问题
If card support SDA + DDA , At what condition POS will not perform SDA/DDA operation?? Is ODA performed by POS decided on basis of tag 82 only? or other tags/values check by the terminal to decide - ODA need to perform or not...
For me - DDA check card is genuine or not and no data altered inside it so it must be performed by any terminal.
Also I believe CA pubic key require to decrypt the certificate and here RID + Tag 8F used to get the correct key from key repository. Is it correct?
回答1:
If card support SDA + DDA , At what condition POS will not perform SDA/DDA operation??
POS will not perform SDA/DDA only when POS is not able for perform offline Transaction
Is ODA performed by POS decided on basis of tag 82 only?
Yes, Tag 82 tells, card support offline data authentication or not. Performing ODA is depend on capability of card and terminal. If Tag 82, DDA bit is 1 and terminal support offline data authentication, terminal must perform DDA.
Also I believe CA pubic key require to decrypt the certificate and here RID + Tag 8F used to get the correct key from key repository. Is it correct?
Each terminal/POS have different CA public keys that is require to decrypt the certificate. At the time of transaction , POS read RID and Tag 8F ( index) from the card and fetch the corresponding key from key Repository. same key is used to decrypt the certificate.
Can check more about ODA Here....
hope this information is up to the mark, Any correction/updation are welcome.
来源:https://stackoverflow.com/questions/37938385/clarification-require-on-offline-data-authentication