Configuration
EMV Level 2 configurations relate to EMV Level 2 functional data models defined by brands' specifications. All kernels use a set of common parameters (i.e. tags) inherited from EMVCo. However, all of them require specific parameters to implement specific behaviors. And in some case, there are parameters that are not defined. This section presents for each kernel the set of information needed to configure the card processing properly.
Note
Contactless configurations are made of the following components:
- Combinations
- CAKeys
- Revocated certifcates
Use GLASe API to push each component.
A Combination is defined from template 0xE1 containing: - Tag 0xDF810C (kernel id) - Tag 0x9F06 (application identifier) - Tag 0x9C (transaction type) - Tag 0xDFA010 (application selection indicator) - Tag 0xE2 (combination containing all configuration tags)
A CA Key is defined from a single tag having a unique length: - Tag 0xDFA023 (ca key) with a length of 290 bytes
Tag 0xDFA023's value is a serialisation of the following structure:
typedef struct moka_hsm_capk {
// A RID on 5 bytes is used as primary key. Excluded from serialization
uint8_t index;
uint8_t hash_indicator;
uint8_t algorithm_indicator;
uint8_t modulus_length[2];
uint8_t modulus[256]; // Padded with zeros if shorter
uint8_t exponent_length;
uint8_t exponent[3];
uint8_t hash[20];
} moka_hsm_capk_t;
A Revocated Certificate is defined from a single tag having a unique length : - Tag 0xDFA024 (revocated certificate) with a length of 9 bytes
Tag 0xDFA024's value is a serialisation of the following structure:
| Example of a Combination |
|---|
| E1 81 B9 DF 81 0C 01 02 9F 06 07 A0 00 00 00 04 10 10 9C 01 00 DF A0 10 01 01 E2 81 9F 9F 01 00 9F 09 02 00 02 9F 15 02 11 22 9F 16 00 9F 1A 02 00 56 9F 1C 00 9F 1D 08 6C FF 00 00 00 00 00 00 9F 1E 08 01 02 03 04 05 06 07 08 9F 33 00 9F 35 01 22 9F 40 05 00 00 00 00 00 9F 4E 00 9F 7E 00 DF 81 1B 01 20 DF 81 20 05 00 00 00 00 00 DF 81 21 05 00 00 00 00 00 DF 81 22 05 00 00 00 00 00 DF 81 23 06 00 00 00 01 00 00 DF 81 24 06 00 00 00 03 00 00 DF 81 25 06 00 00 00 05 00 00 DF 81 26 06 00 00 00 00 10 00 DF 81 17 01 00 DF 81 18 01 60 DF 81 19 01 08 DF 81 1F 01 08 |
| Example of a CAKey |
|---|
| DF A0 23 82 01 22 A0 00 00 00 25 01 00 00 00 80 A2 0D AA D5 D5 F6 2E 40 85 25 21 DC 9D 5A B9 F8 7C 61 08 88 A3 23 67 60 1E 27 31 1D 6D 3D FB 5B B6 14 2D B4 00 46 51 A0 9C 8B 3E D2 29 A9 72 00 B3 83 68 9A FB 2E 55 A3 F0 C1 6D 03 3A 60 A1 43 8C 7C 5D 08 E4 96 7D 29 53 30 1D 32 DF E0 79 99 03 9F FE 12 20 24 91 CE EF CC 4D 01 4A F2 A3 85 B3 EA E2 AD A0 13 4A 76 42 B5 13 A7 33 08 79 F4 60 35 E2 0F 27 57 8D 23 3E CF 35 E6 CE 9B 17 D9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
| Example of a Revocated Certificate |
|---|
| DF A0 24 09 A0 00 00 00 25 01 00 10 00 |
Mastercard Combination
All tags required for Mastercard are defined by the network's documentation. There are no moka proprietary tags used. See Acquirer's documentation to configure moka.
Visa Combination
All tags required for Visa are defined by the network's documentation. See Acquirer's documentation to configure moka. The following moka proprietary tags are required to fill missing definitions.
| Tag | Description |
|---|---|
| 0x9F820D | Contactless floor limit |
| 0x9F820E | CVM required limit |
| 0xDFA014 | Status check support flag |
| 0xDFA015 | Zero amount allowed flag |
| 0xDFA016 | Zero amount for offline allowed flag |
| 0xDFA017 | Extended selection support flag |
| 0xDFA020 | Contactless transaction limit |
American Express Combination
All tags required for Amex are defined by the network's documentation. See Acquirer's documentation to configure moka. The following moka proprietary tags are required to fill missing definitions.
| Tag | Description |
|---|---|
| 0x9F820B | TAC Denial |
| 0x9F820C | TAC Online |
| 0x9F820D | Contactless floor limit |
| 0x9F820E | CVM required limit |
| 0xDF8120 | TAC Default |
| 0xDFA020 | Contactless transaction limit |
Discover Combination
All tags required for Amex are defined by the network's documentation. See Acquirer's documentation to configure moka. The following moka proprietary tags are required to fill missing definitions.
| Tag | Description |
|---|---|
| 0x9F8203 | Tags to read (use for exception file management) |
| 0x9F820B | TAC Denial |
| 0x9F820C | TAC Online |
| 0x9F820D | Contactless floor limit |
| 0x9F820E | CVM required limit |
| 0xDF8120 | TAC Default |
| 0xDFA014 | Status check support flag |
| 0xDFA017 | Extended selection support flag |
| 0xDFA020 | Contactless transaction limit |
| 0xDFA03E | Tearing recovery support |
JCB Combination
To be completed.
CPACE Combination
To be completed.
Rupay Combination
To be completed.
EMVCo Contact
Moka EMVCo contact's kernel offers 3 opportunities to get configured: 1- Through an ICS: this set of parameters can include tags corresponding to physical capabilities or very static properties such as terminal capabilities (0x9F33), terminal type (0x9F35) additional capabilities (0x9F40), global terminal action codes (TACs), etc...
| Example of an ICS |
|---|
| EB 81 82 9F 1A 02 00 56 9F 1C 00 9F 1E 00 9F 33 03 20 F8 C8 9F 35 01 22 9F 40 05 70 00 00 A0 00 DF A0 4B 01 01 DF A0 53 01 00 E2 59 9F 09 02 00 02 9F 1B 04 00 00 27 10 DF A0 55 01 01 9F 82 0B 05 00 00 00 00 00 9F 82 0C 05 00 00 00 00 00 DF 81 20 05 00 00 00 00 00 DF A0 57 0B 9F 37 04 9F 47 01 8F 01 9F 32 01 DF A0 58 03 9F 08 02 DF A0 59 01 00 DF A0 5A 01 00 DF A0 5B 04 00 00 01 F4 DF A0 5C 01 01 |
2- Through a set of combinations: each combination relates toan AID (similar to contactless). It contains a set of tags that will overwrite the ones present in the ICS if present. The merchant may define a set of TACs at a global level, but may use specific TACs values for a given AID.
| Example of a Set of Combinations (3) |
|---|
| E1 2F 9F 06 05 B0 00 00 12 34 DF A0 10 01 00 E2 20 9F 09 02 30 31 DF 81 20 05 00 00 00 00 00 9F 82 0B 05 00 00 00 00 00 9F 82 0C 05 00 00 00 00 00 E1 3A 9F 06 10 B0 00 00 56 78 00 00 00 00 00 00 00 00 00 00 FF DF A0 10 01 00 E2 20 9F 09 02 30 31 DF 81 20 05 00 00 40 00 00 9F 82 0B 05 00 00 00 00 00 9F 82 0C 05 00 00 40 00 00 E1 2F 9F 06 05 B0 00 00 12 35 DF A0 10 01 00 E2 20 9F 09 02 30 31 DF 81 20 05 20 00 00 00 00 9F 82 0B 05 00 00 00 00 00 9F 82 0C 05 20 00 00 00 00 |
3- At the application selection time: once a mutual has been provided by moka, the paymenbt application needs to select the final application. The payment application may use issuer's proprietary tags from the FCI to alter the combination. Through a GLASe API, it is possible to select an application and set any tags values to modify the configuration.
/**
* @brief GLASe API where 0xDFA02E indicates the application to select
* and 0xE2 indicates the tags to overload.
*/
uint16_t
contact_select_candidate(
const uint8_t* inbound,
uint16_t in_length,
uint8_t* outbound,
uint16_t* out_length)
| Example of an Inbound dataset |
|---|
| DF A0 2E 01 01 E2 09 9F 82 0B 05 00 00 00 00 00 |