I am trying to find out information regarding Pin try counter (referred to as the CVM retry counter in the the Global Platform 2.1.1 specs). We require a multi application card - one Mchip application and one proprietary application - The GP spec states that the PIN is shared accross applications (global PIN) however I am trying to find out the status of PIN try counter -can it be shared accross applications or is this not feasible? Also same question regarding the application transaction counter (ATC).
GP spec is not clear on this - but it seems that counter sharing is not a requirement. Even if not a requirement, is it possible? Thanks
GP spec states:
The CVM state may be used by an Application to assist in managing PIN related functions. The non-atomic states
of the CVM may be seen within a Card Session. The CVM state, the Retry Limit, and the Retry Counter are
closely related. All CVM state transitions are immediately visible to the Application that caused the transition as
well as to any Applications that may be selected on other logical channels.
I'm not sure that Mastercard would offer a sharable interface to other applications residing on the same card with Mchip applet to retrieve these kinds of information without any agreement between Mastercard and thirdparty stakeholder.
However, in EMV specification, you can use the GET DATA command in order to retrieve the following data:
- ATC (Application Transaction Counter), tag 9F36
- Last online ATC register, tag 9F13
- PIN Try counter, tag 9F17
- Log Format, tag 9F4F.
You can read the EMV specs book 3 for further information. So, basically, I think ATC and PIN try counter is retrievable from terminal but it's not sure if we replace terminal by "another applet".
Thanks for your reply. Pin try counter (PTC) sharing is very common in contact EMV cards, we have been led to believe that there is an architecture issue in the contactless cards that makes PTC sharing more difficult (no problem with our Mchip contact cards with same applictions resident). From what I understand, in the contactless environment, firewalls exist around each "application" that prevent the sharing of most data other that the global PIN.
We require the PTC to be shard for the use case in which the PTC is blown and a PTC reset script must be sent to the card. The scripts generally only update data in the active appliction and not the other apps residing on the card, therefore if you have multiple PTCs, the correct one might not be updated by the script. This is very problematic for us.