EMV:第二次生成 AC 结果为 6985 SW_Error 不满足访问条件
EMV: Second Generate AC Results in 6985 SW_Error Access condition not satisfied
我正在做一些 EMV 测试,希望有人能阐明我所看到的。我正在 运行 适用于我们解决方案的 Mastercard M-TIP 测试,我看到了一些意想不到的结果。当 运行 M-TIP 50 使用 M-TIP 50 测试卡测试(1、2、3)时,我在第 2 个 GENERATE_AC 命令中遇到错误。我们的解决方案在技术上被定义为具有在线功能的离线,但我们目前正在完全离线的环境中进行测试。
我花了很多时间阅读和搜索 EMV 书籍 Google,但我仍然不明白为什么返回 6985。此时我能想到的最佳猜测是它与CDA有关(在此过程中也应该发生?)
我已经包含了第一个和第二个 GEN_AC 请求和响应以显示正在发生的事情。如果有人可以深入了解正在发生的事情或出了什么问题,我将不胜感激。
1st Generate AC (ARQC)
Request : 80 AE 90 00 2F 00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 22 00 00 00 00 00 00 00 00 00 00 44 03 02 16 11 12 60 00 80
Class :80
Ins :AE
P1 :90
P2 :00
Lc :2F
Data :00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 22 00 00 00 00 00 00 00 00 00 00 44 03 02 16 11 12 60 00 80
Tag 9F 02: Transaction Amount : 00 00 00 00 20 00
Amount value: 20.00
Tag 9F 03: Cashback Amount : 00 00 00 00 00 00
Amount value: 0.00
Tag 95 : Terminal Verification Results (TVR) : 00 80 00 80 00
Byte 1 bit 8 = 0 Offline data authentication was performed
bit 7 = 0 SDA passed or not performed
bit 6 = 0 No ICC data missing
bit 5 = 0 Card does not appear on terminal exception file
bit 4 = 0 DDA passed or not performed
bit 3 = 0 CDA passed or not performed
bit 2 = 0 SDA not selected
bit 1 = 0 RFU
Byte 2 bit 8 = 1 ICC and terminal have different application versions
bit 7 = 0 No Expired application
bit 6 = 0 Application effective
bit 5 = 0 Requested service allowed for card product
bit 4 = 0 No New card
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8 = 0 Cardholder verification was successful or not performed
bit 7 = 0 Recognised CVM
bit 6 = 0 PIN Try Limit not exceeded
bit 5 = 0 No PIN entry required (PIN pad may or may not be present or may or may not be working)
bit 4 = 0 No PIN entry required (PIN pad may or may not be present)
bit 3 = 0 No Online PIN entered
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 4 bit 8 = 1 Transaction exceeds floor limit
bit 7 = 0 Lower consecutive offline limit not exceeded
bit 6 = 0 Upper consecutive offline limit not exceeded
bit 5 = 0 Transaction not selected randomly for online processing
bit 4 = 0 Merchant did not force transaction online
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 5 bit 8 = 0 No Default TDOL used
bit 7 = 0 Issuer authentication passed or not performed
bit 6 = 0 Script processing passed before final GENERATE AC or no script received
bit 5 = 0 Script processing passed after final GENERATE AC or no script received
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Tag 5F 2A: Transaction Currency Code : 08 26
Code (num) = 08 26
Code (an) = GBP
Currency = Pound Sterling
Tag 9A : Transaction Date : 17 01 03
Year : 2017
Month: January
Day : 03
Tag 9C : Transaction Type : 00
Purchase (of goods or services)
Tag 9F 37: Unpredictable Number : B0 32 0F C0
Tag 9F 35: Terminal Type : 22
Terminal Type: 22
Attended
Merchant
Offline with online capability
Tag 9F 45: Data Authentication Code : 00 00
Tag 9F 4C: ICC Dynamic Number : 00 00 00 00 00 00 00 00
Tag 9F 34: Cardholder Verification Method (CVM) Results : 44 03 02
Byte 1 bit 8 = 0 (default value)
bit 7 = 1 (Apply succeeding CVM field if this CVM is unsuccessful)
bit 6-1= 000100 (Enciphered PIN verification performed by ICC)
Byte 2 = '03' (If terminal supports the CVM type)
Byte 3 = '02' (Successful)
Tag 9F 21: Transaction Time : 16 11 12
Time = 16:11:12
Hours (HH) = 16
Minutes (MM) = 11
Seconds (SS) = 12
Tag 9F 40: Additional Terminal Capabilities : 60 00 80
Byte 1 bit 8 = 0 Cash NOT supported
bit 7 = 1 Goods supported
bit 6 = 1 Services supported
bit 5 = 0 CashBack NOT supported
bit 4 = 0 Inquiry NOT supported
bit 3 = 0 Transfer NOT supported
bit 2 = 0 Payment NOT supported
bit 1 = 0 Administrative NOT supported
Byte 2 bit 8 = 0 CashBack Deposit NOT supported
bit 7 = 0 RFU
bit 6 = 0 RFU
bit 5 = 0 RFU
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8 = 1 Numeric keys supported
bit 7 = 0 Alphabetic and special characters keys NOT supported
bit 6 = 0 Command keys NOT supported
bit 5 = 0 Function keys NOT supported
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 4 bit 8 = 0 Print, attendant NOT supported
bit 7 = 0 Print, cardholder NOT supported
bit 6 = 0 Display, attendant NOT supported
bit 5 = 0 Display, cardholder NOT supported
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 Code table 10 NOT supported
bit 1 = 0 Code table 9 NOT supported
Byte 5 bit 8 = 0 Code table 8 NOT supported
bit 7 = 0 Code table 7 NOT supported
bit 6 = 0 Code table 6 NOT supported
bit 5 = 0 Code table 5 NOT supported
bit 4 = 0 Code table 4 NOT supported
bit 3 = 0 Code table 3 NOT supported
bit 2 = 0 Code table 2 NOT supported
bit 1 = 0 Code table 1 NOT supported
masterKeyAC: 9E 15 20 43 13 F7 31 8A CB 79 B9 0B D9 86 AD 29
uniqueKeyAC: 80 32 AD CE E0 B9 40 BA FB E3 5B 5B 15 9E 8F EA
MCHIP SKD Session Key Derivation
ATC: 00 08
UN: B0 32 0F C0
Cryptogram Version No.: 10
ICC Master Key AC: 9E 15 20 43 13 F7 31 8A CB 79 B9 0B D9 86 AD 29
Derived Card Unique Key: 80 32 AD CE E0 B9 40 BA FB E3 5B 5B 15 9E 8F EA
Derived Session Key: A1 00 11 56 78 15 15 85 2B 53 76 A9 18 14 AA F2
AC calculation: 00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 79 00 00 08 A7 40 0F 04 00 00 80
Amount Authorised : 00 00 00 00 20 00
Amount Other : 00 00 00 00 00 00
Terminal Verification Results : 00 80 00 80 00
Transaction Currency Code : 08 26
Transaction Date : 17 01 03
Transaction Type : 00
Unpredictable Number : B0 32 0F C0
Application Interchange Profile : 79 00
Application Transaction Counter : 00 08
Card Verification Results : A7 40 0F 04 00 00
AC Session Key : A1 00 11 56 78 15 15 85 2B 53 76 A9 18 14 AA F2
CDA Signature Generation
Input data: E0 B8 C8 03 72 22 60 00 80 30 00 00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 22 00 00 00 00 00 00 00 00 00 00 44 03 02 16 11 12 60 00 80 9F 27 01 80 9F 36 02 00 08 9F 10 12 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF
ICC dynamic number: 98 43 55 5A 0A C1 C2 4A
ICC private key: 1A C2 53 A6 2F FC 28 F2 CA 67 EE 9B 2C BE 16 C2 38 FB E3 C8 8B 28 4A 81 18 44 4B 6A BD 6F 68 FD F4 70 23 62 20 D1 4A 1A 11 6F E4 A8 5C 33 FE 1E 35 CD 9A 3F 48 44 13 64 A3 E9 50 58 ED 26 35 82 D3 6E FA 8E A4 EF EE A2 42 21 C5 4C 02 FB 5D C3 AE 17 97 8B D6 CE 6B 68 A2 4B 3B 13 C8 61 3A 2E 1E 0A 53 1B A1 71 AF 7E 1E FF 44 4B FF 72 50 03 89 F6 64 2F 0F 62 E4 9A 43 0C 6D F7 0C 07 EE 0D
ICC public modulus: A0 8D F5 E5 1F E8 F5 B0 BE 6F 97 A3 0C 74 88 8D 55 E7 56 B3 42 F1 BF 06 91 99 C4 80 70 9C 75 F3 BA A0 D4 4C C4 E7 BC 9C 68 9F 5B F2 29 37 F4 B5 42 D1 9D 7B B1 98 74 5B D7 77 E2 15 8E E5 41 12 8A 15 8E 73 6A 88 4B 82 C5 21 61 6E F0 6F 8D 26 7C 07 B1 EF 79 8A B5 77 AA A3 C6 DD 89 37 C9 B2 34 4C EC AD 5A B8 D5 29 BC AC A7 F9 EC EA DE 85 99 0F 1E 04 FE AE 9F A0 33 DF 69 12 68 F9 F2 D5
Terminal unpredictable number: B0 32 0F C0
Signature: 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35
Signed Dynamic Authentication Data
Evaluated: 6A 05 01 26 08 98 43 55 5A 0A C1 C2 4A 80 EC 19 0A DB E4 1C 90 B0 AA 00 A2 EC B5 50 A9 54 A9 92 00 1E CA 05 21 B1 DD 13 98 ED BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB 8E 73 0F 77 06 61 76 D4 6A 68 EF 7A 9C 45 23 0C 9A 62 43 C6 BC
RecoveredDataHeader '6A'h
DynamicApplicationData_for_signature '05 01 26 08 98 43 55 5A 0A C1 C2 4A 80 EC 19 0A DB E4 1C 90 B0 AA 00 A2 EC B5 50 A9 54 A9 92 00 1E CA 05 21 B1 DD 13 98 ED BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB'h structure
SignedDataFormat '05'h
HashAlgorithmIndicator '01'h
ICCDynamicDataLength 38
ICCDynamicData '08 98 43 55 5A 0A C1 C2 4A 80 EC 19 0A DB E4 1C 90 B0 AA 00 A2 EC B5 50 A9 54 A9 92 00 1E CA 05 21 B1 DD 13 98 ED'h
PadPattern 'BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB'h
HashResult '8E 73 0F 77 06 61 76 D4 6A 68 EF 7A 9C 45 23 0C 9A 62 43 C6'h
RecoveredDataTrailer 'BC'h
Expected: 6A 05 01 .. .. .. .. BC
RecoveredDataHeader '6A'h
DynamicApplicationData_for_signature 05 01 .. .. .. structure
SignedDataFormat '05'h
HashAlgorithmIndicator '01'h
ICCDynamicDataLength Length(ICCDynamicData)
ICCDynamicData .. concatenation
QS{0-}
''h
PadPattern .. concatenation
QS {..}
''h
HashResult .. concatenation
QS{1-}
''h
RecoveredDataTrailer 'BC'h
Previous Transaction History
Response: 61 A5
SW1 SW2: 61 A5 (SW_OK Response bytes available(Le))
Get Response
Request : 00 C0 00 00 A5
Class :00
Ins :C0
P1 :00
P2 :00
Le :A5
Response: C0 77 81 A2 9F 27 01 80 9F 36 02 00 08 9F 4B 81 80 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35 9F 10 12 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF 90 00
Ack Byte : C0
Data : 77 81 A2 9F 27 01 80 9F 36 02 00 08 9F 4B 81 80 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35 9F 10 12 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF
Tag 77 : Response Message Template Format 2
Tag 9F 27: Cryptogram Information Data (CID) : 80
Byte 1 bit 8-7 = 10 ARQC
bit 6-5 = 00 Payment System specific cryptogram
bit 4 = 0 No advice required
bit 3-1 = 000 No information given
Tag 9F 36: Application Transaction Counter (ATC) : 00 08
Decimal value = 8
Tag 9F 4B: Signed Dynamic Application Data : 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35
Tag 9F 10: Issuer Application Data [M/Chip 4] : 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF
Key Derivation Index = 02
Cryptogram Version Number = 10
Card Verification Results (CVR) = A7 40 0F 04 00 00
Byte 1 bit 8-7 = 10 AC Returned in Second Generate AC: Not requested
bit 6-5 = 10 AC Returned in First Generate AC: ARQC
bit 4 = 0 RFU
bit 3 = 1 Offline PIN Verification Performed
bit 2 = 1 Offline Encrypted PIN Verification Performed
bit 1 = 1 Offline PIN Verification Successful
Byte 2 bit 8 = 0 DDA not returned
bit 7 = 1 M/Chip Select 4: Combined DDA/AC Generation Returned in First Generate AC, M/Chip Lite 4: Value not allowed
bit 6 = 0 Combined DDA/AC Generation Not Returned in Second Generate AC
bit 5 = 0 Issuer Authentication not performed
bit 4 = 0 CIAC-Default not skipped on CAT3 or not required
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8-5 = 0000 Right nibble of Script Counter : '0'
bit 4-1 = 1111 Right nibble of PIN Try Counter: 'F'
Byte 4 bit 8 = 0 RFU
bit 7 = 0 Unable To Go Online Not Indicated
bit 6 = 0 Offline PIN Verification Performed
bit 5 = 0 No Failure OF Offline PIN Verification
bit 4 = 0 PTL Not Exceeded
bit 3 = 1 International Transaction
bit 2 = 0 International Transaction
bit 1 = 0 Terminal Does Not Erroneously Consider Offline PIN OK
Byte 5 bit 8 = 0 Lower Consecutive Offline Limit Not Exceeded
bit 7 = 0 Upper Consecutive Offline Limit Not Exceeded
bit 6 = 0 Lower Cumulative Offline Limit Not Exceeded
bit 5 = 0 Upper Cumulative Offline Limit Not Exceeded
bit 4 = 0 Go Online On Next Transaction Was Not Set (in this transaction or in a previous one)
bit 3 = 0 No Issuer Authentication Failed (in this transaction or in a previous one)
bit 2 = 0 No Script Received (in a previous transaction)
bit 1 = 0 No Script Failed (in a previous transaction)
Byte 6 bit 8 = 0 RFU
bit 7 = 0 RFU
bit 6 = 0 RFU
bit 5 = 0 RFU
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 No Match found in Additional Check Table
bit 1 = 0 Match Found in Additional Check Table
DAC = 00 00
Counters = 00 00 00 00 00 00 00 FF
SW1 SW2 : 90 00 (SW_OK)
2nd Generate AC (TC)
Request : 80 AE 50 00 23 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 33 00 80 00 80 00 B0 32 0F C0 98 43 55 5A 0A C1 C2 4A
Class :80
Ins :AE
P1 :50
P2 :00
Lc :23
Data :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 33 00 80 00 80 00 B0 32 0F C0 98 43 55 5A 0A C1 C2 4A
Tag 91 : Issuer Authentication Data [M/Chip] : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Tag 8A : Authorization Response Code : 59 33
Response Code = 59 33
Meaning = Unable to go online, Requesting for offline approval
Tag 95 : Terminal Verification Results (TVR) : 00 80 00 80 00
Byte 1 bit 8 = 0 Offline data authentication was performed
bit 7 = 0 SDA passed or not performed
bit 6 = 0 No ICC data missing
bit 5 = 0 Card does not appear on terminal exception file
bit 4 = 0 DDA passed or not performed
bit 3 = 0 CDA passed or not performed
bit 2 = 0 SDA not selected
bit 1 = 0 RFU
Byte 2 bit 8 = 1 ICC and terminal have different application versions
bit 7 = 0 No Expired application
bit 6 = 0 Application effective
bit 5 = 0 Requested service allowed for card product
bit 4 = 0 No New card
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8 = 0 Cardholder verification was successful or not performed
bit 7 = 0 Recognised CVM
bit 6 = 0 PIN Try Limit not exceeded
bit 5 = 0 No PIN entry required (PIN pad may or may not be present or may or may not be working)
bit 4 = 0 No PIN entry required (PIN pad may or may not be present)
bit 3 = 0 No Online PIN entered
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 4 bit 8 = 1 Transaction exceeds floor limit
bit 7 = 0 Lower consecutive offline limit not exceeded
bit 6 = 0 Upper consecutive offline limit not exceeded
bit 5 = 0 Transaction not selected randomly for online processing
bit 4 = 0 Merchant did not force transaction online
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 5 bit 8 = 0 No Default TDOL used
bit 7 = 0 Issuer authentication passed or not performed
bit 6 = 0 Script processing passed before final GENERATE AC or no script received
bit 5 = 0 Script processing passed after final GENERATE AC or no script received
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Tag 9F 37: Unpredictable Number : B0 32 0F C0
Tag 9F 4C: ICC Dynamic Number : 98 43 55 5A 0A C1 C2 4A
Previous Transaction History
Response: 69 85
SW1 SW2: 69 85 (SW_Error Accesscondition not satisfied)
Test Completed
看来你做了很多 "Offline approval" 而没有明确的应对措施。
您选择 6985 的原因可能有以下几种:
1) 已超出 AC 会话密钥计数器限制
因为Second Generate AC的response code是"Unable to go online, Requesting for offline approval" card goes Offline,所以CTR累加不重置(Generate AC 2才Online才重置)。
尝试个性化增加限制或完全在线。
2) 金额转换时溢出,如果交易国际
(交易货币!= CRM货币代码)。
要求全程在线
3) 在添加累计金额时溢出,如果交易国内(交易货币== CRM货币代码)。
需要完全在线
另外,检查为什么 "Country code" 在 Cdol1
中不存在
我从测试工具的支持系统得到了一些帮助。他们的回应有助于解释这种情况:
回复 1:
"The transaction amount in your test cases M-TIP 50 test1, test2, and test 3 are all above the floor limit, so the transactions are supposed to go online. However, due to your test environment is offline, the transactions can not be processed online. I can see the issuer authentication data in the 2nd generate AC are all 0s (They are not returned by the issuer, but the default value set by the terminal). The card validate the authentication data to see if the data is returned by the issuer. In your case, the validation is failed and the card returns "69 85"."
回复 2:
"The MTIP50 test cases are a little special. The issuer authentication data for MTIP50 test cases is 16 bytes which is different than the normal value (10 bytes). Thus BTT has extra checks on the issuer authentication data of MTIP50. Since the issuer authentication data are all zeros in your case, the simulated card thinks they are not valid."
分辨率:
原来这是我使用的测试工具的问题。他们最近发布了新版本的软件,但这种情况已不再发生。
我正在做一些 EMV 测试,希望有人能阐明我所看到的。我正在 运行 适用于我们解决方案的 Mastercard M-TIP 测试,我看到了一些意想不到的结果。当 运行 M-TIP 50 使用 M-TIP 50 测试卡测试(1、2、3)时,我在第 2 个 GENERATE_AC 命令中遇到错误。我们的解决方案在技术上被定义为具有在线功能的离线,但我们目前正在完全离线的环境中进行测试。
我花了很多时间阅读和搜索 EMV 书籍 Google,但我仍然不明白为什么返回 6985。此时我能想到的最佳猜测是它与CDA有关(在此过程中也应该发生?)
我已经包含了第一个和第二个 GEN_AC 请求和响应以显示正在发生的事情。如果有人可以深入了解正在发生的事情或出了什么问题,我将不胜感激。
1st Generate AC (ARQC)
Request : 80 AE 90 00 2F 00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 22 00 00 00 00 00 00 00 00 00 00 44 03 02 16 11 12 60 00 80
Class :80
Ins :AE
P1 :90
P2 :00
Lc :2F
Data :00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 22 00 00 00 00 00 00 00 00 00 00 44 03 02 16 11 12 60 00 80
Tag 9F 02: Transaction Amount : 00 00 00 00 20 00
Amount value: 20.00
Tag 9F 03: Cashback Amount : 00 00 00 00 00 00
Amount value: 0.00
Tag 95 : Terminal Verification Results (TVR) : 00 80 00 80 00
Byte 1 bit 8 = 0 Offline data authentication was performed
bit 7 = 0 SDA passed or not performed
bit 6 = 0 No ICC data missing
bit 5 = 0 Card does not appear on terminal exception file
bit 4 = 0 DDA passed or not performed
bit 3 = 0 CDA passed or not performed
bit 2 = 0 SDA not selected
bit 1 = 0 RFU
Byte 2 bit 8 = 1 ICC and terminal have different application versions
bit 7 = 0 No Expired application
bit 6 = 0 Application effective
bit 5 = 0 Requested service allowed for card product
bit 4 = 0 No New card
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8 = 0 Cardholder verification was successful or not performed
bit 7 = 0 Recognised CVM
bit 6 = 0 PIN Try Limit not exceeded
bit 5 = 0 No PIN entry required (PIN pad may or may not be present or may or may not be working)
bit 4 = 0 No PIN entry required (PIN pad may or may not be present)
bit 3 = 0 No Online PIN entered
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 4 bit 8 = 1 Transaction exceeds floor limit
bit 7 = 0 Lower consecutive offline limit not exceeded
bit 6 = 0 Upper consecutive offline limit not exceeded
bit 5 = 0 Transaction not selected randomly for online processing
bit 4 = 0 Merchant did not force transaction online
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 5 bit 8 = 0 No Default TDOL used
bit 7 = 0 Issuer authentication passed or not performed
bit 6 = 0 Script processing passed before final GENERATE AC or no script received
bit 5 = 0 Script processing passed after final GENERATE AC or no script received
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Tag 5F 2A: Transaction Currency Code : 08 26
Code (num) = 08 26
Code (an) = GBP
Currency = Pound Sterling
Tag 9A : Transaction Date : 17 01 03
Year : 2017
Month: January
Day : 03
Tag 9C : Transaction Type : 00
Purchase (of goods or services)
Tag 9F 37: Unpredictable Number : B0 32 0F C0
Tag 9F 35: Terminal Type : 22
Terminal Type: 22
Attended
Merchant
Offline with online capability
Tag 9F 45: Data Authentication Code : 00 00
Tag 9F 4C: ICC Dynamic Number : 00 00 00 00 00 00 00 00
Tag 9F 34: Cardholder Verification Method (CVM) Results : 44 03 02
Byte 1 bit 8 = 0 (default value)
bit 7 = 1 (Apply succeeding CVM field if this CVM is unsuccessful)
bit 6-1= 000100 (Enciphered PIN verification performed by ICC)
Byte 2 = '03' (If terminal supports the CVM type)
Byte 3 = '02' (Successful)
Tag 9F 21: Transaction Time : 16 11 12
Time = 16:11:12
Hours (HH) = 16
Minutes (MM) = 11
Seconds (SS) = 12
Tag 9F 40: Additional Terminal Capabilities : 60 00 80
Byte 1 bit 8 = 0 Cash NOT supported
bit 7 = 1 Goods supported
bit 6 = 1 Services supported
bit 5 = 0 CashBack NOT supported
bit 4 = 0 Inquiry NOT supported
bit 3 = 0 Transfer NOT supported
bit 2 = 0 Payment NOT supported
bit 1 = 0 Administrative NOT supported
Byte 2 bit 8 = 0 CashBack Deposit NOT supported
bit 7 = 0 RFU
bit 6 = 0 RFU
bit 5 = 0 RFU
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8 = 1 Numeric keys supported
bit 7 = 0 Alphabetic and special characters keys NOT supported
bit 6 = 0 Command keys NOT supported
bit 5 = 0 Function keys NOT supported
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 4 bit 8 = 0 Print, attendant NOT supported
bit 7 = 0 Print, cardholder NOT supported
bit 6 = 0 Display, attendant NOT supported
bit 5 = 0 Display, cardholder NOT supported
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 Code table 10 NOT supported
bit 1 = 0 Code table 9 NOT supported
Byte 5 bit 8 = 0 Code table 8 NOT supported
bit 7 = 0 Code table 7 NOT supported
bit 6 = 0 Code table 6 NOT supported
bit 5 = 0 Code table 5 NOT supported
bit 4 = 0 Code table 4 NOT supported
bit 3 = 0 Code table 3 NOT supported
bit 2 = 0 Code table 2 NOT supported
bit 1 = 0 Code table 1 NOT supported
masterKeyAC: 9E 15 20 43 13 F7 31 8A CB 79 B9 0B D9 86 AD 29
uniqueKeyAC: 80 32 AD CE E0 B9 40 BA FB E3 5B 5B 15 9E 8F EA
MCHIP SKD Session Key Derivation
ATC: 00 08
UN: B0 32 0F C0
Cryptogram Version No.: 10
ICC Master Key AC: 9E 15 20 43 13 F7 31 8A CB 79 B9 0B D9 86 AD 29
Derived Card Unique Key: 80 32 AD CE E0 B9 40 BA FB E3 5B 5B 15 9E 8F EA
Derived Session Key: A1 00 11 56 78 15 15 85 2B 53 76 A9 18 14 AA F2
AC calculation: 00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 79 00 00 08 A7 40 0F 04 00 00 80
Amount Authorised : 00 00 00 00 20 00
Amount Other : 00 00 00 00 00 00
Terminal Verification Results : 00 80 00 80 00
Transaction Currency Code : 08 26
Transaction Date : 17 01 03
Transaction Type : 00
Unpredictable Number : B0 32 0F C0
Application Interchange Profile : 79 00
Application Transaction Counter : 00 08
Card Verification Results : A7 40 0F 04 00 00
AC Session Key : A1 00 11 56 78 15 15 85 2B 53 76 A9 18 14 AA F2
CDA Signature Generation
Input data: E0 B8 C8 03 72 22 60 00 80 30 00 00 00 00 00 20 00 00 00 00 00 00 00 00 80 00 80 00 08 26 17 01 03 00 B0 32 0F C0 22 00 00 00 00 00 00 00 00 00 00 44 03 02 16 11 12 60 00 80 9F 27 01 80 9F 36 02 00 08 9F 10 12 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF
ICC dynamic number: 98 43 55 5A 0A C1 C2 4A
ICC private key: 1A C2 53 A6 2F FC 28 F2 CA 67 EE 9B 2C BE 16 C2 38 FB E3 C8 8B 28 4A 81 18 44 4B 6A BD 6F 68 FD F4 70 23 62 20 D1 4A 1A 11 6F E4 A8 5C 33 FE 1E 35 CD 9A 3F 48 44 13 64 A3 E9 50 58 ED 26 35 82 D3 6E FA 8E A4 EF EE A2 42 21 C5 4C 02 FB 5D C3 AE 17 97 8B D6 CE 6B 68 A2 4B 3B 13 C8 61 3A 2E 1E 0A 53 1B A1 71 AF 7E 1E FF 44 4B FF 72 50 03 89 F6 64 2F 0F 62 E4 9A 43 0C 6D F7 0C 07 EE 0D
ICC public modulus: A0 8D F5 E5 1F E8 F5 B0 BE 6F 97 A3 0C 74 88 8D 55 E7 56 B3 42 F1 BF 06 91 99 C4 80 70 9C 75 F3 BA A0 D4 4C C4 E7 BC 9C 68 9F 5B F2 29 37 F4 B5 42 D1 9D 7B B1 98 74 5B D7 77 E2 15 8E E5 41 12 8A 15 8E 73 6A 88 4B 82 C5 21 61 6E F0 6F 8D 26 7C 07 B1 EF 79 8A B5 77 AA A3 C6 DD 89 37 C9 B2 34 4C EC AD 5A B8 D5 29 BC AC A7 F9 EC EA DE 85 99 0F 1E 04 FE AE 9F A0 33 DF 69 12 68 F9 F2 D5
Terminal unpredictable number: B0 32 0F C0
Signature: 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35
Signed Dynamic Authentication Data
Evaluated: 6A 05 01 26 08 98 43 55 5A 0A C1 C2 4A 80 EC 19 0A DB E4 1C 90 B0 AA 00 A2 EC B5 50 A9 54 A9 92 00 1E CA 05 21 B1 DD 13 98 ED BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB 8E 73 0F 77 06 61 76 D4 6A 68 EF 7A 9C 45 23 0C 9A 62 43 C6 BC
RecoveredDataHeader '6A'h
DynamicApplicationData_for_signature '05 01 26 08 98 43 55 5A 0A C1 C2 4A 80 EC 19 0A DB E4 1C 90 B0 AA 00 A2 EC B5 50 A9 54 A9 92 00 1E CA 05 21 B1 DD 13 98 ED BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB'h structure
SignedDataFormat '05'h
HashAlgorithmIndicator '01'h
ICCDynamicDataLength 38
ICCDynamicData '08 98 43 55 5A 0A C1 C2 4A 80 EC 19 0A DB E4 1C 90 B0 AA 00 A2 EC B5 50 A9 54 A9 92 00 1E CA 05 21 B1 DD 13 98 ED'h
PadPattern 'BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB'h
HashResult '8E 73 0F 77 06 61 76 D4 6A 68 EF 7A 9C 45 23 0C 9A 62 43 C6'h
RecoveredDataTrailer 'BC'h
Expected: 6A 05 01 .. .. .. .. BC
RecoveredDataHeader '6A'h
DynamicApplicationData_for_signature 05 01 .. .. .. structure
SignedDataFormat '05'h
HashAlgorithmIndicator '01'h
ICCDynamicDataLength Length(ICCDynamicData)
ICCDynamicData .. concatenation
QS{0-}
''h
PadPattern .. concatenation
QS {..}
''h
HashResult .. concatenation
QS{1-}
''h
RecoveredDataTrailer 'BC'h
Previous Transaction History
Response: 61 A5
SW1 SW2: 61 A5 (SW_OK Response bytes available(Le))
Get Response
Request : 00 C0 00 00 A5
Class :00
Ins :C0
P1 :00
P2 :00
Le :A5
Response: C0 77 81 A2 9F 27 01 80 9F 36 02 00 08 9F 4B 81 80 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35 9F 10 12 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF 90 00
Ack Byte : C0
Data : 77 81 A2 9F 27 01 80 9F 36 02 00 08 9F 4B 81 80 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35 9F 10 12 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF
Tag 77 : Response Message Template Format 2
Tag 9F 27: Cryptogram Information Data (CID) : 80
Byte 1 bit 8-7 = 10 ARQC
bit 6-5 = 00 Payment System specific cryptogram
bit 4 = 0 No advice required
bit 3-1 = 000 No information given
Tag 9F 36: Application Transaction Counter (ATC) : 00 08
Decimal value = 8
Tag 9F 4B: Signed Dynamic Application Data : 89 A6 C6 A0 AD 68 43 14 03 EE 4E 92 4B A8 CE B0 ED D9 F2 23 9A AB C9 90 D6 67 FD D5 B4 FF FC 98 99 AB 66 A7 10 0D 5B EB EE 36 7C 36 79 2D A2 A2 92 11 A2 0C 00 71 86 4B BE 20 BA 44 57 73 E5 0C 2D FB 17 AA DE 5C 85 8B 19 66 B8 F3 40 E0 00 EB BF 10 8B 1C AE 91 BD D0 DC 0C D3 D5 40 85 42 72 B0 E2 2F 30 D5 B5 EA 61 29 C9 9F 4F 39 F3 EE BC 66 06 F7 60 11 4D D6 DB 57 CF 57 F6 C1 EF 8C 35
Tag 9F 10: Issuer Application Data [M/Chip 4] : 02 10 A7 40 0F 04 00 00 00 00 00 00 00 00 00 00 00 FF
Key Derivation Index = 02
Cryptogram Version Number = 10
Card Verification Results (CVR) = A7 40 0F 04 00 00
Byte 1 bit 8-7 = 10 AC Returned in Second Generate AC: Not requested
bit 6-5 = 10 AC Returned in First Generate AC: ARQC
bit 4 = 0 RFU
bit 3 = 1 Offline PIN Verification Performed
bit 2 = 1 Offline Encrypted PIN Verification Performed
bit 1 = 1 Offline PIN Verification Successful
Byte 2 bit 8 = 0 DDA not returned
bit 7 = 1 M/Chip Select 4: Combined DDA/AC Generation Returned in First Generate AC, M/Chip Lite 4: Value not allowed
bit 6 = 0 Combined DDA/AC Generation Not Returned in Second Generate AC
bit 5 = 0 Issuer Authentication not performed
bit 4 = 0 CIAC-Default not skipped on CAT3 or not required
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8-5 = 0000 Right nibble of Script Counter : '0'
bit 4-1 = 1111 Right nibble of PIN Try Counter: 'F'
Byte 4 bit 8 = 0 RFU
bit 7 = 0 Unable To Go Online Not Indicated
bit 6 = 0 Offline PIN Verification Performed
bit 5 = 0 No Failure OF Offline PIN Verification
bit 4 = 0 PTL Not Exceeded
bit 3 = 1 International Transaction
bit 2 = 0 International Transaction
bit 1 = 0 Terminal Does Not Erroneously Consider Offline PIN OK
Byte 5 bit 8 = 0 Lower Consecutive Offline Limit Not Exceeded
bit 7 = 0 Upper Consecutive Offline Limit Not Exceeded
bit 6 = 0 Lower Cumulative Offline Limit Not Exceeded
bit 5 = 0 Upper Cumulative Offline Limit Not Exceeded
bit 4 = 0 Go Online On Next Transaction Was Not Set (in this transaction or in a previous one)
bit 3 = 0 No Issuer Authentication Failed (in this transaction or in a previous one)
bit 2 = 0 No Script Received (in a previous transaction)
bit 1 = 0 No Script Failed (in a previous transaction)
Byte 6 bit 8 = 0 RFU
bit 7 = 0 RFU
bit 6 = 0 RFU
bit 5 = 0 RFU
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 No Match found in Additional Check Table
bit 1 = 0 Match Found in Additional Check Table
DAC = 00 00
Counters = 00 00 00 00 00 00 00 FF
SW1 SW2 : 90 00 (SW_OK)
2nd Generate AC (TC)
Request : 80 AE 50 00 23 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 33 00 80 00 80 00 B0 32 0F C0 98 43 55 5A 0A C1 C2 4A
Class :80
Ins :AE
P1 :50
P2 :00
Lc :23
Data :00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 33 00 80 00 80 00 B0 32 0F C0 98 43 55 5A 0A C1 C2 4A
Tag 91 : Issuer Authentication Data [M/Chip] : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Tag 8A : Authorization Response Code : 59 33
Response Code = 59 33
Meaning = Unable to go online, Requesting for offline approval
Tag 95 : Terminal Verification Results (TVR) : 00 80 00 80 00
Byte 1 bit 8 = 0 Offline data authentication was performed
bit 7 = 0 SDA passed or not performed
bit 6 = 0 No ICC data missing
bit 5 = 0 Card does not appear on terminal exception file
bit 4 = 0 DDA passed or not performed
bit 3 = 0 CDA passed or not performed
bit 2 = 0 SDA not selected
bit 1 = 0 RFU
Byte 2 bit 8 = 1 ICC and terminal have different application versions
bit 7 = 0 No Expired application
bit 6 = 0 Application effective
bit 5 = 0 Requested service allowed for card product
bit 4 = 0 No New card
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 3 bit 8 = 0 Cardholder verification was successful or not performed
bit 7 = 0 Recognised CVM
bit 6 = 0 PIN Try Limit not exceeded
bit 5 = 0 No PIN entry required (PIN pad may or may not be present or may or may not be working)
bit 4 = 0 No PIN entry required (PIN pad may or may not be present)
bit 3 = 0 No Online PIN entered
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 4 bit 8 = 1 Transaction exceeds floor limit
bit 7 = 0 Lower consecutive offline limit not exceeded
bit 6 = 0 Upper consecutive offline limit not exceeded
bit 5 = 0 Transaction not selected randomly for online processing
bit 4 = 0 Merchant did not force transaction online
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Byte 5 bit 8 = 0 No Default TDOL used
bit 7 = 0 Issuer authentication passed or not performed
bit 6 = 0 Script processing passed before final GENERATE AC or no script received
bit 5 = 0 Script processing passed after final GENERATE AC or no script received
bit 4 = 0 RFU
bit 3 = 0 RFU
bit 2 = 0 RFU
bit 1 = 0 RFU
Tag 9F 37: Unpredictable Number : B0 32 0F C0
Tag 9F 4C: ICC Dynamic Number : 98 43 55 5A 0A C1 C2 4A
Previous Transaction History
Response: 69 85
SW1 SW2: 69 85 (SW_Error Accesscondition not satisfied)
Test Completed
看来你做了很多 "Offline approval" 而没有明确的应对措施。
您选择 6985 的原因可能有以下几种:
1) 已超出 AC 会话密钥计数器限制
因为Second Generate AC的response code是"Unable to go online, Requesting for offline approval" card goes Offline,所以CTR累加不重置(Generate AC 2才Online才重置)。
尝试个性化增加限制或完全在线。
2) 金额转换时溢出,如果交易国际
(交易货币!= CRM货币代码)。
要求全程在线
3) 在添加累计金额时溢出,如果交易国内(交易货币== CRM货币代码)。
需要完全在线
另外,检查为什么 "Country code" 在 Cdol1
中不存在我从测试工具的支持系统得到了一些帮助。他们的回应有助于解释这种情况:
回复 1: "The transaction amount in your test cases M-TIP 50 test1, test2, and test 3 are all above the floor limit, so the transactions are supposed to go online. However, due to your test environment is offline, the transactions can not be processed online. I can see the issuer authentication data in the 2nd generate AC are all 0s (They are not returned by the issuer, but the default value set by the terminal). The card validate the authentication data to see if the data is returned by the issuer. In your case, the validation is failed and the card returns "69 85"."
回复 2: "The MTIP50 test cases are a little special. The issuer authentication data for MTIP50 test cases is 16 bytes which is different than the normal value (10 bytes). Thus BTT has extra checks on the issuer authentication data of MTIP50. Since the issuer authentication data are all zeros in your case, the simulated card thinks they are not valid."
分辨率: 原来这是我使用的测试工具的问题。他们最近发布了新版本的软件,但这种情况已不再发生。