|710||Smart Cards in Payment Systems|
ISO/IEC 7816-5), which contains all of the information related to the applications present in the card.
All data elements in the terminal–card system are specified using unambiguous templates and tags. They can be addressed within the application using the specified commands, without any knowledge of their precise locations in the file tree or a particular file. This makes it possible to leave the definition of the file structure to the card issuer, since it does not affect the execution of the transactions.
The cryptographic mechanisms used in an application are naturally highly dependent on the associated general requirements. This can be seen especially well in the EMV application. A basic initial premise for the system design was that terminals do not necessarily contain security modules, depending on the system operator. This makes it impossible to use symmetric cryptographic algorithms, since the keys cannot be kept secret. The reasons for not using
23 See also Section 7.10, ‘Commands for Credit and Debit Cards’
If the smart card has established an online link to the background system, it is possible to protect the data transmission by secure messaging27as specified in ISO/IEC 7816-4. A symmetrical cryptographic algorithm is used for this end-to-end communication, namely triple DES. In this case, it is possible to do so without compromising system security, since both the background system and the card can securely store the secret key.
System architecture and transaction processes