...
What's up with ODA (offline data authentication) in the US Market and can I turn off ODA (SDA, DDA, or CDA) support for Augusta?
Answer:
CAPKs are used by the terminal to "talk" to perform security-related matters with the card. More specifically they are used to perform ODA (offline data authentication). So, the question has been posed... "Do I need to load CAPKs for a device deployed in the US (online-only market)?" The answer depends on the terminal settings and processor requirements. If the terminal settings define the ODA (SDA, DDA, or CDA) as supported (as is the case for ID TECH's Augusta and AugustaS products)Augusta S products), and the processor requires successful ODA (when supported) to approve transactions, then yes, you WILL need to load CAPKs.
Some Facts:
Augusta supports ODA always. It cannot be turned off with the currently available Terminal Settings (link: Which Terminal Settings Am I Allowed to Change?)
Tag 95 has four bits relative to the subject (link: What does TVR mean?)
Byte 1:
0-------
Offline
data
authentication
was
not
performed
-0------
SDA
failed
--0-----
ICC
data
missing
---0----
Card
appears
on
terminal
exception
file
----0---
DDA
failed
-----0--
CDA
failed
------0-
SDA
selected
-------0
RFU
If either the card
does not support ODAor the terminal does not support ODA,
thenthen Byte 1
bit 7bit 8 of tag 95 will be set
"(Offline data authentication was not performed
").
Note: Augusta supports ODA and most cards support ODA.
But, some do not
If the terminal and the card both support ODA then ODA will be attempted. If no CAPKs exist
theit will fail. The
resultsresult will be that either bit
67, bit
34, or bit
23 will be set.
Terminal Verification Results (Tag 95), byte 1, has results for Offline Data Authentication:
Bit 8: Offline data authentication not performed
This is triggered to "1" if:
The Application Interchange Profile (tag 82), Byte 1, supported authentication methods does NOT HAVE A MATCHING SUPPORTED authentication method in Terminal Capabilities (Tag 9F33), byte 3.
...
Bit 7: Offline static data authentication Failed
If both AIP (tag 82) byte 1, bit 8, and Term Cap. (tag 9F33) byte 3 bit8 support supports SDA, but the CAPK is not found on the terminal, or the CAPK is found but invalid, SDA will FAIL and this bit will be "1". The terminal decides which CAPK to use by the AID name (example A000000003) and the CAPK index (tag 8F) from the ICC.
Bit 4: Offline static dynamic data authentication Failed
If both AIP (tag 82) byte 1, bit 7, and Term Cap. (tag 9F33) byte 3 bit7 support supports DDA, but the CAPK is not found on the terminal, or the CAPK is found but invalid, or the dynamic data is incomplete or could not be collected, DDA will FAIL and this bit will be "1". The terminal decides which CAPK to use by the AID name (example A000000003) and the CAPK index (tag 8F) from the ICC.
Bit 3: Combined DDA/AC Generation Failed
If both AIP (tag 82) byte 1, bit 1, and Term Cap. (tag 9F33) byte 3 bit4 support supports CDA, but the CAPK is not found on the terminal, or the CAPK is found but invalid, or the dynamic data is incomplete or could not be collected, or the AC could not be generated, CDA will FAIL and this bit will be "1". The terminal decides which CAPK to use by the AID name (example A000000003) and the CAPK index (tag 8F) from the ICC.
...