC, or AAC.

JCB Confidential

1-7

April 2008

JCB IC Card Specification

1. Introduction

IAC Issuer Action Code IC Card Integrated Circuit Card IC Card application IC Chip Integrated Circuit Chip Issuer Authentication Issuer Script

Parameters set in an IC Card by an Issuer, used for judgment in TAA. A card with an IC Chip embedded in it.

The application that functions on an IC card. an application issuer.

The application is issued by

An electronic component designed to perform processing and memory functions. A function in which an IC Card verifies whether an Authorisation Response is from a genuine Issuer or not. A function initiated by an Issuer through Online Processing for updating contents stored in Applications, and for blocking or unblocking Applications.

J/SmartTM

The JCB IC Card credit application developed according to the JCB IC Card Specification or the JCB Terminal credit application developed according to the JCB Terminal Requirements. It is also used as a general term for referring to both.

Nibble

Upper or lower 4 bits within a byte.

Master Key

A DES Key, which is managed by an Issuer, used to derive Unique Keys to generate AC, ARPC, and MAC or to encrypt command messages.

JCB Confidential

1-8

April 2008

JCB IC Card Specification

1. Introduction

Offline Data Authentication Offline Enciphered PIN Verification Offline Plaintext PIN Verification Online Enciphered PIN Verification

A function in which the authenticity of an IC Card is verified offline to protect against counterfeit fraud. One of the CVMs, in which the PIN entered by a Cardholder is enciphered at the PIN Pad and then sent to the IC Card for verification. One of the CVMs, in which the PIN entered by a Cardholder is sent unencrypted, in plaintext form, from the PIN Pad to the IC Card for verification. One of the CVMs, in which the PIN entered by a Cardholder onto the PIN Pad is enciphered and then sent to an Issuer for verification.

PIN Personal Identification Number PIN Pad Private Key Processing Restrictions

A numeric code that is used for Cardholder Verification.

A device equipped with numeric and command keys used for PIN entry. The key in an asymmetric algorithm, that is kept secret and known only to the owner. A process in which the compatibility between an IC Card and an IC Terminal Application is verified by checking the Application Version Number, Application Expiration Date, Application Effective Date, and Application Usage Control.

PSE Payment System Environment Public Key

A list of all applications stored in an IC Card, which is used in Application Selection. The key in an asymmetric algorithm that may be known by all parties.

Read Application Data

A process to retrieve data from an IC Card, which is used for the Transaction.

JCB Confidential

1-9

April 2008

JCB IC Card Specification

1. Introduction

RID Registered application provider Identifier RSA Algorithm

A code that specifies the application provider.

One of the algorithms in which an asymmetric key pair is used for encryption and decryption.

SDA Static Data Authentication Second GENERATE AC command Session Key

A type of Offline Data Authentication, in which an IC Terminal verifies the authenticity of an IC Card by using static application data stored in the IC Card. A cryptographic value stored in an IC Card. A GENERATE AC command issued by an IC Terminal to an IC Card, based on the result of online Authorisation. A DES Key, unique to a Transaction, which is derived from Unique Keys, and is used to generate AC, ARPC, and MAC or used to encrypt command messages.

TAA Terminal Action Analysis TAC Terminal Action Code TC Transaction Certificate Terminal Terminal Floor Limit

A function of an IC Terminal to determine whether to approve the Transaction, decline the Transaction, or issue an Online Authorisation request, based on the verification results in the Terminal. Parameters set in an IC Terminal, used for judgment in TAA.

An Application Cryptogram generated in response to a GENERATE AC Command by an IC Card as a result of offline or online approved Transactions. The device used to perform a financial transaction with an IC Card. One of the parameters set in an IC Terminal to indicate the maximum sum that can be processed offline in a single Transaction.

JCB Confidential

1-10

April 2008

JCB IC Card Specification

1. Introduction

Terminal Risk Management TSI Transaction Information TVR Terminal Results Verification Status

A series of checks performed by a Terminal for the purpose of risk management, including Terminal Floor Limit Checking, Random Transaction Selection, Terminal Velocity Checking, and Exception File Checking. Data stored in an IC Terminal that indicates whether or not the Terminal performed the specific processing functions or not. Data which records the result of Offline Data Authentication, Processing Restrictions, Cardholder Verification, and Terminal Risk Management performed by a Terminal.

Unique Key

A DES Key, unique to each card, which is derived from the Master Keys, and is used to generate AC, ARPC, and MAC or used to encrypt command messages.

JCB Confidential

1-11

April 2008

JCB IC Card Specification

1. Introduction

1.6

Abbreviations
AAC AC ADA ADF AFL AID AIP APDU ARC ARPC ARQC ATC AUC CA CAAI CAASI CAC CAV CDA CDOL1 CDOL2 CID CLA CVM CVR DDA DDF DDOL DES DF DKI FCI IAC IC ICC IEC INS ISO Application Authentication Cryptogram Application Cryptogram Application Default Action Application Definition File Application File Locator Application Identifier Application Interchange Profile Application Protocol Data Unit Authorisation Response Code Authorisation Response Cryptogram Authorisation Request Cryptogram Application Transaction Counter Application Usage Control Certification Authority Card Action Analysis Indicators Card Action Analysis Support Information Card Action Code Card Authentication Value Combined Dynamic Data Authentication / Application Cryptogram Generation Card Risk Management Data Object List 1 Card Risk Management Data Object List 2 Cryptogram Information Data Class Byte of the Command Message Cardholder Verification Method Card Verification Results Standard Dynamic Data Authentication Directory Definition File Dynamic Data Authentication Data Object List Data Encryption Standard Dedicated File Derivation Key Index File Control Information Issuer Action Code Integrated Circuit Integrated Circuit Card International Electrotechnical Commission Instruction Byte of the Command Message International Organisation for Standardisation

JCB Confidential

1-12

April 2008

JCB IC Card Specification

1. Introduction

Lc Le LRC MAC P1 P2 PAN PDOL PIN PSE PIX POS RFU RID RSA SDA SFI SW1 SW2 TAC TC TLV TSI TVR XOR

Exact Length of Data Sent by the Terminal Application Layer in a Case 3 or 4 Command Maximum Length of Data Expected by the Terminal Application Layer in Response to a Case2 or 4 Command Longitudinal Redundancy Check Message Authentication Code Parameter 1 Parameter 2 Primary Account Number Processing Options Data Object List Personal Identification Number Payment System Environment Proprietary Application Identifier Extension Point-of-Service Reserved for Future Use Registered Application Provider Identifier Rivest, Shamir, Adleman Algorithm Static Data Authentication Short File Identifier Status Word 1 Status Word 2 Terminal Action Code Transaction Certificate Tag Length Value Transaction Status Information Terminal Verification Results Exclusive Or

JCB Confidential

1-13

April 2008

JCB IC Card Specification

2. Basic Requirements

Basic Requirements
This chapter defines hardware requirements such as magnetic stripe encoding, embossing, and electromechanical characteristics. Software requirements such as the implementation requirements of the IC Card are defined as well.

2.1

IC Card Requirements
An IC Card shall be equipped with a magnetic stripe and a contact IC chip conforming to EMV4.1. The hardware requirements are defined as follows:

2.1.1

Magnetic Stripe Encoding and Embossing Magnetic stripe encoding and embossing of the IC Card are defined as follows: (1) Data structures and operation methods of magnetic stripe encoding and embossing on the IC Card shall follow the rules defined separately. (2) Data encoded on the magnetic stripe shall match Track 2 Equivalent Data, Cardholder Name, and Track 1 Discretionary Data in the IC Card credit application. The Track 1 Discretionary Data is the Discretionary area of Track 1 as defined in ISO/IEC 7813. (3) Track 2 Equivalent Data and Track 1 Discretionary Data mentioned in (2) shall contain all corresponding data on the magnetic stripe, except for the start sentinel, end sentinel and LRC. However, the data in CAV in Track 1 Discretionary Data and it in Track 2 Equivalent Data may differ from the data in CAV in Track 1 and Track 2 of the magnetic stripe. (4) If an IC Card credit application resides on the card, the service code of Track 2 data shall begin with either a 2 or 6.

2.1.2

Electromechanical Characteristics, Logical Interface and Transmission Protocols The electromechanical characteristics, logical interface and transmission protocols shall conform to the definitions in Part II of EMV4.1 Book1.

JCB Confidential

2-1

April 2008

JCB IC Card Specification

2. Basic Requirements

2.2

Application Status
Two levels of status exist for an application: the normal status, in which transactions can be performed, and the blocked status, in which no transaction can be performed. Application is blocked in one of the following cases: (1) The number of failed PIN tries has exceeded the PIN Try Limit with an IC Card and the If PIN Try Limit exceeded on current transaction, block application in the ADA(2,8) is set to 1. (2) An application block has been instructed through Issuer Script. (3) An application block has been instructed by a proprietary command set by the Issuer.
NOTE: As for case (2), after successful completion of the APPLICATION BLOCK command, the IC Card must not be blocked during the current transaction. As for case (3), the Issuer is responsible for determining the processing. When an application is blocked, an IC Card shall always respond to a GENERATE AC Command with an AAC.

Application is unblocked in one of the following cases: (1) An application unblock has been instructed through Issuer Script. (2) An application unblock has been instructed by a proprietary command set by the Issuer. In order to prevent fraudulent use of the IC Card, the CARD BLOCK command defined in Part II, Section 6.5.3 of EMV4.1 Book3 may be implemented to forcibly restrict access on all IC Card applications. However, the IC Card must not be blocked during the current transaction after a successful completion of the CARD BLOCK command.

2.3

Application ID and Version Number

Application ID (AID) for Terminals conforming to this specification shall be A0000000651010. The version number for Terminals conforming to this specification shall be 2.0.

JCB Confidential

2-2

April 2008

JCB IC Card Specification

3 File Structure and Data Requirements

File Structure and Data Requirements

This chapter defines the file structure, supported data and corresponding update methods of the IC Card.

3.1

File Structure
The file structure of the IC Card shall conform to Part III, Chapter 10 of EMV4.1 Book1 and Part II, Chapter 5 of EMV4.1 Book3. As additional requirements, Table 3-1 lists the data that shall be stored in IC Cards, in the first record of the file with an SFI value of 1.
Table 3-1
Item No. 1 2 3

Data to be Stored in the First Record of the File with an SFI Value of 1
Tag 57 5F20 9F1F Data name Track 2 Equivalent Data Cardholder Name Track 1 Discretionary Data Presence Mandatory Optional Optional

Refer to Section 2.1.1 for additional requirements for data of items 1 and 3.

JCB Confidential

3-1

April 2008

JCB IC Card Specification

3 File Structure and Data Requirements

3.2

Data
The data object format and data object list (DOL) structure of the IC Card shall conform to Part III, Chapter 10 of EMV4.1 Book1 and Part II, Chapter 5 of EMV4.1 Book3. Data supported by the IC Card consist of two types: data defined in Part IV, Annex A of EMV4.1 Book3 and JCB proprietary data. JCB proprietary data is listed in Annex A. The data used by each function of the IC Card are defined in Chapter 5.

3.2.1

Data Retrievable with GET DATA Command Table 3-2 defines the data defined in Part IV, Annex A of EMV4.1 Book3 that can be retrieved with the GET DATA command, when the data exists in the IC Card. JCB proprietary data that can be retrieved with the GET DATA command is listed in Annex A.
Table 3-2
Item No. 1 2 3

Data Retrievable with GET DATA Command

Tag 9F36 9F13 9F17 Data name

ATC Last Online ATC Register PIN Try Counter

3.2.2

Data Retrievable with GET PROCESSING OPTIONS Command Table 3-3 defines the data that can be retrieved with the GET PROCESSING OPTIONS command, when the data exists in the IC Card.
Table 3-3
Item No. 1 2

Data Retrievable with GET PROCESSING OPTIONS Command

Tag 82 94 Data name

AIP AFL

3.2.3

Data Updatable with Issuer Script Commands Issuer Script commands that can update the data in the IC Card are defined as follows.
Refer to Section 4.2 for Issuer Script commands.

(1) PUT DATA (2) UPDATE RECORD

JCB Confidential

3-2

April 2008

JCB IC Card Specification

3 File Structure and Data Requirements

3.2.3.1

Data Updatable with PUT DATA Command

Table 3-4 defines the data that can be updated with the PUT DATA command, when the data exists in the IC Card. Data other than those shown in Table 3-4 shall not be updated.
Table 3-4
Item No. 1 2 3 4 5 6 7 8 9

Data Updatable with PUT DATA Command

Tag 9F57 9F58 9F59 9F5A 9F56 9F5B 9F65 9F64 9F66 Data name Upper Consecutive Domestic Offline Limit Lower Consecutive Domestic Offline Limit Upper Consecutive International Offline Limit Lower Consecutive International Offline Limit Cumulative Total Transaction Amount Limit Maximum Domestic Offline Transaction Amount Transaction Currency Conversion Table Cumulative Total Transaction Amount Upper Limit CAC

3.2.3.2

Data Updatable with UPDATE RECORD Command

Table 3-5 defines the data that can be updated with the UPDATE RECORD command, when the data exists in the IC Card. Data other than those shown in Table 3-5 shall not be updated.
Table 3-5
Item No. 1 2

Data Updatable with UPDATE RECORD Command

Tag 9F23 9F14 Data name Upper Consecutive Offline Limit Lower Consecutive Offline Limit

JCB Confidential

3-3

April 2008

JCB IC Card Specification

4. Command Requirements

4
4.1

Command Requirements
This chapter defines the requirements for commands supported by IC Cards.

Transaction Commands
Table 4-1 lists the transaction commands and the supporting conditions of these commands. If the IC Card supports the transaction commands listed in Table 4-1, they shall conform to Part III, Chapter 11 of EMV4.1 Book1 and Part II, Chapter 6 of EMV4.1 Book3. To support transaction commands other than those shown in Table 4-1, approval by JCB is required. This section defines the supporting conditions of these commands and the additional requirements not specified in Part III, Chapter 11 of EMV4.1 Book1 and Part II, Chapter 6 of EMV4.1 Book3.

4.1.1

Supporting Conditions
Table 4-1
Item No. 1 2 3 4 5 6 7 8 9

Transaction Commands and Supporting Conditions

Command name EXTERNAL AUTHENTICATE GENERATE APPLICATION CRYPTOGRAM GET CHALLENGE GET DATA GET PROCESSING OPTIONS INTERNAL AUTHENTICATE READ RECORD SELECT VERIFY Support Optional Mandatory Optional Mandatory Mandatory Optional Mandatory Mandatory Optional

If the following conditions apply, the IC Card shall support the optional commands in Table 4-1. EXTERNAL AUTHENTICATE: When Issuer Authentication is supported GET CHALLENGE: When Offline Enciphered PIN Verification is supported INTERNAL AUTHENTICATE: When DDA is supported VERIFY: When Offline PIN Verification is supported

JCB Confidential

4-1

April 2008

JCB IC Card Specification

4. Command Requirements 4.1.2 EXTERNAL AUTHENTICATE Command ARPC shall be used as the 8-byte encrypted data in the Issuer Authentication Data contained in the EXTERNAL AUTHENTICATE command message. Additionally, a 2-byte ARC shall be stored at the leftmost of the 1-8 byte area following the encrypted data.
Refer to Section 6.2.6 for the verification of ARPC.

4.1.3

GENERATE APPLICATION CRYPTOGRAM Command The IC Card can generate three types of application cryptogram: ARQC, TC and AAC.
Refer to Section 6.2.5 for AC (ARQC, TC, and AAC) generation.

Issuer Application Data included in the response message to the GENERATE AC command consists of the following mandatory data. These data shall be concatenated in the following order. (1) Length Indicator (2) DKI (3) Cryptogram Version Number (4) CVR The Length Indicator is a 1-byte data indicating the length of the data formed by concatenating (2), (3) and (4). The DKI is a 1-byte data that specifies the master key defined in Section 6.2.2. When the Issuer uses multiple master keys, this data is used to specify a master key. If this data is not used, the default value of 00 shall be used. The Cryptogram Version Number is a 1-byte data that specifies the session key generation method, AC generation method, ARPC generation method, and secure messaging method. CVR is the data that records the results of processing within the IC Card, such as Card Action Analysis and Completion. When the card responds to a GENERATE AC command that does not request CDA, these data shall be stored according to Format 1 (tag 80) defined in Part II, Section 6.5.5 of EMV4.1 Book 3. When the card responds to a GENERATE AC command that requests CDA, these data shall be stored according to Format defined in Part II, Section 6.6.1 of EMV4.1 Book2. For CDOL1 and CDOL2, which define the content of the data included in the GENERATE AC command message, refer to Sections 5.8 and 5.10, respectively.

JCB Confidential

4-2

April 2008

JCB IC Card Specification

4. Command Requirements 4.1.4 4.1.5 GET CHALLENGE Command There are no additional requirements for the GET CHALLENGE command. GET DATA Command For data that can be retrieved with the GET DATA command, refer to Section 3.2.1. 4.1.6 GET PROCESSING OPTIONS Command The data format of the response message to the GET PROCESSING OPTIONS command shall conform to Format 1 defined in Part II, Section 6.5.8 of EMV4.1 Book3. For data that can be retrieved with the GET PROCESSING OPTIONS command, refer to Section 3.2.2. For PDOL in the command message, refer to Section 5.2. 4.1.7 INTERNAL AUTHENTICATE Command The data format of the response message to the INTERNAL AUTHENTICATE command shall conform to Format 1 defined in Part II, Section 6.5.9 of EMV4.1 Book3. For DDOL, which defines the content of the data in the INTERNAL AUTHENTICATE command message, refer to Section 5.4. 4.1.8 4.1.9 4.1.10 READ RECORD Command There are no additional requirements for the READ RECORD command. SELECT Command Both 00 and 02 shall be supported as the P2 value for the APDU. VERIFY Command There are no additional requirements for the VERIFY command.

JCB Confidential

4-3

April 2008

JCB IC Card Specification

4. Command Requirements

4.2

Issuer Script Commands

Table 4-2 lists the supporting conditions for the Issuer Script commands. All commands except the PUT DATA command and UPDATE RECORD command shall conform to Part II, Chapter 6 of EMV4.1 Book3. This chapter defines the supporting conditions for all commands. For all commands except the PUT DATA command and UPDATE RECORD command, additional requirements are defined. For the PUT DATA command and UPDATE RECORD command, their command messages and response messages are defined. All commands in Table 4-2 shall include a MAC (ref: Section 6.2.7) in the command data field.

4.2.1

Supporting Conditions
Table 4-2
Item No. 1 2 3 4 5 6

Issuer Script Commands and Supporting Conditions

Command name APPLICATION BLOCK APPLICATION UNBLOCK PIN CHANGE / UNBLOCK CARD BLOCK PUT DATA UPDATE RECORD Support Optional Optional Optional Optional Optional Optional

When the Issuer has the following Issuer Script requirements, the IC Card shall support the optional commands. APPLICATION BLOCK: When blocking an application APPLICATION UNBLOCK: When unblocking an application PIN CHANGE/UNBLOCK: When changing the PIN and/or unblocking the PIN CARD BLOCK: When blocking all applications residing on the IC Card PUT DATA: When updating data defined in Section 3.2.3.1 UPDATE RECORD: When updating data defined in Section 3.2.3.2 4.2.2 APPLICATION BLOCK Command There are no additional requirements for the APPLICATION BLOCK command.

JCB Confidential

4-4

April 2008

JCB IC Card Specification

4. Command Requirements 4.2.3 APPLICATION UNBLOCK Command There are no additional requirements for the APPLICATION UNBLOCK command. 4.2.4 PIN CHANGE/UNBLOCK Command The value of P2 in the command message is defined as follows: (1) P2 = 00: Unblocks the PIN and does not change the PIN. (2) P2 = 02: Unblocks the PIN and changes the PIN.
NOTE: If P2 = 02, PIN enciphered in the method defined in Section 6.2.7 shall be included in the data field.

4.2.5 4.2.6
4.2.6.1

CARD BLOCK Command There are no additional requirements for the CARD BLOCK command. PUT DATA Command
Definition

The PUT DATA command shall conform to ISO/IEC7816-4. requirements for the PUT DATA command are defined below.

Additional

For data that can be updated with the PUT DATA command, refer to Section 3.2.3.1.
4.2.6.2 Command Message

Table 4-3 defines the command message for the PUT DATA command. The Command Data should not be encrypted.
Table 4-3
Code

PUT DATA Command Message

Value

CLA INS P1, P2 Lc Data Le

04 DA Tag of data to be updated Length of data field New value of data object and MAC None

4.2.6.3

Status Word Included in Response Message

If the command is successfully executed, the status word 9000 shall be returned in the response message.

JCB Confidential

4-5

April 2008

JCB IC Card Specification

4. Command Requirements

If the command is not executed successfully, the status word shown in Table 4-4 shall be returned in the response message.
Table 4-4
Status

Status Word for Unsuccessful Execution of PUT DATA Command

SW1 62 62 64 65 69 69 69 69 69 67 6A 6A 6A 6A SW2 00 81 00 81 82 85 86 87 88 00 80 81 84 85 Description Information not provided Part of returned data may be corrupted State of nonvolatile memory not changed Memory failure Security status not satisfied Conditions of use not satisfied Command not allowed Secure messaging data object missing Secure messaging data object invalid Wrong length of data field Incorrect parameters in data field Function not supported Insufficient memory space Lc incompatible with TLV structure

Warning

Error

4.2.7
4.2.7.1

UPDATE RECORD Command

Definition

The UPDATE RECORD command shall conform to ISO/IEC7816-4. Additional requirements for the UPDATE RECORD command are defined below. For data that can be updated with the UPDATE RECORD command, refer to Section 3.2.3.2.
4.2.7.2 Command Message

Table 4-5 defines the command message for the UPDATE RECORD command. The Command Data should not be encrypted.
Table 4-5
Code CLA INS P1 P2 Lc Data Le

UPDATE RECORD Command Message

Value

04 DC Record number to be updated Reference Control Parameter (see Table 4-6) Length of data field New value of data object and MAC None

JCB Confidential

4-6

April 2008

JCB IC Card Specification

4. Command Requirements

The structure for the reference control parameter of P2 is defined in Table 4-6.
Table 4-6
b8 X b7 X

Reference Control Parameter

b6 X b5 X b4 X b3 b2 b1 Description

SFI P1 indicates record number

4.2.7.3

Status Word Included in Response Message

If the command is successfully executed, the status word 9000 shall be returned in the response message. If the command is not executed successfully, the status word shown in Table 4-7 shall be returned in the response message.
Table 4-7
Status Status Word for Unsuccessful Execution of UPDATE RECORD Command SW1 62 62 64 65 69 69 69 69 69 67 6A 6A 6A 6A 6A SW2 00 81 00 81 81 82 86 87 88 00 81 82 83 84 85 Description Information not provided Part of returned data may be corrupted State of nonvolatile memory not changed Memory failure Command incompatible with file organization Security status not satisfied Command not allowed Secure messaging data object missing Secure messaging data object invalid Wrong length of data field Function not supported File not found Record not found Insufficient memory space Lc incompatible with TLV structure

Warning

Error

JCB Confidential

4-7

April 2008

JCB IC Card Specification

5. Functional Requirements

Functional Requirements
Regarding functions supported by the IC Card, this chapter defines additional requirements not specified in EMV4.1. To support functions other than those defined in this chapter, approval by JCB shall be obtained. For the functions defined in this chapter, the data used and the transaction flow are described in Annexes A and B. As functional requirements, this chapter describes the definitions, conditions of execution, processing data and processing: (1) Definitions and Conditions of Execution The definitions, supporting conditions and conditions of execution for each function are described. (2) Processing Data Data used in each function is executed is described. In the Initial Storage column, T indicates data stored in the Terminal, C indicates data stored in the IC Card, and I indicates data included in the response message from the Issuer. Data listed as mandatory in the Presence column is data that must be present in order for the processing to be performed. Data listed as optional need not be present when performing the processing. This specification does not define a specific tag for data whose tag is listed as -. (3) Processing The processing of each function is described.

5.1
5.1.1

Application Selection
Definition and Conditions of Execution Application Selection shall conform to Part III, Chapter 12 of EMV4.1 Book1. Support of Application Selection by the IC Card is mandatory. In addition, support of Partial Name Selection specified in Part III, Chapter 12 of EMV4.1 Book1 is mandatory.

5.1.2

Processing Data Tables 5-1 to 5-5 list IC Card data used in Application Selection. FCI included in the ADF, as shown in Table 5-3, is mandatory, while PSE, DDF, DDF Directory Entry and ADF Directory Entry are optional.

JCB Confidential

5-1

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-1
Item No.

FCI Data Included in PSE

Tag Data name Initial Storage C C C C C C C Presence

1 2 3 4 5 6 7 Table 5-2
Item No.

6F 84 A5 88 5F2D 9F11 BF0C

FCI Template DF Name FCI Proprietary Template SFI of the directory elementary file Language Preference Issuer Code Table Index FCI Issuer Discretionary Data

Mandatory Mandatory Mandatory Mandatory Optional Optional Optional

FCI Data Included in DDF

Tag Data name Initial Storage C C C C C Presence

1 2 3 4 5 Table 5-3
Item No.

6F 84 A5 88 BF0C

FCI Template DF Name FCI Proprietary Template SFI of the directory elementary file FCI Issuer Discretionary Data

Mandatory Mandatory Mandatory Mandatory Optional

FCI Data Included in ADF

Tag Data name Initial Storage C C C C C C C C C C Presence

1 2 3 4 5 6 7 8 9 10

6F 84 A5 50 87 9F38 5F2D 9F11 9F12 BF0C

FCI Template DF Name (AID) FCI Proprietary Template Application Label Application Priority Indicator PDOL Language Preference Issuer Code Table Index Application Preferred Name FCI Issuer Discretionary Data

Mandatory Mandatory Mandatory Optional Optional Optional Optional Optional Optional Optional

JCB Confidential

5-2

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-4
Item No.

DDF Directory Entry Data

Tag Data name Initial Storage C C Presence

1 2 Table 5-5
Item No.

9D 73

DDF Name Directory Discretionary Template

Mandatory Optional

ADF Directory Entry Data

Tag Data name Initial Storage C C C C C Presence

1 2 3 4 5

4F 50 9F12 87 73

ADF Name (AID) Application Label Application Preferred Name Application Priority Indicator Directory Discretionary Template

Mandatory Mandatory Optional Optional Optional

5.1.3

Processing The processing of Application Selection shall conform to Part III, Chapter 12 of EMV4.1 Book1. Application Selection shall always be the first processing performed immediately after resetting the IC Card.

JCB Confidential

5-3

April 2008

JCB IC Card Specification

5. Functional Requirements

5.2
5.2.1

Initiate Application Processing

Definition and Conditions of Execution Initiate Application Processing shall conform to Part III, Section 10.1 of EMV4.1 Book3. Support of Initiate Application Processing by IC Cards is mandatory.

5.2.2

Processing Data Table 5-6 lists the data used in Initiate Application Processing.
Table 5-6
Item No.

Data Used in Initiate Application Processing

Tag Data name Initial Storage C C C C C C Presence

1 2 3 4 5 6

82 94 9F38 9F36 9F27 -

AIP AFL PDOL ATC CID CVR

Mandatory Mandatory Optional Mandatory Mandatory Mandatory

5.2.3

Processing The processing of Initiate Application Processing shall conform to Part III, Section 10.1 of EMV4.1 Book3. Additional requirements are defined below. An IC Card shall perform the following processing when it receives the GET PROCESSING OPTIONS command. (1) Increment the ATC by 1. (2) Set all bits of the CID to 0. (3) Set all bits of CVR, except the Length Indicator, to 0. Though the IC Card is allowed to change the AFL in the response according to the value in the PDOL, the AIP shall not be changed. Data necessary to change the AFL dynamically shall be specified in the PDOL.

JCB Confidential

5-4

April 2008

JCB IC Card Specification

5. Functional Requirements

5.3
5.3.1

Read Application Data

Definition and Conditions of Execution Read Application Data shall conform to Part III, Section 10.2 of EMV4.1 Book3. Support of Read Application Data by the IC Card is mandatory.

5.3.2

Processing Data In Read Application Data, data is read from the record specified in the AFL, which is returned to the Terminal in the response to Initiate Application Processing.

5.3.3

Processing The processing of Read Application Data shall conform to Part III, Section 10.2 of EMV4.1 Book3.

JCB Confidential

5-5

April 2008

JCB IC Card Specification

5. Functional Requirements

5.4
5.4.1

Offline Data Authentication

Definition and Conditions of Execution Offline Data Authentication consists of the following functions defined in Part II, Chapters 5 and 6 of EMV4.1 Book2 and Part III, Section 10.3 of EMV4.1 Book3. (1) SDA (Static Data Authentication) (2) DDA (Standard Dynamic Data Authentication) (3) CDA (Combined Dynamic Data Authentication/Application Cryptogram Generation) The supporting conditions of the IC Card are listed in Table 5-7.
Table 5-7 Supporting Conditions of Offline Data Authentication
Support Mandatory Note When the IC Card supports SDA, the following bit of AIP shall be set to 1.

Item No. 1

Functionality SDA

AIP(1,7)SDA supported
2 DDA Optional1 When the IC Card supports DDA, the following bits of AIP shall be set to 1.

AIP(1,7)SDA supported AIP(1,6)DDA supported

3 CDA Optional When the IC Card supports CDA, the following bits of AIP shall be set to 1.

AIP(1,7)SDA supported AIP(1,6)DDA supported AIP(1,1)CDA supported

1

Mandatory if the card supports CDA NOTE: Of the supporting conditions in Table 5-7, since items listed as Optional may be required under certain conditions, JCB must be consulted regarding the necessity of their implementation.

JCB Confidential

5-6

April 2008

JCB IC Card Specification

5. Functional Requirements

5.4.2

Processing Data Table 5-8 lists the data used in SDA.

Table 5-8
Item No.

Data Used in SDA

Tag Data name Initial Storage C C C C C C C C C C Presence

1 2 3 4 5 6 7 8 9 10

82 8F 5A 93 90 9F32 92 94 9F4A -

AIP CA Public Key Index Application PAN Signed Static Application Data Issuer Public Key Certificate Issuer Public Key Exponent Issuer Public Key Remainder AFL SDA Tag List Static Data to be Authenticated

Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Optional Mandatory Optional Mandatory

NOTE: All data for items 1 through 10 are passed to the Terminal during Initiate Application Processing and Read Application Data described in Sections 5.2 and 5.3. Item 10 consists of the data specified by items 8 and 9. The item 9 shall only contain the tag 82 for the AIP. Refer to Part II, Chapters 5 and 6 of EMV4.1 Book2 for the conditions regarding the existence of item 7.

Table 5-9 shows the recommended input data for Static Data to be Authenticated.
Table 5-9
Item No. 1 2 3 4 5 6 7 8 9 10

Recommended Input Data for Static Data to be Authenticated

Tag 5F25 5F24 82 5A 5F34 9F07 8E 9F0D 9F0E 9F0F Data name Application Effective Date Application Expiration Date AIP Application PAN Application PAN Sequence Number AUC CVM List IAC - Default IAC - Denial IAC - Online

Table 5-10 lists the data used in DDA.

JCB Confidential

5-7

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-10
Item No.

Data Used in DDA

Tag Data name Initial Storage C C C C C C C C C C C C C C C C C T C Presence

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

82 8F 5A 9F49 9F46 9F47 9F48 90 9F32 92 94 9F4A 9F4B 9F4C -

AIP CA Public Key Index Application PAN DDOL ICC Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder Issuer Public Key Certificate Issuer Public Key Exponent Issuer Public Key Remainder AFL SDA Tag List ICC Public Key (Modulus) Signed Dynamic Application Data Static Data to be Authenticated ICC Dynamic Number ICC Private Key Exponent Terminal Dynamic Data CVR

Mandatory Mandatory Mandatory Optional Mandatory Mandatory Optional Mandatory Mandatory Optional Mandatory Optional Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory

NOTE: Items 1 through 12 are data passed to the Terminal during Initiate Application Processing and Read Application Data described in Sections 5.2 and 5.3. The DDOL value in item 4 shall include the tag 9F37 for the Unpredictable Number. For others, the Issuer may add on its own values as long as they conform to the definitions in Part III, Section 10.3 of EMV4.1 Book3. If the DDOL does not exist, the Default DDOL, mandatory at the Terminal, shall be used in DDA. Data specified in the DDOL is passed from the Terminal to the IC Card as item 18. As for the input to item 15, the data shown in Table 5-9 is recommended. The first 2 bytes of item 16 shall contain the ATC and optionally other data.

Table 5-11 lists the data used in CDA.

JCB Confidential

5-8

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-11
Item No.

Data Used in CDA

Tag Data name Initial Storage C C C C C C C C C C C C C C C C C C C C C T C Presence

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

82 8F 5A 9F38 8C 8D 9F46 9F47 9F48 90 9F32 92 94 9F4A 9F4B 9F4C 9F27 9F26 9F37 -

AIP CA Public Key Index Application PAN PDOL CDOL1 CDOL2 ICC Public Key Certificate ICC Public Key Exponent ICC Public Key Remainder Issuer Public Key Certificate Issuer Public Key Exponent Issuer Public Key Remainder AFL SDA Tag List ICC Public Key (Modulus) Signed Dynamic Application Data Static Data to be Authenticated ICC Dynamic Number CID AC (TC or ARQC) ICC Private Key Exponent Unpredictable Number CVR

Mandatory Mandatory Mandatory Optional Optional Optional Mandatory Mandatory Optional Mandatory Mandatory Optional Mandatory Optional Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory

NOTE: Items 1 through 14 are data passed to the Terminal through Application Selection, Initiate Application Processing, and Read Application Data in Sections 5.1, 5.2, and 5.3. Item 5 is used when CDA is executed in the first GENERATE AC command. In such cases, the value of CDOL1 shall include the tag 9F37 for the Unpredictable Number. Item 6 is used when CDA is executed in the second GENERATE AC command. In such cases, the value of CDOL2 shall include the tag 9F37 for the Unpredictable Number. As for the input to item 17, data shown in Table 5-9 is recommended. The first 2 bytes of item 18 shall contain the ATC and optionally other data.

JCB Confidential

5-9

April 2008

JCB IC Card Specification

5. Functional Requirements

5.4.3

Processing The IC Card does not take part in SDA. The processing of DDA and CDA shall conform to Part II, Chapters 5 and 6 of EMV4.1 Book2 and Part III, Section 10.3 of EMV4.1 Book3. Additional requirements for DDA and CDA are defined below. When an IC Card receives the INTERNAL AUTHENTICATE command issued by a terminal, it shall set the Offline Dynamic Data Authentication Performed bit in CVR(4,2) to 1. When an IC Card receives the GENERATE AC command that requests CDA issued by a terminal and responds with either TC or ARQC, it shall set the Combined DDA/AC Generation performed bit in CVR(4,1) to 1.

JCB Confidential

5-10

April 2008

JCB IC Card Specification

5. Functional Requirements

5.5
5.5.1

Processing Restrictions
Definition and Conditions of Execution Processing Restrictions consists of the following compatibility checks defined in Part III, Section 10.4 of EMV4.1 Book3. (1) Application Version Number (2) Application Usage Control (3) Application Effective/Expiration Dates Checking Support of Application Version Number and Application Expiration Dates Checking by the IC Card are mandatory, while support of Application Usage Control and Application Effective Dates Checking are optional.

5.5.2

Processing Data If Processing Restrictions functions are supported, the following processing data shall be stored in the IC Card. These data are passed to the Terminal during Read Application Data described in Section 5.3. Table 5-12 lists the data used when checking the Application Version Number.
Table 5-12
Item No.

Data Used when Checking the Application Version Number

Tag Data name Initial Storage C Presence

9F08

Application Version Number

Mandatory

NOTE: The version number of the IC Card conforming to this version of the specification is 2.0, and item 1 shall store '0200'.

Table 5-13 lists the data used in Application Usage Control.

Table 5-13
Item No.

Data Used in Application Usage Control

Tag Data name Initial Storage C C Presence

1 2

9F07 5F28

AUC Issuer Country Code

Mandatory Optional

Table 5-14 lists the data used in Application Effective Dates Checking.

JCB Confidential

5-11

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-14
Item No.

Data Used in Application Effective Dates Checking

Tag Data name Initial Storage C Presence

5F25

Application Effective Date

Mandatory

Table 5-15 lists the data used in Application Expiration Dates Checking.
Table 5-15
Item No.

Data Used in Application Expiration Dates Checking

Tag Data name Initial Storage C Presence

5F24

Application Expiration Date

Mandatory

5.5.3

Processing The IC Card does not take part in Processing Restrictions.

JCB Confidential

5-12

April 2008

JCB IC Card Specification

5. Functional Requirements

5.6
5.6.1

Cardholder Verification
Definition and Conditions of Execution Cardholder Verification consists of the following cardholder verification methods defined in Part II, Chapter 7 of EMV4.1 Book2 and Part III, Section 10.5 of EMV4.1 Book3. However, the Issuer can add on other methods defined in EMV such as combinations, or other methods undefined in EMV such as fingerprint verification or digital signature, with the approval of JCB. (1) Offline Plaintext PIN (2) Offline Enciphered PIN (3) Online Enciphered PIN (4) Signature (5) No CVM Supporting conditions of the functions are listed in Table 5-16. Table 5-16 lists the CVM code defined in Part IV, Annex C3 of EMV4.1 Book 3.
Table 5-16 CVM Code
Byte1 b8 b7 B6 b5 b4 b3 b2 B1 Support

Function

Offline Enciphered PIN Offline Plaintext PIN Online Enciphered PIN Signature No CVM

0 0 0 0 0

1/0 1/0 1/0 1/0 1/0

0 0 0 0 0

0 0 0 1 1

0 0 0 1 1

1 0 0 1 1

0 0 1 1 1

0 1 0 0 1

Optional Optional Mandatory Mandatory Mandatory

NOTE: Of the supporting conditions in Table 5-16, since items listed as Optional may be required under certain conditions, JCB must be consulted regarding the necessity of their implementation.

The CVM code for other methods of verification such as fingerprint verification or digital signature shall be defined by JCB as necessary. In order to support Cardholder Verification functions, the Cardholder verification is supported bit in the AIP(1,5) shall be set to 1.

JCB Confidential

5-13

April 2008

JCB IC Card Specification

5. Functional Requirements 5.6.2 Processing Data Table 5-17 lists the data used in Cardholder Verification.
Table 5-17
Item No.

Data Used in Cardholder Verification

Tag Data name Initial Storage C C Presence

1 2

82 8E

AIP CVM List

Mandatory Mandatory

NOTE: All data for items 1 and 2 are passed to the Terminal during Initiate Application Processing and Read Application Data described in Sections 5.2 and 5.3, respectively.

Table 5-18 lists the common data used for both plaintext PIN and enciphered PIN in Offline PIN Verification.
Table 5-18
Item No.

Data Used in Offline PIN Verification

Tag Data name Initial Storage T C C C C C Presence

1 2 3 4 5 6

99 9F17 9F61

Transaction PIN Data CVR PIN Try Counter PIN Try Limit Reference PIN Data ADA

Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory

NOTE: Data for item 3 is passed to the Terminal with the GET DATA command described in Section 3.2.1.

Table 5-19 lists the data used in Offline Enciphered PIN Verification.

JCB Confidential

5-14

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-19
Item No.

Data Used in Offline Enciphered PIN Verification

Tag Data name Initial Storage C C C C C Presence

1 2 3 4 5 6 7 8 9

8F 90 9F32 92 9F2D 9F2E 9F2F -

CA Public Key Index Issuer Public Key Certificate Issuer Public Key Exponent Issuer Public Key Remainder ICC PIN Encipherment Public Key Certificate ICC PIN Encipherment Public Key Exponent ICC PIN Encipherment Public Key Remainder ICC PIN Encipherment Public Key (Modulus) ICC PIN Encipherment Private Key Exponent

Mandatory Mandatory Mandatory Optional Mandatory Mandatory Optional Mandatory Mandatory

C C C C

NOTE: All data except items 8 and 9 are passed to the Terminal during Read Application Data described in Section 5.3. The items 5,6,7,8 and 9 may not be used in some cases that are specified in Part II, Section 7 of EMV4.1 Book2.

5.6.3

Processing The IC Card does not take part in Online Enciphered PIN Verification, signature and No CVM. The processing of each Cardholder Verification function shall conform to Part II, Chapter 7 of EMV4.1 Book2 and Part III, Section 10.5 of EMV4.1 Book3. Additional requirements regarding Offline Plaintext/Enciphered PIN Verification are defined below. If the IC Card receives the GET DATA command requesting the PIN Try Counter, it shall check the PIN Try Counter value before returning a response. If the PIN Try Counter is 0, the PIN Try Limit exceeded bit in the CVR(3,7) shall be set to 1. If the PIN Try Counter is 0, that shall indicate that the PIN is blocked. If the IC Card receives the VERIFY command, the following processing shall be performed. (1) If the PIN Try Counter is not 0, the PIN Try Counter value shall be decremented by one, and the following processing shall be performed. (a) Compare the Transaction PIN in the VERIFY command with the Reference PIN.

JCB Confidential

5-15

April 2008

JCB IC Card Specification

5. Functional Requirements

(b) If the Transaction PIN and Reference PIN match, the following processing shall be performed: [1] Set the PIN Try Limit value in the PIN Try Counter. [2] Set the Offline PIN verification failed bit in the CVR(2,2) to 0. [3] Set the Offline PIN verification performed bit in the CVR(2,3) to 1. [4] Return 9000 to the Terminal as the response to the VERIFY command. (c) If the Transaction PIN and the Reference PIN do not match, the following processing shall be performed: [1] Set the Offline PIN verification failed bit in the CVR(2,2) to 1. [2] Set the Offline PIN verification performed bit in the CVR(2,3) to 1. [3] Check the PIN Try Counter value. (I) If the value is 0, the following processing shall be performed. (i) Set the PIN Try Limit exceeded bit in the CVR(3,7) to 1. (ii) The If PIN Try Limit exceeded on current transaction, block application bit in the ADA(2,8) is 1, set the Application blocked by IC Card because PIN Try Limit exceeded bit in the CVR(3,2) to 1 and block the application. (iii) Return 63C0 to the Terminal as the response to the VERIFY command. (II) If the value is not 0, the following processing shall be performed. (i) Return 63CX (X indicates the remaining number of PIN tries) to the Terminal as the response to the VERIFY command. If the remaining number of PIN tries is equal to or more than 15, return 63CF to the Terminal. (2) If the PIN Try Counter is 0, the following processing shall be performed: (a) Set the PIN Try Limit exceeded bit in the CVR(3,7) to 1. (b) Set the Offline PIN verification performed bit in the CVR(2,3) to 1. (c) Return 6983 to the Terminal as the response to the VERIFY command.

JCB Confidential

5-16

April 2008

JCB IC Card Specification

5. Functional Requirements

5.7
5.7.1

Terminal Risk Management

Definition and Conditions of Execution Terminal Risk Management consists of the following functions defined in Part III, Section 10.6 of EMV4.1 Book3. (1) Terminal Floor Limit Checking (2) Random Transaction Selection (3) Terminal Velocity Checking (4) Exception File Checking Terminal Floor Limit Checking, Random Transaction Selection, and Exception File Checking are procedures within the Terminal, and their support depends on the Terminal. Support of Terminal Velocity Checking by the IC Card is optional. Support of Terminal Risk Management by the IC Card is mandatory, and Terminal risk management is to be performed bit in the AIP(1,4) shall be set to 1.

5.7.2

Processing Data Table 5-20 lists the data used in Terminal Risk Management.
Table 5-20
Item No.

Data Used in Terminal Risk Management

Tag Data name Initial Storage C Presence

82

AIP

Mandatory

NOTE: Data for item 1 is passed to the Terminal during Initiate Application Processing described in Section 5.2.

Table 5-21 lists the data used in Terminal Floor Limit Checking.
Table 5-21
Item No.

Data Used in Terminal Floor Limit Checking

Tag Data name Initial Storage C C Presence

1 2

5A 5F34

Application PAN Application PAN Sequence Number

Optional Optional

NOTE: Data for items 1 and 2 are passed to the Terminal during Read Application Data described in Section 5.3.

Table 5-22 lists the data used in Terminal Velocity Checking.

JCB Confidential

5-17

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-22
Item No.

Data Used in Terminal Velocity Checking

Tag Data name Initial Storage C C C C Presence

1 2 3 4

9F14 9F23 9F36 9F13

Lower Consecutive Offline Limit Upper Consecutive Offline Limit ATC Last Online ATC Register

Mandatory Mandatory Mandatory Mandatory

NOTE: Data for items 1 and 2 are passed to the Terminal during Read Application Data described in Section 5.3. The data for items 3 and 4 are passed to the Terminal with the GET DATA command described in Section 3.2.1.

5.7.3

Processing The IC Card does not take part in Terminal Floor Limit Checking, Random Transaction Selection and Exception File Checking. The processing of Terminal Velocity Checking shall conform to Part III, Section 10.6 of EMV4.1 Book3.

JCB Confidential

5-18

April 2008

JCB IC Card Specification

5. Functional Requirements

5.8
5.8.1

Terminal Action Analysis

Definition and Conditions of Execution Terminal Action Analysis shall conform to Part III, Section 10.7 of EMV4.1 Book3. Support of Terminal Action Analysis by the IC Card is mandatory.

5.8.2

Processing Data Table 5-23 lists the data used in Terminal Action Analysis.
Table 5-23
Item No.

Data Used in Terminal Action Analysis

Tag Data name Initial Storage C C C Presence

1 2 3

9F0E 9F0F 9F0D

IAC Denial IAC Online IAC Default

Optional Optional Optional

NOTE: Data for items 1 to 3 are passed to the Terminal during Read Application Data described in Section 5.3. The tags of the data that shall be retrieved from the Terminal in order to perform Card Action Analysis defined in Section 5.9, and the tags of the data defined in Section 6.2.5 AC Generation, shall be included in CDOL1. If CDA is performed for data authentication defined in Section 5.4, the tag 9F37for the Unpredictable Number, must be included.

5.8.3

Processing The IC Card does not take part in Terminal Action Analysis.

JCB Confidential

5-19

April 2008

JCB IC Card Specification

5. Functional Requirements

5.9
5.9.1

Card Action Analysis

Definition and Conditions of Execution Card Action Analysis shall conform to Part III, Section 10.8 of EMV4.1 Book3. As additional requirements, the following functions listed in Table 5-24 are defined as check items.

JCB Confidential

5-20

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-24
Item No.

Definitions of Check Items for Card Action Analysis

Check Results Check Item Description
Determines whether online processing was incomplete in the last online transaction. Determines whether Issuer Authentication failed or not performed although mandatory in the last online transaction. Determines whether SDA failed and the transaction was declined offline in previous transactions. Determines whether DDA or CDA failed and the transaction was declined offline in previous transactions. Determines whether the processing of the Issuer Script command failed in the last online transaction. Determines whether the cumulative number of consecutive offline transactions has exceeded the limit. The Issuer sets separate upper and lower limits for domestic and international use. Determines whether the cumulative amount of consecutive offline transactions has exceeded the limit set by the Issuer. As for the limits, the Issuer shall set to the upper and lower limits. Determines whether the transaction is with a IC Card that has never performed online processing. Determines whether the number of PIN Tries has been decreased to 0 in the previous transaction when Offline Plaintext/Enciphered PIN Verification is not to be performed for this transaction. Determines whether the domestic transaction amount exceeds the limit set by the Issuer with this transaction.
Online capable Terminal OfflineOnly Terminal

Last Online Transaction Not Completed Issuer Authentication Failure On Last Online Transaction SDA Failure on Last Transaction DDA Failure on Last Transaction Issuer Script Processing Failure on Last Online Transaction Card Velocity Checking

ARQC

AAC/ TC

ARQC

TC

3 4

TC

TC

TC

TC

ARQC

AAC

ARQC

AAC

Cumulative Offline Transaction Amount Checking New Card Checking Offline PIN Verification Not Performed Card Floor Limit Checking

ARQC

AAC

ARQC /TC ARQC/ AAC/ TC

AAC/ TC

AAC /TC

10

ARQC

AAC

Support of Card Action Analysis by the IC Card is mandatory. However, the supporting conditions for individual check items are listed in Table 5-25.

JCB Confidential

5-21

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-25
Item No. 1 2 3 4 5 6 7 8 9 10
1

Supporting Conditions of Card Action Analysis

Check Item Last Online Transaction Not Completed Issuer Authentication Failure On Last Online Transaction SDA Failure on Last Transaction DDA Failure on Last Transaction Issuer Script Processing Failure on Last Online Transaction Card Velocity Checking Cumulative Offline Transaction Amount Checking New Card Checking Offline PIN Verification Not Performed Card Floor Limit Checking Support Optional Optional1 2 Mandatory Optional1 Optional1 Optional2 Optional2 Optional2 Optional2 Optional

Support of items 2, 4, or 5 is mandatory if the IC Card supports Issuer Authentication, DDA, CDA, or Issuer Script, respectively. Items 2, 6, 7, 8, and 9 are functions also defined in Completion in Section 5.12, and if they are supported in Completion, their support in Card Action Analysis is mandatory.

When the IC Card receives the first GENERATE AC command, Card Action Analysis shall always be performed. As for the individual check items included in Card Action Analysis, if the IC Card supports them, they shall always be performed. The Card Action Analysis Support Information (CAASI) defines which check items are supported by the IC Card. CAASI data structure is illustrated in Table 5-26. However, the order in which the individual check items are performed is not defined. Regardless of the results of any check items, the IC Card shall perform all check items it supports. If data necessary for processing does not exist, the processing shall continue with the next check item.

JCB Confidential

5-22

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-26

Data Structure of CAASI

CAASI Byte1 b8 b7 b6 b5 b4 b3 b2 b1 Meaning Last Online Transaction Not Completed Checking Issuer Authentication Failure on Last Online Transaction checking SDA Failure on Last Transaction checking DDA Failure on Last Transaction checking Issuer Script Processing Failure on Last Online Transaction checking Card Velocity Checking Cumulative Offline Transaction Amount Checking New Card Checking

1 1 1 1 1 1 1 1

CAASI Byte2 b8 b7 b6 b5 b4 b3 b2 b1 Meaning Offline PIN Verification Not Performed checking Card Floor Limit Checking RFU 2nd Issuer Authentication Failure On Last Online Transaction Checking 2nd Card Velocity Checking (upper limit) 2nd New Card Checking 2nd Offline PIN Verification Not Performed checking

1 1 0 0 1 1 1 1

CAASI Byte3 b8 b7 b6 b5 b4 b3 b2 b1 Meaning 2 Cumulative Offline Transaction Amount Checking (upper limit) RFU
nd

1 0 0 0 0 0 0 0

JCB Confidential

5-23

April 2008

JCB IC Card Specification

5. Functional Requirements

5.9.2

Processing Data Table 5-27 lists the data used in Card Action Analysis. Presence of data is independent of the supporting conditions of the check items.
Table 5-27
Item No.

Data Used in Card Action Analysis

Tag Data name Initial Storage C C C C T C T Presence

1 2 3 4 5 6 7

9F61 9F63 9F35 9F27 95

ADA CVR CAAI CAASI Terminal Type CID TVR

Mandatory Mandatory Mandatory Mandatory Optional Mandatory Mandatory

Tables 5-28 to 5-30 show the data structures of items 1 through 3.

Table 5-28
ADA Byte1 b8 0 b7 b6 b5 b4 b3 b2 b1 Meaning RFU If issuer authentication performed and failed, decline transaction If issuer authentication is mandatory and no ARPC received, decline transaction If transaction declined offline, create advice If PIN Try Limit exceeded on current transaction and transaction is declined, create advice If transaction declined because issuer authentication failed or not performed, create advice If new card, transmit transaction online If new card, decline if unable to transmit transaction online

Data Structure of ADA

1 1 1 1

1 1 1

JCB Confidential

5-24

April 2008

JCB IC Card Specification

5. Functional Requirements

ADA Byte2 b8 b7 b6 b5 b4 b3 b2 b1 Meaning If PIN Try Limit exceeded on current transaction, block application If PIN Try Limit exceeded on previous transaction, decline transaction If PIN Try Limit exceeded on previous transaction, transmit transaction online If PIN Try Limit exceeded on previous transaction, decline if unable to transmit transaction online RFU If online authorisation not completed on previous transaction, decline if unable to transmit transaction online

1 1 1 1 0 0 0 1

Table 5-29
CVR Byte1 b8 0 b7 0

Data Structure of CVR

b6 0

b5 0

b4 0

b3 1

b2 0

b1 0

Meaning

Length Indicator

CVR Byte2 b8 0 0 1 1 b7 0 1 0 1 b6 b5 b4 b3 b2 b1 Meaning AAC returned in second GENERATE AC TC returned in second GENERATE AC Second GENERATE AC not requested RFU AAC returned in first GENERATE AC TC returned in first GENERATE AC ARQC returned in first GENERATE AC RFU Issuer authentication performed and failed Offline PIN verification performed Offline PIN verification failed Unable to go online

0 0 1 1

0 1 0 1 1 1 1 1

JCB Confidential

5-25

April 2008

JCB IC Card Specification

5. Functional Requirements

CVR Byte3 b8 1 b7 b6 b5 b4 b3 b2 b1 Meaning Last online transaction not completed PIN Try Limit exceeded RFU New card Issuer authentication failure on last online transaction Issuer authentication not performed after online authorisation Application blocked by card because PIN Try Limit exceeded Offline static data authentication failed on last transaction and transaction declined offline

1 0 1 1 1 1 1

CVR Byte4 b8 b7 b6 b5 b4 b3 b2 b1 Meaning Number of Issuer Script commands received after the second GENERATE AC command containing secure messaging processed on last transaction Issuer Script processing failed on last transaction Offline dynamic data authentication failed on last transaction and transaction declined offline Offline dynamic data authentication performed Combined DDA/AC Generation performed

1 1 1 1

JCB Confidential

5-26

April 2008

JCB IC Card Specification

5. Functional Requirements

CVR Byte5 b8 1 b7 b6 b5 b4 b3 b2 b1 Meaning Lower consecutive offline limit exceeded Upper consecutive offline limit exceeded Cumulative total transaction amount limit exceeded Floor limit exceeded RFU Cumulative total transaction amount upper limit exceeded RFU

1 1 1 0 0 1 0 Table 5-30
Item No. 1 2 3 4 5

Data for CAAI

Data Online Authorization Indicator Issuer Authentication Failure Indicator Issuer Script Failure Indicator SDA Failure Indicator DDA Failure Indicator

NOTE: Each item in the CAAI is internal data in the IC Card with a value of either 0 or 1, and shall be stored in nonvolatile memory.

Table 5-31 lists the data used when checking Issuer Script Processing Failure on Last Online Transaction.
Table 5-31 Data Used when Checking Issuer Script Processing Failure on Last Online Transaction
Item No. Tag Data name Initial Storage C Presence

Issuer Script Command Counter

Optional

NOTE: Item 1 is used to store the number of Issuer Script commands that the IC Card receives from the Terminal during a transaction. This item is mandatory if the IC Card supports Issuer Script.

JCB Confidential

5-27

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-32 lists the data used in Card Velocity Checking.

Table 5-32
Item No.

Data Used in Card Velocity Checking

Tag Data name Initial Storage T C T C C C C Presence

1 2 3 4 5 6 7 8 9 10

9F1A 5F28 5F2A 9F42 9F36 9F13 9F58 9F5A 9F57 9F59

Terminal Country Code Issuer Country Code Transaction Currency Code Application Currency Code ATC Last Online ATC Register Lower Consecutive Domestic Offline Limit Lower Consecutive International Offline Limit Upper Consecutive Domestic Offline Limit Upper Consecutive International Offline Limit

Optional Optional Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory

C C C

NOTE: Items 1 through 4 are used to determine whether the transaction is domestic or international. If either items 1 or 2 does not exist, items 3 and 4 alone determine whether the transaction is domestic or international, as described in Section 5.9.3.7.

Table 5-33 lists the data used in Cumulative Offline Transaction Amount Checking.
Table 5-33
Item No.

Data Used in Cumulative Offline Transaction Amount Checking

Tag Data name Initial Storage T C C Presence

1 2 3 4 5 6 7

5F2A 9F42 9F65 9F56 9F64 9F02

Transaction Currency Code Application Currency Code Transaction Currency Conversion Table Cumulative Total Transaction Amount Cumulative Total Transaction Amount Limit Cumulative Total Transaction Amount Upper Limit Amount, Authorized(Numeric)

Mandatory Mandatory Optional Mandatory Mandatory Mandatory Mandatory

C T C T

JCB Confidential

5-28

April 2008

JCB IC Card Specification

5. Functional Requirements

NOTE: Item 3 is mandatory if currency conversion shown in Section 5.9.3.12 is supported. The data format for item 7 shall be numeric, and not binary.

Table 5-34 lists the data used in New Card Checking.

Table 5-34
Item No.

Data Used in New Card Checking

Tag Data name Initial Storage C Presence

9F13

Last Online ATC Register

Mandatory

Table 5-35 lists the data used when checking Offline PIN Verification Not Performed.
Table 5-35
Item No.

Data Used when Checking Offline PIN Verification Not Performed

Tag Data name Initial Storage C Presence

9F17

PIN Try Counter

Mandatory

Table 5-36 lists the data used in Card Floor Limit Checking.
Table 5-36
Item No.

Data Used in Card Floor Limit Checking

Tag Data name Initial Storage T C T C C Presence

1 2 3 4 5 6

9F1A 5F28 5F2A 9F42 9F5B 9F02

Terminal Country Code Issuer Country Code Transaction Currency Code Application Currency Code Maximum Domestic Offline Transaction Amount Amount, Authorised (Numeric)

Optional Optional Mandatory Mandatory Mandatory Mandatory

NOTE: Items 1 through 4 are used to determine whether the transaction is domestic or international. If either of the items 1 or 2 does not exist, items 3 and 4 alone determine whether the transaction is domestic or international, as described in Section 5.9.3.11. The data format for item 6 shall be numeric, and not binary.

5.9.3

Processing The processing of Card Action Analysis shall conform to Part III, Section 10.8 of EMV4.1 Book3. When an IC Card receives the first GENERATE AC command that requests CDA issued by a Terminal and responds with either TC or ARQC, it shall set the Combined DDA/AC Generation performed bit in the CVR(4,1) to 1.

JCB Confidential

5-29

April 2008

JCB IC Card Specification

5. Functional Requirements

In this section, processing for the JCB proprietary check items of Card Action Analysis are defined.
5.9.3.1
5.9.3.1.1.

Check Items and Response to Terminal

Check Items

The IC Card shall check the bits from CAASI(1,8) to CAASI(2,7) shown in Table 5-26 and when they are set to 1, the IC Card shall perform the check items. For each check item, the CVR bits to check and the response to the terminal are shown in Table 5-37.

JCB Confidential

5-30

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-37
Item No.

CAA Check Items

Check Results Check Item CVR Bit to be Used
Online capable Terminal OfflineOnly Terminal

1 2 3 4

Last Online Transaction Not Completed Issuer Authentication Failure On Last Online Transaction SDA Failure on Last Transaction DDA Failure On Last Transaction Issuer Script Processing Failure on Last Online Transaction

CVR(3,8)Last online transaction not completed CVR(3,4)Issuer authentication failure on last online transaction CVR(3,1)Offline static data authentication failed on last transaction and transaction declined offline CVR(4,3)Offline dynamic data authentication failed on last transaction and transaction declined offline CVR(4,4)Issuer Script processing failed on last transaction CVR(5,8)Lower consecutive offline limit exceeded (used in online capable Terminals) CVR(5,7)Upper consecutive offline limit exceeded (used in offline-only Terminals) CVR(5,6)Cumulative total transaction amount limit exceeded (used in online capable Terminals) CVR(5,2)Cumulative total transaction amount upper limit exceeded (used in offline-only Terminals) CVR(3,5)New card CVR(3,7)PIN Try Limit exceeded *1 CVR(5,5)Floor limit exceeded

ARQC ARQC TC TC

AAC /TC *4 TC TC TC

ARQC

AAC

Card Velocity Checking

ARQC

AAC

Cumulative Offline Transaction Amount Checking

ARQC

AAC

8 9 10

New Card Checking Offline PIN Verification Not Performed Card Floor Limit Checking

ARQC AAC /TC *2 /TC *5 AAC AAC /ARQC /TC *6 /TC *3 ARQC AAC

*1 When the PIN Try Limit exceeded bit in the CVR(3,7) is 1 and the Offline PIN verification performed bit in the CVR(2,3) is 0, this check can apply. Refer to Section 5.9.3.10. If the CVR bit to be used shown in Table 5-37 is set to 1, the value listed in the Check Result column shall be the result of the check. If the CVR bit is 0, the

JCB Confidential

5-31

April 2008

JCB IC Card Specification

5. Functional Requirements

check result shall be a TC.

Refer to Section 5.9.3.2 and thereafter for the setting of bits in the CVR.

Terminals with online capability shall provide the check result in the online capable Terminal column, and offline-only Terminals shall provide the check result in the offline-only Terminal column. The IC Card uses the Terminal Type received from the Terminal to determine if it is online capable or offline only. If the Terminal Type does not exist, the processing shall continue on the assumption that the Terminal is equipped with online capability. For *2 through *6 in Table 5-37, which list two possible values as the check result, the following processing using the ADA shall be performed. *2 Check the If new card, transmit transaction online bit in the ADA(1,2). If the bit is set to 1, the result shall be an ARQC; if the bit is 0, the result shall be a TC. *3 Check the If PIN Try Limit exceeded on previous transaction, decline transaction bit in the ADA(2,7). If the bit is set to 1, the result shall be an AAC; if the bit is 0, the If PIN Try Limit exceeded on previous transaction, transmit transaction online bit in the ADA(2,6) is checked. If the bit is set to 1, the result shall be an ARQC; if the bit is 0, the result shall be a TC. *4 Check the If Online authorization not completed on previous transaction, decline if unable to transmit transaction online bit in the ADA(2,1). If the bit is set to 1, the result shall be an AAC; if the bit is 0, the result shall be a TC. *5 Check the If new card, decline if unable to transmit transaction online bit in the ADA(1,1). If the bit is set to 1, the result shall be an AAC; if the bit is 0, the result shall be a TC. *6 Check the If PIN Try Limit exceeded on previous transaction, decline if unable to transmit transaction online bit in the ADA(2,5). If the bit is set to 1, the result shall be an AAC; if the bit is 0, the result shall be a TC.
5.9.3.1.2. Response to Terminal

The response to the Terminal will be returned after all check items supported by the IC Card have been performed. The conditions for the final determination of the response to the Terminal are listed in Table 5-38.

JCB Confidential

5-32

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-38

Card Action Analysis Response Conditions

Condition
Response

Application is blocked (When the application is blocked) Terminal requests AAC Supports Card Action Code Check *1 Card Action Code Check does not apply Decision to return AAC has been made at least once in Card Action Analysis Other than above

AAC AAC AAC ARQC ARQC AAC ARQC AAC ARQC TC

Application is not blocked

Terminal requests ARQC

Terminal requests TC

Card Action Code Check applies Decision to return AAC has been made at Card Action least once in Card Action Analysis Code Check not supported Other than above Decision to return AAC has been made at lease once in Card Action Analysis In Card Action Analysis, no AAC response determined, ARQC response determined once or more Other than above

*1

Support of items 2, 4, or 5 is mandatory if the IC Card supports Issuer Authentication, DDA, CDA, or Issuer Script, respectively.

(1) If the application is blocked: AAC is returned. (2) If the application is not blocked: (a) If the Terminal requests an AAC with the GENERATE AC command: AAC is returned. (b) If the Terminal requests an ARQC with the GENERATE AC command: [1] When Card Action Code Check is supported (I) If Card Action Code Check does not apply: (i) If an AAC response has been determined at least once for the checks listed in Table 5-37: AAC is returned. (ii) If an AAC response has not been determined: ARQC is returned. (II) If Card Action Code Check applies: ARQC is returned. [2] When Card Action Code Check is not supported

JCB Confidential

5-33

April 2008

JCB IC Card Specification

5. Functional Requirements

(I) If an AAC response has been determined at least once for the checks listed in 5-37: AAC is returned. (II) If an AAC response has not been determined: ARQC is returned. (c) If the Terminal requests a TC with the GENERATE AC command: [1] If an AAC response has been determined at least once for the checks in Table 5-37: AAC is returned. [2] If an AAC response has not been determined and an ARQC response has been determined at least once: ARQC is returned. [3] If neither an AAC nor ARQC response has been determined: TC is returned. Table 5-39 lists data used in Card Action Code Check.
Table 5-39
Item No.

Data Used in Card Action Code Check

Tag Data name Initial Storage C T Presence

1 2
NOTE: 5.9.3.1.3.

9F66 95

CAC TVR

Mandatory Mandatory

Data format item 1 is the same as TVR.

Processing Prior to Response

After the IC Card determines whether to return TC, ARQC or AAC, the IC Card shall perform the following processing prior to returning the response to the Terminal: (1) If returning a TC: (a) Set the TC returned in first GENERATE AC bit in the CVR(2,6-5) and the Second GENERATE AC not requested bit in the CVR(2,8-7). (b) Verify whether Transaction Currency Code and Application Currency Code are the same. [1] If they are the same The value in Amount, Authorised is added to Cumulative Total Transaction Amount.

JCB Confidential

5-34

April 2008

JCB IC Card Specification

5. Functional Requirements

[2] If they are not the same If the Currency Conversion is supported and the Transaction Currency Code exists in the Transaction Currency Conversion Table, Currency Conversion is performed on Amount, Authorised according to the Currency Conversion Method in Section 5.9.3.12. The converted Amount, Authorised value is added to the Cumulative Total Transaction Amount. (2) If returning an ARQC: (a) Set the ARQC returned in first GENERATE AC bit in the CVR(2,6-5) and the Second GENERATE AC not requested bit in the CVR(2,8-7). (b) Set the Online Authorisation Indicator in the CAAI to 1. (3) If returning an AAC: (a) Set the AAC returned in first GENERATE AC bit in the CVR(2,6-5) and the Second GENERATE AC not requested bit in the CVR(2,8-7). (b) If the SDA failed bit in the TVR(1,7) is set to 1, set the Static Data Authentication Failure Indicator in the CAAI to 1. (c) If the DDA failed bit in the TVR(1,4) or the CDA failed bit in the TVR(1,3) is set to 1, set the Dynamic Data Authentication Failure Indicator in the CAAI to 1. (d) If the If transaction declined offline, create advice bit in the ADA(1,5) is set to 1, set the advice required bit in the CID(1,4) to 1. (e) If the PIN Try Counter becomes 0 during the current transaction and the If PIN Try Limit exceeded on current transaction and transaction is declined, create advice bit of ADA(1,4) is 1, the advice required bit of CID(1,4) is set to 1 and the PIN Try Limit exceeded of the Reason Code bit in the CID(1,3-1) is set. However, if Service not allowed applies to Reason Code bit in the CID(1,3-1), that overrides the process above.
5.9.3.2 Last Online Transaction Not Completed

Check if the Online Authorisation Indicator in the CAAI is 1. (1) If it is 1, the IC Card shall set the Last online transaction not completed bit in the CVR(3,8) to 1 and then proceed to the next check item. (2) If it is 0, the IC Card shall proceed to the next check item.
5.9.3.3 Issuer Authentication Failure on Last Online Transaction

Check if the Issuer Authentication Failure Indicator in the CAAI is 1. (1) If it is 1, the IC Card shall set the Issuer authentication failure on last online

JCB Confidential

5-35

April 2008

JCB IC Card Specification

5. Functional Requirements

transaction bit in the CVR(3,4) to 1 and then proceed to the next check item. (2) If it is 0, the IC Card shall proceed to the next check item.
5.9.3.4 SDA Failure on Last Transaction

Check if the Static Data Authentication Failure Indicator in the CAAI is 1. (1) If it is 1, the IC Card shall set the Offline static data authentication failed on last transaction and transaction declined offline bit in the CVR(3,1) to 1 and then proceed to the next check item. (2) If it is 0, the IC Card shall proceed to the next check item.
5.9.3.5 DDA Failure on Last Transaction

Check if the Dynamic Data Authentication Failure Indicator in the CAAI is 1. (1) If it is 1, the IC Card shall set the Offline dynamic data authentication failed on last transaction and transaction declined offline bit in the CVR(4,3) to 1 and then proceed to the next check item. (2) If it is 0, the IC Card shall proceed to the next check item.
5.9.3.6 Issuer Script Processing Failure on Last Online Transaction

The IC Card shall set the Number of Issuer Script Commands received after the second GENERATE AC command containing secure messaging processed on last transaction bit in the CVR(4,8-5) to the value of the Issuer Script Command Counter. Check if the Issuer Script Failure Indicator in the CAAI is 1. (1) If it is 1, the IC Card shall set the Issuer script processing failed on last transaction bit in the CVR(4,4) to 1 and then proceed to the next check item. (2) If it is 0, the IC Card shall proceed to the next check item.
5.9.3.7 Card Velocity Checking

Verify whether both the Terminal Country Code and Issuer Country Code, and the Transaction Currency Code and Application Currency Code, are the same to determine whether the transaction is domestic or international. However, if comparison of the Terminal Country Code and Issuer Country Code is not possible due to insufficient data, comparison of the Transaction Currency Code and Application Currency Code alone is verified. If they are the same, the following processing shall be performed as a domestic transaction, and if not, as an international transaction. The IC Card checks the Terminal Type retrieved from the Terminal to determine whether the Terminal is online capable or offline-only. If the Terminal Type does not exist, the following processing is performed on the assumption that the Terminal is equipped with online capability.

JCB Confidential

5-36

April 2008

JCB IC Card Specification

5. Functional Requirements

(1) For domestic transactions: (a) If the Terminal has online capability, verify if the difference between the Last Online ATC Register and the ATC exceeds the Lower Consecutive Domestic Offline Limit. If this limit is exceeded, set the Lower consecutive offline limit exceeded bit in the CVR(5,8) to 1. (b) If it is an offline-only Terminal, verify if the difference between the Last Online ATC Register and the ATC exceeds the Upper Consecutive Domestic Offline Limit. If this limit is exceeded, set the Upper consecutive offline limit exceeded bit in the CVR(5,7) to 1. (2) For International transactions: (a) If the Terminal has online capability, verify if the difference between the Last Online ATC Register and the ATC exceeds the Lower Consecutive International Offline Limit. If this limit is exceeded, set the Lower consecutive offline limit exceeded bit in the CVR(5,8) to 1. (b) If it is an offline-only Terminal, verify if the difference between the Last Online ATC Register and the ATC exceeds the Upper Consecutive International Offline Limit. If this limit is exceeded, set the Upper consecutive offline limit exceeded bit in the CVR(5,7) to 1. Once the above processing is completed, the IC Card shall proceed to the next check item.
5.9.3.8 Cumulative Offline Transaction Amount Checking

Verify whether the Transaction Currency Code and Application Currency Code are the same. If they are the same, the following processing shall be performed as a domestic transaction, and if not, as an international transaction. The IC Card checks the Terminal Type retrieved from the Terminal to see if the Terminal is online-capable or offline-only. If Terminal Type does not exist, it is assumed that online-capability exists, and the following processing shall be performed. (1) Domestic Transactions (a) If the Terminal has online capability, verify whether the sum of Cumulative Total Transaction Amount and Amount, Authorised exceeds Cumulative Total Transaction Amount Limit. [1] If the sum exceeds the limit, the Cumulative total transaction amount limit exceeded bit in the CVR(5,6) shall be set to 1, and then proceed to the next check item. [2] If the sum does not exceed the limit, proceed to the next check item.

JCB Confidential

5-37

April 2008

JCB IC Card Specification

5. Functional Requirements

(b) If the Terminal is offline-only, verify whether the sum of Cumulative Total Transaction Amount and Amount, Authorised exceeds Cumulative Total Transaction Amount Upper Limit. [1] If the sum exceeds the limit, the Cumulative total transaction amount upper limit exceeded bit of CVR(5,2) shall be set to 1, and then proceed to the next check item. [2] If the sum does not exceed the limit, proceed to the next check item. (2) International Transactions (a) If Currency Conversion is supported Check whether the Transaction Currency Code exists in Transaction Currency Conversion Table. [1] If the code exists in the table Perform conversion on Amount, Authorised according to the currency conversion method in Section 5.9.3.12. (I) If the Terminal is online-capable, verify whether the sum of Cumulative Total Transaction Amount and the converted value of Amount, Authorised exceeds Cumulative Total Transaction Amount Limit. (i) If the sum exceeds the limit, the Cumulative total transaction amount limit exceeded bit of CVR(5,6) shall be set to 1, and then proceed to the next check item. (ii) If the sum does not exceed the limit, proceed to the next check item. (II) If the Terminal is offline-only, verify whether the sum of Cumulative Total Transaction Amount and the converted value of Amount, Authorised exceeds Cumulative Total Transaction Amount Upper Limit. (i) If the sum exceeds the limit, the Cumulative total transaction amount upper limit exceeded bit of CVR(5,2) shall be set to 1, and then proceed to the next check item. (ii) If the sum does not exceed the limit, proceed to the next check item. [2] If the code does not exist in the table, proceed to the next check

JCB Confidential

5-38

April 2008

JCB IC Card Specification

5. Functional Requirements

item. (b) If Currency Conversion is not supported, proceed to the next check item.
5.9.3.9 New Card Checking

Check if the Last Online ATC Register is 0. (1) If it is 0, the New card bit in the CVR(3,5) shall be set to 1 and the IC Card shall proceed to the next check item. (2) If it is not 0, the IC Card shall proceed to the next check item.
5.9.3.10 Offline PIN Verification Not Performed

Check if the Offline PIN verification performed bit in the CVR(2,3) and the PIN Try Counter are both 0. (1) If both are 0, set the PIN Try Limit exceeded bit in the CVR(3,7) to 1, and then proceed to the next check item. (2) If the condition in (1) does not apply, the IC Card shall proceed to the next check item.
5.9.3.11 Card Floor Limit Checking

Verify whether both the Terminal Country Code and Issuer Country Code, and the Transaction Currency Code and Application Currency Code are the same to determine whether the transaction is domestic or international. However, if comparison of the Terminal Country Code and Issuer Country Code is not possible due to insufficient data, comparison of the Transaction Currency Code and Application Currency Code alone is verified. If they are the same, the following processing shall be performed as a domestic transaction, and if not, as an international transaction. (1) If the transaction is domestic, the Amount, Authorised is compared to the Maximum Domestic Offline Transaction Amount. If the Amount, Authorised exceeds the Maximum Domestic Offline Transaction Amount, set the Floor limit exceeded bit in the CVR(5,5) to 1, and then proceed to the next check item. (2) If the transaction is international, the IC Card shall proceed to the next check item.
5.9.3.12 Currency Conversion Method

Verify whether the Transaction Currency Code and Application Currency Code are the same. If they are not the same and the Transaction Currency Code exists in the Transaction Currency Conversion Table, retrieve the applicable conversion rate (Currency Conversion Factor) in the Transaction Currency Conversion Table to perform a conversion to the corresponding amount in the first currency. Currency Conversion Factor is a 4-byte field in Numeric format. The first nibble

JCB Confidential

5-39

April 2008

JCB IC Card Specification

5. Functional Requirements

indicates the location of the decimal point, while the remaining 7 nibbles make up the conversion factor. This conversion rate, which is calculated in the smallest currency unit, is an approximation and is reduced to 2 significant digits. A maximum of four currencies can be stored.
Table 5-40
Item No. 1 2

Structural Elements of Transaction Currency Conversion Table

Data name Reference Currency Code Currency Conversion Factor Format n n Size (byte) 2 4

A sample of currency conversion is shown below. Example 1: Conversion from U.S. Dollar ($) to Japanese Yen ()
1.4 (For two effective d igit dig its)

Conversion Rate 1.35

Currency Conversion Factor 10000014 1.4 37000 (A mount, Authorised) 1.4 (Currency Conversion Factor) After converting the currency 51800 ( 51,800)

(1) Application Currency Code is 392 (Japanese Yen) (2) Transaction Currency Code is 840 (U.S. Dollar) (3) If the conversion rate is 1.4, the Currency Conversion Factor is 10000014. In this value, the right most seven nibbles (0000014) indicates that conversion rate at which the number of significant digits would be counting from left to right starting from the first non-zero digit, which is two digits. The first nibble with value of 1, indicates the position of the decimal point of the conversion rate, by counting from the right most nibble and shift the decimal point ONE digit to the left. (4) Amount, Authorised is 37000 ($370.00). The conversion is performed under the conditions above. 370.00 USD (Amount, Authorised) x 1.4 (conversion rate) = 51800 (51,800) is obtained.

JCB Confidential

5-40

April 2008

JCB IC Card Specification

5. Functional Requirements

Example 2: Conversion from Japanese Yen () to U.S. Dollar ($)

Conversion Rate 0.74074 0.74 (For two effective dig it digits)

Currency Conversion Factor 20000074 0.74 100000 (A mount, Authorised ) 0.74 (Currency Conversion Factor) After converting the currency 74000 ($740.00)

(1) Application Currency Code is 840 (U.S. Dollar) (2) Transaction Currency Code is 392 (Japanese Yen) (3) If the conversion rate is 0.74, the Currency Conversion Factor is 20000074. In this value, the right most seven nibbles (0000074) indicates that conversion rate at which the number of significant digits would be counting from left to right starting from the first non-zero digit, which is two digits. The left most nibble with value of 2, indicates the position of the decimal point of the conversion rate by counting from the rightmost nibble and shift the decimal point TWO digits to the left. (4) Amount, Authorised is 100000 (100,000). The conversion is performed under the conditions above. 100,000 YEN (Amount, Authorised) x 0.74 (conversion rate) = 74000($740.00) is obtained.

JCB Confidential

5-41

April 2008

JCB IC Card Specification

5. Functional Requirements

5.10
5.10.1

Online Processing
Definition and Conditions of Execution Online Processing consists of the following functions defined in Part III, Section 10.9 of EMV4.1 Book3. (1) Online Authorisation (2) Issuer Authentication In (1) Online Authorisation, the Terminal requests the Issuer online for transaction authorisation. In (2) Issuer Authentication, the IC Card authenticates the Issuer using data contained in the response from the Issuer. Support of Issuer Authentication by the IC Card is recommended. Online Authorisation is a processing between the Terminal and Issuer, and the IC Card does not take part in this processing. If Issuer Authentication is supported, the Issuer authentication is supported bit in the AIP(1,3) shall be set to 1. If Issuer Authentication is mandatory in credit transactions, the Issuer Authentication Indicator shall be set to 80. The data Structure of Issuer Authentication Indicator is defined in Table 5-41.
Table 5-41 Data Structure of Issuer Authentication Indicator

Issuer Authentication Indicator b8 1 b7 b6 b5 b4 b3 b2 b1 Meaning Issuer Authentication is mandatory RFU

5.10.2

Processing Data Table 5-42 lists the data in Issuer Authentication.

Table 5-42
Item No.

Data Used in Issuer Authentication

Tag Data name Initial Storage C C C Presence

1 2 3

9F62 -

Issuer Authentication Indicator CAAI CVR

Mandatory Mandatory Mandatory

CDOL2 shall contain data that shall be retrieved from the Terminal by the IC Card

JCB Confidential

5-42

April 2008

JCB IC Card Specification

5. Functional Requirements

in order to perform Completion defined in Section 5.12, and the tag of the data defined in Section 6.2.4 AC Generation. ARC, in particular, shall be included in case Issuer Authentication is not performed. 5.10.3 Processing The processing of Issuer Authentication shall conform to Part III, Section 10.9 of EMV4.1 Book3. Additional requirements regarding Issuer Authentication are defined below. When the IC Card receives the EXTERNAL AUTHENTICATE command, the following processing shall be performed. (1) If Issuer Authentication passes with a successful ARPC verification, the IC Card shall set the Issuer Authentication Failure Indicator in the CAAI to 0, and the ARC retrieved by the EXTERNAL AUTHENTICATE command shall be stored in the IC Card. (2) If Issuer Authentication fails, the Issuer authentication performed and failed in the CVR(2,4) shall be set to 1 and the Issuer Authentication Failure Indicator in the CAAI shall be set to 1. (3) If the IC Card receives the EXTERNAL AUTHENTICATE command twice or more, an error shall be returned.

JCB Confidential

5-43

April 2008

JCB IC Card Specification

5. Functional Requirements

5.11
5.11.1

Issuer Script
Definition and Conditions of Execution Issuer Script shall conform to Part III, Section 10.10 of EMV4.1 Book3. Support of Issuer Script by the IC Card is optional.

5.11.2

Processing Data Table 5-43 lists the data used in Issuer Script.
Table 5-43
Item No.

Data Used in Issuer Script

Tag Data name Initial Storage C C Presence

1 2

Issuer Script Command Counter CAAI

Mandatory Mandatory

5.11.3

Processing The processing of Issuer Script shall conform to Part III, Section 10.10 of EMV4.1 Book3. Additional requirements regarding Issuer Script are defined below. The IC Card shall perform the following processing. Every time an Issuer Script command is received, the Issuer Script Command Counter is incremented by 1. If the Issuer Script command contains MAC or other enciphered data, secure messaging processing such as MAC verification or data decryption shall be performed. Refer to Section 6.2.7 for the processing of secure messaging. (1) If secure messaging processing fails: The IC Card shall set the Issuer Script Failure Indicator in the CAAI to 1 and return a response indicating failure to the Terminal without processing the Issuer Script command. (2) If secure messaging processing succeeds: Process the Issuer Script command and return Success, Warning or Error, depending on the result of the processing. If the IC Card returns Error, it shall set the Issuer Script Failure Indicator in the CAAI to 1.

JCB Confidential

5-44

April 2008

JCB IC Card Specification

5. Functional Requirements

5.12
5.12.1

Completion
Definition and Conditions of Execution Completion shall conform to Part III, Section 10.11 of EMV4.1 Book3. As additional requirements, the following optional checks may be performed in Completion. (1) 2nd Issuer Authentication Failure on Last Online Transaction (2) 2nd Card Velocity Checking (upper limit) (3) 2nd New Card Checking (4) 2nd Offline PIN Verification Not Performed (5) 2nd Cumulative Offline Transaction Amount Checking (upper limit) Refer to Section 5.9.1 for the definitions of all check items. For item (2), the upper limit shall be used as the limit for the number of transactions. For item (5), the upper limit shall be used as the limit for Cumulative Offline Transaction Amount. Support of Completion by the IC Card is mandatory. Support of individual check items is optional. Completion shall always be performed when the IC Card receives the second GENERATE AC command. As for the individual check items included in Completion, when online transaction is incomplete, they shall always be performed if supported by the IC Card. However, the order in which the individual check items are performed is not defined. Regardless of the result of any check item, the IC Card shall perform all check items it supports. If data necessary for a processing does not exist, the processing shall continue with the next check item.

JCB Confidential

5-45

April 2008

JCB IC Card Specification

5. Functional Requirements

5.12.2

Processing Data Table 5-44 lists the data used during Completion.
Table 5-44
Item No.

Data Used in Completion

Tag Data name Initial Storage I/T C C C C C C T C C Presence

1 2 3 4 5 6 7 8 9 10

8A 9F61 9F63 9F27 9F36 95 9F13 -

ARC ADA CVR CAAI CAASI CID ATC TVR Last Online ATC Register Issuer Script Command Counter

Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory

Table 5-45 lists the codes for ARC.

Table 5-45 ARC
Meaning Approval Referral Decline Offline approval Offline decline Code 00, 10, 11 01, 02 Other than above Y1 Z1 Note

Response from Issuer

Generate at Terminal

Offline approval when online authorization request not possible Offline decline when online authorization request not possible

Y3

Z3

offline approved offline declined unable to go online (offline approved) unable to go online (offline declined)

JCB Confidential

5-46

April 2008

JCB IC Card Specification

5. Functional Requirements

Table 5-46 lists the data used in 2nd Card Velocity Checking (upper limit).
Table 5-46
Item No.

Data Used in 2nd Card Velocity Checking (Upper Limit)

Tag Data name Initial Storage T C T C C C C Presence

1 2 3 4 5 6 7 8

9F1A 5F28 5F2A 9F42 9F36 9F13 9F57 9F59

Terminal Country Code Issuer Country Code Transaction Currency Code Application Currency Code ATC Last Online ATC Register Upper Consecutive Domestic Offline Limit Upper Consecutive International Offline Limit

Optional Optional Mandatory Mandatory Mandatory Mandatory Mandatory Mandatory

NOTE: Items 1 through 4 are used to determine whether the transaction is domestic or international. If either item 1 or 2 does not exist, items 3 and 4 alone determine whether the transaction is domestic or international.

Table 5-47 lists data used when 2nd Cumulative Offline Transaction Amount Checking (Upper Limit) is performed.
Table 5-47 Data Used in 2nd Cumulative Offline Transaction Amount Checking (Upper Limit)
Item No. Tag Data name Initial Storage T C C Presence

1 2 3 4 5 6

5F2A 9F42 9F65 9F64 9F02

Transaction Currency Code Application Currency Code Transaction Currency Conversion Table Cumulative Total Transaction Amount Cumulative Total Transaction Amount Upper Limit Amount, Authorised(Numeric)

Mandatory Mandatory Optional Mandatory Mandatory Mandatory

C C T

NOTE: Item 3 is mandatory if currency conversion described in Section 5.9.3.12 is supported. The data format for item 6 shall be numeric, not binary.

5.12.3

Processing The processing of Completion shall conform to Part III, Section 10.11 of EMV4.1 Book3. Additional requirements for Completion are defined below.

JCB Confidential

5-47

April 2008

JCB IC Card Specification

5. Functional Requirements

When an IC Card receives the second GENERATE AC command that requests CDA and responds with TC, it shall set the Combined DDA/AC Generation performed bit in the CVR(4,1) to 1. At the beginning of Completion, the IC Card shall check whether the Application is blocked. If the Application is blocked, the processing for when the Issuer declines the transaction, in Section 5.12.3.1.2, shall be performed. If the application is not blocked, the IC Card shall check the following ARC. (1) If Issuer Authentication succeeds, the ARC retrieved by the EXTERNAL AUTHENTICATE command shall be used. (2) If Issuer Authentication fails or not been performed, the ARC retrieved by the second GENERATE AC command shall be used. The IC Card performs the following processing with the appropriate ARC. (1) If the Terminal requests a TC with the second GENERATE AC command: (a) If the ARC is an approval, the processing for when the Issuer approves the transaction, in Section 5.12.3.1.1, shall be performed. (b) If the ARC is a decline, the processing for when the Issuer declines the transaction, in Section 5.12.3.1.2, shall be performed. (c) If the ARC is a referral, (a) shall be performed. (d) If the ARC is Y3, the processing for Online Transaction not Completed, in Section 5.12.3.2, shall be performed. (e) If the ARC is other than approval, referral or decline, the processing for Online Transaction not Completed, in Section 5.12.3.2, shall be performed. However, the IC Card shall always return an AAC. (2) If the Terminal requests an AAC with the second GENERATE AC command: (a) If the ARC is approval, referral or decline, the processing for when the Issuer declines the transaction, in Section 5.12.3.1.2, shall be performed. (b) If the ARC is other than approval, the processing for Online Transaction not Completed, in Section 5.12.3.2, shall be performed. However, the IC Card shall always return an AAC.

JCB Confidential

5-48

April 2008

JCB IC Card Specification

5. Functional Requirements

The conditions described above are summarized in Table 5-48.

Table 5-48 Conditions of Completion
Condition Processing

Application is blocked ARC is approval ARC is decline TC requested by Terminal ARC is referral ARC is Y3 ARC is other than approval, referral, decline or Y3 ARC is approval, referral or decline ARC is other than approval, referral or decline

Application is not blocked

AAC requested by Terminal

Processing in Section 5.12.3.1.2 (Issuer declined transaction) Processing in Section 5.12.3.1.1 (Issuer approved transaction) Processing in Section 5.12.3.1.2 (Issuer declined transaction) Processing in Section 5.12.3.1.1 (Issuer approved transaction) Processing in Section 5.12.3.2 (Online Processing not Completed) Always return AAC after processing in Section 5.12.3.2 (Online Processing not Completed) Processing in Section 5.12.3.1.2. (Issuer declined transaction) Always return AAC after processing in Section 5.12.3.2. (Online Processing not Completed)

5.12.3.1

Processing when Online Transaction Completed

5.12.3.1.1. Issuer Approved Transaction

When the Issuer approves the transaction, the IC Card shall perform the following processing before responding to the second GENERATE AC command. (1) If Issuer Authentication is mandatory but not performed, the IC Card shall: (a) Set the Issuer authentication not performed after online authorisation bit in the CVR(3,3) to 1. (b) Set the Issuer Authentication Failure Indicator in the CAAI to 1. (c) If the If issuer authentication is mandatory and no ARPC received, decline transaction bit in the ADA(1,6) is 0, set the TC returned in second GENERATE AC bit in the CVR(2,8-7) and return a TC to the Terminal. (d) If the If issuer authentication is mandatory and no ARPC received, decline transaction bit in the ADA(1,6) is 1, set the AAC returned in

JCB Confidential

5-49

April 2008

JCB IC Card Specification

5. Functional Requirements

second GENERATE AC bit in the CVR(2,8-7) and return an AAC to the Terminal. Before returning the AAC, check whether the If transaction declined because issuer authentication failed or not performed, create advice bit in the ADA(1,3) is set to 1 and sets the advice required bit in the CID(1,4) to 1 and set the Issuer authentication failed of the Reason code bit in the CID(1,3-1). (2) If Issuer Authentication is optional and not performed, the IC Card shall return a TC to the Terminal. Before returning the TC, the IC Card shall perform the following processing: (a) Set the Issuer authentication not performed after online authorisation bit in the CVR(3,3) to 1. (b) Set the TC returned in second GENERATE AC bit in the CVR(2,8-7). (c) Reset the following values in the CAAI to 0. [1] Online Authorisation Indicator [2] Static Data Authentication Failure Indicator [3] Dynamic Data Authentication Failure Indicator [4] Issuer Script Failure Indicator (d) Reset the Issuer Script Command Counter to 0. (e) Update the Last Online ATC Register to the current value of the ATC. (f) Reset the Cumulative Total Transaction Amount to 0. (3) If Issuer Authentication is performed and succeeds, the IC Card shall return a TC to the Terminal. Before returning the TC, the IC Card shall perform the following processing: (a) Set the TC returned in second GENERATE AC bit in the CVR(2,8-7). (b) Reset the following values in the CAAI to 0. [1] Online Authorisation Indicator [2] Static Data Authentication Failure Indicator [3] Dynamic Data Authentication Failure Indicator [4] Issuer Script Failure Indicator (c) Reset Issuer Script Command Counter to 0. (d) Update the Last Online ATC Register to the current value of the ATC. (e) Reset the Cumulative Total Transaction Amount to 0. (4) If Issuer Authentication is performed and fails, the IC Card shall perform the

JCB Confidential

5-50

April 2008

JCB IC Card Specification

5. Functional Requirements

following processing: (a) If the If issuer authentication performed and failed, decline transaction bit in the ADA(1,7) is 0, set the TC returned in second GENERATE AC bit in the CVR(2,8-7) and return a TC to the Terminal. (b) If the If issuer authentication performed and failed, decline transaction bit in the ADA(1,7) is 1, set the AAC returned in second GENERATE AC bit in the CVR(2,8-7) and return an AAC to the Terminal. Before returning the AAC, check whether the If transaction declined because issuer authentication failed or not performed, create advice bit in the ADA(1,3) is set to 1. If it is, set the advice required bit in the CID(1,4) to 1 and set the Issuer authentication failed of the Reason code bit in the CID(1,3-1).
5.12.3.1.2. Issuer Declined Transaction

When the Issuer declines the transaction, the IC Card shall return an AAC to the Terminal in response to the second GENERATE AC command. Before returning the AAC, the IC Card shall set the AAC returned in second GENERATE AC bit in the CVR(2,8-7) and perform the following processing: (1) If Issuer Authentication is performed and has succeeded, reset the Issuer Script Command Counter to 0 and set the following values in the CAAI to 0. (a) Online Authorisation Indicator (b) Static Data Authentication Failure Indicator (c) Dynamic Data Authentication Failure Indicator (d) Issuer Script Failure Indicator (2) If Issuer Authentication is not performed, the IC Card shall set the Issuer authentication not performed after online authorisation bit in the CVR(3,3) to 1 and perform the following processing: (a) If Issuer Authentication is mandatory, set the Issuer Authentication Failure Indicator in the CAAI to 1. (b) If Issuer Authentication is optional, reset the Issuer Script Command Counter to 0 and set the following values in the CAAI to 0. [1] Online Authorisation Indicator [2] Static Data Authentication Failure Indicator [3] Dynamic Data Authentication Failure Indicator [4] Issuer Script Failure Indicator

JCB Confidential

5-51

April 2008

JCB IC Card Specification

5. Functional Requirements

5.12.3.2

Processing when Online Transaction not Completed

The processing that the IC Card shall perform when online transaction is not completed is defined below.
5.12.3.2.1. Check Items

The IC Card shall check the bits from CAASI(2,4) to CAASI(3,8) shown in Table 5-26 and when they are set to 1, the IC Card shall perform the check items. Table 5-49 lists the CVR bits to be used and the check results for the processing when online transaction is not completed.
Table 5-49
Item No.

Check Items when Online Transaction not Completed

Check Item 2nd Issuer Authentication Failure On Last Online Transaction 2nd Card Velocity Checking (Upper limit) CVR Bit to be Used CVR(3,4)Issuer authentication failure on last online transaction CVR(5,7)Upper consecutive offline limit exceeded Check Result

1 2 3 4 5

AAC AAC AAC/ TC *2 AAC/ TC *3 AAC

2nd New Card Checking 2nd Offline PIN Verification Not Performed 2nd Cumulative Offline Transaction Amount Checking (upper limit)

CVR(3,5)New card CVR(3,7)PIN Try Limit exceeded *1 CVR(5,2)Cumulative total transaction amount upper limit exceeded

*1 In addition to this condition, only when Offline PIN verification performed bit in the CVR(2,3) to 0, this check may apply. If the CVR bit shown in Table 5-49 is set to 1, the result of the check shall be the value listed in the Check Result column. If the CVR bit is 0, the check result shall be a TC. For the setting of bits in the CVR for items 1, 3 and 4, the value set as a result of Card Action Analysis shall be used. For the setting of the bits in the CVR for item 2, refer to Section 5.12.3.2.4. For the setting of the bits in the CVR for item, refer to Section 5.12.3.2.5. For *2 and *3 in Table 5-49, where two values are possible, the following processing using the ADA shall be performed. *2 Check the If new card, transmit transaction online bit in the ADA(1,1). If the bit is set to 1, the result shall be an AAC; if the bit is 0, the result shall be a TC. *3 Check the If PIN Try Limit exceeded on previous transaction, decline if unable to transmit transaction online bit in the ADA(2,5). If the bit is set to 1,

JCB Confidential

5-52

April 2008

JCB IC Card Specification

5. Functional Requirements

the result shall be an AAC; if the bit is 0, the result shall be a TC.
5.12.3.2.2. Response to the Terminal

Response to the Terminal shall be returned after performing all check items that the IC Card supports. Table 5-50 shows the conditions for making the final determination.
Table 5-50 Response Conditions of Completion when Online Processing not Completed
Condition Response AAC

Terminal requests AAC

Terminal requests TC AAC response determined once or more Other than above

AAC TC

(1) If the Terminal requests an AAC with the second GENERATE AC command, an AAC shall be returned. (2) If the Terminal requests a TC with the second GENERATE AC command: (a) If an AAC has been determined at least once for the checks listed in Table 5-49, an AAC shall be returned. (b) If an AAC has not been determined, a TC shall be returned.
5.12.3.2.3. Processing Prior to Response

After determining whether to return TC or AAC, the IC Card shall perform the following processing before returning the response to the Terminal. (1) If returning a TC: (a) Set the unable to go online bit in the CVR(2,1) to 1. (b) Set the TC returned in second GENERATE AC bit in the CVR(2,8-7). (c) Verify whether Transaction Currency Code and Application Currency Code are the same. [1] If they are the same Add the value of Amount, Authorised to Cumulative Total Transaction Amount. [2] If they are not the same If the Currency Conversion is supported and the Transaction Currency Code exists in the Transaction Currency Conversion Table, Currency Conversion is performed on Amount, Authorised according to the Currency Conversion Method in Section 5.9.3.12.

JCB Confidential

5-53

April 2008

JCB IC Card Specification

5. Functional Requirements

The converted Amount, Authorised value is added to the Cumulative Total Transaction Amount. (2) If returning an AAC: (a) Set the unable to go online bit in the CVR (2,1)to 1. (b) If the If transaction declined offline, create advice bit in the ADA(1,5) is set to 1, set the advice required bit in the CID(1,4) to 1. (c) Set the AAC returned in second GENERATE AC bit in the CVR(2,8-7). (d) If the SDA failed bit in the TVR(1,7) is 1, set the Static Data Authentication Failure Indicator in the CAAI to 1. (e) If the DDA failed bit in the TVR(1,4) or the CDA failed bit in the TVR(1,3) is 1, set the Dynamic Data Authentication Failure Indicator in the CAAI to 1.
5.12.3.2.4. 2nd Issuer Authentication Failure on Last Online Transaction

In 2nd Issuer Authentication Failure on Last Online Transaction, CVR is not updated.
5.12.3.2.5. 2nd Card Velocity Checking (Upper Limit)

The IC Card verifies whether both the Terminal Country Code and Issuer Country Code, and the Transaction Currency Code and Application Currency Code pairs, are the same to determine if the transaction is domestic or international. However, if comparison of the Terminal Country Code and Issuer Country Code is not possible due to insufficient data, comparison of the Transaction Currency Code and Application Currency Code alone is verified. If they are the same, the following processing shall be performed as a domestic transaction, and if not, as an international transaction. (1) If the transaction is domestic, verify if the difference between the Last Online ATC Register and the ATC exceeds the Upper Consecutive Domestic Offline Limit. If this limit is exceeded, set the Upper consecutive offline limit exceeded bit in the CVR(5,7) to 1. (2) If the transaction is international, verify if the difference between the Last Online ATC Register and the ATC exceeds the Upper Consecutive International Offline Limit. If this limit is exceeded, set the Upper consecutive offline limit exceeded bit in the CVR(5,7) to 1.
5.12.3.2.6. 2nd New Card Checking

In 2nd New card checking, CVR is not updated.

5.12.3.2.7. 2nd Offline PIN Verification Not Performed

In 2nd Offline PIN Verification Not Performed, CVR is not updated.

JCB Confidential

5-54

April 2008

JCB IC Card Specification

5. Functional Requirements

5.12.3.2.8. 2nd Cumulative Offline Transaction Amount Checking (Upper Limit)

Verify whether Transaction Currency Code and Application Currency Code are the same. If they are the same, the following processing shall be performed as a domestic transaction, and if not, as an international transaction. (1) Domestic Transactions Verify whether the sum of Cumulative Total Transaction Amount and Amount, Authorised exceeds Cumulative Total Transaction Amount Upper Limit. (a) If the sum exceeds the limit, the Cumulative total transaction amount upper limit exceeded bit of CVR(5,2) shall be set to 1. Proceed to the next check. (b) If the sum does not exceed the limit, proceed to the next check. (2) International Transactions (a) If Currency Conversion is supported Verify whether Transaction Currency Code exists in Transaction Currency Conversion Table. [1] If Code exists in Table Perform conversion on Amount, Authorised according to the currency conversion method in Section 5.9.3.12. Verify whether the sum of Cumulative Total Transaction Amount and the converted value of Amount, Authorised exceeds Cumulative Total Transaction Amount Upper Limit. (I) If the sum exceeds the limit, the Cumulative total transaction amount upper limit exceeded bit of CVR(5,2) shall be set to 1. Proceed to the next check. (II) If the sum does not exceed the limit, proceed to the next check. [2] If the Code does not exist in the Table, proceed to the next check. (b) If Currency Conversion is not supported, proceed to the next check.

JCB Confidential

5-55

April 2008

JCB IC Card Specification

6. Security Requirements

Security Requirements
This chapter defines the security requirements for asymmetric and symmetric algorithm.

6.1
6.1.1

Security Requirements Using Asymmetric Algorithm

Certification Authority Service JCB will manage the certification authority service in processing using asymmetric algorithm as defined EMV4.1 Book2.

6.1.2

Processing When the IC Card or the Terminal performs Offline Data Authentication or Offline Encrypted PIN Verification, they shall conform to EMV4.1 Book2.

JCB Confidential

6-1

April 2008

JCB IC Card Specification

6. Security Requirements

6.2

Security Requirements Using Symmetric Algorithm

Security-related methods that the IC Card shall conform to upon performing the processing listed below are defined. (1) AC (Application Cryptogram) Generation (2) ARPC (Authorisation Response Cryptogram) Generation (3) Secure messaging (MAC generation, command message encryption and decryption)

6.2.1

Types of Algorithm For each algorithm, 16-byte keys are used. When the terms key A or key B are used, key A refers to the leftmost 8 bytes of the 16-byte key, while key B refers to the rightmost 8 bytes of the 16-byte key.

6.2.2

Definition of Encryption Keys Keys used in Sections 6.2.5 through 6.2.7 are defined. divided into three categories, as follows: (1) Master Keys (2) Unique Keys (3) Session Keys Master Keys (1) are the keys used to derive unique keys. derive the unique keys are referred to as follows: [1] Application Master Key [2] MAC Master Key [3] Message encryption Master Key In this specification, if reference is made simply to master keys, it is used as a general term for all three types of these keys. The Issuer is responsible for the generation and management of master keys. There are three types of unique keys (2): [1] Application Unique Key [2] MAC Unique Key [3] Message encryption Unique Key Application Unique Key [1] is used to generate AC and ARPC. MAC Unique Key [2] is used to generate MAC. Master Keys used to These keys can be

JCB Confidential

6-2

April 2008

JCB IC Card Specification

6. Security Requirements

Message encryption Unique Key [3] is used to encrypt command messages. In this specification, if reference is made simply to unique keys, it is used as a general term for all three types of keys. Unique keys are derived from the master keys managed by the Issuer, and shall be set individually in IC Card. The Issuer shall either store the unique key for each IC Card so that it can be retrieved when necessary or be capable of deriving the unique key when necessary. There are three types of session keys (3): [1] Application Session Key [2] MAC Session Key [3] Message encryption Session Key Application Session Key [1] is used in AC and ARPC generation. MAC Session Key [2] is used to generate MAC. Message encryption Session Key [3] is used to encrypt command messages. In this specification, if reference is made simply to session keys, it is used as a general term for these three types of keys. Session keys are generated both within the IC Card and at the Issuer system. The Issuer may ask either JCB or an organization that JCB consigns to perform these processings on behalf of the Issuer. In such a case, the Issuer shall provide information on the keys and algorithms that are necessary for the processing.
Table 6-1 Keys Used in Symmetric Algorithm Application Master Key MAC Master Key Message encryption Master Key Application Unique Key MAC Unique Key Message encryption Unique Key Application Session Key MAC Session key Message encryption Session Key
Length 16 16 16 16 16 16 16 16 16

Category

Master Key

Unique Key

Session Key

6.2.3

Definition of Cryptogram Version Number Table 6-2 shows session key generation method, AC generation key, ARPC generation key, MAC generation key, and message encryption/decryption key indicated by the Cryptogram Version Number.

JCB Confidential

6-3

April 2008

JCB IC Card Specification

6. Security Requirements

Table 6-2
Cryptogram Version Number

Definition of Cryptogram Version Number

Session key generation method AC generation key ARPC generation key MAC generation key Message encryption/de cryption keys

01 02

Defined in Section 6.2.4.2

Application Unique Key Application Session Key

Application Unique Key Application Session Key

MAC Session Key

Message encryption Session Key

6.2.4
6.2.4.1

Key Derivation
Unique Key Derivation

The derivation of unique keys A and B is defined. Derivation of the Application Unique Key shall be performed as described below. Derivation of the MAC Unique Key and Message encryption Unique Key shall also be performed in the same manner. Unique key A shall be derived in the following manner: (1) Application PAN and Application PAN Sequence Number are concatenated in that order and right justified. If this data is less than 8 bytes, 0s are padded on the left until the length of 8 bytes is reached. If this data is greater than 8 bytes, keep the rightmost 8 bytes of the data and discard the rest. If Application PAN Sequence Number does not exist, 00 is used instead. (2) By inputting the data created in (1) into D1 of Figure 6-1, unique key A is obtained. Unique key B shall be derived in the following manner: (1) Application PAN and Application PAN Sequence Number are concatenated in that order and right justified. If this data is less than 8 bytes, 0s are padded on the left until the length of 8 bytes is reached. If this data is greater than 8 bytes, keep the rightmost 8 bytes of the data and discard the rest. If Application PAN Sequence Number does not exist, 00 is used instead. (2) By inverting1 the data created in (1) and inputting it into D1 of Figure 6-1, unique key B is obtained.

Inversion is performed at the bit level, where each bit with 1 is set to 0 and each bit with value 0 is set to 1.

JCB Confidential

6-4

April 2008

JCB IC Card Specification

6. Security Requirements

Figure 6-1

Unique Key Derivation Algorithm

I1 = D1

DKA

DES(e)

O1

DKB

DES(d)

O2

DKA

DES(e)

O3

Unique Key Ii = ith input DES(e) = DES encryption DES(d) = DES decryption Oi = ith output Di = ith data block DKA = Master key A DKB = Master key B

JCB Confidential

6-5

April 2008

JCB IC Card Specification

6. Security Requirements

6.2.4.2

Derivation of Session Key

The derivation of session keys A and B is defined. This section defines the session key generation method for Cryptogram Version Numbers 01 and 02. Derivation of session key A shall be performed as described below. (1) Create an 8-byte data by concatenating 6 bytes of 00s and the latest ATC (2 bytes) in that order. (2) Session key A is retrieved with XORing the data created in (1) with the 8-byte unique key A. Here, unique key A refers to the Application Unique Key A, the MAC Unique key A or the Message encryption Unique Key A, depending on the intended use. Derivation of session key B shall be performed as described below: (1) Create an 8-byte data by concatenating 6 bytes of 00 and the inverted data of the latest ATC (2 bytes) in that order. (2) Session key B is retrieved with XORing the data created in (1) with the 8-byte unique key B. Here, unique key B refers to the Application Unique Key B, the MAC Unique Key B or the Message encryption Unique Key B, depending on the intended use.

JCB Confidential

6-6

April 2008

JCB IC Card Specification

6. Security Requirements

6.2.5

AC Generation An IC Card confirming to this document shall perform AC Generation in the following manner: (1) Data for items 1 through 11 in Table 6-3 are concatenated in that order. Of the data listed in Table 6-3, the tags of items 1 through 8 shall be specified in CDOL1, CDOL2.
Table 6-3
Item No. 1 2 3 4 5 6 7 8 9 10 11

Input to AC Amount, Authorised (Numeric) Amount, Other (Numeric) Terminal Country Code TVR Transaction Currency Code Transaction Date Transaction Type Unpredictable Number AIP ATC CVR

(2) Data generated in (1) is divided into 8-byte blocks, which are D1, D2, ..., DN. If the last block DN is less than 8 bytes, 00 shall be padded to the right until the length reaches 8 bytes, thus making DN an 8-byte data. (3) AC is generated by inputting D1, D2, ..., DN into D1, D2, ..., DN in Figure 6-2. If the Cryptogram Version Number is 01, for key A and key B used in Figure 6-2, Application Unique Key generated using the method defined in Section 6.2.4.1 is used. If the Cryptogram Version Number is 02, Application Session Key is used for key A and key B used in Figure 6-2. If the Cryptogram Version Number is 02, the session key generation method is the method defined in Section 6.2.4.2.

JCB Confidential

6-7

April 2008

JCB IC Card Specification

6. Security Requirements

Figure 6-2

Input to AC

I1=D1
KMA KMA

I1
KMA

IN-1
KMA

IN

KMB

DES(d)

DES(e) O1

DES(e) O2

DES(e) ON-1

DES(e)
KMA

ON+1

ON

DES(e)

+ D2

+ D3

+ DN

O N+2

TC/AAC/ARQC

Ii = ith input DES(e) = DES encryption DES(d) = DES decryption Oi = ith output

Di = ith data block KMA = Key A KMB = Key B + = XOR operation

6.2.6

ARPC Generation The generation of ARPC is performed in the following manner: (1) Left-justify the ARC (2 bytes) and pad with 00s to create an 8-byte data. (2) Perform an exclusive-OR operation on the data created in (1) and the AC generated by the first GENERATE AC command in the transaction. (3) ARPC is retrieved with inputting the data created in (2) into D1 in Figure 6-3. If the Cryptogram Version Number is 01, for key A and key B used in Figure 6-3, Application Unique Key generated using the method defined in Section 6.2.4.1 is used. If the Cryptogram Version Number is 02, Application Session Key is used for key A and key B used in Figure 6-3. If the Cryptogram Version Number is 02, the session key generation method is the method defined in Section 6.2.4.2.

JCB Confidential

6-8

April 2008

JCB IC Card Specification

6. Security Requirements

Figure 6-3

ARPC Generation Algorithm

I1 = D1

KMA

DES(e)

O1

KMB

DES(d)

O2

KMA

DES(e)

O3

Unique Key Ii = ith input DES(e) = DES encryption DES(d) = DES decryption Oi = ith output Di = ith data block KMA = Key A KMB = Key B

6.2.7

Secure Messaging The IC Card shall process Issuer Script according to the secure messaging defined in EMV4.1 Book2. Secure messaging defined in this section is based on the following assumptions: (1) Secure messaging in Format 2, as specified in Part II, Chapter 9 of EMV4.1 Book2, is used. (2) Secure messaging is used only for Issuer Script. An Issuer that issues IC Cards not based on the assumptions above shall provide a provision of the same level as the provision in this section with the approval of JCB.

JCB Confidential

6-9

April 2008

JCB IC Card Specification

6. Security Requirements

6.2.7.1

MAC (Message Authentication Code) Generation

MAC generation is performed in the following manner: (1) Create data concatenated in the following order: (a) CLA, INS, P1, P2 and Lc of the commands that use MAC (b) ATC of the transaction (c) AC generated by the first GENERATE AC command in the transaction (d) Data in the command data field (This is only when data exists in the command data field. If data is to be encrypted, the encrypted data shall be the input.) (2) Using data created in (1), MAC is generated in the following manner. (a) 80 is concatenated at the end of the data created in (1). The data is formatted into 8-byte data blocks, labeled D1, D2, ... , DN. If the final block is less than 8 bytes, 00s are padded until the data length is 8 bytes. (b) MAC is generated by inputting D1, D2, ..., DN into D1, D2, ..., DN in Figure 6-4. If the Cryptogram Version Number is 01 or 02, MAC Session Key A and MAC Session Key B in Figure 6-4 are generated using the method described in Section 6.2.4.2. In this specification, MAC length shall be 8 bytes or 4 bytes. If a 4-byte MAC is used, the first 4 bytes of the generated MAC will be used as the MAC. The IC Card and Issuer both need to know the MAC length to be used.

JCB Confidential

6-10

April 2008

JCB IC Card Specification

6. Security Requirements

Figure 6-4

MAC Generation Algorithm

KMA

KMB KMA

I1=D1

I1

IN-1

IN

DES(d)

KMA

KMA

DES(e) O1

DES(e) O2

DES(e) ON-1

KMA

DES(e) ON

ON+1

DES(e)

+ D2

+ D3

+ DN

O N+2

MAC

Ii = ith input DES(e) = DES encryption DES(d) = DES decryption Oi = ith output

Di = ith data block KMA = MAC Session key A KMB =MAC Session key B + = XOR operation

6.2.7.2

Message Encryption and Decryption

Message encryption is performed in the following manner: (1) The length of the plaintext to be enciphered expressed in 1 byte and the plaintext are concatenated, in that order. (2) Data created in (1) is formatted into 8-byte data blocks labeled D1, D2, ... , DN. If the final block is less than 8 bytes, 80 is concatenated at the end of the data block. Then, 00s are padded until the data length is 8 bytes. (3) Each data block is encrypted by inputting D1, D2, ..., DN created in (2) into the message encryption algorithm shown in Figure 6-5. If the Cryptogram Version Number is 01 or 02, Message encryption Session Key A and Message encryption Session Key B used in Figure 6-5 are generated using the method described in Section 6.2.4.2. (4) D1, D2 ..., DN enciphered in (3) are concatenated, in that order, and the message encryption processing is complete. Message decryption is performed in the following manner: (1) The enciphered data is formatted into 8-byte data blocks labeled D1, D2, ... , DN. (2) D1, D2, ... , DN are decrypted by inputting D1, D2, ..., DN created in (1) into the message decryption algorithm shown in Figure 6-5.

JCB Confidential

6-11

April 2008

JCB IC Card Specification

6. Security Requirements

(3) Concatenate the decryption results of D1, D2, ... , DN in that order. Obtain the message length, which is stored in the first byte. Using this message length, obtain the plaintext contained in the decryption results.
Figure 6-5 Message Encryption/Decryption Algorithm

Message Encryption Algorithm DN

Message Decryption Algorithm DN

KDA

DES(e)

KDA

DES(d)

O1

O1

KDB

DES(d) O2

KDB

DES(e) O2

KDA

DES(e) O3

KDA

DES(d) O3

Encrypted DN DES(e) = DES encryption DES(d) = DES decryption Oi = ith output Di = ith data block KDA = Message encryption Session key A KDB = Message encryption Session key B

Decrypted DN

JCB Confidential

6-12

April 2008

JCB IC Card Specification

Annex A. JCB Proprietary Data List

Annex A. JCB Proprietary Data List

Data supported by the IC Card and Issuer consists of 2 types; data defined in Part IV, Annex A of EMV4.1 Book 3 and JCB proprietary data. Table A-1 shows JCB proprietary data. In Table A-1, C in the Source column indicates data to be stored in the IC Card, and I indicates data possessed by the Issuer.
Table A-1
Item No. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27

JCB Proprietary Data List

Name Source C C C C C C C C C C C C C C C C C C I C I/C I C I/C I C I/C Format b b b b b n12 n12 n12 b b b b n12 n b b b b b b b b b b b Tag 9F61 9F63 9F66 9F56 9F64 9F62 9F58 9F5A 9F5B 9F65 9F57 9F59 Length 2 3 5 5 1 6 6 6 1 1 1 1 6 6 to 24 1 1 16 16 16 16 16 16 16 16 16

Application Default Action Card Action Analysis Indicators Card Action Analysis Support Information Card Action Code Card Verification Results Cryptogram Version Number Cumulative Total Transaction Amount Cumulative Total Transaction Amount Limit Cumulative Total Transaction Amount Upper Limit Derivation Key Index Issuer Authentication Indicator Issuer Script Command Counter Lower Consecutive Domestic Offline Limit Lower Consecutive International Offline Limit Maximum Domestic Offline Transaction Amount Transaction Currency Conversion Table Upper Consecutive Domestic Offline Limit Upper Consecutive International Offline Limit Application Master Key Application Unique Key Application session key MAC Master Key MAC Unique Key MAC Session Key Message Encryption Master Key Message Encryption Unique Key Message Encryption Session Key

JCB Confidential

A-1

April 2008

JCB IC Card Specification

Annex A. JCB Proprietary Data List

Table A-2 shows JCB proprietary data that can be retrieved with the GET DATA command only at special devices. For the implementation, consult JCB.
Table A-2
Item No. 1

JCB Proprietary Data That Can Be Retrieved with the GET DATA Command
Name Source Format Tag Length

2 3 4 5 6 7 8 9 10 11 12

Application Default Action Card Action Analysis Support Information Card Action Code Cumulative Total Transaction Amount Limit Cumulative Total Transaction Amount Upper Limit Issuer Authentication Indicator Lower Consecutive Domestic Offline Limit Lower Consecutive International Offline Limit Maximum Domestic Offline Transaction Amount Transaction Currency Conversion Table Upper Consecutive Domestic Offline Limit Upper Consecutive International Offline Limit

C C C C C C C C C C C C

b b b n12 n12 b b b n12 n b b

9F61 9F63 9F66 9F56 9F64 9F62 9F58 9F5A 9F5B 9F65 9F57 9F59

2 3 5 6 6 1 1 1 6 6 to 24 1 1

JCB Confidential

A-2

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

Annex B. Transaction Flow

Annex B shows sample functional processing prescribed by the credit application requirements. These are shown to give sample images and may not show all the processing in detail.

JCB Confidential

B-1

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

1. Overall Transaction Flow

Issuer Terminal Application Selection Initiate Application Processing Initiate Application Processing Read Application Data Offline Data Authentication Processing Restrictions Cardholder Verification Terminal Risk Management Terminal Action Analysis Card

Card Action Analysis Online Processing Issuer Script Completion Transaction Completed

JCB Confidential

B-2

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2. Card Action Analysis[1]

Card
Begin Card Action Analysis

Last Online Transaction Not Completed

Issuer Authentication Failure on Last Online Transaction

Issuer Script Processing Failure on Last Online Transaction

Offline PIN Verification Not Performed Card Floor Limit Checking

Card Velocity Checking

Cumulative Offline Transaction Amount Checking

SDA Failure on Last Transaction DDA Failure on Last Transaction

New Card Checking

Is Application blocked? N

AAC Which AC does terminal request? ARQC

TC

Y N Is CAC Check supported? Y N Any corresponding bits in CAC and TVR set to 1? Y N Y

Is AAC response determined at least once during Card Action Analysis? N

Is AAC response determined at least once during Card Action Analysis? Y

Is ARQC response determined at least once during Card Action Analysis? N

Return AAC

Return ARQC

Return TC

2-a

2-b

3-c

JCB Confidential

B-3

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2. Card Action Analysis[2]

Card
2-a 2-b 2-c

Set AAC returned in 1st GENERATE AC bit in CVR(2,6-5) and 2nd GENERATE AC not requested bit in CVR(2,8-7) N

Set ARQC returned in 1st GENERATE AC bit in CVR(2,6-5) and 2nd GENERATE AC not requested bit in CVR(2,8-7)

Set TC returned in 1st GENERATE AC bit in CVR(2,6-5) and 2nd GENERATE AC not requested bit in CVR(2,8-7) Y Transaction Currency Code = Application Currency Code N Is Currency Conversion supported? Y N

SDA failed bit in TVR(1,7) is 1? Y Set SDA Failure Indicator in CAAI to 1 Set Online Authorisation Indicator in CAAI to 1

DDA failed bit in TVR(1,4) or CDA failed bit in TVR(1,3) is 1? Y Set DDA Failure Indicator in CAAI to 1

Does Transaction Currency Code exist in N the Transaction Currency Conversion Table?

Increment Cumulative Total Transaction Amount with the converted Amount, Authorized

If transaction declined offline, create advice bit in ADA(1,5) is 1? Y Set advice required bit in CID(1,4) to 1

Increment Cumulative Total Transaction Amount with the Amount, Authorised

Is PIN Try Counter reduced to 0 during this transaction and If PIN Try Limit exceeded on current transaction and transaction is declined, create advice of ADA(1,4) is 1? Y Set advice required bit in CID(1,4) to 1 Y Reason Code bit in CID(1,3-1) is Service not allowed? N Set PIN Try Limit exceeded of Reason code bit in CID(1,3-1) Respond to GENERATE AC Command (TC)

Respond to GENERATE AC Command (AAC)

Respond to GENERATE AC Command (ARQC) Card Action Analysis completed

JCB Confidential

B-4

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.1 Last Online Transaction Not Completed

Card

Begin Last Online Transaction Not Completed Checking

Last Online Transaction Not Completed Checking bit in CAASI(1,8) is 1? N

Online Authorisation Indicator bit in CAAI is 1? Y Set Last online transaction not completed bit in CVR(3,8) to 1

Last online transaction not completed bit in CVR(3,8) is 1? N

Does Terminal Type exist? Y Can terminal process online? N If online authorisation not completed on previous transaction, decline if unable to transmit transaction online bit in ADA(2,1) is 1? Y Return AAC Return ARQC Y

Return TC

Last Online Transaction Not Completed Checking completed

JCB Confidential

B-5

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.2 Issuer Authentication Failure on Last Online Transaction

Card

Begin Issuer Authentication Failure on Last Online Transaction Checking

Issuer Authentication Failure on Y Last Online Transaction Checking bit in CAASI(1,7) is 1? N Issuer Authentication Failure Indicator bit in CAAI is 1? Y Set Issuer authentication failure on last online transaction bit in CVR(3,4) to 1

Issuer authentication failure on last online transaction bit in CVR (3,4)is 1? N

Does Terminal Type exist? Y Can terminal process online? N

Return TC

Return TC

Return ARQC

Issuer Authentication Failure on Last Online Transaction Checking completed

JCB Confidential

B-6

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.3 SDA Failure on Last Transaction

Card

Begin SDA Failure on Last Transaction Checking

SDA Failure on Last Transaction checking bit in CAASI(1,6) is 1? N

SDA failure Indicator bit in CAAI is 1? Y Set Offline static data authentication failed on last transaction and transaction declined offline bit in CVR(3,1) to 1 Offline static data authentication failed on last transaction and transaction declined offline bit in CVR(3,1) is 1? N

Does Terminal Type exist? Y Can terminal process online? N

Return TC

Return TC

Return TC

SDA Failure on Last Transaction Checking completed

JCB Confidential

B-7

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.4 DDA Failure on Last Transaction

Card

Begin DDA Failure on Last Transaction Checking

DDA Failure on Last Transaction checking bit in CAASI(1,5) is 1? N

DDA failure Indicatorbit in CAAI is 1?

Set Offline dynamic data authentication failed on last transaction and transaction declined offline bit in CVR(4,3) to 1 Y Offline dynamic data authentication failed on last Y transaction and transaction declined offline bit in CVR(4,3) is 1? N Does Terminal Type exist? Y Can terminal process online? N Y N

Return TC

Return TC

Return TC

DDA Failure on Last Transaction Checking completed

JCB Confidential

B-8

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.5 Issuer Script Processing Failure on Last Online Transaction Checking

Card
Begin Issuer Script Processing Failure on Last Online Transaction Checking

Issuer Script Processing Failure on Last Transaction Checking bit in CAASI(1,4) is 1? N

Set Number of Issuer Script Commands received after the second GENERATE AC command containing secure messaging processed on last transaction in CVR(4,8-5) to the value of the Issuer Script Command Counter

Issuer Script Failure Indicator in CAAI is 1? Y Set Issuer script processing failed on last transaction bit in CVR(4,4) to 1

Issuer Script processing failed on last transaction bit in CVR(4,4) is 1? N

Does Terminal Type exist? Y Can terminal process online? N

Return TC

Return AAC

Return ARQC

Issuer Script Processing Failure on Last Online Transaction Checking completed

JCB Confidential

B-9

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.6 Card Velocity Checking

Card
Begin Card Velocity Checking

Card Velocity Checking bit in CAASI(1,3) is 1? Y Do Terminal Country Code and Issuer Country Code exist? Y N Terminal Country Code = Issuer Country Code? Y

Transaction Currency Code Y = Application Currency Code? N

Does Terminal Type exist? Y

Does Terminal Type exist? Y Y Can terminal process online?

Can terminal process online? N

ATC-Last Online ATC Register > Lower Consecutive International Offline Limit? Y

ATC-Last Online ATC Register > Upper Consecutive International Offline Limit? Y

ATC-Last Online ATC N Register > Lower Consecutive Domestic Offline Limit? Y

ATC-Last Online ATC N Register > Upper Consecutive Domestic Offline Limit? Y

Set Upper consecutive offline limit exceeded bit in CVR(5,7) to 1 Return AAC

Set Lower consecutive offline limit exceeded bit in CVR(5,8) to 1 Return ARQC

Return TC

Card Velocity Checking completed

JCB Confidential

B-10

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.7 Cumulative Offline Transaction Amount Checking

Card
Begin Cumulative Offline Transaction Amount Checking

Cumulative Offline Transaction N Amount Checking bit in CAASI(1,2) is 1? Y Y Transaction Currency Code = Application Currency Code? N

Does Terminal Type exist? Y

Can terminal process online?

Is Currency Conversion supported?

Y Is Transaction Currency Code N included in Transaction Currency Conversion Table? Y Perform currency conversion for the Amount, Authorized N Does Terminal Type exist? Y
Can terminal process online?

N N
Amount, Authorised + Cumulative Total Transaction Amount > Cumulative Total Transaction Amount Limit

Amount, Authorised + Cumulative Total Transaction Amount > Cumulative Total Transaction Amount Upper Limit

Converted Amount, Authorised + Cumulative Total Transaction Amount > Cumulative Total Transaction Amount Limit

Converted Amount, Authorised + Cumulative Total Transaction Amount > Cumulative Total Transaction Amount Upper Limit

Set Cumulative total transaction amount upper limit exceeded bit in CVR(5,2) to 1

Set Cumulative total transaction amount limit exceeded bit in CVR(5,6) to 1

Return AAC

Return ARQC

Return TC

Cumulative Offline Transaction Amount Checking completed

JCB Confidential

B-11

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.8 New Card Checking

Card
Begin New Card Checking

New Card Checking bit in CAASI(1,1) is 1? N

Last Online ATC Register =0 Y Set New Card bit in CVR(3,5) to 1

New Card bit in CVR(3,5) is 1? N

Does Terminal Type exist? Y Can terminal process online? N N

If new card, decline if unable to transmit transaction online bit in ADA(1,1) is 1? If new card, transmit Y transaction online bit in N ADA(1,2) is 1? Y Return AAC Return ARQC

Return TC

New Card Checking completed

JCB Confidential

B-12

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.9 Offline PIN Verification Not Performed

Card

Begin Offline PIN Verification Not Performed Checking

Offline PIN Verification Not Performed Checking bit in CAASI(2,8) is 1? N N

Offline PIN verification performed bit in CVR(2,3) is 0? Y PIN Try Counter=0? Y Set PIN Try Limit exceeded bit in CVR(3,7) to 1

Does Terminal Type exist? Y Can Terminal process online? N

If PIN Try Limit exceeded on Y previous transaction, decline If PIN Try Limit exceeded on transaction bit in ADA(2,7) is 1? previous transaction, decline if unable to transmit transaction N online bit in ADA(2,5) is 1? Y If N PIN Try Limit exceeded on previous transaction, transmit transaction online bit in ADA(2,6) is 1?

Y Return TC Return AAC Return ARQC

Offline PIN Verification Not Performed Checking Completed

JCB Confidential

B-13

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

2.10 Card Floor Limit Checking

Card
Begin Card Floor Limit Checking

Card Floor Limit Checking bit in CAASI(2,7) is 1? N

Do Terminal Country Code and Issuer Country Code exist? Y N Terminal Country Code = Issuer Country Code Y N Transaction Currency Code = Application Currency Code Y N Amount, Authorised > Maximum Domestic Offline Transaction Amount? Y Set Floor limit exceeded bit in CVR(5,5) to 1

Floor limit exceededbit in CVR(5,5) is 1? N

Does Terminal Type exist? Y Y Can Terminal process online? N

Return TC

Return AAC

Return ARQC

Card Floor Limit Checking completed

JCB Confidential

B-14

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [1]
Card

Begin Completion

Is Application blocked? N

Is Issuer Authentication successful? N

3-g

ARC in the EXTERNAL AUTHENTICATE command is used.

ARC in the 2nd GENERATE AC command is used.

AAC N

Which AC is requested? N

TC

Is ARC Approval, Referral or Decline? Y

Is ARC Approval, Referral or Decline? Y

3-a

3-g

3-a

Approval

Is ARC Approval, Referral or Decline? Referral

Decline

3-f

3-f

3-g

JCB Confidential

B-15

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [2]
Card
3-a

2nd Card Velocity Checking (upper limit) bit in CAASI(2,3) is 1? Y Do Terminal Country Code and Issuer Country Code exist? Y N

Terminal Country Code = Issuer Country Code? Y Transaction Currency Code = Application Currency Code? Y ATC-Last Online ATC Register > Upper Consecutive Domestic Offline Limit? Y N

ATC-Last Online ATC Register > Upper Consecutive International Offline Limit? Y

Set Upper consecutive offline limit exceeded bit in CVR(5,7) to 1

Return TC Return AAC

3-b

JCB Confidential

B-16

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [3]
Card
3-b

2nd Cumulative Offline Transaction Amount Checking (upper limit) bit in CAASI(3,8) is 1? Y Transaction Currency Code N = Application Currency Code? Y Is Currency Conversion supported? Y Is Transaction Currency Code N included in Transaction Currency Conversion Table? Y Perform Currency Conversion for the Amount, Authorised N

Amount, Authorised + Cumulative Total Transaction Amount > Cumulative Total Transaction Amount Upper Limit

Converted Amount, Authorised + Cumulative Total Transaction Amount > Cumulative Total Transaction Amount Upper Limit

Set Cumulative total transaction amount upper limit exceeded bit in CVR(5,2) to 1 Return TC Return AAC

3-c

JCB Confidential

B-17

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [4]
Card

3-c

2nd Issuer Authentication Failure on Last Online Transaction Checking bit in CAASI(2,4) is 1? N

Issuer authentication failure on last online transaction bit in CVR(3,4) is 1? Y Return AAC

Return TC

2nd New Card Checking bit in CAASI(2,2) is 1? N

New Card bit in CVR(3,5) is 1? Y If new card, decline if unable to transmit transaction online bit in ADA(1,1) is 1? Y Return AAC

Return TC

3-d

JCB Confidential

B-18

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [5]
Card

3-d

2nd Offline PIN Verification Not Performed Checking bit in CAASI(2,1) is 1? N

PIN Try Limit Exceeded bit in CVR(3,7) is 1? Y If PIN Try Limit exceeded on previous transaction, decline if unable to transmit transaction online bit in ADA(2,5) is 1? Y Return AAC

Return TC

3-e

JCB Confidential

B-19

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [6]
Card
3-e

TC

Which AC is requested?

AAC

Is AAC response determined at least once during Completion? Return AAC

Is ARC Y3?

Y Return TC

Set Unable to go online bit in CVR(2,1) to 1 N If transaction declined offline, create advice bit in ADA(1,5) is 1? Y

Set Unable to go online bit in CVR(2,1) to 1 Set TC returned in second GENERATE AC bit in CVR(2,8-7) Transaction Currency Code Y = Application Currency Code? N N Is Currency Conversion supported? Y N Does Transaction Currency Code
exist in Transaction Currency Conversion Table?

Set advice required bit in CID(1,4)

Set AAC returned in second GENERATE AC bit in CVR(2,8-7) N SDA failed bit in TVR(1,7) is 1? Y Set SDA Failure Indicator bit in CAAI to 1

Y
Increment Cumulative Total Transaction Amount with the converted Amount, Authorised

DDA failed bit in TVR(1,4) or CDA failed bit in TVR(1,3) is 1?

Increment Cumulative Total Transaction Amount with the Amount, Authorised

Y Set DDA Failure Indicator bit in CAAI to 1

Respond to GENERATE AC Command (TC)

Respond to GENERATE AC Command (AAC)

Completion completed

JCB Confidential

B-20

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [7]
Card

3-

Is Issuer Authentication N performed? Y Y Is Issuer Authentication successful? N Set Issuer authentication not performed after online authorisation bit in CVR(3,3) to

Is Issuer Authentication mandatory? Y

Set TC returned in second GENERATE AC bit in CVR(2,8-7) Set following bits in CAAI to 0 - Online Authorisation Indicator - SDA Failure Indicator - DDA Failure Indicator - Issuer Script Failure Indicator If issuer authentication performed Y and failed, decline transaction bit in ADA(1,7) is 1? N

3-h

Set AAC returned in second GENERATE AC bit in CVR(2,8-7) If transaction declined because issuer authentication failed or not N performed, create advice bit in ADA(1,3) is 1? Y

Set Issuer Script Command Counter to 0

Update Last Online ATC Register to the current value of ATC Set Cumulative Total Transaction Amount to 0

Set TC returned in second GENERATE AC bit in CVR(2,8-7)

Set advice required bit in CID(1,4) to 1

Set Issuer authentication failed of Reason code bit in CID(1,3-1)

Respond to GENERATE AC Command (TC)

Respond to GENERATE AC Command (TC)

Respond to GENERATE AC Command (AAC)

Completion completed

JCB Confidential

B-21

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [8]
Card

3-g

Set AAC returned in second GENERATE AC bit in CVR(2,8-7)

Is Issuer Authentication performed? N

Is Issuer Authentication successful? Y

Set Issuer authentication not performed after online authorisation bit in CVR(3,3) to 1

Is Issuer Authentication mandatory? Y

Set the following bits in CAAI to 0 - Online Authorisation Indicator - SDA Failure Indicator - DDA Failure Indicator - Issuer Script Failure Indicator

Set Issuer Authentication Failure Indicator bit in CAAI to 1

Set Issuer Script Command Counter to 0

Respond to GENERATE AC Command (AAC)

Completion completed

JCB Confidential

B-22

April 2008

JCB IC Card Specification

Annex B. Transaction Flow

3. Completion [9]
Card

3-h

Set Issuer Authentication Failure Indicator bit in CAAI to 1 If issuer authentication is N mandatory and no ARPC received, decline transaction bit in ADA(1,6) is 0? If transaction declined because N issuer authentication failed or not performed, create advice bit in ADA(1,3) is 1? Y Set advice required bit in CID(1,4) to 1

Set Issuer authentication failed of Reason code bit in CID(1,3-1) Set TC returned in second GENERATE AC bit in CVR(2,8-7) Set AAC returned in second GENERATE AC bit in CVR(2,8-7)

Respond to GENERATE AC Command (TC)

Respond to GENERATE AC Command (AAC)

Completion completed

JCB Confidential

B-23

April 2008

JCB IC Card Specification, Ver. 2.0 Date of issuance: April, 2008 Issuer: JCB Co., Ltd. JCB International Co., Ltd. Copyright 2008 JCB Co., Ltd. Unauthorized reproduction is prohibited.