This discussion is archived
8 Replies Latest reply: Feb 21, 2013 11:14 AM by safarmer RSS

Interconnection PPSE with payment applets

955319 Newbie
Currently Being Moderated
Hi all,

would need some info for understanding the AAUI specification, about activating and deactivating payment applets from contactless interface.

1) Is it enough to manage the FCI Proprietary Template of the PPSE?

2) So far I know, at deactivation the payment applet should not be selectable through the contactless interface, so how it is possible to deactivate the payment applet from the contactless interface in GP 2.1?

3) Is it necessary to manage the PPSE manually? Or works the PPSE like a listener and the directory will be refreshed automatically after deactivating the payment applet?

Would be happy about some information.

best regards
  • 1. Re: Interconnection PPSE with payment applets
    safarmer Expert
    Currently Being Moderated
    would need some info for understanding the AAUI specification, about activating and deactivating payment applets from contactless interface.
    Are you trying to manage the instance over the contactless interface or are you referring to making a payment applet unavailable over the CLF?
    1) Is it enough to manage the FCI Proprietary Template of the PPSE?
    If the terminal knows the AID of the payment applet (or can get it with a partial select) then it can directly access the applet without the PPSE. Most terminals are designed to check for several well know AID (maybe even prefixes) if there is no PPSE.
    2) So far I know, at deactivation the payment applet should not be selectable through the contactless interface, so how it is possible to deactivate the payment applet from the contactless interface in GP 2.1?
    You cannot do it with a GP command. You need to have some other way of controlling it. The applet could be told to not allow selection over the CLF when deactivated.
    3) Is it necessary to manage the PPSE manually? Or works the PPSE like a listener and the directory will be refreshed automatically after deactivating the payment applet?
    On GP2.1.1 secure elements the PPSE is managed manually (unless tightly integrated with the payment applets). On GP 2.2 cards you can use other mechanisms to manage the PPSE.

    - Shane
  • 2. Re: Interconnection PPSE with payment applets
    801926 Explorer
    Currently Being Moderated
    >
    On GP2.1.1 secure elements the PPSE is managed manually (unless tightly integrated with the payment applets). On GP 2.2 cards you can use other mechanisms to manage the PPSE.
    I guess you're referring Amd C. You still need to manage PPSE entries manually. What is now automated?
  • 3. Re: Interconnection PPSE with payment applets
    955319 Newbie
    Currently Being Moderated
    >
    Are you trying to manage the instance over the contactless interface or are you referring to making a payment applet unavailable over the CLF?
    I would like to make the payment applet unavailable over the CLF
    If the terminal knows the AID of the payment applet (or can get it with a partial select) then it can directly access the applet without the PPSE. Most terminals are designed to check for several well know AID (maybe even prefixes) if there is no PPSE.
    Yeah thats right, but it should be possible to make the payment applet unavailable over CLF, right?
    You cannot do it with a GP command. You need to have some other way of controlling it. The applet could be told to not allow selection over the CLF when deactivated.
    Yeah
    On GP2.1.1 secure elements the PPSE is managed manually (unless tightly integrated with the payment applets). On GP 2.2 cards you can use other mechanisms to manage the PPSE.
    OK

    Who can tell me, how it works with an M/Chip4 to make it unavailable over CLF?
  • 4. Re: Interconnection PPSE with payment applets
    Lyolik Newbie
    Currently Being Moderated
    >
    I would like to make the payment applet unavailable over the CLF
    >

    Look for GlobalPlatform Card Specification. Amendment C - Contactless Services.
    Chapter 8. Application Availability on Contactless Interface.
  • 5. Re: Interconnection PPSE with payment applets
    955319 Newbie
    Currently Being Moderated
    Lyolik wrote:
    >
    I would like to make the payment applet unavailable over the CLF
    >

    Look for GlobalPlatform Card Specification. Amendment C - Contactless Services.
    Chapter 8. Application Availability on Contactless Interface.
    Yeah that would be possible in GP 2.2, but I would like do it in GP 2.1.
    My question is, has the MChip/4 Paypass Applet an internal function to turn off or on the contactless interface?

    br Markus
  • 6. Re: Interconnection PPSE with payment applets
    safarmer Expert
    Currently Being Moderated
    lexdabear wrote:
    >
    On GP2.1.1 secure elements the PPSE is managed manually (unless tightly integrated with the payment applets). On GP 2.2 cards you can use other mechanisms to manage the PPSE.
    I guess you're referring Amd C. You still need to manage PPSE entries manually. What is now automated?
    Correct. It has been a while since I looked at this, but if you register your PPSE as a CREL application it may be possible to install payment applet instances and have them registered with the PPSE (acting as a CREL). You could then use the interactions with the contactless activation state. Since an applet can manage its own CAS you could add/remove an entry in the PPSE when you PIN into the applet etc. This is a very vague/fuzy explanation as I looked at it but never implemented it. It may not actually work as intended.

    - Shane
  • 7. Re: Interconnection PPSE with payment applets
    801926 Explorer
    Currently Being Moderated
    safarmer wrote:
    lexdabear wrote:
    >
    On GP2.1.1 secure elements the PPSE is managed manually (unless tightly integrated with the payment applets). On GP 2.2 cards you can use other mechanisms to manage the PPSE.
    I guess you're referring Amd C. You still need to manage PPSE entries manually. What is now automated?
    Correct. It has been a while since I looked at this, but if you register your PPSE as a CREL application it may be possible to install payment applet instances and have them registered with the PPSE (acting as a CREL). You could then use the interactions with the contactless activation state. Since an applet can manage its own CAS you could add/remove an entry in the PPSE when you PIN into the applet etc. This is a very vague/fuzy explanation as I looked at it but never implemented it. It may not actually work as intended.

    - Shane
    Your explanation makes sense. With Amd C support you won't need the EMV AAUI interaction. If an application is activated by the user through CRS applet, it will notify the CREL (=PPSE) to update FCI and the application activated. I don't think it is permitted for a contactless application to activate itself on the contactless interface unless it has the Self Activation privilege.
  • 8. Re: Interconnection PPSE with payment applets
    safarmer Expert
    Currently Being Moderated
    lexdabear wrote:
    safarmer wrote:
    lexdabear wrote:
    >
    On GP2.1.1 secure elements the PPSE is managed manually (unless tightly integrated with the payment applets). On GP 2.2 cards you can use other mechanisms to manage the PPSE.
    I guess you're referring Amd C. You still need to manage PPSE entries manually. What is now automated?
    Correct. It has been a while since I looked at this, but if you register your PPSE as a CREL application it may be possible to install payment applet instances and have them registered with the PPSE (acting as a CREL). You could then use the interactions with the contactless activation state. Since an applet can manage its own CAS you could add/remove an entry in the PPSE when you PIN into the applet etc. This is a very vague/fuzy explanation as I looked at it but never implemented it. It may not actually work as intended.

    - Shane
    Your explanation makes sense. With Amd C support you won't need the EMV AAUI interaction. If an application is activated by the user through CRS applet, it will notify the CREL (=PPSE) to update FCI and the application activated. I don't think it is permitted for a contactless application to activate itself on the contactless interface unless it has the Self Activation privilege.
    That is my understanding as well. There would still be some interaction with the card from a host but rather than hiding the payment applet and modifying the PPSE, you can just tell the applet to deactivate itself on the CLF and the CREL will update the FCI template.

    - Shane

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points