Contactless Mobile Payment Type Approval - EMVCo€¦ · Section 4.9: Addition of a section describing the decision to submit Section 4.11: ICS is sent in pdf form only Section 4.11:

© 2017 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV

® is a

registered trademark or trademark of EMVCo, LLC in the United States and other countries.

EMV®

Contactless Mobile Payment Type Approval

Administrative Process

Version 1.5

February 2017

EMV® Contactless Mobile Payment Type Approval

Administrative Process Page i / viii


® is a


Legal Notice

This document summarizes EMVCo’s present plans for evaluation services and related policies and is subject to change by EMVCo at any time. This document does not create any binding obligations upon EMVCo or any third party regarding the subject matter of this document, which obligations will exist, if at all, only to the extent set forth in separate written agreements executed by EMVCo or such third parties. In the absence of such a written agreement, no product provider, test laboratory or any other third party should rely on this document, and EMVCo shall not be liable for any such reliance.

No product provider, test laboratory or other third party may refer to a product, service or facility as EMVCo approved, in form or in substance, nor otherwise state or imply that EMVCo (or any agent of EMVCo) has in whole or part approved a product provider, test laboratory or other third party or its products, services, or facilities, except to the extent and subject to the terms, conditions and restrictions expressly set forth in a written agreement with EMVCo, or in an approval letter, compliance certificate or similar document issued by EMVCo. All other references to EMVCo approval are strictly prohibited by EMVCo.

Under no circumstances should EMVCo approvals, when granted, be construed to imply any endorsement or warranty regarding the security, functionality, quality, or performance of any particular product or service, and no party shall state or imply anything to the contrary. EMVCo specifically disclaims any and all representations and warranties with respect to products that have received evaluations or approvals, and to the evaluation process generally, including, without limitation, any implied warranties of merchantability, fitness for purpose or non-infringement. All warranties, rights and remedies relating to products and services that have undergone evaluation by EMVCo are provided solely by the parties selling or otherwise providing such products or services, and not by EMVCo, and EMVCo will have no liability whatsoever in connection with such products and services.

This document is provided "AS IS" without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in this document. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AS TO THIS DOCUMENT.

EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to this document. EMVCo undertakes no responsibility to determine whether any implementation of this document may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of this document should consult an intellectual property attorney before any such implementation.

Without limiting the foregoing, this document may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement this document is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party's infringement of any intellectual property rights in connection with this document.


Administrative Process Page ii / viii


® is a


Revision Log – Version 1.5

The following changes have been made to the document since the publication of Version 1.4. Some of the numbering and cross references in this version have been updated to reflect changes introduced by the published bulletins. The numbering of existing requirements did not change, unless explicitly stated otherwise.

Incorporated changes described in the following Specification Updates:

Section 2.4.2: Clarification of the same version of GP specifications

Section 3.1: Addition of the Generic EMVCO Type Approval flow

Section 3.3.1: Reporting evaluation results updated so that the laboratory delivers the evaluation results directly to EMVCo

Section 3.3.4: Clarification that EMVCo will invoice the product provider

Section 3.4: Addition of a reference to the replacement fee

Section 3.6: Removal of the fee amounts that will be defined in a bulletin and addition of a name for each fee. Removal of the security fees that are defined in a separate document

Section 3.6: Addition of the ICS replacement fee

Section 3.6: Addition of the LoC re-issuance fee

Section 3.6: Clarification on the ICS decline fee

Section 3.7: Addition of the EMVCo Service levels

Section 3.8: addition of a section on multiple laboratories

Section 4.3: Figure 4.3 updated to be consistent with figure 4.2

Section 4.7: Addition of a reference to the decline fee

Section 4.9: Addition of a section describing the decision to submit

Section 4.11: ICS is sent in pdf form only

Section 4.11: Reminder that the laboratory shall send the report directly to EMVCo

Section 4.14: Update of the section

Section 5: Clarification of the section and specification of a 2 months migration period during which the product provider can chose a version of test cases to test a new product

Section 5: Addition of a grace period for renewals when test cases are changing

Section 6.3: Update of the section

Section 7.10: Rewording of the section

Section 10.1: indication that the test tool supported interfaces are not part of the EMVCo qualification

Other editorial changes:


Administrative Process Page iii / viii


® is a


Format of the document updated

Miscellaneous rewordings

List of reference documents updated

Renumbering


Administrative Process Page iv / viii


® is a


Contents

Contactless Mobile Payment Type Approval ...................................................................... i

1 Introduction .................................................................................................................. 1

1.1 Audience ................................................................................................................. 1

1.2 Normative References............................................................................................. 2

1.2.1 EMV Specifications ................................................................................................ 2

1.2.2 Related EMV Documents ...................................................................................... 3

1.2.3 CMP Type Approval Documents ............................................................................ 3

1.2.4 CMP Type Approval Forms ................................................................................... 4

1.2.5 External References .............................................................................................. 4

1.3 Definitions ............................................................................................................... 5

1.4 Notational Conventions ......................................................................................... 10

1.4.1 Abbreviations ....................................................................................................... 10

1.4.2 Terminology and Conventions ............................................................................. 11

2 Scope of CMP Type Approval .................................................................................... 12

2.1 Concepts and Terminology .................................................................................... 12

2.1.1 Overall CMP Architecture .................................................................................... 12

2.1.2 Secure Element Architecture ............................................................................... 13

2.2 Overview ............................................................................................................... 14

2.3 Scope of CMP Secure Element Type Approval ...................................................... 15

2.3.1 CMP Secure Element Product Definition ............................................................. 15

2.3.2 In the Scope of CMP Secure Element Product Functional Evaluation .................. 16

2.3.3 Out of the Scope of CMP Secure Element Product Functional Evaluation ........... 17

2.3.4 Debug Sessions .................................................................................................. 18

2.3.5 Security Evaluation Overview .............................................................................. 18

2.4 Scope of CMP PPSE Type Approval ..................................................................... 19

2.4.1 CMP PPSE Product Definition ............................................................................. 19

2.4.2 In the Scope of CMP PPSE Functional Evaluation .............................................. 19

2.4.3 Out of Scope of CMP PPSE Functional Evaluation .............................................. 20

2.4.4 Debug Sessions .................................................................................................. 20

2.4.5 Security Evaluation Overview .............................................................................. 20

3 CMP Type Approval Overview ................................................................................... 21

3.1 Generic EMVCo Type Approval Flow .................................................................... 21

3.2 CMP Type Approval Flow ...................................................................................... 22

3.2.1 CMP Secure Element Type Approval Flow .......................................................... 22


Administrative Process Page v / viii


® is a


3.2.2 CMP PPSE Type Approval Flow .......................................................................... 23

3.2.3 Combined CMP Secure Element Product and CMP PPSE Product Type Approval Submissions .................................................................................................................. 24

3.3 Reporting Results to EMVCo................................................................................. 24

3.3.1 Reporting Level 2 Evaluation Results .................................................................. 24

3.3.2 Reporting GlobalPlatform Evaluation Results ...................................................... 24

3.3.3 All Test Reports ................................................................................................... 24

3.3.4 Request for Approval ........................................................................................... 24

3.4 General Rules for a Test Session .......................................................................... 25

3.5 Submitting a Request for Approval Form ............................................................... 25

3.6 Fee Structure ........................................................................................................ 25

3.7 EMVCo Service Levels .......................................................................................... 27

3.8 Multiple Laboratories ............................................................................................. 27

4 CMP Type Approval Procedures ............................................................................... 28

4.1 IC Provider Registration ........................................................................................ 28

4.2 CMP Secure Element Product Provider Registration ............................................. 30

4.3 CMP PPSE Product Provider Registration ............................................................ 32

4.4 IC Security Evaluation ........................................................................................... 34

4.5 GlobalPlatform Evaluation for CMP Secure Element Products .............................. 34

4.6 GlobalPlatform Evaluation and EMVCo CMP Type Approval Performed in Parallel 34

4.7 Testing Phase ....................................................................................................... 35

4.8 Platform Security Evaluation ................................................................................. 38

4.9 Product Provider Decision to Submit ..................................................................... 38

4.10 Approval Phase ..................................................................................................... 39

4.11 Request for Approval ............................................................................................. 43

4.12 Functional Test Reports ......................................................................................... 44

4.13 GlobalPlatform Letter of Qualification .................................................................... 45

4.14 Letter of Compliance ............................................................................................. 45

4.15 Letter of Rejection – Appeals................................................................................. 46

4.16 Renewal of a Compliant CMP Product .................................................................. 46

4.17 Changes to Previously Compliant Products ........................................................... 47

5 Test Version and Specification Change .................................................................... 48

5.1 Test Cases Change without EMV Specification Change ........................................ 48

5.2 Test Cases Change due to new EMV Specifications or Bulletins ........................... 49

5.3 Migration Period for Renewal ................................................................................ 50

6 Conformance .............................................................................................................. 51


Administrative Process Page vi / viii


® is a


6.1 Non-conformance Investigation ............................................................................. 51

6.2 Revocation of a Letter of Compliance .................................................................... 51

6.3 Corrective Action ................................................................................................... 52

7 Roles & Responsibilities ........................................................................................... 53

7.1 EMVCo ................................................................................................................. 53

7.1.1 EMVCo Card Type Approval Secretariat ............................................................. 53

7.1.2 Security Evaluation Secretariat ............................................................................ 54

7.2 Payment System ................................................................................................... 55

7.3 IC Provider ............................................................................................................ 55

7.4 Product Provider ................................................................................................... 56

7.5 EMVCo Accredited Laboratories ........................................................................... 57

7.6 EMVCo Qualified Auditors ..................................................................................... 58

7.6.1 Laboratory Accreditation Audit ............................................................................. 59

7.7 Relationships between Laboratories and Product Providers .................................. 59

7.8 Relationships between Auditors and Product Providers......................................... 60

7.9 Relationships between Auditors and Laboratories ................................................. 60

7.10 Change in Corporate Identity or Contact Information ............................................. 61

8 Termination of Type Approval ................................................................................... 62

8.1 Termination Right .................................................................................................. 62

8.2 Submissions after Notice of Termination................................................................ 62

9 Test Environment ....................................................................................................... 63

9.1 Test Environment for CMP Secure Element Product ............................................. 63

9.2 Test Environment for CMP PPSE Product ............................................................. 67

10 Appendix A – Product Samples ................................................................................ 68


Administrative Process Page vii / viii


® is a


Figures

Figure 2-1: Architectural Zones .......................................................................................... 12

Figure 2-2: Example Secure Element Logical Architecture ................................................. 14

Figure 2-3: EMV Level 2 Testing Requirements for CMP Type Approval ............................ 17

Figure 3-1: Generic EMVCo Type Approval Flow ................................................................ 21

Figure 3-2: CMP Secure Element Type Approval Flow ....................................................... 22

Figure 3-3: CMP PPSE Type Approval Flow ....................................................................... 23

Figure 4-1: IC Provider Registration ................................................................................... 29

Figure 4-2: CMP Secure Element Product Provider Registration ........................................ 31

Figure 4-3: CMP PPSE Product Provider Registration ....................................................... 33

Figure 4-4: Testing Phase .................................................................................................. 37

Figure 4-5: Approval Phase ................................................................................................ 42

Figure 5-1: Release of New Test Cases without EMV Specification Change ...................... 48

Figure 5-2: Release of New Test Cases with EMV Specification or Bulletin Change .......... 50

Figure 9-1: CMP Secure Element Product Configuration for External Mode ....................... 63

Figure 9-2: CMP Secure Element Product Configuration for Internal Mode ........................ 64

Figure 9-3: Test Tool Minimum Interfaces ........................................................................... 65

Figure 9-4: Testing using APDU Gate interface .................................................................. 65

Figure 9-5: Testing UICC using test app proxy ................................................................... 66

Figure 9-6: Testing eSE using test app proxy ..................................................................... 66


Administrative Process Page viii / viii


® is a


Tables

Table 1-1: EMV Specifications .............................................................................................. 2

Table 1-2: Related EMV Documents .................................................................................... 3

Table 1-3: CMP Type Approval Documents .......................................................................... 3

Table 1-4: CMP Type Approval Forms .................................................................................. 4

Table 1-5: External References ............................................................................................ 4

Table 1-6: Definitions............................................................................................................ 5

Table 1-7: Abbreviations ..................................................................................................... 10

Table 2-1: CMP Architectural Zones ................................................................................... 13

Table 2-2: Evaluations for CMP Product Type Approval...................................................... 16

Table 2-3: Evaluations for CMP PPSE Type Approval ........................................................ 19


Administrative Process Page 1 / 69


® is a


1 Introduction

EMVCo, LLC (“EMVCo”) is the owner of the EMV Integrated Circuit Card Specifications for Payment Systems, EMV Contactless Communication Protocol Specification, and EMV Contactless Mobile Payment - Application Activation User Interface, hereinafter called EMV Specifications. 1

EMVCo’s objective in publishing this document is to provide an overview of the EMVCo Contactless Mobile Payment (CMP) Type Approval activities and offerings. In this document, EMVCo also describes the boundary of responsibilities for testing and approval for the different components within the Contactless Mobile Payment ecosystem.

All readers of this document are advised that CMP Type Approval, when granted by EMVCo, shall not be construed as a warranty or representation of any sort, nor may it be relied upon by any party as an assurance of quality or functionality of any product or service. Please review the legal notice on page i of this document for important limitations on the scope of Type Approval.

CMP Type Approval is the verification by EMVCo that a specific mobile product has demonstrated sufficient conformance to the EMV Specifications.

The CMP Type Approval process includes both functional and security evaluations. This document describes functional evaluation. Limited information regarding security evaluation is included for completeness.

1.1 Audience

This document is intended for all stakeholders interested in the Contactless Mobile Payment Type Approval, including but not limited to:

Payment systems, acquirers, and issuers

Mobile network operators

Mobile payment service providers

Mobile handset suppliers

NFC controller suppliers

Secure Element (UICC, embedded Secure Element, etc.) suppliers

Laboratories intending to offer testing services

EMVCo Qualified Auditors

Any other entity interested in developing to the EMV Specifications

The document may also be of use to other industry bodies focused on standardising different parts of the Contactless Mobile Payment ecosystem.

1 Table 1-1 lists the EMV Specifications.




® is a


1.2 Normative References

The version numbers identified in the references below are valid at the time of release of this document. Nevertheless, the latest version available from EMVCo shall apply.

1.2.1 EMV Specifications

EMVCo, LLC (EMVCo) manages and maintains the EMV Integrated Circuit Card (ICC) Specifications for Payment Systems and related specifications. As used in this document, “EMV Specifications” denotes all documents listed in Table 1-1.

EMV Specifications are publicly available on the EMVCo website: www.emvco.com.

Table 1-1: EMV Specifications

Reference Publication Name Version

[EMV Book 1] EMV Integrated Circuit Card Specifications for Payment Systems: Book 1 – Application Independent ICC to Terminal Interface Requirements

Latest available

[EMV Book 2] EMV Integrated Circuit Card Specifications for Payment Systems: Book 2 – Security and Key Management

Latest available

[EMV Book 3] EMV Integrated Circuit Card Specifications for Payment Systems: Book 3 – Application Specification

Latest available

[EMV Book 4] EMV Integrated Circuit Card Specifications for Payment Systems: Book 4 – Cardholder, Attendant, and Acquirer Interface Requirements

Latest available

All Specification Update Bulletins as published on the EMVCo website

Latest available

[Book D] EMV Contactless Specifications for Payment Systems – Book D – EMV Contactless Communication Protocol Specification

Latest available

[Book B] EMV Contactless Specifications for Payment Systems – Book B – Entry Point Specification

Latest available

[AAUI] EMVCo Contactless Mobile Payment – Application Activation User Interface – Overview, Usage Guidelines, and PPSE Requirements

Latest available

[UICC Conf] EMVCo Contactless Mobile Payment – EMV Profiles of GlobalPlatform UICC Configuration

Latest available

http://www.emvco.com/




® is a


1.2.2 Related EMV Documents

The following documents are available in the Best Practices, Mobile section of www.emvco.com.

Table 1-2: Related EMV Documents

Publication Name Version

EMVCo Handset Requirements for Contactless Mobile Payment 1.0 – June 2010

EMVCo Contactless Mobile Payment Architecture Overview 1.0 – June 2010

1.2.3 CMP Type Approval Documents

Table 1-3: CMP Type Approval Documents

Reference Publication Name Version Distribution

[CT FW] EMVCo Card and Mobile Testing Framework for Contactless

Latest Available

EMVCo Website

[Sec Gd] EMV Security Guidelines – EMVCo Security Evaluation Process

Latest Available

EMVCo Website

[Aud Qual Req] EMVCo Qualification Requirements for Auditors (Card and Mobile Functional Evaluation)

Latest available

EMVCo Website

[Lab Accred Req]

EMVCo Laboratory Accreditation and Requirements

Latest available

EMVCo Website

[Iss App Sec Gd]

EMV Issuer and Application Security Guidelines

Latest Available

EMVCo Website

[Sec Impl Gd] EMVCo Security Guidelines for Java Card and GlobalPlatform Implementations

Version 1.0, February 2011

Security Evaluation Secretariat2

[CMP TAR] EMV Contactless Mobile Payment SE Test Applet Requirements

Latest available

EMVCo Website

[CMP TC] EMV Contactless Mobile Payment Type Approval Application Activation User Interface Test Cases

Latest available

Restricted to EMVCo Test Tool Suppliers, EMVCo Accredited Laboratories, and EMVCo Qualified Auditors

2 The Security Evaluation Secretariat provides this document to registered IC Providers and

CMP Product Providers.

http://www.emvco.com/




® is a


1.2.4 CMP Type Approval Forms

Table 1-4: CMP Type Approval Forms

Publication Name Version Distribution

Request for Registration for Product Providers Latest available EMVCo Website

Business Review Form Latest available EMVCo Website

EMVCo Contactless Mobile Payment Application Activation User Interface Implementation Conformance Statement

Latest available EMVCo Website

EMVCo Contactless Mobile Payment - PPSE Applet - Implementation Conformance Statement

Latest available EMVCo Website

Request for Approval Form Latest available EMVCo Website

Request for Renewal of CMP Product Approval Latest available EMVCo Website

1.2.5 External References

Table 1-5: External References

Reference Publication Name

[102588] ETSI TS 102 588, Technical Specification

Smart Cards; Application invocation Application Programming Interface (API) by a UICC webserver for Java Card™ platform

[7816] ISO/IEC 7816

Identification cards — Integrated circuit cards

[14443] ISO/IEC 14443

Identification cards — Contactless integrated circuit(s) cards — Proximity cards

[18092] ISO/IEC 18092

Information technology — Telecommunications and information exchange between systems — Near Field Communication — Interface and Protocol (NFCIP-1)

[GPCS] GlobalPlatform, Card Specification, Version 2.2.1

[GPUICC] GlobalPlatform, Card UICC Configuration, Version 1.0.1

[GPCS-C] GlobalPlatform Card, Contactless Services Card Specification v2.2 – Amendment C, Version 1.0, February 2010

[HCI] ETSI TS 102 622, Technical Specification

Smart Cards; UICC – Contactless Front-end (CLF) interface; Host Controller Interface (HCI)




® is a


[SWP] ETSI TS 102 613, Technical Specification

Smart Cards; UICC – Contactless Front-end (CLF) Interface; Part 1: Physical and data link layer characteristics

[GPESE] GlobalPlatform, Requirements for Embedded SE Interfaces

[GPESEHCI] GlobalPlatform, HCI Extension for the embedded Secure Element Certification

1.3 Definitions

The following terms are used in this document

Table 1-6: Definitions

Term Definition

Accreditation Formal recognition by EMVCo that a test laboratory is competent to perform one or more categories of testing defined by EMVCo CMP Type Approval procedures.

Application Activation User Interface (AAUI)

A user interface application on a mobile device that enables the consumer to manage the use of their contactless applications.

Audit report A report written by an EMVCo Qualified Auditor assessing, for example, CMP Type Approval test results or laboratory test processes.

Auditor See “EMVCo Qualified Auditor”.

Card Type Approval Secretariat

The EMVCo entity that manages the CMP Type Approval process.

CMP Product A contactless product as defined in section 2.3.1 and 2.4.1

CMP Product Provider The entity that submits a CMP Product to EMVCo for CMP Type Approval.

CMP Type Approval Verification by EMVCo that a specific CMP Product has demonstrated sufficient conformance to the EMV Specifications.

CMP Type Approval documentation

Set of documents and procedures issued by EMVCo describing EMVCo CMP Type Approval process. (See section 1.2.3.)

CMP Type Approval process

The steps necessary for a CMP Product to obtain an EMVCo Letter of Compliance.

Conformance Meeting all EMVCo requirements defined for CMP Type Approval including requirements for implemented optional functions.




® is a


Contactless Mobile Payment (CMP)

Integration of EMV-based contactless payment technology in mobile devices.

Contactless Mobile Payment Application

An application that is hosted in a Secure Element and that performs information exchange and processing needed to perform a contactless mobile payment transaction.

NFC Controller A module within a mobile device providing a contactless interface compatible with EMV Contactless Communication Protocol Specification [Book D]

Contactless Payment Terminal

A contactless reader conforming to EMV Contactless Communication Protocol Specification [Book D] and compliant with EMV Specifications related to the use of the PPSE that is capable of conducting a payment transaction with a Contactless Mobile Payment Application.

Contactless Registry Service (CRS)

A GlobalPlatform SECM service for managing the contactless applications on a Secure Element.

Delta Testing Testing that covers the difference between the test plan versions the product was approved against versus the current version of the test plan when the product is reaching its renewal date.

EMV A term referring to certain technical specifications developed and maintained by EMVCo and/or technologies conforming to such specifications.

EMV Specifications Specifications managed, maintained, and enhanced by EMVCo, including those listed in Table 1-1.

EMVCo A Limited Liability Company established to maintain the EMV specifications and administer Contactless Mobile Payment Type Approval against those specifications.

EMVCo Accredited Laboratory

An independent, impartial entity that has received a Letter of Accreditation from EMVCo, entitling it to perform testing for specified Type Approval; in the context of this document, to perform testing for CMP Type Approval.

EMVCo Compliance Certificate

A certificate issued by EMVCo when sufficient assurance has been demonstrated for an IC, Platform, or Card Product.

EMVCo Qualified Auditor An independent, impartial entity that has received a Letter of Qualification from EMVCo, entitling it to verify conformance to EMVCo-defined CMP Type Approval procedures.

EMVCo Test Tool A test tool qualified by EMVCo for use in Type Approval testing (by EMVCo Accredited Laboratories) or debug testing (by CMP Product Providers).

Environment Any software components and/or applications present on the CMP Product other than the EMV Application(s) being submitted for testing for CMP Type Approval.

GSMA GSM Association – an association of GSM operators

Handset A type of mobile device; specifically a mobile phone handset.




® is a


IC Certificate Number “ICCN”

A unique reference number that identifies the EMVCo Compliance Certificate of an IC.

IC Security Evaluation The steps necessary for an IC product to obtain an EMVCo Compliance Certificate.

Implementation Conformance Statement (ICS)

A form completed by the CMP Product Provider identifying the CMP Product, the EMV mandatory functions, the EMV optional functions supported, and (if any) the non-EMV proprietary functions.

International Organization for Standardization (ISO)

An international body that provides standards for financial transactions and telecommunication messages. ISO works in conjunction with the International Telecommunication Union (ITU) for standards that affect telecommunications. ISO supports specific technical committees and work groups to promulgate and maintain financial service industry standards.

Kernel The kernel contains interface routines, security and control functions, and logic to manage a set of commands and responses to retrieve the necessary data from a card to complete a transaction.

Kernel ID Identifier to distinguish between different kernels that may be supported by the terminal device.

Laboratory A facility that performs testing for CMP Type Approval.

Letter of Accreditation Written statement that documents the decision of EMVCo that a laboratory is an EMVCo Accredited Laboratory and performs testing for CMP Type Approval in conformance with the rules defined by EMVCo.

Letter of Compliance Written statement that documents the decision of EMVCo that a specified CMP Product has demonstrated sufficient conformance to the EMV Specifications as of its test date.

Letter of Qualification If issued by EMVCo:

Written statement that documents the decision of EMVCo that an auditor is an EMVCo Qualified Auditor and performs audits for CMP Type Approval in conformance with the rules defined by EMVCo.

If issued by GlobalPlatform:

Written statement that documents the decision of GlobalPlatform that a specified Secure Element has demonstrated sufficient conformance to the GlobalPlatform specifications as of its test date.

Letter of Rejection Written statement that documents the decision of EMVCo that a specified CMP Product has NOT demonstrated sufficient conformance to the EMV Specifications as of its test date.

Level 1 One of the two levels of EMV testing: Testing the terminal to chip card interface.




® is a


Level 2 One of the two levels of EMV testing: Testing the payment application(s) and applications covered by EMV mobile specifications.

Level 2 evaluation Execution and reporting on the results of a defined set of functional tests to verify conformance to the requirements defined in [AAUI]

Mobile Device A portable electronic device with contactless and wide area communication capabilities. Mobile devices include mobile phones and other consumer electronic devices such as a suitably equipped Personal Digital Assistant.

Near Field Communications (NFC)

A short range contactless proximity technology based on ISO/IEC 18092, which provides for ISO/IEC 14443 compatible communications

Operating System (OS) Set of software components allowing an EMV Application to be executed on a specific Integrated Circuit.

Payment System For the purpose of this document, Payment System is defined as an EMVCo member.

Platform “Platform” is the collective name for Integrated Circuit (IC) hardware with its dedicated software, Operating System (OS), Run Time Environment (RTE), and Platform environment on which one or more applications can be executed.

Platform Certificate Number (PCN)

A unique reference number that identifies the EMVCo Compliance Certificate of a Platform.

Platform Security evaluation

The steps necessary for a Platform to obtain an EMVCo Compliance Certificate.

Proximity Payment System Environment (PPSE)

A list of all combinations of ADF Name and Kernel Identifier supported by the contactless card. PPSE is used in the Entry Point Combination Selection process discussed in [Book B]

Registration Letter Written statement provided by the Card Type Approval Secretariat including the Registration Number of the IC Provider, CMP Product Provider, EMVCo Qualified Auditor, or EMVCo Accredited Laboratory.

Registration Number Unique identification number that EMVCo assigns to an IC Provider, CMP Product Provider, EMVCo Qualified Auditor, or EMVCo Accredited Laboratory.

Regression Testing A predefined subset of functional test cases executed to determine whether undeclared changes have been made to the originally approved product. Regression Testing may be performed when Delta Testing is not required.

Request for Approval The entire package submitted by the Product Provider (or by a laboratory on behalf of the Product Provider), including the Request for Approval Form and other information as discussed in section 4.11.

Request for Approval Form

A form that accompanies the test reports for a CMP Product submitted to EMVCo for CMP Type Approval.




® is a


Secure Element (SE) A tamper resistant module capable of hosting applications in a secure manner.

Secure Element Contactless Management (SECM)

An operating system level application of a Secure Element that manages the contactless related characteristics of the contactless applications on that Secure Element.

Security Evaluation Secretariat

The EMVCo entity responsible for evaluating IC and Platform security for CMP Type Approval.

Test Any activity that aims at verifying the conformance of a selected product or process to a given requirement under a given set of conditions.

Test case A description of the actions required to achieve a specific test objective.

Test report Document provided by a laboratory containing the test results for a CMP Product.

Type Approval Acknowledgment by EMVCo that the specified product has demonstrated sufficient conformance to the EMV Specifications for its stated purpose.

As used in this document, the term is interchangeable with CMP Type Approval.

Type Approval documentation

Full set of documents and procedures issued by EMVCo to enable the Type Approval process.

Type Approval process The processes that test a product type for compliance with specification.

Type Approval testing The execution of a defined set of tests against requirements described in a specification to determine compliance with that specification.




® is a


1.4 Notational Conventions

1.4.1 Abbreviations

The abbreviations listed in Table 1-7 are used in this specification.

Table 1-7: Abbreviations

Abbreviation Description

AAUI Application Activation User Interface

ADF Application Definition File

API Application Program Interface

CMP Contactless Mobile Payment

CRS Contactless Registry Service

ETSI European Telecommunication Standards Institute

ETSI SCP ETSI Smart Card Platform

GP GlobalPlatform

GSM Global System for Mobile Communications

HCI Host Controller Interface, defined by ETSI TS 102 622

IC Integrated Circuit

ICC Integrated Circuit Card

ICS Implementation Conformance Statement

IEC International Electrotechnical Commission

OS Operating System

PCN Platform Certificate Number

PCSC Personal Computer/Smart Card

PPSE Proximity Payment System Environment

RF Radio Frequency

RTE Run Time Environment

SCO GlobalPlatform Supported Configuration Options

SD Secure Digital

SECM Secure Element Contactless Management

SEWG Security Evaluation Working Group




® is a


SWP Single Wire Protocol

UICC Universal Integrated Circuit Card

1.4.2 Terminology and Conventions

The following words are used often in this specification and have a specific meaning:

Shall

Defines a product or system capability which is mandatory.

May

Defines a product or system capability which is optional or a statement which is informative

only and is out of scope for this specification.

Should

Defines a product or system capability which is recommended.




® is a


2 Scope of CMP Type Approval

2.1 Concepts and Terminology

2.1.1 Overall CMP Architecture

The EMVCo Contactless Mobile Payment Architecture Overview document identifies the architectural zones illustrated in Figure 2-1 and listed in Table 2-1.

Figure 2-1: Architectural Zones

Mobile Device

D

User Interface

Application Environment

Secure Element

Secure Element

Secure Element

NFC Controller

Router

Payment system network

Contactless Payment Terminal

Personalisation and provisioning

server

Update Server

Wide area modem

Personalisation backend

Payment application

issuer

A E

B

G

C

H

F




® is a


Table 2-1: CMP Architectural Zones

Zone Description Requirements specified by

A The Secure Element that hosts the contactless payment application and other application(s)

EMVCo, ETSI SCP, GlobalPlatform, GSMA

B The NFC controller, which implements the digital portion of the EMV contactless interface and is responsible for the routing of contactless information

EMVCo, ETSI SCP, NFC Forum

C The component (antenna) that implements the analogue part of the EMV contactless interface

EMVCo, NFC Forum

D The baseband and application processors and other components (excluding the Secure Element, NFC controller, and antenna) that form the mobile device

EMVCo, ETSI SCP, GSMA

E The contactless payment application(s) Payment System(s)

F The payment terminal EMVCo, Payment Systems

G The provisioning and personalisation system EMVCo, GSMA, Payment Systems

H The application update system EMVCo, Payment Systems

2.1.2 Secure Element Architecture

A Secure Element (SE) is a tamper resistant module, capable of hosting applications in a secure manner. The Secure Element provides both physical tamper resistance and logical protection of the applications, including securely isolating each of the applications.

There are a number of architectural options for a Secure Element, including:

An SE that is embedded in a mobile device as an integral part of the device

A removable CMP product containing a secure area; for example, a removable smart card or a removable memory card with a secured area

As part of the UICC in a handset

From a logical point of view, a Secure Element has the following parts:

1. An operating system which supports the secure execution of applications and secure storage of application data.

2. The operating system may also support a multi-application management platform that enables the secure loading of applications. GlobalPlatform is one example of a secure multi-application management platform.

3. A device interface which enables commands and responses to be exchanged with the mobile device. The device interface allows the mobile device to communicate with applications in the SE and possibly with the Secure Element Contactless Management (SECM, discussed below).




® is a


4. An antenna interface which enables the exchange of commands and responses between an application in the SE and a contactless terminal via the NFC controller of the mobile device.

5. Optionally, Secure Element Contactless Management (SECM) – The SECM is

responsible for maintaining a list of contactless applications on the Secure Element, the status of the applications, and data associated with each application. The status of the application indicates whether the application is available for selection on the contactless interface. The GlobalPlatform Contactless Registry Service (CRS) defined by [GPCS-C] is one example of an SECM.

6. Optionally, the Proximity Payment System Environment (PPSE).

Figure 2-2 depicts the logical content of a Secure Element when PPSE and SECM are internal to the Secure Element.

Figure 2-2: Example Secure Element Logical Architecture

For a UICC,

Device interface is ISO7816 as defined in [7816]

Antenna interface is HCI/SWP as defined in [HCI] and [SWP]

For other types of SE, various interfaces can be supported. For instance, ETSI and GP have defined an extension of HCI to support Device interface (Refer to APDU Gate definition in [GPESE], [GPESEHCI] and [HCI].

2.2 Overview

EMVCo CMP Type Approval covers two product types:

CMP Secure Element Product

CMP PPSE products

A CMP Secure Element product is a Secure Element as described in 2.1.2.

A CMP PPSE product is a standalone PPSE application.

Secure Element

SECM

PPSE App X

App Y

Device interface

Antenna interface




® is a


2.3 Scope of CMP Secure Element Type Approval

2.3.1 CMP Secure Element Product Definition

1/ A non-GlobalPlatform compliant CMP Secure Element Product submitted for CMP Type Approval is uniquely defined as follows:

the PPSE and/or SECM Applications is compliant to EMV Specifications ([Book B] and [AAUI] )

present on a specific Integrated Circuit that has received an EMVCo Compliance Certificate

with a specific multi-application management platform

and a specific Environment including any other application(s), e.g. Payment System-specific CMP applications, that are not covered by EMVCo CMP Type Approval, and/or software components.

and the platform is in compliance with one of the recognized EMV Profiles, e.g. [UICC Conf]

and the platform is communicating using identified Device and Antenna interfaces

2/ A GlobalPlatform compliant CMP Secure Element Product submitted for CMP Type Approval is uniquely defined as follows:

the PPSE and/or SECM Applications is compliant to EMV Specifications ([Book B] and [AAUI])

present on a specific Integrated Circuit that has received an EMVCo Compliance Certificate

with a specific form factor

with a multi-application management platform that has received a GlobalPlatform Letter of Qualification

where the GlobalPlatform Letter of Qualification covers testing of the SWP protocol using a SWP/HCI test suite qualified by GP (for SEs using SWP)



regardless of any other application(s), e.g. Payment System-specific CMP applications, that are not covered by EMVCo CMP Type Approval.

Note 1: Although EMVCo specifically references a GlobalPlatform compliant CMP Product in this version of the process, EMVCo may address other multi-application management platforms should they become significant in the future.

Note 2: The product provider shall list in the ICS all the interfaces supported by the product under test. If several interfaces are listed in the ICS for Device interface or Antenna interface, some test cases shall be repeated on the different interfaces according to [CMP TC].




® is a


2.3.2 In the Scope of CMP Secure Element Product Functional Evaluation

EMVCo issues a Letter of Compliance for a CMP Secure Element Product when it has successfully completed all the evaluations listed in Table 2-2.

Table 2-2: Evaluations for CMP Product Type Approval

Prerequisite EMVCo IC Security evaluation

Prerequisite if the CMP Product includes

a GlobalPlatform Secure Element

GlobalPlatform Secure Element evaluation

Level 2 evaluation EMVCo PPSE Application and/or SECM

Application evaluation (when one or both are

within the CMP Product)

Platform Security evaluation EMVCo Platform Security evaluation

The scope of EMVCo’s Level 2 testing for CMP Secure Element Products is testing the minimum functionality the CMP Secure Element Product should support for the EMV Proximity Payment System Environment (PPSE) (as defined in [Book B]) and the Application Activation User Interface (as defined in [AAUI]). The minimum functionality to be tested will depend on whether the CMP Secure Element Product is a GlobalPlatform compliant CMP Product, whether the PPSE Application is internal or external to the CMP Product, and whether the CMP Secure Element Product has an internal Secure Element Contactless Management (SECM) Application, as shown in Figure 2-3.

Note 1: CMP Secure Element Products shall not restrict, disfavor or otherwise discriminate against any contactless application IDs, and shall be neutral and non-discriminatory with respect to all contactless applications, including contactless application IDs and contactless applications, of EMVCo's members and non-EMVCo members. EMVCo shall only consider a CMP Secure Element Product for type approval that meets these conditions.




® is a


Figure 2-3: EMV Level 2 Testing Requirements for CMP Type Approval

Note 2: The Contactless Mobile Payment Type Approval process is not applicable for CMP Secure Element Products where the PPSE and SECM are external to the CMP Product. In this scenario the CMP Secure Element Product can only be submitted for platform certification through the EMV Security Guidelines – EMVCo Security Evaluation Process [Sec Gd].

2.3.3 Out of the Scope of CMP Secure Element Product Functional Evaluation

Currently EMVCo does not functionally evaluate the platform (multi-application management functionality such as GlobalPlatform, Operating System such as Java Card, MULTOS, or any native OS) but does perform a security evaluation of the platform; see [Sec Gd].

EMVCo does not evaluate Contactless Level 1 as part of the CMP Secure Element Product functional evaluation. However if the CMP Secure Element Product includes a Contactless Level 1 component, for example a microSD with an internal antenna, please see EMVCo [CT FW] available on the website regarding Contactless Level 1 testing requirements.

The EMVCo process allows some simplifications in case of multi-application management platforms compliant with GlobalPlatform, deferring to GlobalPlatform for evaluating GlobalPlatform compliance, with some conditions defined in section 4.5. EMVCo intends to leverage GlobalPlatform compliance program to avoid duplication of testing; the CRS application being a good example.

EMVCo does not evaluate the Payment System-specific CMP applications but evaluates the PPSE and SECM applications that are built to EMV Specifications ([Book B] and [AAUI]).




® is a


EMVCo also does not evaluate the following components of a CMP Product Type Approval:

1. The contactless antenna and the NFC controller present in a mobile handset device

If the CMP Secure Element Product has an internal antenna, EMVCo would consider the CMP Secure Element Product a standalone product similar to a contactless card, subject to the RF power and signal interface requirements defined by EMV Contactless Communication Protocol Specification [Book D].

2. The PPSE Application when external to the Secure Element

3. The SECM Application when external to the Secure Element

4. The User Interface Application present in a mobile handset device

5. The Operating System or transmission protocol

For these components, any testing requirement would be Payment System specific and Type Approval (if any) would be issued by the Payment Systems and/or mobile network operators.

2.3.4 Debug Sessions

Debug sessions may occur between the laboratory and the Product Provider, at any time and are beyond the scope of EMVCo.

2.3.5 Security Evaluation Overview

For information about the IC Security Evaluation and the Platform Security Evaluation, please refer to EMV Security Guidelines – EMVCo Security Evaluation Process [Sec Gd], available on the EMVCo website.




® is a


2.4 Scope of CMP PPSE Type Approval

2.4.1 CMP PPSE Product Definition

A CMP PPSE Product submitted for Type Approval is uniquely defined as follows:

the PPSE Application built to EMV Specifications ([Book B] and [AAUI] )

designed for a specific GlobalPlatform Specification

present on a specific form factor

designed to work on a platform with a specific combination of modes (internal and/or external)



For the purpose of testing, the PPSE applet shall be loaded on a platform which has been granted a GlobalPlatform Letter of Qualification, where the GlobalPlatform Letter of Qualification includes testing of the SWP protocol using a SWP/HCI test suite qualified by GP (for platforms using SWP).

The GlobalPlatform Letter of Qualification will be referenced in the Letter of Compliance

Note: The product provider shall list in the ICS all the interfaces supported by the product under test. If several Antenna or Device interfaces are listed in the ICS, some test cases shall be repeated on the different interfaces according to [CMP TC].

2.4.2 In the Scope of CMP PPSE Functional Evaluation

EMVCo issues a Letter of Compliance for a standalone PPSE applet when the applet has successfully completed all the evaluations listed in Table 2-3.

Table 2-3: Evaluations for CMP PPSE Type Approval

Level 2 Evaluation EMVCo PPSE Application Evaluation

The scope of EMVCo’s Level 2 testing for a standalone PPSE applet is testing the minimum functionality the PPSE applet should support for the EMV Proximity Payment System Environment (PPSE) (as defined in [Book B]) and the Application Activation User Interface (as defined in [AAUI]), and whether the PPSE Application supports internal or external modes.

Note 1: A type approved PPSE applet shall only be deployed on a GP qualified platform developed to the same version of GP specifications (GlobalPlatform Card Specification, Amendment C), to the same version of GP APIs (Card Contactless API, Java Card API) and fulfilling the same requirements as a CMP Product with the same antenna and device interfaces.

Note 2: If the form factor is eSE and the PPSE applet is deployed on a platform with a different GP LOQ it has to be re submitted for testing.




® is a


Note 3: PPSE applets shall not restrict, disfavor or otherwise discriminate against any contactless application IDs, and shall be neutral and non-discriminatory with respect to all contactless applications, including contactless application IDs and contactless applications, of EMVCo's members and non-EMVCo members. EMVCo shall only consider a PPSE applet for type approval that meets these conditions.

2.4.3 Out of Scope of CMP PPSE Functional Evaluation

EMVCo does not evaluate the platform hosting the PPSE applet.

EMVCo only evaluates the functionality of the PPSE applet built to EMV Specifications ([Book B] and [AAUI]). Any other functionality supported by the PPSE applet is out of scope.

2.4.4 Debug Sessions

Debug sessions may occur between the laboratory and the Product Provider, at any time and are beyond the scope of EMVCo.

2.4.5 Security Evaluation Overview

Since PPSE does not contain any sensitive data or functionality no security evaluation of the PPSE applet is required.




® is a


3 CMP Type Approval Overview

The following sections provide an overview of the Type Approval process:

3.1 Generic EMVCo Type Approval Flow

The following picture describes the generic steps applicable to any EMVCo Type Approval.

Figure 3-1: Generic EMVCo Type Approval Flow




® is a


3.2 CMP Type Approval Flow

The generic flow is customized to address the specific requirements of a CMP Type Approval

3.2.1 CMP Secure Element Type Approval Flow

Figure 3-2: CMP Secure Element Type Approval Flow

CMP Functional

Evaluation

IC Provider

Registration

IC Security

Evaluation

Platform

Security

Evaluation

IC evaluated?No

IC Approval

Request

Implementation

Conformance Statement

SubmittedIC Compliance

Certificate

IC Registration

Form Submitted

Yes

Letter of Compliance

including

Platform Certificate Number

Invoice paid

Invoice

paid?

Yes

No

Request for

ApprovalPay invoice

GlobalPlatform

Secure Element?

GlobalPlatform

Functional Evaluation

Yes

No

CMP Product Provider

Registration

Level 2

Evaluation

Review

GlobalPlatform

Letter of

Qualification

GlobalPlatform

SE?

Yes

No




® is a


3.2.2 CMP PPSE Type Approval Flow

Figure 3-3: CMP PPSE Type Approval Flow




® is a


3.2.3 Combined CMP Secure Element Product and CMP PPSE Product Type Approval Submissions

A Product Provider can combine submission of a CMP Secure Element Product with the submission of a CMP PPSE Product.

The combined type approval submission is only valid when the PPSE functionality is internal to the CMP Secure Element Product and the product provider submits both ICS forms at the same time.

The CMP Secure Element Product must comply with all conditions and requirements as stated in Section 2.3.1, while the CMP PPSE Product must comply with all conditions and requirements as stated in Section 2.4.2.

The benefit of a combined submission is that the Product Provider only needs to submit one set of samples for testing to a laboratory, and all testing are done in a single test session to create the two test reports.

The product provider is responsible for completing a Request for Compliance for the CMP Secure Element Product and another Request for Compliance for the CMP PPSE Product.

3.3 Reporting Results to EMVCo

3.3.1 Reporting Level 2 Evaluation Results

The Product Provider shall ask the EMVCo Accredited Laboratory to send the level 2 report directly to EMVCo.

3.3.2 Reporting GlobalPlatform Evaluation Results

If a CMP Product Provider wishes to have a product recognized by EMVCo as a GlobalPlatform compliant Secure Element, GlobalPlatform evaluation shall be performed at an EMVCo Accredited Laboratory and the corresponding GlobalPlatform Letter of Qualification shall be supplied to EMVCo.

EMVCo reserves the right to question the GlobalPlatform Letter of Qualification and to reject the GlobalPlatform Letter of Qualification if considered insufficient for EMVCo needs.

3.3.3 All Test Reports

Each test report must include the ICS reference number on the cover page.3

3.3.4 Request for Approval

Upon receipt of a Request for Approval, the Card Type Approval Secretariat will invoice the product provider. After confirmation from the Financial Secretariat that all the required fees have been paid, it will assemble all the reports into one Request for Approval package. It is the Product Provider’s responsibility to ensure that all required items are received by EMVCo. The Request for Approval will not be reviewed until payment of all required fees and all required items have been received.

3 Test reports are discussed in detail in section 4.11.




® is a


3.4 General Rules for a Test Session

The following rules must be followed by the laboratory performing the Level 2 evaluation:

The Product Provider must not be present during the testing of the Product.

Products must be tested against the currently supported Test Cases version(s), and with an EMVCo qualified Test Tool.

No modifications are allowed to the CMP Product (as defined in section 2.3.1). If any modifications are made to the CMP Product during the test session, the session must end and the Product Provider must initiate a new submission including a new ICS.

If any modification is made to the ICS during the test session (without any modification to the Product), the modified ICS must be sent to EMVCo. The modified ICS is reviewed by EMVCo and if acceptable retains the validity period of the original EMVCo-accepted ICS.

Note: Modification of the ICS is subject to a fee (See Section 3.6).

3.5 Submitting a Request for Approval Form

A Request for Approval form, completed in its entirety, must be submitted after testing is complete, as discussed in section 4.10.

Product Providers may submit a preliminary Request for Approval form during the Testing Phase, at any point after EMVCo notifies the laboratory that the ICS is acceptable (as discussed in section 4.7). If the form is submitted early, EMVCo will invoice the Product Provider and the Product Provider can pay the administrative fees before test reports are available. Given that test reports are not reviewed until EMVCo has received payment of all fees, early payment avoids delays during the Approval Phase.

3.6 Fee Structure

EMVCo will charge fees to cover the administrative expenses incurred by EMVCo in managing the Type Approval process. This process includes, but is not limited to:

review of audit and test reports

updates to the Type Approval documentation, specifications, and Test Cases

maintenance of the EMVCo website, including lists of approved Products, EMVCo Accredited Laboratories, and EMVCo Qualified Auditors

The following fees shall be paid to EMVCo by a CMP Secure Element Product Provider:

CMP SE Request for Approval fee for a review of a Request for Approval for a CMP Secure Element Product

CMP SE Request for Renewal fee for a review of a Request for Renewal for a CMP Secure Element Product




® is a


Combined Requests for Approvals fee for a combined review of two Requests for Approvals (one for the CMP Secure Element Product and one for the PPSE Applet Product. See Section 3.2.3)

Combined Requests for Renewal fee for a combined review of two Requests for Renewal (CMP Product and PPSE Applet Product. See Section 3.2.3).

Please refer to SEWG Bulletin #3 on the EMVCo website for additional fees related to security evaluation of CMP Secure Element Products

The following fees shall be paid to EMVCo by a CMP PPSE Product Provider:

CMP PPSE Request for Approval fee for a review of a Request for Approval for a CMP PPSE Product

CMP PPSE Request for Renewal fee for a review of a Request for Renewal for a CMP PPSE Product

The following fees shall be paid to EMVCo by a CMP Secure Element Product Provider or a CMP PPSE Product Provider:

Letter of Compliance re-issuance fee for a re-issuance of a Letter of Compliance requested by the Product Provider

ICS Replacement fee. One free ICS replacement is allowed during the ICS life cycle. Any subsequent ICS replacement requested is charged to the Product Provider:

o Same submission process applies as for initial ICS submission (Laboratory submits the changed ICS).

o This applies to any change in the ICS after the official approval of the ICS by EMVCo.

o After the start of the test session of the Product, ICS replacements (following the rules of the previous bullet) are only allowed for administrative information update (such as name of product) but are not allowed for technical information update.

o ICS replacement is not allowed after Test Report submission to EMVCo

The following fee shall be paid to EMVCo by the laboratory:

ICS decline fee if an incomplete and/or inconsistent ICS is submitted to EMVCo for review (as Laboratory is responsible of reviewing the ICS provided by the Product Provider). ICS decline process applies to the initial ICS submission and also to any other ICS replacement (charged or not charged to the Product Provider)

Test report decline fee if an incomplete and/or inconsistent test report is submitted to EMVCo for review

Note 1: The amount of each fee is published in the Mobile Type Approval bulletin 21 available on EMVCo Website. Please check the EMVCo website for the latest fee amounts.

Note 2: Payers are responsible for any bank charges associated with remittance. Each paying entity must work with its own bank to ensure that EMVCo receives the full amount of the fee. The Request for Approval will not be reviewed until complete payment has been received.




® is a


Note 3: The testing fees charged by the EMVCo Accredited Laboratory to execute test cases are not included and are the responsibility of the Product Provider.

Note 4: Check separate SEWG bulletin for details on the fees charged for security review.

3.7 EMVCo Service Levels

The service level for the issuance of a Letter of Compliance for a report showing 100% compliance shall be 5 business days from the receipt of all required documentation and payment of any applicable fees.

The service level for ICS review shall be 3 business days.

The service level for a renewal request review shall be 8 business days.

EMVCo strives to provide the optimum service levels for all activities, but it cannot commit to service levels for matters that require investigational work, such as reviewing reports not showing 100% compliance.

3.8 Multiple Laboratories

Level 2 testing cannot be split between laboratories.




® is a


4 CMP Type Approval Procedures

The following sections describe the Type Approval process:

Note: This document frequently requests one entity to send a form, a test report, or an audit report to EMVCo. Unless otherwise specified, all such materials must be sent to the Card Type Approval Secretariat ([email protected]).

4.1 IC Provider Registration

As illustrated in Figure 4-1, the IC Provider Registration process is as follows:

The IC Provider:

o Obtains registration information from the EMVCo website

o Submits completed Request for Registration and Business Review forms (including a Dun & Bradstreet report or equivalent in English) to the Card Type Approval Secretariat ([email protected]).

EMVCo reviews the submitted materials and, if acceptable, sends the EMVCo/IC Provider contract to the IC Provider.

The IC Provider executes the contract with EMVCo.

Note 1: The contract between EMVCo and the IC Provider must be completed before the IC Security evaluation described in section 4.4 begins.

The Security Evaluation Secretariat provides the IC Provider with following documents:

o EMV Issuer and Application Security Guidelines [Iss App Sec Gd]

o EMVCo Security Guidelines for Java Card and GlobalPlatform Implementations [Sec Impl Gd]

The Card Type Approval Secretariat provides the IC Provider with a Registration Letter which will include the IC Provider’s Registration Number.

Note 2: The registration process is completed only once per IC Provider.

mailto:[email protected]





® is a


Figure 4-1: IC Provider Registration

Start

Forms complete?N EMVCo informs IC Provider

of incomplete information

EMVCo enters IC Provider’s

information into EMVCo database

and sends IC Provider contract for

signature

EMVCo provides Registration Letter

including Registration Number

to IC Provider

Contract complete?

EMVCo informs IC Provider

of incomplete contract

information

IC Provider submits completed

contract to EMVCo

EMVCo sends IC Provider

a copy of signed contract and

security guidelines

IC Provider submits completed

Request for Registration and

Business Review forms to EMVCo

End

N

Y

Y

Business

review accepted by

EMVCo?

NEMVCo informs IC Provider

of rejection of business

review

Y

EMV Issuer and Application Security

Guidelines [Iss Ap Sec Gd]

EMVCo Security Guidelines for Java

Card and GlobalPlatform

Implementations [Sec Impl Gd]




® is a


4.2 CMP Secure Element Product Provider Registration4

As illustrated in the Figure 4-2, the CMP Secure Element Product Provider Registration process is as follows:

The Product Provider:


o Submits completed Request for Registration and Business Review forms

(including a Dun & Bradstreet report or equivalent in English) to the Card Type

Approval Secretariat ([email protected])

EMVCo reviews the submitted materials and, if acceptable, sends the following contracts to the Product Provider:

o EMVCo / Product Provider contract for Type Approval from the Card Type

Approval Secretariat

o EMVCo / Product Provider contract for Security Evaluation from the Security

Evaluation Secretariat ([email protected])

The Product Provider executes the contracts with EMVCo.

Note 1: The contract for Type Approval must be executed before the testing phase described in section 4.7 begins. The contract for Security Evaluation must be executed before the Platform Security evaluation described in section 4.8 begins.

The Security Evaluation Secretariat provides to the Product Provider:

o EMV Issuer and Application Security Guidelines [Iss App Sec Gd]

o EMVCo Security Guidelines for Java Card and GlobalPlatform Implementations

[Sec Impl Gd]

o EMV Security Guidelines – EMVCo Security Evaluation Process [Sec Gd]

The Card Type Approval Secretariat provides the Product Provider with a Registration Letter which will include the Product Provider’s Registration Number.

Note 2: The registration process is completed only once per CMP Product Provider.

Note 3: EMVCo Letters of Compliance are addressed to the primary contact identified on the Request for Registration.

4 CMP Product Provider registration can be performed concurrently with, or after, selecting a laboratory.






® is a


Figure 4-2: CMP Secure Element Product Provider Registration

Start

Forms complete?N

EMVCo informs

CMP SE Product Provider of

incomplete information

EMVCo enters CMP SE Product

Provider’s information into EMVCo

database and sends Product Provider

contracts for signature



to CMP SE Product Provider

Contracts complete?

EMVCo informs


incomplete contract information

CMP SE Product Provider submits

completed contracts to EMVCo

EMVCo sends CMP SE Product

Provider a copy of signed contracts

and [Sec Impl Gd]

CMP SE Product Provider submits

completed registration and Business

Review forms to EMVCo

End

N

Y

Y

Business Review accepted?N

EMVCo informs


rejection of business review

Y

EMV Issuer and Application Security

Guidelines [Iss Ap Sec Gd]

EMVCo Security Guidelines for Java

Card and GlobalPlatform

Implementations [Sec Impl Gd]

EMV Security Guidelines – EMVCo

Security Evaluation Process [Sec Gd]




® is a


4.3 CMP PPSE Product Provider Registration5

As illustrated in the Figure 4-3, the CMP PPSE Product Provider Registration process is as follows:



o Submits completed Request for Registration and, if a new product provider, Business Review forms (including a Dun & Bradstreet report or equivalent in English) to the Card Type Approval Secretariat ([email protected])

EMVCo reviews the submitted materials and, if acceptable, sends the following to the Product Provider:

o EMVCo / Product Provider contract for Type Approval from the Card Type Approval Secretariat

The Product Provider executes the contracts with EMVCo.

Note 1: The contract for Type Approval must be executed before the testing phase described in section 4.7 begins.

The Card Type Approval Secretariat provides the Product Provider with a Registration Letter which will include the Product Provider’s Registration Number.

Note 2: The registration process is completed only once per PPSE Applet Product Provider.

Note 3: EMVCo Letters of Compliance are addressed to the primary contact identified on the Request for Registration.

5 PPSE Product Provider registration can be performed concurrently with, or after, selecting a

laboratory.





® is a


Figure 4-3: CMP PPSE Product Provider Registration

Start

Forms complete?N

EMVCo informs

CMP PPSE Product Provider of

incomplete information

EMVCo enters CMP PPSE Product

Provider’s information into EMVCo

database and sends Product Provider

contract for signature



to CMP PPSE Product Provider

Contracts complete?

EMVCo informs


incomplete contract information

CMP PPSE Product Provider submits

completed contract to EMVCo

EMVCo sends CMP PPSE Product

Provider a copy of the signed contract

CMP PPSE Product Provider submits

completed registration and Business

Review forms to EMVCo

End

N

Y

Y

Business Review accepted?N

EMVCo informs


rejection of business review

Y




® is a


4.4 IC Security Evaluation

The IC Provider submits the IC Registration form directly to the Security Evaluation Secretariat ([email protected]) (not to the Card Type Approval Secretariat).

The IC Provider pays required administrative fees to EMVCo for review of the IC Security evaluation. The IC Provider submits the IC Security Evaluation Report directly to the Security Evaluation Secretariat ([email protected]) (not to the Card Type Approval Secretariat).

The Security Evaluation Secretariat reviews the IC Security Evaluation Report and, if successful, issues an EMVCo Compliance Certificate to the IC Provider.

Detailed information about the IC Security evaluation and IC approval is provided in EMV Security Guidelines – EMVCo Security Evaluation Process [Sec Gd] and EMV Issuer and Application Security Guidelines [Iss App Sec Gd].

4.5 GlobalPlatform Evaluation for CMP Secure Element

Products

In order to obtain a GlobalPlatform Letter of Qualification for its Secure Element, the CMP Secure Element Product Provider must contact GlobalPlatform’s Compliance Secretariat (not EMVCo’s Card Type Approval Secretariat or Security Evaluation Secretariat).

In order for its product to be recognized by EMVCo as a GlobalPlatform compliant Secure Element, the Product Provider must select a GlobalPlatform Qualified Laboratory that is also an EMVCo Accredited Laboratory.

Note: The Product Provider must ensure that the laboratory chosen is independent of the Product Provider.

Detailed information about the GlobalPlatform evaluation and GlobalPlatform Compliance Program can be found at www.globalplatform.org.

4.6 GlobalPlatform Evaluation and EMVCo CMP Type

Approval Performed in Parallel

The GlobalPlatform testing and EMVCo testing can be performed in parallel under the following conditions:

The Product Provider must have initiated the GlobalPlatform Evaluation process in order to get an EMVCo ICS approved.

All EMVCo tests shall be rerun in case of any product change between the EMVCo tests session and the issuance of GlobalPlatform Letter of Qualification.



http://www.globalplatform.org/




® is a


4.7 Testing Phase


Selects one test laboratory from the list of EMVCo Accredited Laboratories published on the EMVCo website and executes bilateral required agreements and contracts.

Note 1: The Product Provider must ensure that the laboratory chosen is independent of the Product Provider.

For each CMP product that it submits, sends a fully completed and signed Implementation Conformance Statement (ICS) to the selected laboratory, along with 3 product samples and associated testing environment as per section 9 (including training if needed).

Note 2: The ICS format and content are defined by EMVCo. The ICS must be the current valid ICS form as published by EMVCo.

A The Laboratory:

Validate(s) that the ICS is complete and all sections and fields are consistent.

Submits a copy of the complete ICS to EMVCo ([email protected]) for acceptance prior to the start of the type approval testing process.

Note 3: Please ensure that the completed ICS is provided as an unlocked PDF document electronically signed by the Product Provider and the Level 2 EMVCo Accredited Laboratory.

EMVCo:

Reviews the ICS.

If the ICS is acceptable to EMVCo, then:

o States the ICS expiration date. This date is typically 90 days.

Note 4: EMVCo Functional Testing must be completed and reports submitted prior to expiration of the ICS.

o Assigns the ICS reference number.

o Notifies the laboratory (of acceptance by providing back the ICS signed electronically by EMVCo including the ICS reference Number.

o Archives the ICS for later comparison to the ICS submitted with the Request for Approval.

o Optionally at this stage, the Product Provider may submit a Request for Approval Form to the Card Type Approval Secretariat ([email protected]) in order to receive and pay EMVCo’s invoice prior to complete testing. (See section 3.5)

If the ICS is not acceptable to EMVCo, then:

o EMVCo notifies the laboratory that the ICS is not acceptable and issues an invoice

to the laboratory for the decline ICS fee as defined in section 3.6.

o The laboratory notifies the Product Provider that the ICS is not acceptable.






® is a


o The Product Provider submits a new ICS to the laboratory.

o Processing continues with Step A of section 4.7.

The laboratory:

Validates that the three CMP Secure Element Product or CMP PPSE Product (loaded on a GP-qualified platform) samples received are consistent with the ICS.

Validates the personalization of the SE Images.

Checks that the test environment permits the evaluation of the device and antenna interfaces listed in the ICS.

Identifies the list of applicable EMVCo-defined Test Cases according to the ICS.

For GlobalPlatform compliant CMP Secure Element Products or for CMP PPSE Product testing, loads the CMP SE test applet for use in the PPSE Applet testing6.

Tests the Product and provides a signed and non-modifiable test report(s) to the Product Provider.

Note 5: Test results must be based upon the current valid Test Cases versions. (See section 5)

Note 6: Tests must be executed with EMVCo qualified Test Tool(s).

Note 7: The laboratory is required to archive all test tool versions for a minimum of three years after the version deactivation date.

Note 8: The laboratory should maintain all test result logs for all Test Cases and make those available for EMVCo review as requested

6 For GP compliant SE, the CMP SE test applet is provided by EMVCo, as discussed in section 7.1.




® is a


Figure 4-4: Testing Phase

Start

Laboratory(s) performs testing for

Level 2 evaluation

CMP Product Provider selects

EMVCo Accredited Laboratory(s)

End

CMP Product Provider provides ICS

and CMP Product samples to

laboratory(s)

Laboratory(s) validates ICS

ICS acceptable?

EMVCo informs

laboratory(s) of

non-acceptance

N

Y

Laboratory(s) provides test results

to CMP Product Provider

Laboratory(s) validates personalization

and that the CMP Product

is consistent with ICS

ICS acceptable?

Laboratory(s) informs

CMP Product Provider

of non-acceptance

Laboratory(s) submits ICS to EMVCo

N

Y

EMVCo informs laboratory(s) of

acceptance

Note 9: in the above figure CMP Product can be either CMP Secure Element Product or CMP PPSE Product.




® is a


4.8 Platform Security Evaluation

The CMP Secure Element Product Provider submits the Platform (IC + OS) Registration form directly to the Security Evaluation Secretariat ([email protected]) (not to the Card Type Approval Secretariat).

The CMP Secure Element Product Provider pays required administrative fees to EMVCo for a review of the Platform Security evaluation. The CMP Secure Element Product Provider submits the Platform Security Evaluation Report directly to the Security Evaluation Secretariat ([email protected]) (not to the Card Type Approval Secretariat).

EMVCo reviews the Platform Security Evaluation Report. If the review is successful, EMVCo issues an EMVCo Compliance Certificate for the Platform.

Detailed information about the Platform Security evaluation and Platform approval is provided in EMV Security Guidelines – EMVCo Security Evaluation Process [Sec Gd] and EMVCo Security Guidelines for Java Card and GlobalPlatform Implementations [Sec Impl Gd].

Note: This step is not required for CMP PPSE Product Type Approval.

4.9 Product Provider Decision to Submit

The Product Provider determines whether test results resulting from laboratory testing will be submitted to EMVCo for evaluation.

Submitting test results to EMVCo for evaluation indicates Product Provider

acceptance that the test results are a true representation of Product performance.

Test results may be submitted to EMVCo for evaluation up to 90 days after

acceptance of the ICS. Test results that exceed the 90 days validity period have

expired and cannot be submitted. Product re-testing is required to create a current

test report if the validity period is exceeded and EMVCo evaluation is desired.

The Product Provider must ensure that the samples associated with test results

submitted to EMVCo for evaluation remain unaltered and accessible in a timely

manner during the evaluation process.






® is a


4.10 Approval Phase


Submits a Request for Approval to the Card Type Approval Secretariat 7 ([email protected]). (See section 4.11 for a detailed description of the materials to be submitted.)

Upon reception of EMVCo’s invoice, pays required Type Approval administrative fees to EMVCo.

Note 1: CMP Product Providers may submit the Request for Approval Form before submitting test reports and/or the GlobalPlatform Letter of Qualification in order to receive and pay EMVCo’s invoice prior to complete testing. (See section 3.5)

Requests the laboratory to send the test report directly to EMVCo

Submits to the Card Type Approval Secretariat ([email protected]) any additional functional test reports (if applicable) and/or GlobalPlatform Letter of Qualification not provided with the original Request for Approval Form.

Note 2: If any functional test report shows less than 100% successful test results, the Product Provider must include an impact analysis of the non-conformance(s).

Submits the Platform Security Evaluation Report directly to the Security Evaluation Secretariat8 ([email protected]). (The laboratory may do this on behalf of the CMP Product Provider.)

Upon reception of a Request for Approval, EMVCo:

B Determines whether the ICS identified by the ICS reference number on the

Request for Approval has expired.

o If so, EMVCo notifies the Product Provider that the ICS has expired. The Product

Provider must submit a new ICS and begin the process again.

Determines whether this is the first Request for Approval submitted with this ICS reference number.

o If so, EMVCo issues an invoice to the Product Provider for the applicable fees.

o If not and if the previously issued invoice has been paid, EMVCo continues with

Step D.

o EMVCo waits for payment before proceeding.

7 The CMP Product Provider may choose to submit the Request for Approval at the same time as the

Platform Security Evaluation report, or after receiving notification that the security evaluation is acceptable to EMVCo.

8 The CMP Product Provider may choose to submit the Platform Security Evaluation report at the same

time as the Request for Approval, or after receiving notification that the functional evaluation is acceptable to EMVCo.







® is a


D Determines whether all materials described in section 4.11 have been received.

o If not:

- EMVCo notifies the Product Provider that the Request for Approval is incomplete.

- EMVCo takes no further action until an additional Request for Approval is

received.

- When an additional Request for Approval is received, EMVCo processes it as

usual, beginning with Step B .

Evaluates the functional test and/or audit reports, and each ICS submitted with the functional reports.

o EMVCo will consider “acceptable for an approval” a functional report showing

100% successful test results.

o If a functional test report shows less than 100% successful test results, EMVCo

reviews the impact analysis of the non-conformance submitted by the Product

Provider:

- Either EMVCo considers that the test report and/or audit report demonstrates

sufficient conformance of the CMP Secure Element Product or CMP PPSE

Product and, at Step D , includes condition(s) in the Letter of Compliance

or

- EMVCo considers that the test report and/or audit report does not demonstrate

sufficient conformance of the CMP Secure Element Product or CMP PPSE

Product, and therefore, at Step E, either requests further testing or issues a Letter

of Rejection

Note 3: As discussed in section 4.11, the Product Provider not only possesses the exact same functional test report and audit report from the test laboratory as EMVCo, but also is the entity deciding whether to have the report(s) submitted to EMVCo for evaluation with an impact analysis of any non-conformance shown in the report(s). In other words, the Product Provider should be fully aware of any discrepancy disclosed to EMVCo and its potential impact.

If all functional reports are acceptable to EMVCo, the Card Type Approval Secretariat advises the Product Provider that the functional evaluation is successful.

If the Platform Security Evaluation Report is acceptable to EMVCo, the Security Evaluation Secretariat:

o Notifies the CMP Secure Element Product Provider and the Card Type Approval

Secretariat that the Platform security evaluation is acceptable.

o Provides the Platform Certificate Number (PCN) to the Card Type Approval

Secretariat.




® is a


If both the functional evaluation and security evaluation (for CMP Secure Element Product only) are acceptable, the Card Type Approval Secretariat:

o D Issues a Letter of Compliance to the Product Provider (as described in

section 4.14).

o Lists the approved product on the EMVCo website, if the Product Provider

indicated on the Request for Approval Form that the approval should be public.

o Notifies the laboratory to retain the test report, test logs, and 3 samples for

six years following the expiration date of the Letter of Compliance.

E If either the functional or the security evaluation is not acceptable, the Card Type

Approval Secretariat sends to the Product Provider:

o A request for further testing

or

o A Letter of Rejection with a summary report describing the non-conformance




® is a


Figure 4-5: Approval Phase

Start

Request for Approval

complete?

EMVCo informs CMP

Product Provider that

Request for Approval is

incomplete

N

CMP Product Provider or Laboratory

submits

Platform Security Evaluation Report

to Security Evaluation Secretariat

EMVCo informs CMP Product Provider

that functional evaluation is acceptable

End

Y

EMVCo updates database

EMVCo updates Approved Products List

on website if requested on

Request for Approval form

EMVCo sends CMP Product Provider

Letter of Compliance including

Platform Certificate Number


acceptable?

NEMVCo informs CMP

Product Provider that

functional evaluation is

not acceptable

N

Security

Evaluation

Secretariat informs

CMP Product

Provider and Card

Type Approval

Secretariat that

Platform Security

Evaluation Report

is acceptable

EMVCo sends CMP Product

Provider

Letter of Rejection

or request for further testing

Security

Evaluation report

acceptable?

Security

Evaluation

Secretariat informs

CMP Product

Provider and Card

Type Approval

Secretariat that

Platform Security

Evaluation Report

is not acceptable

N

CMP Product Provider submits

Request for Approval Form, ICS,

GP Letter of Qualification (when

applicable) and required test reports

Initial


Form for this

ICS?

EMVCo issues

invoice

Y

N

CMP Product

Provider pays

invoice

Invoice paid?

N

Y

Y

Y

Note 4: in the above figure CMP Product can be either CMP Secure Element Product or CMP PPSE Product.

Note 5: in the above figure, the Security Evaluation is applicable to CMP Secure Element Products only.




® is a


4.11 Request for Approval

The Product Provider submits a Request for Approval to EMVCo ([email protected]) that identifies all testing performed for the product and that includes:

Request for Approval Form

The Request for Approval Form may be submitted to EMVCo before the test report package in order to receive and pay EMVCo’s invoice prior to complete testing (as discussed in section 3.5). A completed form with all test report reference numbers must be submitted after testing is complete.

Implementation Conformance Statement (ICS)

Complete ICS, including Product description, IC Certificate Number (for CMP Secure Element Products only), Platform Certificate Number (for CMP Secure Element Products only, if already available), and the reference number of the GlobalPlatform Letter of Qualification (if already available). If the GlobalPlatform Letter of Qualification is not available at the date of the ICS submission the GlobalPlatform SCO Reference Number must be provided in the ICS (see section 4.6 for more details about parallel testing).

Please ensure that the completed ICS is provided as an unlocked PDF document signed electronically by the Product Provider and Level 2 EMVCo Accredited Laboratory.

Note 1: The ICS must not have exceeded its validity period. If the ICS has exceeded its validity period, but EMVCo has not changed the test requirements (i.e. Test Cases version, SE Images requirements, ICS version), the Product Provider may request, before submitting the Request for Approval, that EMVCo extend the ICS validity period.

GlobalPlatform Letter of Qualification

For CMP Secure Element Products and platforms hosting a CMP PPSE Product, the SCO Reference Number on the GlobalPlatform Letter of Qualification must be the same number provided in the ICS.

EMV Level 2 test report

EMV Level 2 test report from an EMVCo Accredited Laboratory, including ICS reference number.

Note 2: the laboratory shall send the level 2 test report directly to EMVCo (see section 3.3.1). The Card Type Approval Secretariat shall assemble all the reports into one package according to the ICS reference number on the cover page of the reports

Analysis of non-conformance

EMVCo expects all test results in the test reports to have successfully passed. If any failure is identified and the test reports show less than 100% successful test results, the Product Provider must include an impact analysis and a technical explanation of the non-conformance in the Request for Approval.

It is the responsibility of the Product Provider to ensure that all required materials are received by EMVCo prior to the expiration of the ICS validity period. The Test Reports will not be reviewed until EMVCo has received payment of all fees and all required materials. Product Providers may submit the Request for Approval Form before the test report package in order to receive and pay EMVCo’s invoice before testing is complete as defined in section 3.5.





® is a


4.12 Functional Test Reports

Test results are presented in a test report, signed by the laboratory that performed the tests. A single CMP Product may have multiple test reports depending on the capabilities of the laboratory selected by the CMP Product Provider; e.g. one report for GlobalPlatform testing and one for EMV. A CMP PPSE Product will need only one laboratory and therefore a single test report.

Functional test reports must meet the following requirements:

Test reports must be in electronic format for review. When provided to EMVCo, the test report should follow the EMVCo required format.

Each test report must be signed electronically by the laboratory that performed the tests.

Test reports must include the ICS reference number on the cover page.

Test reports must include all applicable test cases results, and each must be designated as Pass, Fail, Inconclusive, or Not Applicable.

If any modification was made to the SE Images or to the ICS during the test session (without any modification to the CMP Secure Element Product or CMP PPSE Product), the test report must identify the reason for the change and must include the laboratory’s assessment of the impact to the SE Images and to the tests performed

Test reports must include a detailed description of any exception test(s) performed or equipment used and a description of the related test results.

Test reports must include a detailed analysis from the laboratory of any test results designated as Fail or Inconclusive

Note 1: EMVCo expects all test results in the test reports to have successfully passed.

Note 2: If a failure is identified in a test report, the Product Provider must include an impact analysis of the non-conformance in the Request for Approval.

The Product Provider determines whether the test results resulting from laboratory testing will be submitted to EMVCo for evaluation. Submitting test reports to EMVCo for evaluation indicates the Product Provider’s acceptance that the test results are a true representation of the performance of its card product. EMVCo does not comment in advance on acceptance of a test report until it has received the complete test report.




® is a


4.13 GlobalPlatform Letter of Qualification

The GlobalPlatform Letter of Qualification shall include the following information:

Executive summary

Identification of the Product Provider

Identification of the tested CMP Product that must be the exact same set of components and version number (per section 2.3.1) as the product submitted for EMVCo testing

Identification of the GlobalPlatform Qualified Laboratory

Note: GlobalPlatform testing will be recognized by EMVCo only if the GlobalPlatform Qualified Laboratory is also an EMVCo Accredited Laboratory.

Identification of any non-conformance

Analysis of impact of any non-conformance

Reference to the appropriate GlobalPlatform documentation and version used to conduct the GlobalPlatform compliance tests

Identification of the scope of the testing; e.g. [GPUICC], etc.

The GlobalPlatform Letter of Qualification shall be submitted to EMVCo in secure electronic format, and must be signed by GlobalPlatform.

4.14 Letter of Compliance

The Letter of Compliance includes the Compliance number, the Platform Certificate Number (when applicable), the GlobalPlatform Letter of Qualification reference ID, the tested device and antenna interfaces and attachments: the ICS and the Request for Approval Form. It is addressed to the Product Provider’s primary contacts as identified on the Request for Registration. The Letter of Compliance is provided by EMVCo as a PDF signed electronically.

Acknowledgement of compliance is granted for a maximum of three years from the acceptance of the Product functional evaluation.

Compliance only applies to products that are identical to the Product tested by an EMVCo-accredited laboratory. A product should not be considered in compliance, nor promoted as approved, if any aspect of the product is different from that which was tested. For example, if a product contains components: chip, application or operating system, that have the same name or model number as those tested, but in fact are not identical to those tested, or have additional functionality not present in what was tested, the product should not be considered or promoted as approved. This also includes post issuance downloads or activating/deactivating functions and features that were disabled/enabled during testing.

The Product Provider must disclose any restrictions or comments included in the Letter of Compliance to its customers (Issuers or other Product Providers to which the Product Provider intends to sell the product).

If the Product Provider indicated on the Request for Approval Form that this information should be public, then the Letter of Compliance and a subset of the ICS are made available on the EMVCo website.

A Letter of Compliance can be revoked at any time at the sole discretion of EMVCo.




® is a


4.15 Letter of Rejection – Appeals

If the Product Provider wishes to dispute a Letter of Rejection or a notification of a revocation of a Letter of Compliance received from EMVCo (see section 6.2):

The Product Provider shall provide a detailed written argument to the Card Type Approval Secretariat, which will escalate the dispute to the Card Type Approval Working Group.

If the Product Provider is unable to resolve the disagreement with the Working Group, the Product Provider may send a written request for consideration by the EMVCo Board of Managers. The request shall explain in reasonable detail the Product Provider’s rationale behind the dispute. Unless EMVCo otherwise instructs the Product Provider, such requests should be sent electronically to:

Secretariat of EMVCo, LLC

Attn: Board of Managers

[email protected]

After receipt of the written request for review, the EMVCo Board of Managers will review the request and notify the Product Provider of its decision regarding such request.

4.16 Renewal of a Compliant CMP Product

The Product Provider may choose to submit a request to EMVCo to renew the compliant Product. It is the Product Provider’s responsibility to submit a Request for Renewal of CMP Product within six months prior to the expiration date of the Letter of Compliance.

To consider renewal of the product, EMVCo will require that the Product complies with current:

EMV Specifications (including bulletins)

EMVCo test requirements (i.e. Test Cases version, SE Images requirements)

EMVCo security requirements (if applicable)

For GlobalPlatform compliant Secure Elements, EMVCo requires that the qualification issued by GlobalPlatform has not expired at the time EMVCo receives the renewal request.

There will be no ad-hoc renewal testing of Products. Each Product must complete a new functional Type Approval before the expiration date of its Letter of Compliance.

In addition, for a CMP Secure Element Product, the platform must receive a delta security review when applying for CMP renewal.

Platforms will be approved for a maximum of six years, after which the CMP Secure Element Product will be removed from the list of approved CMP Secure Element Products.

If no renewal request is submitted, the Product will automatically be removed from the list of approved Products with no notification to the Product Provider.




® is a


4.17 Changes to Previously Compliant Products

Any change to a compliant product requires a new functional Type Approval.

In addition, and only for CMP Secure Element Products, a security impact assessment must be submitted to the Security Evaluation Secretariat. Based on the security impact analysis, the EMVCo Security Evaluation Secretariat will determine whether full or delta security testing would be performed on a CMP Secure Element Product.




® is a


5 Test Version and Specification Change

The following sections identify the impact on functional CMP Type Approval procedures when the EMV Specifications or EMVCo Test Cases change.

5.1 Test Cases Change without EMV Specification Change

Periodically, a Type Approval Bulletin will be published on the EMVCo website announcing the release of new Level 2 Test Cases and their activation date, as well as the deactivation of the previous version.

The new Level 2 Test Cases are immediately released to the test tool suppliers for implementation.

The new CMP SE Test Applet Configurations are published on the EMVCo website simultaneously with the release of the new version of the Test Cases.

New versions of the test tools are developed by the Test Tool Providers and subsequently qualified by EMVCo.

Product Providers may choose to have their products tested against the new version of the Test Cases at any time following the activation of the new test cases (depending on the availability of an EMVCo test tool), but no later than the deactivation date of the previous version of the Test Cases.

Exceptional Type Approval Bulletins announcing exceptional revisions to the current version of the Test Cases and/or SE Images and their activation date may be published on ad-hoc basis by EMVCo to cater for exceptional interoperability and/or security issues. EMVCo reserves the right to change and update Level 2 Test Cases at any time; for example, in order to increase the accuracy and performance of the tests.

EMVCo will announce on its website the new version of the Test Cases and will set the date(s) for activation of the new version and deactivation of the previous version and will inform Laboratories and Tool Providers. By default, a migration period of 2 months between the activation date and the deactivation date, will apply for new products.

Figure 5-1: Release of New Test Cases without EMV Specification Change

No Test Cases Version n beyond this date

(deactivation date) Release of Test Cases

Version n+1

Test Cases Version n+1 applicable Development and installation of new

Test Cases Version n+1

Start running new Tests Cases Version n+1

(activation date)

Today Future

Test Cases Version n applicable

If a Product is in an active testing phase, the Test Cases version used must still be valid on the day that the Product Provider submits the Request for Approval to EMVCo. EMVCo reserves the right to immediately require the implementation of a new/updated version of the Test Cases at any time.




® is a


5.2 Test Cases Change due to new EMV Specifications or

Bulletins

The release cycles for EMV Test Cases and EMV Specifications and/or Specification Update Bulletins are coordinated by EMVCo for a yearly simultaneous release, except for urgent exceptional Bulletins.

A new version of the EMV Specifications and/or Specification Update Bulletins is published on the EMVCo website.

Each new version of the EMV Specifications and each new Specification Update Bulletin will indicate whether implementation is mandatory or optional and the implementation date.

A Type Approval Bulletin is published on the EMVCo website announcing the release of the new Level 2 Test Cases, incorporating the new versions of the EMV Specifications and Bulletins published so far, as well as the activation date of the new Test Cases and the deactivation date of the previous version.

The new Level 2 Test Cases are immediately released to the test tool suppliers for implementation.

The new CMP SE Test Applet Configurations are published on the EMVCo website simultaneously with the release of the new version of the Test Cases.

New versions of the test tools are developed by the Test Tool Providers and subsequently qualified by EMVCo,

Product Providers may choose to implement the new functionality at any time following the publication of a new version of the EMV Specifications and/or Specification Update Bulletins, but cannot submit the product for approval before the new test case version is available.

Product providers may choose to have their products tested against the new version of the Test Cases at any time following the activation of the new test cases (depending on the availability of a qualified test tool), but no later than the deactivation date of the previous version of the Test Cases.

Exceptional Specification Update Bulletins may be published on ad-hoc basis by EMVCo to cater for exceptional interoperability and/or security issues.

After a change in EMV Specifications or bulletins (application notes or specification updates), EMVCo will decide:

Whether the Level 2 Test Cases must be changed to accommodate the new EMV Specifications

When to introduce the new Test Cases version

When to stop testing with the previous Test Cases version

EMVCo will announce on its website the new Test Cases version and the date(s) of the activation of the new version and deactivation of the previous version and will inform Laboratories and Tool Providers. By default, a migration period of 2 months between the activation date and the deactivation date, will apply for new products.




® is a


Figure 5-2: Release of New Test Cases with EMV Specification or Bulletin Change

Beyond this date only products compliant to the EMV Specification Vn+1 will be supported by EMVCo

New version Vn+1 of EMV Spec released

Products compliant

EMV Spec are supported

beyond this date

(deactivation date)

New version Vn+1 of Test Cases

released

EMV Specification Vn

EMV Spec Vn+1

New Test Cases Vn+1 applicable

Development, installation of new Test Cases Vn+1

Start running new Test Cases Vn+1 for EMV Spec Vn+1

(activation date)

Today Future

Test Cases Vn Applicable

to old version of the

No Test Cases Vn for EMV Spec Vn

by EMVCo

EMVCo reserves the right to immediately require the implementation of a new/updated version of the Test Cases at any time.

If a Product is in an active testing phase, the Test Cases version used must still be valid on the day that the Product Provider submits the Request for Approval to EMVCo.

5.3 Migration Period for Renewal

In case of a product renewal (as defined in section 4.16), Product Providers will benefit from a 4-month migration period, after the activation of the new test cases. During this migration period, the renewed product can still be tested with the previous Test Case version even if the deactivation date of previous Test Cases has expired for new products.




® is a


6 Conformance

The Product Provider is responsible for ensuring that his product conforms to specification requirements and EMVCo Type Approval requirements.

6.1 Non-conformance Investigation

If EMVCo receives notification of an issue regarding an approved Product, the following steps occur:

EMVCo reviews the issue and assesses whether it is indeed a potential issue with an approved Product.

EMVCo notifies the Product Provider that the Product has a potential issue and requests the Product Provider’s assessment.

The Product Provider sends to EMVCo its impact assessment and proposal for a corrective action plan.

EMVCo may revoke the Letter of Compliance if the Product Provider does not perform its assessment and present an effective corrective action plan within ten (10) business days after notice from EMVCo.

EMVCo reviews the Product Provider’s impact assessment and corrective action plan.

EMVCo may revoke the Letter of Compliance if the Product Provider fails to complete such corrective actions within a reasonable time after EMVCo’s approval of such plan.

6.2 Revocation of a Letter of Compliance

EMVCo through its non-conformance investigation may determine that an issue has critical impact. In such a situation, EMVCo will notify the Product Provider and revoke the Letter of Compliance

If the Product Provider has reason to dispute the revocation, EMVCo provides an appeal process, described in section 8.




® is a


6.3 Corrective Action

EMVCo supports the following scenarios for corrective action. In each scenario, the Product will be removed from the EMVCo list of approved products.

Product Provider could submit for approval of a modified ICS indicating that the defective option/feature is no longer supported.

EMVCo could add a new restriction on the Letter of Compliance.

Note: The two scenarios result in a new Letter of Compliance upon successful completion but with the same expiration date as the original Letter of Compliance. EMVCo then restores the card product onto the list of approved products.

Separately, EMVCo may also assess whether the existing versions of the Test Cases provide adequate coverage; EMVCo may also investigate whether other approved Products could have the same issue.




® is a


7 Roles & Responsibilities

The following sections define the roles and responsibilities of the participants in Type Approval:

7.1 EMVCo

EMVCo defines the requirements for an EMV CMP ecosystem and CMP Type Approval requirements. EMVCo manages the Card Type Approval Secretariat and the Security Evaluation Secretariat.

For CMP Products or PPSE Applet, EMVCo provides the following services:

Owns, defines, and maintains the EMV Specifications and Type Approval requirements

Owns, defines, and maintains the EMV security requirements

Defines auditor qualification requirements

Defines laboratory accreditation requirements

Owns, defines, and maintains Level 2 Test Cases appropriate to assess that Products conform to EMV Specifications

Owns, defines, and maintains procedures used to perform Level 2 testing

Reviews specification corrections, clarifications, and enhancements

Defines test tool qualification requirements for EMVCo defined Test Cases

For GP compliant SE, owns, develops, and provides to the laboratory a CMP SE test applet for use in the PPSE Applet testing

Answers queries on EMV specifications and type approval procedures

For more information, please refer on EMVCo’s public website to the Mobile Type Approval and Security Evaluation sections.

7.1.1 EMVCo Card Type Approval Secretariat

The Card Type Approval Secretariat manages the Mobile Type Approval process. This includes the administrative functions associated with IC Provider, CMP Product Provider and PPSE Applet Product Provider registration, such as completion of contracts, processing type approval requests and fees, issuing Letters of Compliance or Letters of Rejection. The Card Type Approval Secretariat:

Evaluates auditors and determines whether EMVCo qualification should be granted to an auditor

Manages the auditor appeals process and resolves qualification disputes

Evaluates laboratory audit results and determines whether EMVCo accreditation should be granted to a laboratory

Manages the laboratory appeals process and resolves accreditation disputes




® is a


Evaluates a Product Implementation Conformance Statements (ICS), and communicates evaluation results

Evaluates Product Requests for Approval, and communicates evaluation results

Evaluates renewal requests

Evaluates appropriate resolution of product issues reported to EMVCo, including additional testing or revocation of Letter of Compliance for a particular Product

The role also includes communicating Mobile Type Approval information on the EMVCo website, including the following:

List of EMVCo Qualified Auditors

List of EMVCo Accredited Laboratories for functional evaluation (Level 2)

Mobile Type Approval documentation and forms

List of EMVCo qualified Test Tools

List of EMVCo approved Products

7.1.2 Security Evaluation Secretariat

The Security Evaluation Secretariat:

Evaluates the IC Security Evaluation Report and the Platform Security Evaluation Report

Issues IC Certificate Numbers

Assigns Platform Certificate Numbers

Evaluates the security impact assessment produced when a CMP Product Provider proposes to change a previously approved Platform

Directs the EMVCo Finance Team to issue invoices for the corresponding review fees

The role also includes communicating Security Evaluation information on the EMVCo website, including following:

List of EMVCo Accredited Laboratories for security evaluation

List of EMVCo approved IC products

For additional information about Security Evaluation Secretariat responsibilities, see [Sec Gd].




® is a


7.2 Payment System

A Payment System develops and maintains testing and type approval for Payment System-specific CMP Products or Applets. Some key responsibilities are:

Develops and maintains Payment System application specifications

Develops and maintains Payment System-specific test plans and type approval requirements

Defines Payment System-specific laboratory accreditation and audit requirements

Defines Payment System-specific test tool qualification requirements

Approves Payment System-specific Applications

Accredits Payment System laboratories

Qualifies Payment System test tools

7.3 IC Provider

The IC Provider must:

Register with EMVCo

Pay fee to EMVCo for review of the IC Security evaluation

Submit the IC Security Evaluation Report to the Security Evaluation Secretariat for evaluation

Authorize the audits of the EMV Level 2 test procedures by an EMVCo Qualified Auditor (The procedures must be provided in English or in another language that is acceptable to the auditor.)

Authorize the EMVCo Qualified Auditor to submit audit reports to EMVCo for evaluation

Notify EMVCo of any change in contact information, as described in section 7.10.

For additional information about IC Provider responsibilities, see [Sec Gd].




® is a


7.4 Product Provider

The Product Provider must:

Register with EMVCo for CMP Product and/or PPSE Applet Type Approval

Implement the EMV Specifications

Follow GlobalPlatform Compliance Program and provide EMVCo with the GlobalPlatform Letter of Qualification to demonstrate if applicable the compliance of its implementation.

Provide to the EMVCo Accredited Laboratory a detailed Implementation Conformance Statement (ICS) of its Product in the format defined by EMVCo.

Supply set(s) of three CMP or PPSE Applet Product (for PPSE Applet the samples are three GP-qualified platforms loaded with the PPSE Applet) samples as required for testing prior to the start of the test session.

Provide a test environment specific to its Product and supporting the device and antenna interfaces described in ICS, to be able to interface to the EMVCo Test Tool.

Ensure that all sets of Product samples are for the same version of the ICS and provided from the same manufacturing batch, using the same Hardware components and loaded with the same software version

Ensure that each CMP Product sample is able to be identified with the following information:

o Product Provider name

o Product Provider Registration Number

o SE image number

o CMP Product name

o IC Compliance Certificate number

o Date sample produced

o ICS Reference Number

Ensure that each of the PPSE Applet samples is able to be identified with the following information:

o PPSE Applet Product Provider name

o PPSE Applet Product Provider Registration Number

o SE image number

o PPSE Applet Product name

o Date sample produced

o GP Platform references

o ICS Reference Number

Ensure that testing of its product is completed within the validity period of its ICS as indicated by the Card Type Approval Secretariat




® is a


Ensure that if any modification is made to the Product (as defined in section 2.3.1) during the test session, a new submission is initiated with a new ICS

Inform the EMVCo Accredited Laboratory when submitting a Request for Approval to EMVCo, and ensure that the EMVCo Accredited Laboratory delivers an identical copy of the test reports and test logs to EMVCo

Pay any applicable fee to EMVCo for review of a Request for Approval

Submit a Request for Approval to EMVCo for each product

Ensure that each test report and audit report submitted for a specific Product is for the same version of the ICS

Inform EMVCo of any functional issues found with its approved products after being granted a Letter of Compliance

Inform EMVCo of any product change during GlobalPlatform Evaluation (if GlobalPlatform Evaluation and EMVCo CMP Type Approval are performed in parallel)

Upon notification of a Product issue from EMVCo, provide to EMVCo assessment of the issue, propose a plan of corrective actions, and implement the corrective actions agreed with EMVCo

Ensure that the three samples of its approved Product and the test environment used for approved Product testing remain available to EMVCo at the test laboratory for six years after the expiration date of the Letter of Compliance


The Product Provider is responsible for ensuring that all Products deployed are equivalent to those submitted for Type Approval. Other responsibilities are described in the contract between EMVCo and the Product Provider.

7.5 EMVCo Accredited Laboratories

An EMVCo Accredited Laboratory is a test facility that has been audited by an EMVCo Qualified Auditor and accredited by EMVCo to conduct testing for Type Approval of CMP Products in accordance with EMVCo’s Type Approval requirements and Test Cases.

The laboratory must:

Apply to EMVCo for accreditation

Conduct testing in accordance with EMVCo’s Type Approval requirements and with EMVCo qualified Test Tools

Verify that the test environment provided is supporting the device and antenna interfaces described in the ICS

Validate that the Implementation Conformance Statement (ICS) is complete and all sections and fields are consistent

Send the ICS to EMVCo

Begin testing a product only after receiving EMVCo’s acceptance of the Product’s ICS




® is a


Ensure that, if any modification is made to the Product during the test session, a new test session is initiated with a new ICS accepted by EMVCo.

Ensure that any ICS change requested is not made to hide a bug in the product (such as deactivation of a function because this function is not working properly).

Identify in the test report the reason for any modification made to the SE Images or to the ICS during the test session (without any modification to the product), and include an assessment of the impact to SE Images and tests performed

Identify in the test report any discrepancy found during the test session, either failure of a test or non-conformance to the specification

Issue test reports in an electronic format as defined by EMVCo

Be able to conduct testing for all Test Cases and options defined by EMVCo for the Level 2 evaluations

Retain test reports and test logs, for each Product that is approved for six years after the expiration date of the Letter of Compliance

Retain Product samples for each Product for six years after the issuance date of the Letter of Compliance. Upon request of the Product Provider, all samples can be transferred to another EMVCo accredited laboratory Compliance

Provide a quarterly report of testing activities and performance to EMVCo

Maintain EMVCo accreditation

Apply for renewal of accreditation every four years


It is the responsibility of the laboratory to ensure that its staff members are properly trained on test tools, EMV Specifications and other testing requirements. It is not the responsibility of EMVCo to provide training.

Payment of fees for testing tasks undertaken by EMVCo Accredited Laboratories is the responsibility of the Product Provider requesting EMVCo’s approval. EMVCo is not responsible for laboratory testing fees.

7.6 EMVCo Qualified Auditors

EMVCo Qualified Auditors must:

Conduct audits according to ISO standard or equivalent

Issue audit reports in English

Maintain EMVCo qualification

Apply for renewal of qualification every four years


Payment of fees for audit tasks undertaken by EMVCo Qualified Auditors is the responsibility of the entity requesting EMVCo’s acceptance. EMVCo is not responsible for auditor fees.

For additional information about obtaining EMVCo qualification, see [Aud Qual Req].




® is a


7.6.1 Laboratory Accreditation Audit

The EMVCo Qualified Auditor must follow the procedures outlined in the laboratory accreditation audit process.

The following is a high level overview of the process:

Ensure that the laboratory testing process complies with EMVCo Type Approval requirements, including procedures ensuring that each Implementation Conformance Statement (ICS) is always sent to and accepted by EMVCo prior to any testing being performed.

Ensure that the laboratory Quality Management Process complies with acceptable ISO or equivalent standards.

Validate that the laboratory is using EMVCo qualified Test Tools

Validate that the laboratory retains test reports, test logs, and product samples for each Product that they tested and that is approved.

For more information, see [Lab Accred Req].

7.7 Relationships between Laboratories and Product

Providers

The provisions of contracts entered into between laboratories and Product Providers are entirely outside of EMVCo’s scope. However, topics likely to be included in such contracts are mentioned below for information purposes only:

Reference to the EMVCo Registration Number of the Product Provider

Agreement of mutual cooperation in providing information and assistance where needed

Agreement from the Product Provider allowing laboratory to disclose confidential information to EMVCo as needed

Lead time for the execution of the CMP Type Approval tests

The three Product samples provided to the laboratory.

Arrangement for the preparation and delivery of Product samples

Right of the laboratory to keep all Product samples for the duration of the test procedure

Right of the laboratory to keep all Product samples after the Product has received a Letter of Compliance from EMVCo

Recognition that no infringement on the independence or impartiality of the testing laboratory will be allowed during or after testing

Agreement on the ownership and use of test results

Provisions for conflict resolution




® is a


7.8 Relationships between Auditors and Product Providers

The provisions of contracts entered into between EMVCo Qualified Auditors and Product Providers are entirely outside of EMVCo’s scope. However, topics likely to be included in such contracts are mentioned below for information purposes only:

Reference to the EMVCo Registration Numbers of the EMVCo Qualified Auditor and the Product Provider


Agreement from the Product Provider allowing the EMVCo Qualified Auditor to disclose confidential information to EMVCo as needed

Lead time for audits

Recognition that no infringement on the independence or impartiality of the EMVCo Qualified Auditor will be allowed during or after audits

Agreement on the ownership and use of audit reports


7.9 Relationships between Auditors and Laboratories

The provisions of contracts entered into between EMVCo Qualified Auditors and laboratories are entirely outside of EMVCo’s scope. However, topics likely to be included in such contracts are mentioned below for information purposes only:

Reference to the EMVCo Registration Numbers of the EMVCo Qualified Auditor and, if applicable, the EMVCo Accredited Laboratory


Agreement from the laboratory allowing the EMVCo Qualified Auditor to disclose confidential information to EMVCo as needed

Lead time for audits

Recognition that no infringement on the independence or impartiality of the EMVCo Qualified Auditor will be allowed during or after audits

Agreement on the ownership and use of audit reports





® is a


7.10 Change in Corporate Identity or Contact Information

EMVCo Accredited Laboratories, IC Providers, Product Providers, EMVCo Qualified Auditors, and Test Tool Providers must notify EMVCo Card Type Approval Secretariat ([email protected]) of changes to information that was stated in the entity’s contract with EMVCo.

Change (or imminent change) in legal status, including change of legal name and/or merger/acquisition:

Inform the Card Type Approval Secretariat ([email protected]) as soon as possible.

Generally, no approval is needed for a mere change of name, however EMVCo’s approval or a new contract may be required for a change in legal entity (such as in the case of a merger or sale of assets). The resulting legal entity (if different from the entity that originally entered the contract with EMVCo) must re-register for CAWG approval and go through the evaluation process. Failure to re-register may result in the suspension of all EMVCo testing, Type Approval, qualification, and accreditation activities until the evaluation process has been completed.

Changes impacting legal status (including legal name) may require a new contract with EMVCo.

Generally, Letters of Compliance are not reissued when name changes are the result of corporate mergers, sales, or other events covered by the “Assignment” and “Successors and Assigns” sections in the contract between Product Provider and EMVCo. If the Product Provider requests re-issuance, EMVCo will request a re-issuance administrative fee per letter (see section 3.6). Please note that Letters of Compliance are only issued electronically.

Change to ownership:


Changes impacting ownership may require a new contract with EMVCo.

Change to address or contact information:


Reliable and effective information exchange between EMVCo and the company can only occur if EMVCo has the correct company address and correct contact.

Address and contact information changes will be applied to the EMVCo website, if applicable, and to subsequent communication (e.g. notification). Contact information changes will be applied to all listed approved Products unless specially stated on the request.








® is a


8 Termination of Type Approval

8.1 Termination Right

The Type Approval Contract provides that, at any time, a party may terminate the Type Approval Contract without cause with advance notice to the other party. It also provides for a termination right for material breach of the Type Approval Contract. Upon termination of the contract, EMVCo confirms termination of the Product Provider’s registration. Upon termination of a Letter of Compliance, EMVCo removes the Product Provider’s product to which the Letter of Compliance applies from the list of approved products on the EMVCo website. The Type Approval Contract also requires that upon termination of the contract or EMVCo’s request, the Product Provider must promptly return to EMVCo all EMVCo confidential information, or destroy the same and certify to such destruction.

8.2 Submissions after Notice of Termination

After either party’s notice of termination without cause, a Product Provider may continue submitting to EMVCo new Requests for Approval for new CMP Products or PPSE Applets during the remaining term of the Type Approval Contract, for up to six months. The standard Type Approval procedures described in section 4.9 apply. After the expiration of this 6-month period (or, if sooner, termination of the Type Approval Contract), EMVCo will not accept new Requests for Approval, but will keep the existing Product Provider’s products on the list of approved products on the EMVCo website until their Letters of Compliance expire or are terminated.




® is a


9 Test Environment

9.1 Test Environment for CMP Secure Element Product

The EMV Test Tool must interact directly with the PPSE and the SECM applications (or the SE Contactless Test Payment Application).

The CMP Secure Element Product Provider must provide a test environment (communication means) specific to its CMP Secure Element Product that can interface with the EMV test tools (unless this one is a simple PCSC Reader).

Figure 9-1: CMP Secure Element Product Configuration for External Mode




® is a


Figure 9-2: CMP Secure Element Product Configuration for Internal Mode

The interfaces between the EMV test tool and the test environment are not necessarily the same as the SE device and antenna interfaces of the SE under test. This is the role of the test environment to do the translation.




® is a


EMV test tools support at minimum an ISO 7816 contact link as a test environment (TE) device interface and an ISO 14443 contactless link as a test environment (TE) antenna interface to run the CMP Level 2 tests.

Figure 9-3: Test Tool Minimum Interfaces

Additional interfaces may be supported as well (optional for test tool vendor). In particular, EMV test tools may implement:

APDU Gate (HCI extension) as defined by GP in [GPESE], [GPESEHCI] or ETSI in [HCI] as a contact link. Purpose is to evaluate eSE using an HCI/SWP reader supporting the HCI contact and contactless extensions.

Figure 9-4: Testing using APDU Gate interface




® is a


A test application proxy embedded in a mobile device communicates with the test tool using a test tool device interface enabling transport of APDU over USB (or any another communication channel supported by the phone). The test application proxy uses the mobile device Operating System software APIs to communicate with the SE over the SE Device I/F. This approach avoids changing the test environment when switching from testing device Interface to Antenna interface.

Figure 9-5: Testing UICC using test app proxy

Figure 9-6: Testing eSE using test app proxy

Note 1: the above list of supported test interfaces between the test tool and the test environment is not exhaustive. Test tool providers may implement additional interfaces to support product providers specific interfaces. Any additional interface on top of the mandatory ISO7816/ISO14443 shall be documented by the test tool provider and approved by EMVCo but the test interface is not part of the test tool qualification by EMVCo.

Note 2: The SE Contactless Test Payment Application is provided by EMVCo for GlobalPlatform compliant CMP Secure Element Products. For other environment, the SE CMP Test Application shall be developed by the product provider according to [CMP TAR].

Note 3: Although not defined by EMVCo and therefore not yet explicitly identified as a test environment requirement, EMVCo knows that UICCs often rely on the ETSI 102.223 TERMINAL PROFILE APDU to detect the “Switched On” state. A correct test environment shall behave like a phone on this matter and send the TERMINAL PROFILE APDU after each UICC reset. Note that some UICC may use other triggers to be specified by the product providers




® is a


9.2 Test Environment for CMP PPSE Product

For the purposes of testing, the PPSE applet shall be loaded into a Secure Element and provided along with the appropriate test environment as described in 9.1.

The Secure Element shall be based on a GlobalPlatform qualified platform but does not need to have been EMVCo security evaluated.




® is a


10 Appendix A – Product Samples

The product providers shall provide 3 samples to the laboratory.

For GP Compliant platform, the CMP SE test applet is provided by EMVCo. The product provider shall also provide instructions to install and delete the CMP SE test applet instances as well as the test keys of the security domain where the CMP SE test applet instances will be installed during the test.




® is a


*** END OF DOCUMENT ***