HTML Annotations, Copyright 1996, T.M.A. Lomas,
Computer Security Group,
University of Cambridge
Computer Laboratory.
All Rights Reserved.
These are based upon a protocol description issued 8th August 1996 by MasterCard and VISA, who we presume to retain copyright in the text of these documents.
Permission is granted to use or distribute these files provided this copyright information is preserved, and subject to any conditions imposed by MasterCard and VISA.
221 SetCertMsgs DEFINITIONS IMPLICIT TAGS ::= BEGIN
222
223 --
224 -- Types used in the SET Certificate Management Protocol messages.
225 --
226
227 -- EXPORTS All;
228
229 IMPORTS
230
231 DirectoryString {}
232 FROM SetAttribute
233
234 SubjectPublicKeyInfo
235 FROM SetCertificate
236
237 BIN, BrandID, BrandCRLIdentifier, CardExpiry, CertThumb, Challenge,
238 Currency, Language, LocalID, MerchantID, Nonce, PAN, Thumbs, URL
239 FROM SetMessage
240
241 CA, CEAlgorithmIdentifier, EE, Enc {}, EncK {}, EncX {}, EXH {}, S {}
242 FROM SetPKCS7Plus;
243
244
245 -- PAYLOADS
246
247 IDData ::= CHOICE { -- Merchants and Acquirers only
248 merchantAcquirerID [0] MerchantAcquirerID,
249 acquirerID [1] AcquirerID
250 }
251
252 MerchantAcquirerID ::= SEQUENCE {
253 merchantBIN BIN,
254 merchantID MerchantID -- By prior agreement of Merchant/Acquirer
255 }
256
257 AcquirerID ::= SEQUENCE {
258 acquirerBIN BIN,
259 acquirerBusinessID AcquirerBusinessID OPTIONAL
260 }
261
262 AcquirerBusinessID ::= NumericString
263
264 -- request type
265
266 RequestType ::= ENUMERATED { -- Indicates requestor and type of request
267 cardInitialSig ( 1),
268 -- cardInitialEnc ( 2), Reserved
269 -- cardInitialBoth ( 3), Reserved
270 merInitialSig ( 4),
271 merInitialEnc ( 5),
272 merInitialBoth ( 6),
273 pgwyInitialSig ( 7),
274 pgwyInitialEnc ( 8),
275 pgwyInitialBoth ( 9),
276 cardRenewalSig (10),
277 -- cardRenewalEnc (11), Reserved
278 -- cardRenewalBoth (12), Reserved
279 merRenewalSig (13),
280 merRenewalEnc (14),
281 merRenewalBoth (15),
282 pgwyRenewalSig (16),
283 pgwyRenewalEnc (17),
284 pgwyRenewalBoth (18)
285 }
286
287 -- Certificate Initialization Pair - Cardholder
288
289 CardCInitReq ::= SEQUENCE {
290 eeTags EE-Tags,
291 brandID BrandID,
292 thumbs Thumbs OPTIONAL
293 }
294
295 EE-Tags ::= SEQUENCE {
296 localID-EE LocalID,
297 chall-EE Challenge
298 }
299
300 CardCInitRes ::= S { CA, CardCInitResTBS }
301
302 CardCInitResTBS ::= SEQUENCE {
303 eeTags EE-Tags,
304 cakThumb CertThumb,
305 brandCRLIdentifier [0] BrandCRLIdentifier OPTIONAL,
306 thumbs Thumbs OPTIONAL
307 }
308
309 -- Certificate Initialization Pair - Merchant | Acquirer Payment Gateway
310
311 Me-AqCInitReq ::= SEQUENCE {
312 eeTags EE-Tags,
313 requestType RequestType,
314 idData IDData,
315 brandID BrandID,
316 language Language,
317 thumbs Thumbs OPTIONAL
318 }
319
320 Me-AqCInitRes ::= S { CA, Me-AqCInitResTBS }
321
322 Me-AqCInitResTBS ::= SEQUENCE {
323 eeTags EE-Tags,
324 requestType RequestType,
325 regTemplate RegTemplate,
326 policy PolicyText,
327 cakThumb CertThumb,
328 logoURL URL,
329 brandCRLIdentifier [0] BrandCRLIdentifier OPTIONAL,
330 thumbs Thumbs OPTIONAL
331 }
332
333 PolicyText ::= DirectoryString { ub-PolicyText }
334
335 -- Registration Form - Request/Response/Referral - Cardholder Only
336
337 RegFormReq ::= EXH { CA, RegFormReqTBE, PANOnly }
338
339 RegFormReqTBE ::= SEQUENCE {
340 requestType RequestType,
341 eeTags2 EE-Tags,
342 language Language
343 }
344
345 PANOnly ::= SEQUENCE {
346 pan PAN,
347 exNonce Nonce
348 }
349
350 RegFormRes ::= S { CA, RegFormTBS }
351
352 RegFormTBS ::= SEQUENCE {
353 eeTags2 EE-Tags, -- From RegFormReq
354 requestType RequestType,
355 formOrReferal RegFormOrReferral
356 }
357
358 RegFormOrReferral ::= CHOICE {
359 regFormData [0] RegFormData,
360 referralData [1] ReferralData
361 }
362
363 RegFormData ::= SEQUENCE {
364 caTags CA-Tags,
365 regTemplate RegTemplate,
366 policy PolicyText
367 }
368
369 CA-Tags ::= SEQUENCE {
370 lID-CA LocalID,
371 chall-CA Challenge
372 }
373
374 RegTemplate ::= SEQUENCE {
375 brandLogoURL [0] URL OPTIONAL,
376 cardLogoURL [1] URL OPTIONAL,
377 fieldNames FieldNames
378 }
379
380 FieldNames ::= SEQUENCE SIZE(1..50) OF FieldName
381
382 ReferralData ::= SEQUENCE {
383 reason Reason, -- Displayed on requestor's system
384 referralLoc ReferralLoc OPTIONAL
385 }
386
387 Reason ::= DirectoryString { ub-Reason }
388
389 ReferralLoc ::= SEQUENCE OF ReferralURL -- Ordered by preference
390
391 ReferralURL ::= URL
392
393 -- Request Messages
394
395 CertReq ::= CHOICE {
396 encx [0] EncX { EE, CA, CertReqTBE, AcctInfo},
397 enc [1] Enc {EE, CA, CertReqTBE}
398 }
399
400 CertReqTBE ::= SEQUENCE {
401 requestType RequestType,
402 eeTags3 EE-Tags,
403 caTags [0] CA-Tags OPTIONAL,
404 idData [1] EXPLICIT IDData OPTIONAL,
405 regForm RegForm,
406 caBackKeyData [2] CABackKeys OPTIONAL,
407 publicKeySorE PublicKeySorE
408 }
409
410 RegForm ::= SEQUENCE SIZE(1..50) OF RegFormItems -- Registration form
411
412 RegFormItems ::= SEQUENCE {
413 fieldName FieldName,
414 fieldValue FieldValue
415 }
416
417 FieldName ::= DirectoryString { ub-FieldName }
418
419 FieldValue ::= DirectoryString { ub-FieldValue } -- EE entered values
420
421 CABackKeys ::= SEQUENCE OF CABackKeyData -- In order of preference
422
423 CABackKeyData ::= SEQUENCE {
424 caAlgID CEAlgorithmIdentifier,
425 caKey CAKey
426 }
427
428 CAKey ::= OCTET STRING (SIZE(1..24)) -- Secret
429
430 PublicKeySorE ::= SEQUENCE {
431 publicKeyS [0] SubjectPublicKeyInfo OPTIONAL,
432 publicKeyE [1] SubjectPublicKeyInfo OPTIONAL
433 } --
434 -- At least one component must be present. A user may request a
435 -- signature certificate, an encryption certificate, or both.
436 --
437 ( WITH COMPONENTS { ..., publicKeyS PRESENT } |
438 WITH COMPONENTS { ..., publicKeyE PRESENT } )
439
440 AcctInfo ::= CHOICE {
441 panData0 [0] PANData0,
442 acctData [1] AcctData
443 }
444
445 PANData0 ::= SEQUENCE {
446 pan PAN,
447 cardExpiry CardExpiry,
448 cardNonce Nonce,
449 exNonce Nonce
450 }
451
452 AcctData ::= SEQUENCE {
453 acctIdentification OCTET STRING (SIZE(74)),
454 exNonce Nonce
455 }
456
457 CertRes ::= CHOICE {
458 certResTBS [0] S { CA, CertResData },
459 certResTBSE [1] EncK { CAKey, CA, CertResData }
460 }
461
462 CertResData ::= SEQUENCE {
463 eeTags3 EE-Tags,
464 localID-CA LocalID OPTIONAL,
465 certStatus CertStatusCode,
466 eeMessage DirectoryString { ub-eeMessage } OPTIONAL,
467 nonceCCA [0] Nonce OPTIONAL,
468 caMsg [1] CA-Msg OPTIONAL,
469 certThumbs Thumbs -- Match SignedData.Certificates
470 }
471
472 CertStatusCode ::= ENUMERATED { -- In-process status of CertReq
473 requestComplete (1),
474 invalidLanguage (2),
475 invalidBIN (3),
476 sigValidationFail (4),
477 decryptionError (5),
478 requestInProgress (6),
479 rejectedByIssuer (7),
480 requestPended (8),
481 rejectedByAquirer (9)
482 }
483
484 CA-Msg ::= SEQUENCE {
485 cardLogo [0] URL OPTIONAL,
486 brandLogo [1] URL OPTIONAL,
487 cardCurrency [2] Currency OPTIONAL,
488 cardholderMsg [3] EXPLICIT
489 DirectoryString { ub-cardholderMsg } OPTIONAL
490 }
491
492 CertInqReq ::= S { EE, LocalID } -- CertRes( localID-CA ) or assigned
493
494 CertInqRes ::= CertRes
495
496 -- Upper bounds of DirectoryString{} types
497
498 ub-cardholderMsg INTEGER ::= 128
499 ub-eeMessage INTEGER ::= 128
500 ub-FieldName INTEGER ::= 128
501 ub-FieldValue INTEGER ::= 128
502 ub-PolicyText INTEGER ::= 20000
503 ub-Reason INTEGER ::= 512
504
505
506 END