EMV Card
`Personalization
`Specification
`
`Version 1.0
`June 2003
`
`© 2003 EMVCo, LLC (“EMVCo”). All rights reserved. Any and all uses of the EMV Card Personalization
`Specification (“Materials”) shall be permitted only pursuant to the terms and conditions of the license
`agreement between the user and EMVCo found at http://www.emvco.com/specifications.cfm.
`
` The specifications, standards and methods set forth in these Materials have not been finalized or
`adopted by EMVCo and should be viewed as “work-in-process” subject to change at anytime without notice.
`EMVCo makes no assurances that any future version of these Materials or any version of the EMV Card
`Personalization Specification will be compatible with these Materials. No party should detrimentally rely on
`this draft document or the contents thereof, nor shall EMVCo be liable for any such reliance.
`These Materials are being provided for the sole purpose of evaluation and comment by the person or entity
`which downloads the Materials from the EMVCo web site (“User”). The Materials may not be copied or
`disseminated to any third parties, [except that permission is granted to internally disseminate copies within
`the organization of the User]. Any copy of any part of the Materials must bear this legend in full.
`These Materials and all of the content contained herein are provided "AS IS" "WHERE IS" and "WITH ALL
`FAULTS" and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in
`these materials. MATERIALS AND INFORMATION PROVIDED BY EMVCO ARE NOT FINAL AND MAY
`BE AMENDED AT EMVCO'S SOLE OPTION. EMVCO MAKES NO REPRESENTATIONS OR
`WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, WITH RESPECT TO THE MATERIALS AND
`INFORMATION CONTAINED HEREIN. EMVCO SPECIFICALLY DISCLAIMS ALL REPRESENTATIONS
`AND WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY,
`SATISFACTORY QUALITY, AND FITNESS FOR A PARTICULAR PURPOSE.
`EMVCo makes no representation or warranty with respect to intellectual property rights of any third parties in
`or in relation to the Materials. EMVCo undertakes no responsibility of any kind to determine whether any
`particular physical implementation of any part of these Materials may violate, infringe, or otherwise use the
`patents, copyrights, trademarks, trade secrets, know-how, and/or other intellectual property rights of third
`parties, and thus any person who implements any part of these Materials should consult an intellectual
`property attorney before any such implementation. WITHOUT LIMITATION, EMVCO SPECIFICALLY
`DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES WITH RESPECT TO INTELLECTUAL
`PROPERTY SUBSISTING IN OR RELATING TO THESE MATERIALS OR ANY PART THEREOF,
`INCLUDING BUT NOT LIMITED TO ANY AND ALL IMPLIED WARRANTIES OF TITLE, NON-
`INFRINGEMENT OR SUITABILITY FOR ANY PURPOSE (WHETHER OR NOT EMVCO HAS BEEN
`ADVISED, HAS REASON TO KNOW, OR IS OTHERWISE IN FACT AWARE OF ANY INFORMATION).
`Without limitation to the foregoing, the Materials provide for the use of public key encryption technology,
`which is the subject matter of patents in several countries. Any party seeking to implement these Materials
`is solely responsible for determining whether their activities require a license to any technology including, but
`not limited to, patents on public key encryption technology. EMVCo shall not be liable under any theory for
`any party's infringement of any intellectual property rights.
`
`IPR2022-00413
`Apple EX1047 Page 1
`
`

`

`THIS PAGE LEFT INTENTIONALLY BLANK
`
`IPR2022-00413
`Apple EX1047 Page 2
`
`

`

`i
`
`
`Tables and Figures
`
`June 2003
`
`Table of Contents
`
`2
`
`3
`
`Purpose
`1.
`Scope
`2.
`Audience
`3.
`4. Normative References
`5. Definitions
`Abbreviations and Notations
`6.
`1
`Card Personalization Data Processing
`Overview of the Process
`1.1
`1.2
`The Infrastructure of Card Personalization
`1.3
`Secure Messaging
`1.4
`The STORE DATA Command
`1.5
`The Common Personalization Record Format
`Data Preparation
`Creating Personalization Data
`2.1
`2.1.1
`Issuer Master Keys and Data
`2.1.2
`EMV Application Keys and Certificates
`2.1.3
`Application Data
`Creation of Data Groupings
`2.2
`2.3
`Completion of Personalization
`2.3.1
`Multiple Transport Key Capability
`Processing Steps and Personalization Device Instructions
`2.4
`2.4.1
`Order that Data must be sent to the IC Card
`2.4.2
`Support for Migration to New Versions
`2.4.3
`Encrypted Data Groupings
`2.4.4
`PIN Block Format and Random Numbers
`2.4.5
`Grouping of DGIs
`Creation of Personalization Log Data
`2.5
`2.6
`Data Preparation-Personalization Device Interface Format
`Personalization Device-ICC Interface
`Key Management
`3.1
`3.2
`Processing Flow
`3.2.2
`SELECT Command
`3.2.3
`INITIALIZE UPDATE Command
`3.2.4
`EXTERNAL AUTHENTICATE Command
`3.2.5
`STORE DATA Command
`3.2.6
`Last STORE DATA Command
`Command Responses
`3.3
`3.4
`Personalization Log Creation
`IC Card Personalization Processing
`Preparation for Personalization (Pre-Personalization)
`4.1
`4.2
`Personalization Requirements
`4.2.1
`IC Card Requirements
`4.2.2
`Command Support
`4.2.3
`Secure Messaging
`Cryptography for Personalization
`Key Zones
`5.1
`
`4
`
`5
`
`
`
`
`v
`vi
`vii
`viii
`ix
`x
`1
`1
`2
`3
`3
`4
`7
`7
`7
`8
`8
`9
`10
`11
`11
`12
`13
`14
`14
`15
`16
`16
`25
`26
`26
`27
`28
`30
`32
`36
`36
`36
`39
`39
`40
`40
`40
`41
`43
`43
`
`IPR2022-00413
`Apple EX1047 Page 3
`
`

`

`Tables and Figures
`
`June 2003
`
`ii
`
`
`6
`
`6.33
`
`
`
`43
`44
`45
`45
`47
`49
`49
`49
`49
`50
`50
`50
`51
`51
`51
`51
`51
`51
`52
`52
`52
`52
`52
`52
`
`5.2
`Session Keys
`5.3 MACs
`MACs for Personalization Cryptograms
`5.3.1
`5.3.2
`C-MAC for Secure Messaging
`5.3.3
`MAC for integrity of the personalization data file
`Encryption
`5.4
`5.4.1
`Encryption Using ECB mode
`5.4.2
`Encryption Using CBC Mode
`Decryption
`5.5
`5.5.1
`Decryption Using ECB Mode
`5.5.2
`Decryption Using CBC Mode
`Triple DES Calculations
`5.6
`Personalization Data Elements
`ACT (Action to be Performed)
`6.1
`6.2
`AID (Application Identifier)
`6.3
`ALGSCP (Algorithm for Secure Channel Protocol)
`6.4
`C-MAC
`6.5
`CMODE (Chaining Mode)
`6.6
`CSN (Chip Serial Number)
`6.7
`DTHR (Date and Time)
`6.8
`ENC (Encryption Personalization Instructions)
`6.9
`IDTK (Identifier of the Transport Key)
`6.10
`IDOWNER (Identifier of the Application Specification Owner)
`6.11
`IDTERM (Identifier of the Personalization Device)
`6.12 KENC (DES Key for Creating Personalization Session Key for
`52
`Confidentiality and Authentication Cryptogram)
`6.13 KDEK (DES Key for Creating Personalization Session Key for Key and PIN
`Encryption)
`53
`6.14 KMAC (DES Key for Creating Personalization Session Key for MACs) 53
`6.15 Key Check Value
`53
`6.16 KEYDATA (Derivation Data for Initial Update Keys)
`53
`6.17 KMC (DES Master Key for Personalization Session Keys)
`53
`6.18 KMCID (Identifier of the Master Key for Personalization)
`54
`6.19 L (Length of Data)
`54
`6.20 LCCA (Length of IC Card Application Data)
`54
`6.21 LOGDATA (Data Logging Personalization Instructions)
`54
`6.22 MACINP (MAC of All Data for an Application)
`54
`6.23 MACkey (MAC Key)
`55
`6.24 MIC (Module Identifier Code)
`55
`6.25 ORDER (Data Grouping Order Personalization Instructions)
`55
`6.26 POINTER (Additional Pointer to Personalization Data or Instructions)55
`6.27 RCARD (Random Number from the IC Card)
`55
`6.28 RTERM (Random Number from the Personalization Device)
`55
`6.29 RANDOM (Random Number)
`55
`6.30 REQ (Required or Optional Action)
`56
`SEQNO (Sequence Number)
`6.31
`56
`6.32
`SKUENC (Personalization Session Key for confidentiality and
`authentication cryptogram)
`SKUDEK (Personalization Session Key for Key and PIN Encryption)
`
`56
`56
`
`IPR2022-00413
`Apple EX1047 Page 4
`
`

`

`iii
`
`
`Tables and Figures
`
`June 2003
`
`6.34
`SKUMAC (Personalization Session Key for MACing)
`6.35 TAG (Identifier of Data for a Processing Step)
`6.36 TK (Transport Key)
`6.37 TYPETK (Indicator of Use(s) of Transport Key)
`6.38 VERCNTL (Version Control Personalization Instructions)
`6.39 VNL (Version Number of Layout)
`Annex A. Common EMV Data Groupings
`Introduction
`A.1
`A.2
`Common DGIs for EMV Payment Applications
`A.3
`Common DGIs for EMV PSE
`Annex B. Overview of EMV Card Personalization
`
`
`
`56
`57
`57
`57
`58
`58
`59
`59
`59
`63
`65
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 5
`
`

`

`iv
`
`
`Tables and Figures
`
`June 2003
`
`Tables
`
`8
`Table 1 – Data Content for tag ‘CF’
`10
`Table 2 – Data Content for DGI ‘7FFF’
`12
`Table 3 – Data Content for the Field ORDER
`13
`Table 4 – Data Contents for the Version Control Field VERCNTL
`14
`Table 5 – Data Content for the Field ENC
`16
`Table 6 – Data Content for the Field GROUP
`17
`Table 7 – IC Card Application Data sent to the Personalization Device
`20
`Table 8 – FORMATTK Codes and Associated Data
`20
`Table 9 – Layout of TKDATA for FORMATTK ‘01’
`21
`Table 10 – Layout of Processing Steps Field
`Table 11 – Personalization Device Instructions for the Personalization Processing
`Step
`23
`Table 12 – INITIALIZE UPDATE Command Coding
`28
`Table 13 – Response to INITIALIZE UPDATE command
`28
`Table 14 – Initial Contents of KEYDATA
`29
`Table 15 – EXTERNAL AUTHENTICATE Command Coding
`30
`Table 16 – Status Conditions for EXTERNAL AUTHENTICATE Command
`30
`Table 17 – Security Level (P1)
`31
`Table 18 – STORE DATA Command Coding for application personalization data 32
`Table 19 – Coding of P1 in STORE DATA Command
`33
`Table 20 – Status conditions for STORE DATA command
`33
`Table 21 – Contents of Personalization Log
`37
`Table 22 – Derivation Data for Session Keys
`44
`Table 23 – Coding of TYPETK
`57
`
`
`Figures
`5
`Figure 1 – Overview of IC Card Personalization Data Format
`5
`Figure 2 – Overview of Personalization Data for an IC Card Application
`22
`Figure 3 – Layout of ICC Data Portion of Record (Section 3c of Table 5)
`Figure 4 – Formatting of Personalization Data within ICC Data Portion of Record
`
`23
`Figure 5 – Personalization Command Flow
`27
`Figure 6 –Personalization Key Zones
`43
`Figure 7 – C-MAC and MAC Computation
`48
`
`
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 6
`
`

`

`Purpose
`
`June 2003
`
`v
`
`1. Purpose
`
`Card personalization is one of the major cost components in the production of EMV
`cards. This specification standardizes the EMV card personalization process with
`the objective of reducing the cost of personalization thus facilitating the migration to
`chip.
`
`In today’s environment, there are numerous methods of personalizing EMV cards
`and many vendors providing the systems to personalize these cards. Each time a
`native card is developed, or a new application released, issuers and personalization
`vendors are obliged to expend significant time and money to develop the
`corresponding personalization process. In addition, these cards are typically
`personalized using proprietary commands, often making it difficult for card issuers
`to source cards from alternative suppliers or bureaus.
`
`This specification standardizes EMV card personalization leading to faster, more
`efficient and more economical solutions. It offers benefits which include: lower set up
`costs, faster time to market, greater choice of supplier (card and personalization
`bureau) and an enhanced ability to switch suppliers.
`
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 7
`
`

`

`Scope
`
`June 2003
`
`vi
`
`2. Scope
`
`In this specification, card personalization means the use of data personalization
`commands that are sent to a card that already contains the basic EMV application.
`This is sometimes referred to as “on-card” personalization. The specification does not
`cover cards where an application load file is personalized before being loaded onto
`the card.
`
`In terms of the lifecycle of the card, card personalization is assumed to take place
`after pre-personalization (see Definitions) and prior to card issuance. However non-
`EMV applications may well use the same personalization process as defined in this
`specification. Other card personalization activities – embossing, magnetic stripe
`encoding and the personalization of non-EMV IC applications – are not covered.
`
`In terms of the lifecycle of the personalization data, card personalization is assumed
`to be defined in terms of two interfaces – the interface between the data preparation
`system and the personalization device, and the interface between the
`personalization device and the IC. The interface between the card issuer and the
`data preparation system is not covered. These terms are described in the
`Definitions section below.
`
`
`
`
`Card
`Manufacturer
`
`Personalization Bureau
`
`Cardholder
`
`
`Personalization
`device
`
`
`Data
`Preparation
`
`
`Issuer data
`
`Issuer
`
`
`
`
`
`It is assumed that personalization commands are principally handled by the
`application, rather than at card level. Some dialogue between card and
`personalization device may occur at card level before the application is selected, e.g.
`to identify the card issuer.
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 8
`
`

`

`Audience
`
`vii
`
`3. Audience
`
`There are three intended audiences for this document:
`
`
`June 2003
`
`
`
`
`
`
`
`1. Designers of EMV applications
`This audience will use this document as one of the inputs to their design
`process. The areas that are impacted by this document are:
`• Design of the file and data structure for the EMV application on the IC
`card.
`• Design and processing of the personalization commands.
`
`2. Designers of Personalization Device systems
`This audience will use this document as a specification for part of the design
`for their processing, in particular the input and output interfaces.
`
`3. Designers of Data Preparation systems
`This audience will use this document as a specification for part of the design
`for their processing, in particular the output interface.
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 9
`
`

`

`June 2003
`
`Normative References
`
`viii
`
`4. Normative References
`The following documents are referenced in this specification:
`
`
`EMV2000 Version 4.0
`December 1, 2000
`
`Integrated Circuit Card Specification for Payment Systems
`Book 1 – Application Independent ICC to Terminal Interface
`Requirements
`Integrated Circuit Card Specification for Payment Systems
`Book 2 – Security and Key Management
`Integrated Circuit Card Specification for Payment Systems
`Book 3 – Application Specification
`GlobalPlatform Load and Personalization Interface
`Specification V1.0: 2003
`
`GlobalPlatform Systems Profiles Specification - V1.0: 2003
`
`Identification cards - Integrated circuit(s) cards with
`contacts - Part 3: Electronic signals and transmission
`protocols
`Identification cards - Integrated circuit(s) cards with
`contacts - Part 4, Inter-industry commands for interchange
`Identification cards - Integrated circuit(s) cards with
`contacts - Part 5, Numbering system and registration
`procedure for application identifiers
`Identification cards - Integrated circuit(s) cards with
`contacts - Part 6, Inter-industry data elements
`Banking – Personal Identification Number (PIN) – Part 1-
`Basic principles and requirements for online PIN handling in
`ATM and POS systems
`Information Technology – Security Techniques – Message
`Authentication Codes – Part 1: Mechanisms using a block
`cipher
`Information Technology – Modes of Operation of an n-bit
`block cipher algorithm
`
`EMV2000 Version 4.0
`December 1, 2000
`EMV2000 Version 4.0
`December 1, 2000
`GlobalPlatform Load
`and Personalization
`Interface Specification
`V1.0: 2003
`GlobalPlatform
`Systems Profiles
`Specification
`V1.0: 2003
`ISO/IEC 7816-3:1997
`
`ISO/IEC 7816-4:1995
`
`ISO/IEC 7816-5:1994
`
`ISO/IEC 7816-6:1996
`
`ISO/IEC 9564-1:2002
`
`ISO/IEC 9797-1:1999
`
`ISO/IEC 10116:1997
`
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 10
`
`

`

`Definitions
`
`June 2003
`
`ix
`
`5. Definitions
`The following terms are used in this specification.
`
`Application – An application resident in an EMV card.
`
`Application Command – For this document specifically, an APDU command
`acceptable to an application after the personalization process has been completed,
`and the application selected.
`
`Card – An IC payment card as defined by a payment system.
`
`Card Personalization – The personalization of application data within a card,
`using personalization commands.
`
`Data Preparation – The process of preparing and formatting data, ready for
`sending to a personalization device.
`
`Payment System – For the purposes of this specification, MasterCard
`International, or Visa International Service Association.
`
`Personalization – The personalization of application data to enable a card to be
`used by a cardholder.
`
`Personalization Command – A command sent to a selected EMV application in
`order to personalize application data.
`
`Personalization Device – A device that accepts data from a data preparation
`system, and sends personalization commands to a card.
`
`Pre-personalization – The initialization of card data prior to personalization.
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 11
`
`

`

`Abbreviations and Notations
`
`x
`
`6. Abbreviations and Notations
`The following abbreviations and notations are used in this specification. Additional
`abbreviations can be found at the end of this specification in chapter 6.
`
`June 2003
`
`Application Identifier
`
`American Standard Code for Information Interchange
`
`Answer-to-Reset
`
`Basic Encoding Rules
`
`Bank Identification Number
`
`Certification Authority
`
`Card Acceptance Device
`
`Cipher Block Chaining
`
`Combined DDA Application Cryptogram Generation Authentication
`
`Class Byte
`
`Command Message Authentication Code
`
`Card Production Life Cycle
`
`Card and Application Management System (CAMS) Reference Number
`
`Chinese Remainder Theorem
`
`Chip Serial Number
`
`Dynamic Data Authentication
`
`Data Encryption Standard
`
`Data Grouping Identifier
`
`Electronic Code Book
`
`Europay, MasterCard and Visa
`
`File Control Information
`
`Hardware Security Module
`
`AID
`
`ASCII
`
`ATR
`
`BER
`
`BIN
`
`CA
`
`CAD
`
`CBC
`
`CDA
`
`CLA
`
`C-MAC
`
`CPLC
`
`CRN
`
`CRT
`
`CSN
`
`DDA
`
`DES
`
`DGI
`
`ECB
`
`EMV
`
`FCI
`
`HSM
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 12
`
`

`

`Abbreviations and Notations
`
`June 2003
`
`Integrated Circuit
`
`Integrated Circuit Card
`
`Initial Chaining Vector
`
`Identifier
`
`International Electrotechnical Commission
`
`Issuer Identification Number
`
`Instruction Byte
`
`International Organization for Standardization
`
`Initialization Vector
`
`DES Master Key for Personalization Session Keys
`
`Least Significant Byte
`
`Mandatory or Optional
`
`Message Authentication Code
`
`Module Identifier Code
`
`Most Significant Byte
`
`Application Primary Account Number
`
`Personalization Device Instructions
`
`Personal Identification Number
`
`Public Key
`
`Reserved for Future Use (values to be ignored)
`
`Response Message Authentication Code
`
`Rivest, Shamir and Adleman (Cryptographic
`Algorithm)
`
`Static Data Authentication
`
`Short File Identifier
`
`Personalization Session Key
`
`xi
`
`IC
`
`ICC
`
`ICV
`
`ID
`
`IEC
`
`IIN
`
`INS
`
`ISO
`
`IV
`
`KMC
`
`LSB
`
`M/O
`
`MAC
`
`MIC
`
`MSB
`
`PAN
`
`PDI
`
`PIN
`
`PK
`
`RFU
`
`R-MAC
`
`RSA
`
`SDA
`
`SFI
`
`SKU
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 13
`
`

`

`xii
`
`SHA
`
`TK
`
`TLV
`
`var.
`
`Abbreviations and Notations
`
`June 2003
`
`Secure Hash Algorithm
`
`Transport Key
`
`Tag, Length, Value
`
`Variable
`
`The following notations apply:
`
`Hexadecimal Notation
`Values expressed in hexadecimal form are enclosed in single quotes (e.g., ‘_’). For
`example, 27509 decimal is expressed in hexadecimal as ‘6B75’.
`
`Letters used to express constant hexadecimal values are always upper case (‘A’ - ‘F’).
`Where lower case is used, the letters have a different meaning explained in the text.
`
`Binary Notation
`Values expressed in binary form are followed by a lower case “b”. For example, ‘08’
`hexadecimal is expressed in binary as 00001000b (most significant bit first).
`
`Operators and Functions
`
`Logical AND.
`Logical OR.
`Assignment (of a value to a variable).
`Ordered set (of data elements).
`Concatenation of bytes B1 (the most significant byte) and B2 (the least
`significant byte).
`Value of the concatenation of bytes B1 and B2.
`The data in the square brackets is encrypted using the key in the normal
`brackets.
`The data in the square brackets is decrypted using the key in the normal
`brackets.
`The data in the square brackets is encrypted using DES encryption and the
`key in the normal brackets.
`The data in the square brackets is decrypted using DES decryption and the
`key in the normal brackets.
`
` ∧
`
`
`∨
`:=
`( ) or [ ]
`B1 B2
`
`[B1 B2]
`encrypt( )[ ]
`
`decrypt( )[ ]
`
`DES( )[ ]
`
`DES-1( )[ ]
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 14
`
`

`

`xiii
`
`DES3( )[ ]
`
`DES3-1( )[ ]
`
`sign( )[ ]
`
`verify( )[ ]
`
`SHA( )
`
`Abbreviations and Notations
`
`June 2003
`
`The data in the square brackets is encrypted using triple DES encryption
`and the key in the normal brackets. Triple DES consists of encrypting an 8-
`byte plaintext block X to an 8 byte ciphertext block Y using a double length
`(16 byte) secret key K = (KL || KR) where KL and KR are DES keys. This is
`done as follows:
`Y := DES3(K)[X] := DES(KL)[DES-1(KR)[DES(KL)[X]]]
`
`The encryption process is illustrated in section 5.6.1.1.
`The data in the square brackets is decrypted using triple DES decryption
`and the key in the normal brackets. Triple DES consists of decrypting an 8-
`byte plaintext block X to an 8 byte ciphertext block Y using a double length
`(16 byte) secret key K = (KL || KR) where KL and KR are DES keys. This is
`done as follows:
`X := DES3-1(K)[Y] := DES-1(KL)[DES(KR)[DES-1(KL)[Y]]]
`The data in the square brackets is signed using the key in the normal
`brackets.
`The data in the square brackets is verified using the key in the normal
`brackets.
`The results of applying the SHA-1 hash algorithm to the data in the normal
`brackets.
`Exclusive OR
`
`XOR
`
`
`Requirement Numbering
`Requirements are highlighted by both being indented and numbered with a four
`digit reference namely, section, subsection and requirement number. All
`requirements in this specification are therefore uniquely numbered with the number
`appearing next to each requirement. This convention is adopted to allow test
`specifications to be conveniently developed.
`
` A
`
` requirement can have different numbers in different versions of the specifications.
`Hence, all references to a requirement must include the version of the document as
`well as the requirement’s number.
`
`Document Word Usage
`The following words are used often in this document and have specific meanings:
`“Shall” or “Must”
`•
`Defines a product or system capability that is required, compelled and
`mandatory.
`“Should”
`Defines a product or system capability that is highly recommended.
`“May”
`Defines a product or system capability that is optional.
`
`•
`
`•
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 15
`
`

`

`Abbreviations and Notations
`
`June 2003
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`THIS PAGE LEFT INTENTIONALLY BLANK
`
`
`xiv
`
`
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 16
`
`

`

`Card Personalization Data Processing
`
`June 2003
`
` Card Personalization Data Processing
`
`1
`
` 1
`
`
`1.1 Overview of the Process
`
`Within a personalization bureau environment the processing of Personalization
`Device Instructions (PDI) and IC card personalization data processing requires the
`following three functional steps:
`
`
`1. Data preparation
`2. Personalization device set-up and processing
`3. IC card application processing.
`
`
`Each of these steps, together with the two interfaces (1 to 2, 2 to 3), is briefly
`described below and discussed in detail in subsequent chapters.
`
`An overview diagram of the complete EMV Card Personalization process appears in
`Annex B.
`
`Data Preparation
`
`Data preparation is the process that creates the data that is to be placed in an IC
`card application during card personalization. Some of the data created may be the
`same across all cards in a batch; other data may vary by card. Some data, such as
`keys, may be secret and may need to be encrypted at all times during the
`personalization process.
`
`Data preparation may be a single process or it may require interaction between
`multiple systems.
`
`Much of the definition of data preparation is application specific. This document
`focuses on the data preparation processes that are commonly used for EMV cards
`and a description of these is given in Chapter 2.
`
`
`Data Preparation-Personalization Device Interface
`
`The output of the data preparation process is a file of personalization data, which is
`passed to the personalization device. The format of the file records is shown in
`Table 7.
`
`The data preparation system must protect the completed personalization data file
`for integrity and authenticity (e.g. MAC or signed hash). For examples of
`implementation, see GlobalPlatform Load and Personalization Interface
`Specification.
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 17
`
`

`

`June 2003
`
`Card Personalization Data Processing
`
`2
`
`Personalization Device
`
`The personalization device is the terminal that acts on Personalization Device
`Instruction data to control how personalization data is selected and then sent to the
`IC card application. For most IC card personalization processes this device must
`have access to a security module (HSM) to establish and operate a secure channel
`between the personalization device on the one hand and the application on an IC
`card on the other. The secure channel services consist of MAC verification/
`generation e.g. on commands sent to the application, and decryption and re-
`encryption of secret data e.g. PIN values. Personalization device processing is
`described in Chapter 3.
`
`Personalization Device-ICC Interface
`
`The personalization device sends a series of personalization commands to the ICC.
`The personalization command flow is shown in Figure 5.
`
`The IC Card Application
`
`The IC card application receives the personalization data from the personalization
`device and stores it in its assigned location, for use when the EMV card application
`becomes operational.
`
`Section 4.1 describes the processing requirements for an EMV card application that
`must be performed prior to the start of personalization. The actual processing of the
`EMV card prior to personalization (pre-personalization) is outside the scope of this
`specification. However it is assumed that the EMV card application will have secure
`messaging keys established for personalization prior to the start of the
`personalization process.
`
`
`1.2 The Infrastructure of Card Personalization
`
`The personalization process described in this document is designed to facilitate the
`personalization of the EMV application on IC cards. It creates a personalization
`infrastructure that allows for upgrades to EMV applications without requiring a
`change to the personalization device processing, and one that can also be extended to
`other applications in a generic way.
`
`The personalization infrastructure consists of:
`
` •
`
` Standard security between the personalization device and the IC card. This is
`summarized in section 1.3.
`• Standard commands for sending personalization data to the IC card application.
`These are summarized in section 1.4.
`• A standard record format for the personalization data sent to the personalization
`device. This is summarized in section 1.5.
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 18
`
`

`

`June 2003
`
`Card Personalization Data Processing
`
`3
`
`1.3 Secure Messaging
`
`At the beginning of processing by the personalization device, a secure channel is
`established between the personalization device and the IC card EMV application.
`The commands used to establish this secure channel are the INITIALIZE UPDATE
`command and the EXTERNAL AUTHENTICATE command. These commands are
`described in sections 3.2.3 and 3.2.4 respectively.
`
`Two derived keys on the IC card are used during the establishment of the secure
`channel. These are the KENC, used to generate a session key SKUENC which is in
`turn used to create and validate authentication cryptograms, and the KMAC, used to
`generate a session key SKUMAC which is in turn used to MAC the EXTERNAL
`AUTHENTICATE command. Both of these keys are derived from the same master key,
`the KMC. The IC card provides the personalization device with the identifiers of the
`KMC and the derivation data used to create the derived keys. The identification of
`the KMC is described in section 3.1. The creation of derived keys is described in
`section 4.1. Once a secure channel is established, personalization data can be sent
`to the IC card application. Based on the security level set in the EXTERNAL
`AUTHENTICATE command, the SKUENC may also be used to encrypt the command
`data field, and the SKUMAC to produce the Command Message Authentication Code
`(C-MAC).
`
`1.4 The STORE DATA Command
`
`The STORE DATA command is used to send personalization data to the card
`application; it is described in detail in section 3.2.5.
`
`In order to reduce personalization time, the data preparation process organizes the
`personalization data to be sent to an EMV card application by the personalization
`device into data groupings. A Data Grouping Identifier (DGI) identifies each data
`grouping. The IC card application uses the DGI to determine how the data grouping
`is to be processed after it is received from the personalization device. Much of the
`data for an application is organized into records within the application when the
`application is designed. Where this is the case, the easiest way to create data
`groupings for an application is to make each record in the application a data
`grouping. The principles of data grouping are described in section 2.2. The
`personalization devices parse the input record and create a STORE DATA command
`for each data grouping or group of data groupings (see section 2.4.5) in the input
`record.
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 19
`
`

`

`June 2003
`
`Card Personalization Data Processing
`
`4
`
`Some data groupings will contain data that must be kept secret during transmission
`from the personalization device to the card application; this can be done using a
`secret key known on either side of this interface. In this case an additional derived
`key (KDEK) on the IC card is used to generate a session key SKUDEK. The KDEK is
`derived from the same master key (KMC) as the KENC and KMAC. The IC card
`provides the personalization device with the identifiers of the KMC and the
`derivation data used to create the derived key. The SKUDEK, described in section 5.2
`may be used for this encryption. In addition to this requirement for security, the
`secure messaging described in section 1.3 provides the option for two additional
`security features: the C-MAC and command data field encryption for all subsequent
`STORE DATA commands.
`
`
`1.5 The Common Personalization Record Format
`
`The common personalization approach requires a common personalization record
`format. This record format is described in section 2.6. This format has been
`developed to support the personalization of one or more applications on a single IC
`card.
`
`The overall card personalization process normally consists of a series of processing
`modules that perform personalization tasks (e.g. embossing and magnetic stripe
`encoding). Each processing module uses data from the input record for a card to
`perform its task for that card. In the format defined in this document, the data for a
`processing module is identified by a Module Identifier Code (MIC). Each MIC is
`followed by the data to be processed for that processing module. Many processing
`modules also require a length field that specifies the length of the data for that
`processing module. The input for the personalization process for non IC card
`application data is defined in documentation provided by the personalizer, however,
`the basic structure of the most commonly used personalization record format allows
`all types of personalization data to be included in the same file.
`
`There will be a MIC that identifies data to be placed on an IC card. The exact MIC
`used for personalization data must be established between the data preparation
`processing system(s) and the personalization device processing system(s). In Figure
`1, which shows the organization of personalization data for the IC card module,
`MIC2 is used to represent the IC card personalization data. MIC1 and MIC3
`indicate non-ICC personalization data.
`
`
`
`
`
`IPR2022-00413
`Apple EX1047 Page 20
`
`

`

`5
`
`Figure 1 – Overview of IC Card Personalization Data Format
`
`Card Personalization Data Processing
`
`June 2003
`
`