Initial installation of the EMV Protocol card

The dialog between the reader and the card takes place in several consecutive stages:
connecting and activating card contacts (switching the card to an idle state);
initial installation (reinstalling the card);
data exchange between the card and the reader;
disabling (deactivating) the card.
When entering the card into the reader, the terminal does not supply power to the card. This is due to the fact that the card chip can be seriously damaged if the voltage is applied to an unintended card contact. The power supply is not applied until the reader card edge sensor detects that the card is fully inserted into the reader. Many chips have protection mechanisms in case the card is inserted along the reader contacts that are energized.
When the reader detects that the card is inserted correctly, it first puts the card and itself in an idle state, characterized by the following parameters:

The reader can switch the card to the idle state in the following sequence of actions:
a power supply is applied to the VCC card pin;
a clock signal is sent to the CLK card pin;
the rst card pin is supplied with a voltage corresponding to the lower level of the card installation signal (ISO 7816-3 standard);
the VPP card pin is set to idle mode (the VPP pin is supplied with the voltage defined in ISO 7816-3
as “idle”, i.e. the voltage not used for programming EEPR0M; according to IS07816-3, the value of this voltage lies in the range between 0.95 VCC and 1.05 VCC);
— the reader switches to the I/O line listening mode (information receiving mode).
(The values of the parameters of physical signals sent to the card contacts are not given here, especially since they will be changed for Bank cards starting from July 2009. However, you can find them in section 5.3 of Book 1 of the EMV 4.1 specifications.)
Thus, when the I/O line is idle, it is set to receive mode on the reader side and the reader sends a stable CLK clock signal to the card. The rst initial setup line is in the lower signal level state for at least 40,000 CLK cycles until the reader starts the initial setup procedure (the signal value on the rst initial setup line goes to the upper level).
The procedure described above for installing the card is called cold reset. Smart cards use a wide range of card installation procedures that are performed for different purposes during the operation of the card. This procedure is called warm reset. During warm installation, the card has already been supplied with the power supply and clock signal. Therefore, the process of converting the card to an idle state is omitted in this case, and the procedure consists only in transferring the rst line of the card to the upper signal level.
The initial installation of the smart card takes place in a strictly defined sequence. After the card is switched to the idle state, the voltage in the RST line rises, giving the card a signal (Reset) to start the initial setup sequence. The initial setup operation may differ for different chips, but it must end with the card’s Answer to Reset (ATR) response to the Reset signal from the card to the reader. The first byte of the ATR response can be received by the reader in 400-40, 000 CLK cycles from the start of the Reset signal.
The card may not respond with an ATR message for a number of reasons, the most likely of which is that the card is entered incorrectly in the reader (possibly upside down). In some cases, the card may not function because it is damaged or broken. Whatever it is, if the ATR sequence is not received after a certain time, the reader begins a sequence of steps to disable the card. In this sequence, the reader sets the voltage level low on the RST, CLK, and I/O lines and lowers the voltage on the VCC line to the minimum value.

The I/O line is a half-duplex channel. This means that the card or reader transmits data over the same line, but it cannot do so simultaneously. Therefore, when the power is turned on, the reader and card go to the receiving state where they listen to the channel. After the Reset signal is sent, the reader remains in the receive state, and the card goes into the transmit state to send the ATR response to the reader. From this point on, the card and reader change their States between sending and receiving.
The ATR sequence is a string of characters returned by the card to the reader after the initial installation of the card is completed successfully. The card can store several ATR sequences and, depending on the CLK signal clock frequency, respond to the terminal with one of them. In practice, a very limited number of reader clock frequency values are used. Therefore, the card can select the ATR sequence whose parameters would best match its decision based on the characteristics of the communication Protocol.

As defined in IS0/IEC 7816-3, the ATR consists of no more than 33 characters that belong to one of the following five types:
TS — a mandatory initial character;
TO — required format symbol;
TA (/), TV (g’), TC (/), TD (/‘) — optional interface characters;
Tl, T2, …, TC-optional history symbols;
TSK-optional control symbol.
The initial TS character is used for the following purposes. The I/O line transmits one bit of information using a signal that represents the voltage value in the I/O line relative to the GND contact. The signal corresponding to the information bit is transmitted during an elementary time unit (etu), the value of which, as will be shown below, is determined by the size of the CLK signal clock.
The signal for transmitting a bit of information can take two values: H (the I/O line is in a high voltage state — 5, 3, or 1.8 volts— depending on the power supply voltage value supported by the card and terminal), or L (the I/O line is in a low voltage state). The specific voltage value for transmitting the t bit (H or L) must be determined before the card interacts with the terminal. Obviously, the second possible signal strength value is used to transmit bit ‘0’.
The decision about the signal level used to transmit the Y bit is determined by the card and fixed by the value of the initial TS character. If the value of the TS symbol is ‘ 3B’h, then the card accepts a so — called direct agreement, in which the signal level H corresponds to the transmission ‘1’, and the signal level L corresponds to the transmission ‘O’. If the value of the TS symbol is ‘3F’h, the card accepts the so-called inverse Convention, in which the signal level H corresponds to ‘0’, and the signal level L corresponds to y.

Forward and reverse conventions also control the bit seniority in each byte passed between the card and the Ripper. In a direct Convention, the first bit following the start bit is the lowest bit in the byte. It is followed by bits in ascending order of seniority. In the reverse Convention, the first bit following the start bit is the highest bit in the byte. It is followed by bits in descending order of seniority.

The highest 4 bits of the TO format symbol determine the presence of TA(1), TV(1), TC(1), and TD(1) interface symbols in the ATR sequence. For example, if the highest bit (B8) is 1, the TD(1) interface symbol is present in the ATR. Similarly, the value of bit B7 = 1 indicates the presence of the vehicle interface symbol (1) in the ATR sequence, etc.
The lower four bits of the format character THEN specify the number of bytes in the history character.
Interface symbols TA(;), TV(/), TS (?), TD (/) are used to configure the characteristics of the I/o channel, including the definition of the Protocol used by the card and reader for sequential exchange of commands and responses, and also contain parameters of the programming voltage and current.
The highest 4 bits of the TD (/‘) byte determine the presence of interface characters in the next four bytes TA(z+l), TV(/+1), TS(?+1), TD(/+1). If the character TD(i) was not transmitted, then the next quarter of bytes TA(/+1), TV(/+1), TC(h-1), TD(/+1) will not be transmitted. It follows by induction that if TD(z’) was not passed, then no interface symbols will be passed any more.
The lower 4 bits of any TD (/) symbol indicate the type of communication Protocol used for the card— terminal dialog. If the ATR sequence does not contain any TD characters(?‘ ), then in accordance with ISO 7816-3, the t = 0 Protocol must be used.
The symbols TA (1), TV(1), TS(1), and TV(2) are fundamental to the functioning of the card and are called global interface symbols. These symbols encode integers FI, DI, II, RI, N, PI2, which in turn define the parameters F, D, I, P, N, the purpose of which will be discussed later.
The TA(1) character encodes two parameters: FI (bits B8-B5) and DI (bits B4-B1). The FI parameter defines the value F, which is the clock frequency conversion factor (table. 2.3). It is sometimes referred to as the clock frequency division coefficient. The DI parameter defines the value D, which is the bit rate setting coefficient

The values of FI and DI is presented in the hexadecimal number system. With the help defined in table. 2.3 and 2.4 parameters F and D calculate the value of the elementary etu time value, expressed in seconds, during which one bit of information is transmitted:
— when using an external clock signal
— when using the chip’s own clock, where / — the clock frequency of the CLK signal, which varies in the range from 1 MHz to Fmax.

Thus, the TA(1) character is used to determine the data transfer rate between the reader and the card. It is assumed that the terminal reader supports any data transfer rate from 9600 to 115,200 bit / s and is ready to support card selection. By default, FI = 1 and £>1=1, from which it follows from the above tables that F= 372, £ > = 1 and, therefore, the initial value of etUy expressed in seconds is:
— when using an external clock signal
— when using the chip’s own clock

The initial value etu0 is used for transmitting the ATR sequence.
It should be noted that with the default values of FI and DI, the initial value of the CLK clock frequency is in the range from 1 to 5 MHz. It is almost always selected so that the initial data transfer rate is 9600 bit/s.
The symbol TV(1) is used for setting two parameters II and RI. Bits B7 and B6 encode the value II, and bits b5-bl encode the value RI. Bit B8 of the TV character (1) is always 0.
Using the value II in table. 2.5 the maximum value of the programming current strength, expressed in milliamps, is determined. The initial value of the maximum programming current is 50 mA.
The RI value takes the values 0 and any integer value from 5 to 25. If RI=0, the external programming voltage is not used, but is obtained from the power supply voltage of the VCC card.

If P11=X, where 5 <X< 25, then PI1 represents the value of the programming voltage in volts, unless the TV symbol(2) is missing in the ATR. If the TV(2) symbol is present in the ATR, it encodes the PI2 value, which determines the value of the programming voltage. In this case, in units of OD volts, the PI2 value takes integer values from 50 to 250. In this case, the PH value is ignored.
The initial value of the programming voltage is 5 volts.
The TC(1) character defines the number /V, which is equal to the number of additional bits of the security interval (in Protocol 7= 0, the nominal size of the security interval is equal to two bits, in Protocol 7 = 1— one bit), used in communication protocols to separate two successfully transmitted characters. The number N may vary in the range from 0 to 255. By default, N is 0.
The TD(1) character defines the type of communication Protocol used by the card and reader. Thus, the Protocol type is determined by the card (as shown below, the terminal can try to change the card solution). To date, the ISO 7816-3 standard defines protocols 7= 0 (asynchronous half-duplex byte Protocol) and 7= 1 (asynchronous half-duplex block Protocol) for contact cards. The terminal reader must support both of these protocols and be ready to execute the card solution.
At the same time other types of communication protocols are reserved:
7=2i7=3-for duplex data transfer protocols;
7 = 4 – for extended half-duplex data transfer protocols;
7= 5…13-for future use;
T = 14-not regulated by ISO Protocol;
T = 15-for future expansion.
Note that Japan uses the standard 7=14 as the national block asynchronous Protocol.
The TD(1) interface symbol is also used to detect the presence (Bit-cardping) of the TA(2), TV(2), TC(2), and TD(2) symbols.
The symbol TA(2) is used in the mechanism for changing the terminal’s decision to select the Protocol type. In accordance with section 8.3.3.5 of the EMV 4.1 standard, the bit B5 of the TA(2) character must be equal to 0 in order for the terminal to accept the parameters defined in the ATR sequence interface characters.
The symbol TC(2) can only be set for the Protocol T=0 and defines the WI parameter, which is used to calculate the time limit for waiting for the start bit of any sign transmitted by the card, since the start bit of the previous sign transmitted by either the card or the terminal. This limit is calculated using the formula 960xDxWIxetu. By default, WI= 10. The WI parameter is commonly referred to as the working waiting time.
The interface symbols TA(3), TV(3), and TS(3) are only used in the T=1 Protocol (see clause 2.4.3).
The history symbols are defined by the card manufacturer. There should not be more than 15 of them in the ATR sequence. These symbols are usually used to convey information about the type and model of the chip, the card manufacturer, and the possible use of this card. Most often, the history symbol identifies the number and version of the card mask.
The TSK control character provides error detection when transmitting the ATR sequence and is not used when TD(1) is missing or indicates the choice of Protocol D= 0. The TSK value is calculated as a bitwise addition modulo 2 of all bytes in the ATR sequence, with the exception of the TSK byte.
To illustrate this, consider the ATR sequence returned in response to the Reset signal by Axalto’s Cryptoflex 16K card. When representing each half-byte of a sequence in hexadecimal, it looks like this:
SV 95 94 40 FF 63 01 01 02 01.
Thus, the ATR sequence is 10 bytes long. The first byte is the required TS byte. It is equal to ‘ 3B’h, which means that a direct agreement will be used between the card and the terminal.
The second required byte is 95 (hex). This means that only the interface symbols TA(1) and TD(1) are present in the ATR (this is indicated by the first half-byte ‘1001’) and that the ATR contains 5 historical characters.
As follows from the values of the ATR, the interface symbol TA(l)=a’94’h. This means that F/=9, a DI= 4. Using the table. 2.3 and 2.4, we get that F= 512, 0 = 8, and at the clock frequency of the external generator 4.9152 MHz, we determine the data transfer rate V:

The value of the interface symbol TD(1) is equal to ’40’h. this means that the card selects the communication Protocol T=0 and the ATR still contains the symbol TC(2), which determines the maximum delay before the card starts transmitting the next character. The value of this delay is 960x DxWIxetu = 25.5 seconds.
The last 5 bytes of the ATR sequence are historical characters encoding the chip ID and version numbers of the integrated circuit and software masks used.
As an example, consider the following ATR sequence:
3F 67 2F 00 11 14 00 03 68 90 00.
In this case, the TS symbol is equal to y3f’h, which means that the reverse (inverse) agreement will be used between the card and the terminal. The byte TO is equal to ‘ 67’h, which means that the ATR contains only the TV(1) and TC(1) interface characters. Since the symbol TA{1) is not passed, by default FI=1 and DI=1, from where using table. 2.3 and 2.4 we get that F=372, D=1 and, therefore, the initial value of etu ^ expressed in seconds is
Further, it follows from ATR that TB(l)=’2F’h, whence 11=2, P11=15. Hence the current strength of 1=100 mA (see table. 2.5) and programming voltage VPP = 15 V.
Since TC(l)=’00’h, an additional increase in the number of bits in the guard interval is not required, since TD (1), the card selects Protocol 7=0 and no interface bits are transmitted anymore.
The absence of the TA(2) interface symbol in the ATR sequence means that the card is ready to negotiate with the terminal about changing the Pro-

yukola and communication parameters. The absence of the TS(2) symbol by default assumes that the working waiting time is ^1=10.
The ATR sequence defines the channel characteristics and the channel management Protocol. The IS0/IEC 7816-3 standard allows the reader, in some cases, to change the card’s decision regarding the choice of Protocol and communication parameters using the mechanism embedded in the Protocol— PTS (Protocol Type Selection). Today, this mechanism is poorly supported, so the optimal channel characteristics are almost always determined by the ATR sequence without using PTS. In particular, the Protocol selection mechanism is not defined in the EMV standard. However, with the development of the smart card market, we should expect an increase in the use of PTS for card initialization. Therefore, we will briefly talk about the PTS mechanism.
In accordance with ISO 7816-3, the smart card can operate in two modes: in the negotiation mode and in the mode with the already defined parameters of the ROP card (specific mode). A card in RP mode can change the communication Protocol and parameters for communicating with the reader after receiving the PTS command from the reader with the new communication parameters. A card in ROP mode cannot accept and process a PTS command, but it can switch to ROP mode.
The ability to switch the card to RP mode is shown to the reader as follows. If the TA(2) interface symbol is missing in the ATR sequence, it means that the card is already in RP mode. If the TA(2) symbol is present, it means that the card is in ROP mode. If the bit 8 TA(2) is equal to 1, it means that the card can be switched to RP mode. This is done using an additional Reset signal.
The PTS command must be passed to the card running in RP mode immediately after the reader receives the ATR sequence, if the reader wants to optimize communication parameters and believes that the parameters selected by the card can be improved.
The PTS command data field contains:
the initial character (JFF’);
pts0 format symbol;
three optional characters PTS1, PTS2, PTS3;
RSK verification symbol.

Bits 5, b, and 7 of the PTS0 format character determine whether the pts1, PTS2, and PTS3 characters are present in the command, respectively. Bits 1, 2, 3, and 4 of the PTS0 character define the type of communication Protocol (from T=0 to T=15) offered by the reader for use in a dialog with the card. The pts1 symbol, if present, specifies the values of the FI and DI parameters proposed by the reader, which determine the value of an elementary unit of time, or, in other words, the data transfer rate. The characters PTS2 and PTS3 are reserved for later use.
The RSC verification symbol provides error detection when passing the PTS command. The RSK value is calculated as a bitwise addition modulo 2 of all characters, starting from PTS0 and ending with PTS3.
If the card accepts the reader’s suggestion to select a communication Protocol and / or communication parameters, it responds to the PTS command by placing an exact copy of this command in the response.