- OP_READY
- INITIALIZED
- SECURED
- CARD_LOCKED
- TERMINATED
- SCP02 - Implements '15' and '55' - Key DES 128
- SCP03 - Implements '10' and '00' - Keys AES 128, 192, 256
- The product reserves 262 bytes for general purpose SD data store
- AID for the ISD is 'A000000003 000000'
- AID may be changed using store data command
- Maximum storage space: 8 bytes (16 numerical digits)
- PIN length: 3 bytes
- PIN value: 12 34 5F
- PIN retry limit: 3 times
- PIN state: ACTIVE
- PIN format: Binary Coded Decimal (BCD)
- Tag '87' - Length 1 byte - '15' or '55' for SCP02 | '00' or '10' for SCP03
- Tag '89' - Length 1 byte - '01' for SHA1 | '02' for SHA256
- Tag '8B' - Length 2 bytes - ISD failed authentication counter value
- Delete - E4 - GP Authenticated - Case 4S
- External Auth - 82 - None - Case 3S
- Get Data - CA - None - Case 2S
- Get Status - F2 - GP authenticated - Case 4S
- Initialize Update - 50 - None - Case 4S
- Install - E6 - GP authenticated - Case 4S
- Load - E8 - GP authenticated - Case 4S
- Manage Channel - 70 - None - Case 1 / 2S
- Put Key - D8 - GP authenticated - Case 4S
- Select - A4 - None - Case 1/ 2S / 3S / 4S
- Set Status - F0 - GP Authenticated - Case 3S
- Store Data - E2 - GP Authenticated - Case 3S
- Re-Initialize OS - 34 - GP Authenticated - Case 1
- Disable Product Config - 36 - GP Authenticated - Case 1
- Get Toe Info - 3A - GP Authenticated - Case 2S
- Activate/Deactivate Flash Loader - 30 - GP Authenticated - Case 1
- Set Transport Key - 3C - None - Case 4S
Personalize NSICCS PSE
National Standard Indonesian Chip Card Specification Payment System Environment
Overview of Personalization
This chapter describes the general steps and sequence of the application protocol data unit (APDU) used in personalizing the NSICCS Application.
Data preparation
For efficient personalization, the data used for personalization should be prepared in advance.
- Select card manager
- Initialize Update and External Authenticate
- Put Key command to update the default card manager key
Open Secure Channel
- Select card manager
- Initialize Update and External Authenticate
- Install [for install and make selectable] to install the NSICCS Application
- Set Status command to change the card state from OP_READY to INITIALIZED (optional)
- Select card manager
- Initialize Update and External Authenticate
- Store data to personalize all data elements of the NSICCS instance
- Select card manager
- Initialize Update and External Authenticate
- Set Status command to change the card state from INITIALIZED to SECURED (optional)
- Put Key command to update the existing card manager key with the new key
-
PSE Package AID: D276000004150200000A0003
-
PSE Applet AID: D276000004150200000A000302
-
PSE Instance AID: 315041592E5359532E4444463031
-
NSICCS Package AID: D156000132033301
-
NSICCS Applet AID: D156000132833301
-
NSICCS Instance AID: A0000006021010
Prepare secure channel...
Initialize Update...
External Authenticate...
Install for Install, Make Selectable...
Establish secure channel...
Initialize Update...
External Authenticate...
Store Data...
--> 84 E2 00 00 36 01 01 xx xx
Store Data...
--> 84 E2 80 01 1B 91 02 XX XX
Personalization Complete
Prepare secure channel...
Initialize Update...
External Authenticate...
Install for Install, Make Selectable...
Establish secure channel...
Initialize Update...
External Authenticate...
Store Data 1
--> 84 E2 00 00 42 01 01 XX XX
Store Data N
--> 84 E2 80 14 25 91 05 XX XX
Personalization Complete
Select ISD Application...
Prepare secure channel...
External Authenticate...
Delete...
--> 84 E4 00 00 18 4F 0E XX XX
<-- 00
Application Delete Successful
- NSICCS, National Standard Indonesian Chip Card Specification
- PSE, Payment System Environment
- EMV, Europay International, Mastercard, Visa
- IPK, Issuer Public Key
- IPKC, Issuer Public Key Certificate
- ATC, Application Transaction Counter
- PAN, Permanent Account Number
- SCP Secure Channel Protocol
- MAC, Message Authentication Code
- IAD, Issuer Application Data
- ISD, Issuer Security Domain
- AID, Application ID
- AIP, Application Interchange Profile
- AFL, Application File Locator
- PDOL, Processing option Data Object List
- CDOL, Card Data Object List
PD -> Reset -> Card
PD <- ATR <- Card
PD -> Select -> Card
PD <- FCI <- Card
PD -> Init. Update -> Card
PD <- Key Info & Challenge <- Card
PD -> Ext. Auth -> Card
PD <- OK <- Card
PD -> Store Data -> Card
PD <- OK <- Card
PD -> Last Store Data -> Card
PD <- OK <- Card
'80' '50' '00 - 7F' '00' '08' 'Host Challenge' '00'
'84' '82' 'Security Level' '00' '10' 'Host Cryptogram + CMAC' '00'
'80/84' 'E2' '80/60/40/20/00' 'Sequence Number' 'Length of Command' 'Data' '00'
- Any STORE DATA command that does not follow rule as specified on section 0 might be resulted on unexpected behavior not handled by applet.
- Applet does not support chaining STORE DATA command. All DGI should be stored using single STORE DATA command.
'80' 'F0' '80' 'Card Status' 'Length of Command' 'AID of Application' '00'
- OP_READY = 01
- INITIALIZED = 07
- SECURED = 0F
- CARD_LOCKED = 7F
- TERMINATED = FF
- 0101 - SFI 1 Record 1
- 0201 - SFI 2 Record 1
- 0202 - IPKC
- 0203 - ICC Public Key Information
- 0204 - ICC Public Key Information
- 0301 - Static Application Data
- 0302 - Signed Static Application Data
- 0401 - SFI 4 Record 1
- 0402 - SFI 4 Record 2
- 0403 - SFI 4 Record 3
- 8000 - Application DES Keys
- 9000 - Application DES KCV
- 8010 - Application PIN
- 9010 - Application PIN Related Data
- 8201 - ICC Key CRT Information
- 8202 - ICC Key CRT Information
- 8203 - ICC Key CRT Information
- 8204 - ICC Key CRT Information
- 8205 - ICC Key CRT Information
- 8301 - PIN Encipherment Key CRT Information
- 8302 - PIN Encipherment Key CRT Information
- 8303 - PIN Encipherment Key CRT Information
- 8304 - PIN Encipherment Key CRT Information
- 8305 - PIN Encipherment Key CRT Information
- B001 - NSICCS Specific Data
- 9104 - GPO Response Data for Type A Transaction
- 9105 - GPO Response Data for Type B Transaction
- 9102 - Application Information
- F003 - ATC Init Value
- DGI 0x8000 (ICC Master 3DES Keys) shall be personalized before DGI 0x9000 (Key Check Value).
- DGI 0x8010 (ICC PIN value) shall be personalized before DGI 0x9010 (PTC and PTL).
- For the other DGIs, there are no constraints on their order during personalization phase.
- The PSE OTU is a payment system environment java card application dedicated to smart card banking systems.
- The PSE OTU as known as Oberthur Technologies Universal, is designed to respond to every need on java platforms holding financial applications.
- The PSE OTU Applet communication supports both contact and contactless interfaces; therefore the designated product is a ‘Payment System Environment’ and a ‘Proximity Payment System Environment’.
- Java Card platform with at least Java Card 2.2.1 APIs present.
- GP Card Manager compliant with the Global Platform 2.1.1.
- T=0 or T=1 protocols and TCL protocol.
- PSE OTU Applet is not dedicated to a specific platform as it is GP compliant in terms of mechanisms
- PSE OTU Applet is fully compliant to EMV specifications in terms of functionalities
- UNINSTALLED
- SELECTABLE
- PERSONALIZED (Blocked and Unblocked)
- TERMINATED
- Package AID = A0000000770106000B10020000020006
- Applet AID = A0000000770106000B10020100020006
- PSE Instance = 315041592E5359532E4444463031
- PPSE Instance = 325041592E5359532E4444463031
- NSICCS Package AID: A0000000770306600900000000010000
- NSICCS Applet AID: A0000000770306600900000100010000
- NSICCS Instance AID: A0000006021010
IDEMIA Key: 404142434445464748494A4B4C4D4E4F
- AID, Application Identifier
- APDU, Application Protocol Data Unit
- API, Application Programming Interface
- DGI, Data Grouping Identifier
- FCI, File Control Information
- GP, Global Platform
- NA, Not Applicable
- OTU, Oberthur Technologies Universal
- PSE, Payment System Environment
- PPSE, Proximity Payment System Environment
- POS, Point of Sale
- SFI, Short File Identifier
- SIO, Shareable Interface Object
- SW, Status Word