1、BRITISH STANDARD BS EN 726-5 : 1999 Identification card systems - Telecommunications integrated circuit( s) cards and terminals - Part 5: Payment methods The European Standard EN 7265 :1999 has the status of a British Standard ICs 35.240.15 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY CO
2、PYRIGH LAW STD-BSI BS EN 726-5-ENGL J,qqCJ Lb2YbbS 0792395 899 BS EN 726-5:1999 National foreword This British Standard is the English hguage version of EN 72651999. The UK participation in its preparation was entrusted to Technical Committee ISTA7, Identification cards and related devices, which ha
3、s the responsibility to: - aid enquirers to understand the text; - present to the responsible European committee any enquiries on the - monitor related international and European developments and promulgate interpretation, or proposals for change, and keep the UK interests informed them in the UK A
4、list of organizations represented on this committee can be obtained on request to its secretaxy. Cross-references The British Standasds which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “Internat
5、ional Standards Correspondence Index“, or by using the Find“ facility of the BSI Sandards Electronic Catalogue. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a Briti
6、sh Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, the EN title page, pages 2 to 22, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the docume
7、nt was last issued. This British Standard, having been prepared under the direction of the DISC Board, was published under the authority of the Standards Board and comes into effect on 15 September 1999 Amendments issued since publication Amd. No. /Date IComments O BSI 09-1999 ISBN O 680 36120 3 STD
8、.BS1 BS EN 72b-5-ENGL 1999 I Lb24bb9 079239b 725 I EUROPEAN SIAN-DARD NOFtMi3 EUR0PEE”E EUROPCHE NOFM EN 726-5 January 1999 ICs 35.240.15 Descriptors: IC cards, terminal telecommunications, specifications English version Identidon card systems - Rleeommunions integrated circuit(s) cards and te- - Pa
9、rt 5: Payment methods =mes de carte didentjcation - Cartes circuit intgr et krminam pour les tlcommunidons - Partie 5: Mthodes de paiement This European Standard was approved by CEN on 1 Janm 1999. CEN members are bound to comply with the CENKENELEC Internal Regulations which stipuiate the condition
10、s for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographicid references concerning such national standasds may be obtained on application to the Central Secretariat or to any CEN member. This European Standard exists in three offi
11、cial versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as the official versions. CENmembers are the national standards bodies of Austria, B
12、elgium, Czech Republic, Denmark, Finland, France, Germasiy, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Swizerland and United Kingdom. CEN European Committee for Standardization Comit Europen de Normalisation Europisches Komitee fr Normung Central Secre
13、tariat: rue de Stassart 36, B-1050 Brussels O 1999 CEN All righs of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 72651999 E STDmBSI BS EN 72b-S-ENGL 1999 W 1b24bb9 0792397 bb1 I Page 2 EN 726-5:1999 Foreword This European Standard has been prepar
14、ed by Technical Committee CENRC 224, Machine-readable cards, related device interfaces and operations, the Secretanat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by Jul
15、y 1999, and conflicting national standards shall be withdrawn at the latest by July 1999. Accordmg to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard Austria, Belgium, Czech Republic, Denmark, Finland
16、, France, Germany, Greece, Iceland, Ireland, Itaiy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. Contents Page Foreword 2 1 Scope 3 2 Normative references 3 3 Definitions, abbreviations and symbols 3 4 General concepts 4 concept of card architecture 4
17、 4.2 Selection of a payment method 4 5 Prepayment 7 5.1 General concepts 7 5.2 The participants in the system 9 application 9 4.1 The payment application situated in the 4.3 Key management and the use of algorithms 6 5.3 5.4 Data requirements specific for prepayment 9 5.5 General scenario for prepay
18、ment 6 Autobiiling 13 6.1 General concepts 13 6.2 The participants in the system 13 6.3 Security provisions for the autobilling application 13 6.4 Data requirements specific for autobilling 13 6.5 General scenario of the autobilling application 15 Annex A (normative) Selecting payment applications 1
19、7 Annex B (normative) Scenario for the prepayment application (diagram) 18 Annex C (informative) Scenario for the prepayment application in conjunction with the Annex D (normative) Scenario for the autobilling Annex E (informative) Scenario for the autobilling application in conjunction with the Sec
20、urity provisions for the prepayment application 12 security module 20 application (diagram) 21 security module 22 O BSI 09-1999 STD-BSI BS EN 72b-5-ENGL 1999 E Lb24bb9 0792398 5T8 I 1 scope This part of EN 726 specifies payment methods for telecommunication applications, using IC cards. These paymen
21、t methods are not necessarily linked to the applications which use them and they can be used by more than one application. This part of EN 726 gives guidance on the interface between the IC card and the extend world, using the tools given in EN 72631994 and EN 7267. This part of EN 726 considers an
22、open system, in which the payment methods will be used. A closed system is a special case of the open system. This part of EN 726 describes the following methods of payment: - prepayment; - autobilling. For the purpose of this standard the functionality is based on: - symmelxic algorithms, - diversi
23、fied keys. 2 Normative references This European Standard incorporates by dated or undated reference, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications listed hereafter. For dated references, subsequent amendments to, o
24、r revisions of any of these publications apply to this European Standard only when incorporated in it by amendment or revision. For undated references the latest edition of the publication referred to applies. EN 7262, Identuication card systems - Telecommunications integmled circuit(s) cards and te
25、rminals -Part 2: Security framework. EN 72M1994, Identification card systems - Telecommunications integrated circuit(s) cards and terminals - Part 3: Application irt4ep-t card requ.irements. EN 726-4, Identification card systems - l2kcommunications integrated cimit(s) cards and terminals - Part 4: A
26、pplication independent card related terminal requiments. EN 7267, Identifkation card s.ern-s - Telecommunications integrated circuit(s) cards and termiruds -Part 7: Security module. EN 24217, Codes for the representation of Currennes and funds. (IS0 42171990) EN ISO/IEC 78165, Identgication cards -
27、Integrated circuit(s) cards with contacts - Part 5: Numbering system and registration procedure for application identifiers. (ISO/IEC 781851994) 3 Definitions, abbreviations and symbols 3.1 Definitions For the purpose of this standard, the following denitions apply. They complete those given in othe
28、rs parts of EN 726. Page 3 EN 726-6:1999 3.1.1 application an application consists of a set of security mechanisms, files, data and protocols (excluding transmission protocols) which are located and used in the IC card (card application) and outside of the IC card (external application). The owner o
29、f the IC card application may be different from the owner of the external world application 3.1.2 application provider the entity which is responsible for the application after its allocation, (the external application or for both). One application provider may have several application(s) in one car
30、d 3.1.3 autobilling a payment method using an IC card, where information is collected from the IC card, which aom the identitication of an account that will be billed later 3.1.4 card a multi-application card can be considered as a set of files, some of them shared by the different application provi
31、ders andor the card issuer, other files owned exclusively by the different application providers or the card issuer. Files can for example be read, written or executed 3.1.6 card issuer the card issuer is responsible for the common data of the IC card, the allocation of memory space for the applicat
32、ions and supplies application provider with the necessary tools for loading the required application 3.1.6 closed system for the purpose of this part of EN 726 a closed system is defined as a system, containing one of the following possibilities: - one issuedone application provider where they are o
33、ne entity or different entities; - multiple issuer/one application provider, - one issuer/mdtiple application providers. 3.1.7 elementary file (EF) an optional file containing AC, data or a program and no other file, as: - EFCm1, EFcw2 are elementary les containing the cardholder verification inform
34、ation; - EFDIR is an elementary file at the MF or at DF level, which contains a list of all or of a part of available applications in the car - EFmyap is an elementary fde containing operational keys; - EFmyw is an elementary file containing management keys. O BSI 09-1999 STDnBSI BS EN 72b-S-ENGL 19
35、99 111 Lb24bb9 0792399 434 D Page 4 EN 726-5:1999 3.1.8 external application entity, located in the external world, which communicates with the related card application during the session 3.1.9 external world ail application related entities outside the IC card 3.1.10 key set linked to SM relevant E
36、Fmy-op(SM) and EFKEY-MAN(SM) 3.1.11 master file (MF) the unique mandatory file containing AC and optionally DFs and/or EFs. 3.1.12 off-line a terminal, or terminal and connecting unit (including a security module), which can handle an application stand-alone during a transaction. From time to time h
37、owever, an information exchange will take place with the system 3.1.13 on-line a connection to the system is needed during each transaction 3.1.14 open system for the purpose of this part of EN 726 an open system is defined as one containing: - multiple kuerdmultiple application providers with the n
38、eed of clearinglsettlement. 3.1.16 pre-payment a payment method using an IC card, where the card contains a prepayment application. The prepaid value is stored in the card and offers access to other applications. Re-paid value means that the payment is received in advance 3.1.16 pre-payment applicat
39、ion provider the prepayment application provider is the entity who supplies the prepayment application 3.1.17 telecommunication unit a telecommunication unit represents a certain amount of service from a specified service provider NOTE A telecommunication unit may represent monetary unit) but also a
40、 charge pulse of for example the telephone network. 3.1.18 Telecu a common agreed European Telecommunication unit 3.1.19 trusted authority independent authority in charge of approving, imposing and monitoring the system from the security point of view 3.2 Abbreviations and symbols AC ALW AUT APDU CH
41、 CHV DF EF ENC IC ICC ID INV KSM MF NEV PRO REH SM Access condition Always Authenticated Application Protocol Data Unit Command header Card holder verification Dedicated file Elementary ie Enciphered Integrated Circuit Integrated Circuit Card Identifier of a file Invalidate Key set linked to SM Mast
42、er File Never Protected Rehabilitate Security Module “O” to “9” and “A” to “F“: The sixteen hexadecimal digits. 4 General concepts 4.1 The payment application situated in the concept of card architecture Figure 1 shows a possible structure of an IC card including a payment application. 4.2 Selection
43、 of a payment method If only one payment method is supported by the external world this payment application may be directly selected. In order to determine which different payment methods are supported by the IGcard, the external application may read out EFDIR at master file level (see EN 72 - the u
44、se of a CHV shall be optional; - off-line for payment operations; - on-line for loading and management operations; - shall operate transborder, - reloadable cards; - a card may contain more than one application. NOTE if the terminal is off-line for payment transactions, for example in a payphone env
45、ironment, then the terminal will not in all situations be able to support full security control, for example to check each cryptogram. This could also be a problem if the period between two consecutive charge pulses is shorter than the time to perform the necessary functions (give random, verificati
46、on of cryptogram, etc.). units; Page 7 EN 726-51999 The prepayment application shall be part of an open system including systems with various application providers, various card issuers and ali this in an international environment. Elementary user requirements of a prepayment application consist of:
47、 - the possibility to display the units consumed or display the remainder stored in the care - an easy and convenient use. Figures 3 and 4 indicate how to make the distinction between an open and a closed system. When there is a fixed relationship as described in Figure 3 between the prepayment appl
48、ication provider and the application provider, the system is defined as a closed system. The purpose of this part of EN 726 is to define an open system since for international use, where multiple pre-payment application providers and multiple application providers are involved, there is a need for c
49、learing and settlement. An example of an open system is given in Figure 4. issuing units Pre-payment application Cardholder I provider c claims units I payment J I provides application transfers units I Cardholder Figure 3 - Example for a closed pre-payment system O ES1 09-1999 STD-BSI BS EN 726-5-ENGL L979 m 1624667 0792403 795 m Pre-payment application provider 1 . Page 8 EN 726-6:1999 Issuing units Payment C # . Issuing units Pre-payment application provider . Payment Clearing/ settlement Claims units Payment Figure 4 - Main participants in case of pre-paymen