简体繁体 English

标签91发行者身份验证数据的证书级别

[英]Certification Level for Tag 91 Issuer Authentication Data

原文 2018-07-05 17:51:23 5 2 smartcard/ payment-processing/ emv

I am doing an investigation related to the EMV Tag 91 Issuer Authentication Data, and I found this related question that covers pretty much of what I am looking for and based on the information shown in there: 我正在调查与EMV标签91发行者身份验证数据有关的问题，并且根据其中显示的信息，我发现了这个相关问题，涵盖了我正在寻找的大部分内容：

In order to support the formats of Authorization Response Code, CSU or ARPC inside of TAG 91 for different brand cards, devices/terminals should comply with EMV Certification Level 3? 为了支持TAG 91内不同品牌卡的授权响应代码，CSU或ARPC的格式，设备/终端应符合EMV认证级别3？ Or the devices should comply only Certification Level 1/2 to support the different formats? 还是设备应仅符合1/2级认证才能支持不同格式？

2 个解决方案

EMV is a framework that is used by the payment schemes to build their specifications on top of it. EMV是付款方案用来在其之上构建其规范的框架。 EMV defines Issuer Authentication Data as a binary tag with length from 8 to 16 bytes. EMV将颁发者身份验证数据定义为长度在8到16个字节之间的二进制标签。 It is unnecessary for terminal to understand the structure, subelements, etc. Terminal does not parse it (it is a primitive data object). 终端不必了解其结构，子元素等。终端不会对其进行解析（它是原始数据对象）。 From the terminal point of view neither IAD nor Issuer Script Commands that may be found in the authorization response should be interpreted, only passed unmodified to the card. 从终端的角度来看，在授权响应中可能找不到的IAD和发行者脚本命令都不应被解释，只能未经修改地传递给卡。 Any EMV level 2 compliant terminal will behave in this way as it is verified during the certification process that regardless of the individual schemes implementations tag 91 is passed unmodified and transaction result will not be based on any response code that may be part of individual schemes implementation of IAD. 任何符合EMV 2级标准的终端都将以这种方式运行，因为它在认证过程中进行了验证，无论单个方案实现如何，标签91均会未经修改地通过，并且交易结果将不会基于任何响应代码，而该响应代码可能是单个方案实现的一部分IAD。

Short answer would be - on the terminal side, please treat tag 91 as binary object that shouldn't be modified, but only passed to the level 2 kernel. 简短的答案是-在终端端，请将标签91视为不应修改的二进制对象，而应仅传递给2级内核。 The kernel will treat it the same but will also apply necessary trimming/padding and handle issuing or not additional Issuer Authentication command basing on AIP and CDOL2 and will set TVR and TSI accordingly. 内核将对其进行相同处理，但还将应用必要的修整/填充并处理基于AIP和CDOL2的发行或不发行其他发行人身份验证命令，并将相应地设置TVR和TSI。

I have implemented an open source EMV payment framework ( https://github.com/vicente-da-silva/dcemv ). 我已经实现了一个开源EMV支付框架（ https://github.com/vicente-da-silva/dcemv ）。 This implements both EMV contactless and contact kernels. 这同时实现了EMV非接触式和接触式内核。 Included in the project is a SimulatedPaymentProvider.cs in the DCEMV_SimulatedPaymentProvider project which can generate the appropriate response (tag 8a, 91 as well as 71 or 72 for scripts) back to the card for External Authenticate and 2nd gen AC. 该项目中包括DCEMV_SimulatedPaymentProvider项目中的SimulatedPaymentProvider.cs，它可以生成适当的响应（标签8a，91以及脚本的71或72）返回卡，以进行外部身份验证和第二代AC。 It is able to build the correct response for different card associations and different cryptogram versions. 它能够为不同的卡关联和不同的密码版本建立正确的响应。