1、April 2001Extensions for Financial Services (XFS) interface specification Release 3.0 Part 20: Pin Keypad Device Class Interface Migration from Version 2.0 (see CWA 13449) to Version 3.0(this CWA) Programmers ReferenceCWA 14050-20Englische Fassung CWA 14050-20:2000ICS 35.200; 35.240.15; 35.240.40Erw
2、eiterungen fr die Schnittstellenspezifikation fr Finanzdienst-leistungen (XFS) Version 3.0 Teil 20: Schnittstelle fr die Gerteklasse “PIN-Tastaturen“ Migration von Version 2.0 (siehe CWA 13449) zu Version 3.0(dieses CWA) ProgrammierhandbuchNationales VorwortDieses CEN Workshop Agreement CWA 14050-20
3、, das vom CEN/ISSS XFS Workshop erarbeitet wurde,wird ausschlielich in englischer Sprache zur Verfgung gestellt.CEN Workshop Agreements werden im Rahmen eines Konsortiums entwickelt. Sie unterscheiden sich vonEuropischen Normen dadurch, dass sie grundstzlich kein ffentliches Einspruchsverfahren durc
4、hlaufenund dass auch keine nationale Meinungsbildung stattfindet. Im Gegensatz zu Europischen Normen, dieden Konsens aller interessierten Kreise darstellen, haben CEN Workshop Agreements lediglich dieZustimmung der unmittelbar beteiligten Mitglieder des Konsortiums gefunden.Fr den Inhalt sind aussch
5、lielich die Mitglieder des Konsortiums verantwortlich (siehe ergnzendeHinweise im CWA-Vorwort). Weder das CEN-Zentralsekretariat, noch die CEN-Mitglieder haben den Inhaltauf eventuelle Fehler oder Widersprche zu Normen und Rechtsvorschriften geprft.Fortsetzung 52 Seiten CWA Beuth Verlag GmbH, 2001 .
6、Jede Art der Vervielfltigung, auch auszugsweise, Ref. Nr. DIN CWA 14050-20:2001-04nur mit Genehmigung des Beuth Verlages gestattet. RW DIN CWA Preisgr. 07Alleinverkauf der Normen durch Beuth Verlag GmbH, 10772 Berlin Leerseite Rue de Stassart, 36 B-1050 BruxellesTel : +32 2 550 08 11 Fax : +32 2 550
7、 08 19EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG WORKSHOPCWA 14050-20AGREEMENTNovember 2000ICS 35.200; 35.240.15; 35.240.40Extensions for Financial Services (XFS) interface specification -Release 3.0 - Part 20: Pin Keypad Device Class Interfa
8、ce - Migrationfrom Version 2.0 (see CWA 13449) to Version 3.0 (this CWA) -Programmers Reference 2000 CEN All rights of exploitation in any form and by any means reserved world-wide forCEN National MembersRef. No CWA 14050-20:2000 EThis CEN Workshop Agreement can in no way be held as being an officia
9、l standardas developed by CEN National Members.Page 2CWA 14050-20:2000Table of ContentsForeword41. General.62. New Chapters 62.1 REFERENCES. 62.2 GERMAN ZKA GELDKARTE 62.2.1 How to use the SECURE_MSG commands 62.2.2 Protocol WFS_PIN_PROTISOAS 72.2.3 Protocol WFS_PIN_PROTISOLZ 72.2.4 Protocol WFS_PIN
10、_PROTISOPS 82.2.5 Protocol WFS_PIN_PROTCHIPZKA. 82.2.6 Protocol WFS_PIN_PROTRAWDATA. 92.2.7 Command Sequence . 103. New Info Commands.143.1 WFS_INF_PIN_HSM_TDATA. 143.2 WFS_INF_PIN_KEY_DETAIL_EX 144. Changes to existing Info Commands 154.1 WFS_INF_PIN_STATUS. 154.2 WFS_INF_PIN_CAPABILITIES 164.3 WFS
11、_INF_PIN_FUNCKEY_DETAIL. 195. New Execute Commands225.1 WFS_CMD_PIN_LOCAL_BANKSYS. 225.2 WFS_CMD_PIN_BANKSYS_IO . 225.3 WFS_CMD_PIN_RESET. 235.4 WFS_CMD_PIN_HSM_SET_TDATA 235.5 WFS_CMD_PIN_SECURE_MSG_SEND . 245.6 WFS_CMD_PIN_SECURE_MSG_RECEIVE 255.7 WFS_CMD_PIN_GET_JOURNAL 265.8 WFS_CMD_PIN_IMPORT_K
12、EY_EX 275.9 WFS_CMD_PIN_ENC_IO .286. Changes to existing Execute Commands.296.1 WFS_CMD_PIN_CRYPT 296.2 WFS_CMD_PIN_IMPORT_KEY . 316.3 WFS_CMD_PIN_DERIVE_KEY 326.4 WFS_CMD_PIN_GET_PIN . 336.5 WFS_CMD_PIN_LOCAL_DES. 356.6 WFS_CMD_PIN_LOCAL_EUROCHEQUE. 376.7 WFS_CMD_PIN_LOCAL_VISA 38Page 3CWA 14050-20
13、:20006.8 WFS_CMD_PIN_GET_PINBLOCK 396.9 WFS_CMD_PIN_GET_DATA . 406.10 WFS_CMD_PIN_INITIALIZATION 427. New Events 437.1 WFS_SRVE_PIN_OPT_REQUIRED. 438. Changes to existing Events .438.1 WFS_EXEE_PIN_KEY 439. Changes to C - Header File.44Page 4CWA 14050-20:2000ForewordThis CWA is revision 3.0 of the X
14、FS interface specification.The move from an XFS 2.0 specification (CWA 13449) to a 3.0 specification has been prompted by a series offactors.Initially, there has been a technical imperative to extend the scope of the existing specification of the XFS Managerto include new devices, such as the Card E
15、mbossing Unit.Similarly, there has also been pressure, through implementation experience and the advance of the Microsofttechnology, to extend the functionality and capabilities of the existing devices covered by the specification.Finally, it is also clear that our customers and the market are askin
16、g for an update to a specification, which is nowover 2 years old. Increasing market acceptance and the need to meet this demand is driving the Workshop towardsthis release.The clear direction of the CEN/ISSS XFS Workshop, therefore, is the delivery of a new Release 3.0 specificationbased on a C API.
17、 It will be delivered with the promise of the protection of technical investment for existingapplications and the design to safeguard future developments.The CEN/ISSS XFS Workshop gathers suppliers as well as banks and other financial service companies. A list ofcompanies participating in this Works
18、hop and in support of this CWA is available from the CEN/ISSS Secretariat.This CWA was formally approved by the XFS Workshop meeting on 2000-10-18. The specification is continuouslyreviewed and commented in the CEN/ISSS Workshop on XFS. It is therefore expected that an update of thespecification wil
19、l be published in due time as a CWA, superseding this revision 3.0.The CWA is published as a multi-part document, consisting of:Part 1: Application Programming Interface (API) - Service Provider Interface (SPI); Programmers ReferencePart 2: Service Classes Definition; Programmers ReferencePart 3: Pr
20、inter Device Class Interface - Programmers ReferencePart 4: Identification Card Device Class Interface - Programmers ReferencePart 5: Cash Dispenser Device Class Interface - Programmers ReferencePart 6: PIN Keypad Device Class Interface - Programmers ReferencePart 7: Check Reader/Scanner Device Clas
21、s Interface - Programmers ReferencePart 8: Depository Device Class Interface - Programmers ReferencePart 9: Text Terminal Unit Device Class Interface - Programmers ReferencePart 10: Sensors and Indicators Unit Device Class Interface - Programmers ReferencePart 11: Vendor Dependent Mode Device Class
22、Interface - Programmers ReferencePart 12: Camera Device Class Interface - Programmers ReferencePart 13: Alarm Device Class Interface - Programmers ReferencePart 14: Card Embossing Unit Class Interface - Programmers ReferencePart 15: Cash In Module Device Class Interface- Programmers ReferencePart 16
23、: Application Programming Interface (API) - Service Provider Interface (SPI) - Migration from Version 2.0(see CWA 13449) to Version 3.0 (this CWA) - Programmers ReferencePart 17: Printer Device Class Interface - Migration from Version 2.0 (see CWA 13449) to Version 3.0 (this CWA) -Programmers Refere
24、ncePart 18: Identification Card Device Class Interface - Migration from Version 2.0 (see CWA 13449) to Version 3.0(this CWA) - Programmers ReferencePage 5CWA 14050-20:2000Part 19: Cash Dispenser Device Class Interface - Migration from Version 2.0 (see CWA 13449) to Version 3.0 (thisCWA) - Programmer
25、s ReferencePart 20: PIN Keypad Device Class Interface - Migration from Version 2.0 (see CWA 13449) to Version 3.0 (thisCWA) - Programmers ReferencePart 21: Depository Device Class Interface - Migration from Version 2.0 (see CWA 13449) to Version 3.0 (thisCWA) - Programmers ReferencePart 22: Text Ter
26、minal Unit Device Class Interface - Migration from Version 2.0 (see CWA 13449) to Version 3.0(this CWA) - Programmers ReferencePart 23: Sensors and Indicators Unit Device Class Interface - Migration from Version 2.0 (see CWA 13449) toVersion 3.0 (this CWA) - Programmers ReferencePart 24: Camera Devi
27、ce Class Interface - Migration from Version 2.0 (see CWA 13449) to Version 3.0 (this CWA)- Programmers ReferencePart 25: Identification Card Device Class Interface - PC/SC Integration GuidelinesIn addition to these Programmers Reference specifications, the reader of this CWA is also referred to acom
28、plementary document, called Release Notes. The Release Notes contain clarifications and explanations on theCWA specifications, which are not requiring functional changes. The current version of the Release Notes isavailable online from http:/www.cenorm.be/isss/Workshop/XFS.The information in this do
29、cument represents the Workshops current views on the issues discussed as of the date ofpublication. It is furnished for informational purposes only and is subject to change without notice. CEN/ISSSmakes no warranty, express or implied, with respect to this document.Page 6CWA 14050-20:20001. GeneralT
30、he following additions have been made to the PIN device class:New commands to support the German ZKA chip card standardSupport of Banksys Scurity Control ModuleAdded clarification note for Pin format 3624Added WFS_CMD_PIN_ENC_IO, which is currently used for the swiss proprietary protocol onlyDouble
31、and triple zero clarification in WFS_CMD_PIN_GET_DATAEncryption key deletion functionality added to the WFS_CMD_PIN_IMPORT_KEY commandFor all commands, the error code and event sections have been amended to explicitly mention that the generic valuesfrom the API document can also be returned.2. New C
32、hapters2.1 References1. XFS Application Programming Interface (API)/Service Provider Interface ( SPI), Programmers ReferenceRevision 3.00, October 18, 20002.2 German ZKA GeldKarteThe PIN service is able to handle the German “Geldkarte“, which is an electronic purse specified by the ZKA(Zentraler Kre
33、ditausschu).For anyone attempting to write an application that handles these chip cards, it is essential to read and understand thespecifications published byBank-Verlag, KlnPostfach 30 01 91D-50771 KlnPhone: +49 221 5490-0Fax: +49 221 5490-1202.2.1 How to use the SECURE_MSG commandsThis is to descr
34、ibe how an application should use the WFS_CMD_PIN_SECURE_MSG_SEND andWFS_CMD_PIN_SECURE_MSG_RECEIVE commands for transactions involving chipcards with a German ZKAGeldKarte chip.Applications must call SECURE_MSG_SEND for every command they send to the chip or to a host system,including those command
35、s that do not actually require secure messaging. This enables the service provider toremember security-relevant data that may be needed or checked later in the transaction.Applications must pass a complete message as input to SECURE_MSG_SEND, with all fields - including those thatwill be filled by t
36、he service provider - being present in the correct length. All fields that are not filled by the serviceprovider must be filled with the ultimate values in order to enable MACing by the service provider.Every command SECURE_MSG_SEND that an application issues must be followed by exactly one commandS
37、ECURE_MSG_RECEIVE that informs the service provider about the response from the chip or host. If noresponse is received (timeout or communication failure) the application must issue a SECURE_MSG_RECEIVEcommand with lpSecMsgIn-lpbMsg = NULL to inform the service provider about this fact.If a system i
38、s restarted after a SECURE_MSG_SEND was issued to the service provider but before theSECURE_MSG_RECEIVE was issued, the restart has the same effect as a SECURE_MSG_RECEIVE commandwith lpSecMsgIn-lpbMsg = NULL.Between a SECURE_MSG_SEND and the corresponding SECURE_MSG_RECEIVE no SECURE_MSG_SENDwith t
39、he same lpSecMsgIn-wProtocol must be issued. Other WFS_CMD_PIN. commands includingSECURE_MSG_SEND / RECEIVE with different wProtocol may be used.Page 7CWA 14050-20:20002.2.2 Protocol WFS_PIN_PROTISOASThis protocol handles ISO8583 messages between an ATM and an authorization system (AS).Only messages
40、 in the new ISO format, with new PAC/MAC-format using session keys and Triple-DES aresupported.Authorization messages may be used to dispense the amount authorized in cash or to load the amount into anelectronic purse (GeldKarte).For loading a GeldKarte the only type of authorization supported is a
41、transaction originating from track 3 of aGerman ec-card (message types 0200/0210 for authorization and 0400/0410 for reversal)For dispensing cash, transactions originating from international cards (message types 0100/0110 and 0400/0410) aresupported as well.The following bitmap positions are filled
42、by the service provider:BMP11 Trace-NummerBMP52 PACBMP57 Verschlsselungsparameter (only the challenge values RNDMES and RNDPAC)BMP64 MACThese bitmaps have to be present and the corresponding flag has to be set in the primary bitmap when the ISOmessage is passed to the HSM.The following bitmap positi
43、ons are checked by the service provider and have to be filled by the application:NachrichtentypBMP3 Abwicklungskennzeichen (only for GeldKarte, not for cash)BMP4 Transaktionsbetrag (only for GeldKarte, not for cash)BMP41 Terminal-IDBMP42 Betreiber-BLZFor a documentation of authorization messages see
44、:Regelwerk fr das deutsche ec-Geldautomaten-SystemStand: 22. Nov. 1999Bank-Verlag, KlnAutorisierungszentrale GA/POS der privaten BankenSpezifikation fr GA-BetreiberVersion 3.1231. Mai 2000dvg HannoverSchnittstellenbeschreibung fr Autorisierungsanfragen bei nationalen GA-Verfgungen unter Verwendung d
45、er Spur3Version 2.5Stand: 15.03.2000dvg HannoverSchnittstellenbeschreibung fr Autorisierungsanfragen bei internationalen Verfgungen unter Verwendung der Spur2Version 2.6Stand: 30.03.20002.2.3 Protocol WFS_PIN_PROTISOLZThis protocol handles ISO8583 messages between a Ladeterminal“ and a Ladezentrale“
46、 (LZ).Only messages in the new ISO format, with new MAC-format using session keys and Triple-DES are supported.Both types of GeldKarte chip (type 0 = DEM, type 1 = EUR) are supported.Page 8CWA 14050-20:2000The following bitmap positions are filled by the service provider:BMP11: Trace-NummerBMP57: Ve
47、rschlsselungsparameter (only the challenge value RNDMES)BMP64: MACThese bitmaps have to be present and the corresponding flag has to be set in the primary bitmap when the ISOmessage is passed to the HSM.The following bitmap positions are checked by the service provider and have to be filled by the a
48、pplication:NachrichtentypBMP3: AbwicklungskennzeichenBMP4: TransaktionsbetragBMP12: UhrzeitBMP13: DatumBMP25: KonditionscodeBMP41: Terminal-IDBMP42: Betreiber-BLZ (caution: “Ladeentgelt“ also in BMP42 is not set by the EPP)BMP61: Online-ZeitpunktBMP62: ChipdatenThe following bitmap positions are onl
49、y checked if they are available:BMP43: StandortBMP60: Kontodaten LadeterminalFor a documentation of the Ladezentrale interface see:ZKA / Bank-Verlag, KlnSchnittstellenspezifikation fr die ec-Karte mit ChipGeldkarte LadeterminalsVersion 3.02. 4. 19982.2.4 Protocol WFS_PIN_PROTISOPSThis protocol handles ISO8583 messages between a terminal and a “Personalisierungsstelle“ (PS). These messagesare about OPT.The service provider creates the whole message with WFS_CMD_PIN_SECURE_MSG_SEND, including messagetype an