Francois,
In some work that we did last year, we documented non-
compliances of EMV against ISO in the following two areas:
Electrical parameters of the interface between the card and the
terminal (signal voltages, signal currents, power current transients
or 'spikes')
T=1 (error recovery, and control parameter specifications)
In addition, there is the well known problem of different methods of
application selection - but that one can be coped with by software.
The electrical parameter differences make the task of the terminal
designer more difficult, because the EMV requirements are much
tougher on the designer than are the ISO requirements, but there
are also areas where ISO is tougher than EMV. The problem here
is that of guaranteeing performance with all cards in all terminals,
by a technique known as worst case design.
The T=1 problem is doubly difficult, because there is no way that
the terminal can tell whether a card inserted in it is an ISO card or
an EMV card. It is not recommended that one side of the interface
has an EMV implementation while the other side has an ISO
implementation.
The application selection problem also makes the terminal
designer's problem more difficult, in that a universal terminal has to
be able to interface to cards with either or both application
selection mechanisms.
There are other areas where the card and terminal designers also
face problems, but we did not study these in detail. For example,
EMV forbids the use of certain values of ATR parameters, and
forbids the use of the PPS negotiation after the ATR (except in
closed schemes where the two sides agree to do something
different).
The problems occur where full interoperability is required, with
cards hosting applications from more than one scheme, and retail
stores in particular wanting to have one terminal system (card
reader/writer plus PC) that will handle all contact-type cards
presented to it. The terminal must be able to handle everything in
the ISO standard, and may well send to the card commands which
are not EMV approved.
There is a more general problem: EMV has taken ISO material and
rewritten it to go into its own spec. This inevitably changes the
material. Instead, EMV should refer to the ISO standards, and say
which options it takes.
This is not to say that ISO is always correct. Indeed, there are
areas of ISO with which one could disagree - for example, the
3V/5V selection process, and the very tight spec for Clock rise and
fall times. And there are areas of importance which ISO does not
cover (for example, the need to have an absolute maximum voltage
rating (probably 7V) for the card - we got that into the Mondex
spec, as a result of work done in the run-up to the Swindon
Mondex trial, but EMV refuse to put a figure on the max voltage).
Our work on ISO/EMV problems was submitted to EMV members
last autumn, was discussed at their December 1998 Technical
Advisory Group meeting, and we are still awaiting a response.
Meanwhile, Multos is of course in a dilemma, because it may be
called upon to host both ISO and EMV applications.
And PC/SC is a muddled mixture of ISO and EMV at the electrical
and ATR level.
I believe that E, M and V gave to the team that created the EMV
spec a brief to be ISO compliant. This was at the time when ISO
7816-3:1989 was the applicable standard, and that edition was
badly written. Also, technology was moving on. However, EMV
rewrote the ISO material (as I noted above), and it came out
different from ISO. Then ISO revised their standard, so that ISO
7816-3:1997 went in a different direction from EMV. EMV could
have participated in this ISO work (but would probably have had to
go through several countries' national standards bodies), but they
decided not to. That was a pity, because EMV has more money
than many of the other participants.
When all that is said, neither EMV nor ISO have properly
approached the interface between the card and the terminal as a
data transmission interface. Further work by ourselves in that area
is incorporated in a draft for a Terminal Standard, which you can
find on the Platform7 site, www.platform7.com.
Peter Tomlinson
Iosis, 4 Sommerville Road, Bristol BS7 9AA, UK
Phone +44 117 924 9231, fax +44 117 924 9233
----------------------------------------------------------------
Forwarded by: "Post Master" <internet>
Forwarded to: PM:pwt
Date forwarded: Fri, 13 Aug 1999 13:14:09 +0100
Date sent: Fri, 13 Aug 1999 13:04:35 +0200
To: [EMAIL PROTECTED]
From: Francois Grieu <[EMAIL PROTECTED]>
Subject: Re: [OCF] Common Electronic Purse Specifications (CEPS)
Copies to: [EMAIL PROTECTED]
> Peter, you wrote
>
> > .. and EMV is not ISO compliant ..
>
> Can you expand on this ? My reading is that the EMV lower layers are
> a rather sound interpretation of ISO 7816-3 and -4.
>
> Francois Grieu
>
>
> Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
> access to documentation, code, presentations, and OCF announcements.
> -----------------------------------------------------------------------------
> To unsubscribe from the OCF Mailing list, send a mail to
> "[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
> message.
>
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
