EMV Contactless Communication Protocol

Standards used
All payment systems ‘ specifications for contactless cards are based on ISO/IEC 14443 “Identification Cards — Contactless integrated circuit(s) cards — Proximity cards”. The standard consists of four parts that appeared at different times between April 2000 and July 2001:
Part 1. Physical Characteristics.
Part 2. Radio Frequency Power and signal interface.
Part 3. Initialization and anti-collision.
Part 4. Transmission protocols.
The first part of the standard (ISO 14443-Part 1. Physical characteristics) defines the physical characteristics of a contactless card, including:
card dimensions and physical characteristics of plastic that must meet ISO 7810 standards for ID-1 cards and ISO7816-1 for contact cards;
bending and torsion tests that the card must pass successfully in the appropriate tests;
resistance to UV and x-ray radiation;
the quality of the card surface required for printing on it;
sensitivity to static and alternating electric and magnetic fields;
temperature range: from 0 to +50 °C.
In the second part of the standard (ISO 14443-Part 2. Radio frequency characteristics and signal interface) defined radio frequency characteristics of signals and signal interfaces (methods of modulation and bit encoding), including:
carrier frequency of the radio signal — 13.56 MHz ± 7 KHz (22.1 m);
the default modulation rate is 106 Kbod, i.e. the carrier performs 128 full oscillations during the bit transfer (Elementary Time Unit = 9.4395 MS) ;
there are two types of signal interfaces in the forward (card reader) channels — Type A and Type B; (card) and about using a subcarrier with a frequency of 847.5 KHz (1/16 of the carrier frequency) to modulate the signal in the reverse channel. As a result, the subcarrier performs 8 complete oscillations during the bit transfer.
Thus, contactless cards use the high frequency range (RF range) of waves (3-30 MHz). The main properties of wave propagation in the RF range are as follows:
water, human body, fat and other dirt are transparent to RF waves;
metal is an obstacle to the propagation of waves in the RF range.

The carrier at 13.56 MHz belongs to the frequency range known as “ISM frequency” (Industrial, scientific and medical equipment). It does not interfere with production radiation, provides a high data transfer rate (on the order of 10 Mbit/s), as well as the ability to implement an LC-circuit on the card with a frequency within 12– 18 MHz.
To transmit digital information from the reader to the card, the method of amplitude modulation (ASK-modulation) is used. There are two most common versions of ISO 14443: Type A and Type B. ISO 14443 Type A uses the 100% ASK modulating method and a modified Miller code, where the transmitted signal level takes the highest value most of the time and falls to zero for a very short time (2-3 MS) in the first half of the bit transfer time when transmitting bit “0” or in the second half of the bit transfer when transmitting bit “1”. In addition, when transmitting consecutive bits ‘1’ and ‘0’ in order to reduce the width of the signal spectrum, a pause is not used when encoding bit ‘0’. This also increases the card’s energy storage from the reader signal (on a capacitor connected in parallel to the LC circuit, after rectification of the AC induction current).
The ISO 14443 Type B standard uses the 10% ASK modulation method and the NRZ code, where the carrier amplitude is set to the maximum value for transmitting binary ‘1’, and when transmitting ‘0’, the radio signal amplitude is reduced to approximately 81.8% of the signal level used for transmitting bit ‘1’. Thus, when using the ISO 14443 Type B standard, the card is constantly “charged” with energy.
To transfer data from the card to the reader, the load modulation method is used. Its essence consists in using the so-called load resistance, which can be included in the circuit of the resonant circuit of the chip and excluded from it. Enabling / disabling the load resistance in / out of the circuit changes the characteristics of the resonant circuit of the chip, and therefore the value of the amplitude of the field generated by it. Since the resonant circuits of the reader and the chip form a transformer connection, this field change is reflected in the reader’s performance and can be measured on the reader side by, for example, measuring the current in the reader’s antenna.
Enabling / disabling the load resistance can obviously be “linked” to transmitting the signal from the card to the reader. The signal in the reverse channel (from the card to the reader) generated using the load modulation method can be modulated by a subcarrier with a frequency of 847.5 KHz. In this case, if A is the current level of the transmitted signal, w and A are the cyclic frequencies of the carrier and subcarrier, respectively, then the signal level Z(t) at time t is represented by the expression:
Z(t) = A(1 + m · cos A * t) · cos wt =
= A cos wt + mA cos(w + Ù)t + mA cos(w – Ù)t.

The reverse channel of the ISO 14443 Type A standard uses the Manchester code to encode the signal, in which the bit of information is encoded by a discrete signal, which is a step function. To represent bit ‘1’, the first half of the step takes the minimum constant value, and the second half takes the maximum value. On the contrary, to represent bit ‘0’, a step is used, the first half of which takes the maximum constant value, and the second half takes the minimum value.
To transmit a Manchester-encoded signal in the reverse channel, load modulation with a subcarrier is used, which is applied in OOK-modulation mode (On-Off Keying). The latter means that load modulation is “enabled” to transmit the low level of the Manchester code step (figure 7.6). In the figure, PCD stands for reader, and rissb-Contactless card.
In the reverse channel of ISO 14443 type b, the bits are encoded using the NRZ code already mentioned. Load modulation is used to generate the transmitted signal. The signal is transmitted using phase modulation of the subcarrier signal.
Let’s now focus on one common myth, which is that ISO 14443 Type B cards are significantly more energy efficient (they receive more energy from the reader’s radiation) than ISO 14443 Type a cards due to the 10% amplitude modulation method used in them. Indeed, the ISO 14443 Type a card uses a modified Miller code in the forward channel. The bit transfer time at a transfer rate of 106 Kbit / s is approximately 9.4395 microseconds. During the bit transfer when using the Miller code, the pause during which the reader does not transmit a signal to the card is approximately 2-3 microseconds. For calculations, we assume that the pause is 30% of the time of transmitting a bit of information. Since the pause is not used at all when a sequence of bits ‘1’ and ‘0’ appears, and in all other cases it is used, it is easy to see that the average signal strength received by the card during data transfer by the reader

ISO 14443 Type B cards use the NRZ code and 10% amplitude modulation. Since the signal power is proportional to the square of its amplitude, the average power of the modulated signal received by the card during data transfer by the reader is equal to:
(0.818)2 · A · 1 + A · 1 = 0,835 · A.

From this we can draw the following conclusion: ISO 14443 Type B cards with the same parameters of the transmitter and the reader antenna allow you to get about 7% more power than ISO 14443 Type A cards during data transfer from the reader to the card.
However, according to measurements by Gemalto specialists, data transfer from the reader to the card accounts for less than 15% of the total time a contactless card is in the reader’s work area. The rest of the time, the card receives the reader carrier signal, which does not depend on the card type. It follows that the gain in the average signal power received by the ISO 14443 Type B card from the reader during operation processing does not exceed 1%!
The third part of the ISO 14443 Protocol (ISO 14443 — Part 3. Initialization and anti-collision procedures) defines:
initialization procedure cards: survey procedures card reader, selecting a card to work, as well as the formats used for polling and selecting procedures for resolving potential conflicts between multiple located in the working area of the contactless reader cards, competing for the right to operate the reader. These procedures ensure that the reader works with exactly one card at a time.

The ISO 14443 standard uses two widely used collision resolution methods-tactile ALOHA (for ISO 14443 Type B cards) and a tree-like algorithm for searching by chip ID (for ISO 14443 Type a cards).
Finally, the fourth part of the ISO 14443 standard (ISO 14443 — Part 4. data transfer Protocol) defines a high-level half-duplex block data transfer Protocol between the card and the reader (T = CL), similar to the t=1 Protocol. The Protocol defines the ability to encapsulate data, format data blocks, procedures for splitting data into blocks, error detection procedures (ISO/IEC 13239), and recovery of distorted data. The T = CL Protocol supports the exchange of ISO 7816-4 packets (APDU blocks) and the application selection procedure (ISO 7816-5), which makes it easy to use the same application in both contactless and contact modes.
The ISO 14443 standard defines the data transfer rate between the reader and the card as 106 Kbit/s. At the same time, transmission speeds equal to 212 Kbit/s, 424 Kbit/s and 848 Kbit/s are technically available today. The issue of using speeds higher than 848 Kbit/s is being actively studied. At the same time, in practice, for reasons of energy saving of the contactless card chip, the speed of 106 Kbit/s is most often used.
The ISO 14443 standard uses the noise-tolerant encoding algorithm defined in ISO/IEC 13239 to protect transmitted data from errors. The algorithm is based on an extended cyclic Hamming code defined by the generating polynomial g (x) = x16 + x12 + x5 + 1 (this means that the verification sequence generated by the code has a size of 2 bytes).
It is not difficult to prove that the code distance (the minimum Hamming distance between any two different code words) of this cyclic code is 4 (the minimum weight (number of units) of a non-zero code word is 4). This means that the code used is guaranteed to detect any single or double errors in the received data block, as well as any errors of odd multiplicity.

The code is not guaranteed to detect other group errors. The ability of the code to correct any errors of odd multiplicity follows from the fact that, obviously, all code words of the code in question have an even weight.
The extended Hamming code is used in ISO 14443 in error detection mode. If we denote by p and PR the probability of an error occurring when transmitting, respectively, one bit of information (Bit Error Rate, or BER)and a block with a length of n bits, then PR = 1 – (1 – p) n. Then the average number Of n block transfers before its successful transmission (block transfers without errors) and the effective data transfer rate C in a channel with bandwidth C are determined by the formulas:
C = C(1-PR) 2.
To ensure a maximum 20% reduction in channel performance, the probability p must satisfy the ratio pn ≤ 0.1 (obviously, in this case, PR ≈ pn). For p ≤ 103 bits, we get p ≤ 10-4.
The calculations above assumed that any error in a block of n bits can be detected using the extended Hamming code, which is true in practice for probabilities p ≤ 10-4.
Obviously, the probability of an error p is determined by the signal-to-noise ratio (the ratio of signal power to noise power at the signal receiving point). Below is a characteristic graph of the dependence of the error probability on the sign of the transmitted information on the signal-to-noise ratio for the case of amplitude modulation with several signal levels (Fig. 7.8).
On the graph, the signal-to-noise ratio (SNR) is expressed in decibels
and is defined by the formula, where S and N are respectively the signal power and noise at the signal receiving point. In the case of ISO 14443, two-level amplitude modulation is used, which means that the value of the signal-to-noise ratio must be at least 8 decibels. Obviously, in order for the reader and the card to be functionally and physically compatible and meet the ISO 14443 standard, some minimum set of compliance tests must be defined. This set of ISO 14443 compliance tests for the card and reader is defined in ISO 10373-6.
However, the ISO 14443 specification in its original form cannot be used for organizing non-cash payments using contactless cards. This is due to a number of reasons listed below. As a result, the MasterCard payment system offered the MasterCard PayPass ISO 14443 Implementation Specification, which was supported by the VISA and JCB payment systems. As a result, in August 2007, the EMV Contactless Communication Protocol specification appeared on its basis, and EMVCo received the rights to it. EMVCo also ensures the development of this standard. Today, the EMV Contactless Communication Protocol version 2.0 specification is used. EMVCo has developed testing procedures (Type Approval Level 1) for EMV Contactless Communication Protocol version 2.0.
The EMV Contactless Communication Protocol specification clarifies the ISO 14443 standard.
First, for payment applications, a situation where several contactless cards are located in the reader’s work area is unacceptable. Indeed, in this case, in accordance with ISO 14443, the choice of the card to work with the terminal is determined by anti-collision procedures, and not by the cardholder. The card selected by the terminal and the application on it will only be detected at the beginning of the operation. Even if all the cards in the reader’s work area belong to the same holder, the latter has the right and should know which of their cards will be used for payment. Therefore, in accordance with the EMV Contactless Communication Protocol specification, if multiple cards are present in the reader field, the transaction will not be executed. The terminal screen will display a warning about the presence of several cards in the working area of the terminal, and the cashier will ask the holder to separate the card that he is going to use from the rest. As a result, in this case, there is no need to implement the conflict resolution procedures provided for in ISO 14443 on the terminal.
The ISO 14443 standard defines its requirements for both the card and the reader. This allows for ambiguous interpretation of some of its provisions, which inevitably leads to incompatibility between readers and cards supplied by different manufacturers. To correct this situation, the EMV Contactless Communication Protocol specification formulates its provisions separately for the card and terminal.
In the specifications EMV Contactless Communication Protocol also clarifies the requirements (set forth additional requirements) the characteristics of the stability of the radio signal (frequency band, sync signal duty cycle rise&fall times), as well as all of the standard parameters determined tolerances is critical to ensure compatibility of products from different manufacturers.
The EMV Contactless Communication Protocol specification requires the terminal to support both types of cards (ISO 14443 Type A and ISO 14443 Type B), as well as to upgrade the card polling procedure defined in ISO 14443 to account for the possible presence of both types of cards in the reader area.
The EMV Contactless Communication Protocol specification formulates a requirement that defines conditions that make it impossible to perform the next transaction on the card until the card is removed from the reader’s work area.
The EMV Contactless Communication Protocol specification also defines procedures for correctly ending the card dialog with the reader if this dialog was interrupted for some reason and the card was removed from the work area before the dialog was completed. This procedure (exception handling) is very important for the correct completion of a financial transaction.

Finally, the EMV Contactless Communication Protocol specification defines:
the minimum working area of the reader (operating volume) and its position relative to the terminal (landing plane);
data exchange rates: the card and terminal must support speeds of 106 Kbit / s; other data exchange rates the card must not support, and the terminal can support speeds of 212 Kbit/s and 424 Kbit/s.

Protocols for interaction between the card and the application-level terminal
The EMV Contactless Communication Protocol specification only defines how the card and terminal interact in terms of organizing data exchange. The logic of contactless card operation is set by other specifications. In the MasterCard system, these are the MasterCard PayPass Technical Specifications (starting with the MasterCard M/Chip 4 R2 version, this specification will become part of the MasterCard M/Chip specification), and in the VISA system, the VISA Contactless Payment Specification.
These specifications have a number of common features. First, they both support two contactless card mods — the magnetic stripe mod and the chip mod. The magnetic stripe mod is intended for markets primarily focused on servicing magnetic stripe cards (for example, the US market). As discussed below, in this case, the contactless card chip stores the card’s magnetic stripe data. During transaction processing, the terminal reads magnetic stripe data from the application and sends it to the Issuer. instead of the CVC/CVV value, its analogs are used-some dynamically changing values that represent cryptographic values that depend on the transaction number and a random number generated by the terminal. Thus, no changes are required in the processing system of the servicing Bank for processing operations performed on contactless cards operating in the magnetic stripe mode, and they are minimal in the Issuer’s system (they are associated with verification of dynamic analogs of CVC/CVV).
The chip mod is aimed at markets that are actively working with contact microprocessor cards (for example, Europe, Asia Pacific, Latin America, etc.). in this case, the contactless card usually contains an EMV contact application and a contactless application that implements some abbreviated version of EMV. Below, we will discuss in more detail how to upgrade the EMV application in order to support the chip’s mod.
The second common feature of The MasterCard PayPass and VISA Contactless specifications is the refusal to use the PIN Offline method as a verification method for the cardholder. This is because:
to transmit the PIN code in a secure form (the only secure way to transmit the PIN code via the radio interface), it will have to be encrypted on the terminal and decrypted on the card. These procedures can take several hundred milliseconds, which is critical for contactless payments performed in Tap & Go mode;
a fraudster can modify the value of the PIN block (even if it is encrypted) passed to the card in the VERIFY command. As a result, after several attempts to verify the PIN code, the card application/card may be blocked.
At the same time, when processing transactions on contactless cards, the PIN Online method is allowed.
Third, the MasterCard PayPass and VISA Contactless specifications use the same application selection procedure, according to which the terminal requires no more than two SELECT commands to select a contactless application. This procedure is based on using the PPSE (Proximity Payment System Environment) directory, where all contactless payment applications are located. The directory is named DDF Name= 2PAY.SYS.DDF01 and does not contain DDF files (contains only ADF files). The FCI Template object (Tag ‘6F’) of this directory, returned to the terminal in response to the SELECT command, looks like
Thus, when the card executes the SELECT command, the terminal receives a list of all contactless applications supported by the card. Then the terminal selects the application with the highest priority and opens it with the second SELECT command.
If the terminal supports a single contactless application,it uses the SELECT command from the very beginning with the AID application ID. In this case, a single SELECT command is sufficient to select the application.

Structure of the FCI Template object

‘6F’ FCI Template M
‘84’ DDF Name=2PAY.SYS.DDF01 M
‘A5’ FCI Proprietary Template M
‘BF0C’ FCI Issuer Discretionary Data M
‘61’ Directory Entry M
‘4F’ ADF Name (AID) M
‘50’ Application Label M
‘87’ Application Priority Indicator C
9F28’ Contactless Application Capabilities Type C
‘61’ Directory Entry O
‘4F’ ADF Name (AID) O
‘50’ Application Label O
‘87’ Application Priority Indicator O
‘9F28’ Contactless Application Capabilities Type O
‘61’ Directory Entry O
‘4F’ ADF Name (AID) O
‘50’ Application Label O
‘87’ Application Priority Indicator O
‘9F28’ Contactless Application Capabilities Type O

The ability to select a contactless app by the cardholder is not supported.
Another common feature of VISA and MasterCard contactless applications is the following. Although the contactless mode in M/Chip 4 and VSDC is implemented as a separate application, these applications have the same name (AID) as their corresponding contact applications. Moreover, contact and contactless apps share data (offline counters, keys, etc.). in Fact, contact and contactless apps implement different modes of the same payment app. However, the contactless app has a higher priority than the contact app. This advantage of contactless applications is realized when you select an application at the level of the contactless card operating system.
Despite having common properties, the specifications of MasterCard PayPass and VISA Contactless differ significantly from each other. Let’s start considering these standards with MasterCard PayPass.