MasterCard Relay Resistancer Protocol 09022021

Relay Resistance
Protocol
Cardholder Device Implementation Guide Version 1.0
9 February 2021
RRPCD
Contents
Contents
Chapter 1: Using this Guide.............................................................................................. 5

About the Relay Resistance Protocol Guide........................................................................................ 6
Audience.....................................................................................................................................................6
Related Publications................................................................................................................................6
Notational Conventions.......................................................................................................................... 7
Abbreviations............................................................................................................................................7
Chapter 2: Introduction to Relay Resistance Protocol......................................... 9

Relay Attack............................................................................................................................................10
Relay Resistance Protocol.....................................................................................................................11
Chapter 3: Relay Resistance Protocol – Generic Processing............................12

About Relay Attack................................................................................................................................13
Objective of Relay Resistance Protocol..............................................................................................13
Principle of Relay Resistance Protocol................................................................................................13
Relay Resistance Protocol Flow...........................................................................................................14
Processing Time Evaluation................................................................................................................. 17
Impact and Dependency.......................................................................................................................18
Chapter 4: Relay Resistance Protocol – Card Personalization....................... 19

Application Interchange Profile...........................................................................................................20
Timing Data Objects.............................................................................................................................20
Min Time for Processing Relay Resistance APDU....................................................................... 20
Max Time for Processing Relay Resistance APDU...................................................................... 21
Transmission Time for Relay Resistance R-APDU.......................................................................21
Protocol Specific Fine-Tuning......................................................................................................... 21
Application Control (Contactless)/(CL Payment)........................................................................... 22
Relay Resistance Protocol – Risk Management................................................................................22
Issuer Action Code - Default.......................................................................................................... 22
Issuer Action Code - Online.............................................................................................................23
Card Risk Management...................................................................................................................23
DGI Definitions.......................................................................................................................................23
DGI ‘B100’ – M/Chip Mobile Relay Resistance Protocol Parameters......................................23
DGI ‘B100’ – M/Chip Advance Contact Relay Resistance Protocol Parameters...................24
DGI ‘B101’ – M/Chip Advance Contactless Relay Resistance Protocol Parameters............ 24
©2021 Mastercard. Proprietary. All rights reserved.

Relay Resistance Protocol—Cardholder Device Implementation Guide Version 1.0 • 9
February 2021 2
Contents
Chapter 5: M/Chip Application – Commands Processing................................. 25

Get Processing Options........................................................................................................................ 26
RRP Counter......................................................................................................................................26
ICC Dynamic Number Generation.................................................................................................26
Get / Put Data....................................................................................................................................... 27
M/Chip Mobile...................................................................................................................................27
M/Chip Advance............................................................................................................................... 28
First Generate AC..................................................................................................................................28
State – Start.....................................................................................................................................29
State – TC Requested (M/Chip Advance)....................................................................................29
State – CDA (M/Chip Advance) / M/Chip AC Processing (M/Chip Mobile)...........................30
Build Counters Field.........................................................................................................................30
Recovery Data...................................................................................................................................30
Second Generate AC.............................................................................................................................31
State – Unable to Go Online (M/Chip Advance).........................................................................31
Recovery Data...................................................................................................................................31
Recover AC..............................................................................................................................................32
Chapter 6: Relay Resistance APDU – M/Chip Application Processing........33

About ERRD Command Message.......................................................................................................34
ERRD Command Message..............................................................................................................34
Data Field Returned in the Response Message...........................................................................34
Status Bytes......................................................................................................................................35
M/Chip Application Processing............................................................................................................35
Get Challenge Flag...........................................................................................................................36
Terminal Relay Resistance Entropy............................................................................................... 36
RRP Counter......................................................................................................................................36
Device Relay Resistance Entropy...................................................................................................36
Relay Resistance APDU Processing and Transmission Times................................................... 37
Chapter 7: Processing Time Examples....................................................................... 38

About the Processing Time Examples................................................................................................39
Transaction without Relay Attack...................................................................................................... 39
Transaction with Relay Attack.............................................................................................................41
Chapter 8: RRP Time Measurement and Recommendations...........................45

RRP Time Measurement.......................................................................................................................46
RRP Time Measurement Methodology.........................................................................................46
RRP Time Measurement Results......................................................................................................... 46

February 2021 3
Contents
Recommendations.................................................................................................................................47
Appendix A: Data Dictionary......................................................................................... 48

Application Control (CL Payment)......................................................................................................49
Application Control (Contactless)...................................................................................................... 49
Application Interchange Profile...........................................................................................................50
Card Issuer Action Code – Decline On Offline Only (CL Payment)...............................................50
Card Issuer Action Code – Go Online (CL Payment)....................................................................... 50
Card Verification Results......................................................................................................................51
Device Estimated Transmission Time For Relay Resistance R-APDU........................................... 51
Device Relay Resistance Entropy.........................................................................................................51
ICC Dynamic Number........................................................................................................................... 52
ICC Dynamic Number Master Key (Contactless).............................................................................52
Issuer Action Code – Default...............................................................................................................52
Issuer Action Code – Online................................................................................................................. 52
Maximum Relay Resistance Grace Period......................................................................................... 53
Max Time For Processing Relay Resistance APDU...........................................................................53
Minimum Relay Resistance Grace Period...........................................................................................53
Min Time For Processing Relay Resistance APDU............................................................................ 53
Relay Resistance Accuracy Threshold.................................................................................................54
Relay Resistance Transmission Time Mismatch Threshold............................................................. 54
RRP Counter........................................................................................................................................... 54
RRP Performed Flag (Recovery)..........................................................................................................54
Terminal Expected Transmission Time For Relay Resistance C-APDU......................................... 55
Terminal Expected Transmission Time For Relay Resistance R-APDU..........................................55
Terminal Relay Resistance Entropy.....................................................................................................55
Terminal Verification Results............................................................................................................... 55
Torn Record............................................................................................................................................. 56
Transmission Time For Relay Resistance R-APDU............................................................................56
Unpredictable Number......................................................................................................................... 56
Unpredictable Number (Recovery)..................................................................................................... 57

February 2021 4
Using this Guide
Chapter 1 Using this Guide

This chapter contains information that helps you understand and use this guide.
About the Relay Resistance Protocol Guide........................................................................................................6

Audience....................................................................................................................................................................6
Related Publications............................................................................................................................................... 6
Notational Conventions..........................................................................................................................................7
Abbreviations........................................................................................................................................................... 7

February 2021 5
Using this Guide
About the Relay Resistance Protocol Guide
About the Relay Resistance Protocol Guide

This Relay Resistance Protocol, Cardholder Device Implementation Guide highlights
the additional options and features related to relay resistance protocol that define
the behavior of the M/Chip application.
The information given in this manual in relation to customization, data objects,
parameter management, and any other matters, is given to assist in the
development of the relay resistance protocol and operation for contactless M/Chip
card and mobile applications.
This document should be read in conjunction with:
• M/Chip Mobile Specification
• M/Chip Advance Card Application Specification Payment
• M/Chip Advance Card Application Specification Payment and Data Storage
Audience
Mastercard provides this guide for card application developers, card application
testers, and customers.
Related Publications
The following publications are referenced by this document. Publications with a
date or version are referenced directly, and in the case of publications without a
date or version refer to the latest.
Reference Document
[EMVC2] EMV Contactless Specifications for Payment
Systems, Book C-2, Kernel Specification
[EMVB3] EMV Contactless Specifications for Payment
Systems, Book 3 Application Specification
[MCCASP] M/Chip Advance Card Application
Specification Payment V1.2.3 or M/Chip
Advance Card Application Specification
Payment and Data Storage V1.2.3
[MCM] M/Chip Mobile Specification V1.1.3

February 2021 6
Using this Guide
Notational Conventions
Notational Conventions
The following conventions are used throughout the document.
Notation Description
‘0’ to ‘9’ and ‘A’ to ‘F’ Hexadecimal notation. Values expressed in
the hexadecimal form are enclosed in single
quotes (i.e. ‘_’).
0110b Binary notation. Values expressed in binary
form are followed by b.
“abcd” an or ans string
[…] Optional part
Xx Undefined value
AIP[2][4] For multi-byte data objects, a byte index
and a bit index are used under brackets. This
example references the fourth bit of the
second byte of the Application Interchange
Profile data object.
Abbreviations
The following abbreviations are used throughout this guide.
Abbreviation Meaning
AC Application Cryptogram
AIP Application Interchange Profile
ARQC Authorization ReQuest Cryptogram
ATC Application Transaction Counter
C Conditional
CDA Combined DDA/AC Generation
DDA Dynamic Data Authentication
EMV EMV is a technology toolbox that enables globally
interoperable secure payments across both face-to-face and
remote environments
ERRD EXCHANGE RELAY RESISTANCE DATA

February 2021 7
Using this Guide
Abbreviations
Abbreviation Meaning
ICCDN Integrated Circuit Card Dynamic Number
LoA Letter of Approval
M Mandatory
mPOS Mobile Point Of Sale
O Optional
PAN Primary Account Number
PDOL Processing Options Data Object List
PICC Proximity Integrated Circuit Card
RFU Reserved for Future Use
RRP Relay Resistance Protocol
TC Transaction Certificate

February 2021 8
Introduction to Relay Resistance Protocol
Chapter 2 Introduction to Relay Resistance Protocol

This chapter provides information about the Relay Resistance Protocol.
Relay Attack...........................................................................................................................................................10
Relay Resistance Protocol....................................................................................................................................11

February 2021 9
Relay Attack
Relay Attack
The relay attack is also known as the “chess grandmaster attack” by analogy to
the ruse in which someone who doesn’t know how to play chess can beat an
expert: the player simultaneously challenges two grandmasters to an online game
of chess and uses the moves chosen by the first grandmaster in the game against
the second grandmaster, and vice versa.
By relaying the opponents’ moves between the games, the player appears to be a
formidable opponent to both grandmasters and will win (or at least force a draw)
in one match.
A relay attack is where a bogus terminal is used to fool an unsuspecting cardholder
into transacting, where the actual transaction is relayed via a bogus card simulator
to the authentic terminal of an unsuspecting merchant. It may also be that a
bogus reader is used without the cardholder being aware of the transaction. In
Figure 1 Relay Attack, a genuine card (A) is placed against a bogus terminal (B)
and a fake card (C) is used to attempt a transaction in a genuine terminal (D). The
genuine terminal (D) would challenge the fake card (C) to prove its identity. This
challenge is then relayed by the fake card (C) to the genuine card (A) via the bogus
terminal (B) and the genuine card’s (A) response is relayed back to the genuine
terminal (D) on behalf of the fake card (C) for verification. The end result is that
the terminal (D) used for the real purchase sees the fake card (C) as genuine.
Figure 1: Relay Attack
There are many variations on this theme, and although the implementation of the
Relay Resistance Protocol (RRP) could be supported over the contact interface,
there is currently no contact terminal that supports it. As a result, this guide
mainly considers RRP over the contactless interface.

February 2021 10
Relay Resistance Protocol
Relay Resistance Protocol

The objective of Relay Resistance Protocol (RRP) is not to implement a full
“distance bounding protocol” as that requires significant hardware changes, but
rather to make it uneconomic or sufficiently difficult to dissuade such attacks.
Specifically, the aim is to make it infeasible to use off the shelf devices such as NFC
mobile phones to build a relay attack.
The time penalty for adding RRP to a contactless transaction is about 10ms
(depending upon the quality of communication between the card and the
terminal). RRP activation for a transaction follows the conditions mentioned
below:
• If the cardholder device does not support RRP but the terminal does, the
terminal transacts as normal without RRP.
• Similarly, if the terminal does not support RRP but the cardholder device does,
the transaction proceeds as normal without RRP.
• RRP is only executed if both the cardholder device and the terminal support RRP.
If the cardholder device or reader supports RRP but the counterparty does not,
configuration to force the transaction online is possible, but it is not envisaged that
it would be deployed in this manner.
If the attacker attempts to subvert the protocol, the transaction is either
terminated by the terminal, declined by the cardholder device, or sent online with
RRP data for the issuer to decide.

February 2021 11
Relay Resistance Protocol – Generic Processing
Chapter 3 Relay Resistance Protocol – Generic

Processing
This chapter describes the generic processing details of Relay Resistance Protocol.
About Relay Attack...............................................................................................................................................13

Objective of Relay Resistance Protocol.............................................................................................................13
Principle of Relay Resistance Protocol...............................................................................................................13
Relay Resistance Protocol Flow..........................................................................................................................14
Processing Time Evaluation.................................................................................................................................17
Impact and Dependency......................................................................................................................................18

February 2021 12
About Relay Attack
About Relay Attack

A relay attack is where a fraudulent terminal is used to mislead an unsuspecting
cardholder into transacting, where the actual transaction is relayed via a
fraudulent card (or simulator) to the authentic terminal of an unsuspecting
merchant. It may also be that a fraudulent reader is used without the cardholder
being aware of the transaction.
Objective of Relay Resistance Protocol

The objective of Relay Resistance Protocol (RRP) implemented in M/Chip
applications is to provide a simple dissuasive countermeasure that makes a relay
attack uneconomic to use.
The main target is to protect contactless transactions. More specifically, the aim is
to make it infeasible to use off the shelf devices such as NFC mobile phones to
build a relay attack.
Principle of Relay Resistance Protocol

The basic principle of RRP is the calculation of the consumer device’s processing
time of the ERRD command.
The terminal calculates the complete end-to-end time of the transmission and
processing of the ERRD command. Using the end-to-end time, the terminal
calculates the consumer device’s processing time of the ERRD command.
During a relay attack, due to the addition of a bogus terminal and a fake consumer
device, the end-to-end time of the transmission and processing of the ERRD
command is significantly increased. Therefore, when the terminal calculates the
consumer device’s processing time of the ERRD command and compares it with
the processing time of the ERRD command reported by the consumer device in the
ERRD R-APDU, it finds a significant discrepancy and identifies that a relay attack
is in progress.
The calculation of the consumer device’s processing time of the ERRD command
without a relay attack is described in section Transaction without Relay Attack.
The calculation of the consumer device’s processing time of the ERRD command
when a relay attack is in progress is described in section Transaction with Relay
Attack.

February 2021 13
Relay Resistance Protocol Flow

The support of RRP by a cardholder device is indicated by setting the ‘Relay
resistance protocol is supported’ bit in Application Interchange Profile to 1b.
A terminal indicates the support of RRP by setting the ‘Relay resistance protocol
supported’ bit in Kernel Configuration to 1b. If both the cardholder device and the
terminal support RRP, only then RRP is activated.
The RRP flow between the terminal and the M/Chip application is shown in figure
RRP Flow.
Figure 2: RRP Flow
1. Upon reception of the GPO command, the card:

– Generates an ICC Dynamic Number of 16 bytes using ICC Dynamic Number
Master Key (Contactless) and ATC. ICC Dynamic Number is later used by the
card to generate Device Relay Resistance Entropy.

February 2021 14
2. If both the terminal and cardholder device support RRP, the terminal:
– Generates an Unpredictable Number of 4 bytes. The terminal uses the same
Unpredictable Number as Terminal Relay Resistance Entropy for RRP as well
as the Unpredictable Number sent during the GENERATE AC command.
Using the same value as Terminal Relay Resistance Entropy for RRP and
Unpredictable Number for GENERATE AC command ensures that there is no
additional data to be sent to the issuer in case RRP has to be processed by
the issuer during online authorization.
– Starts a Timer
– Sends the ERRD command to the card
3. Upon reception of the ERRD command, the M/Chip application:
– Verifies that the RRP Counter is not equal to or greater than 3 as the ERRD
command can only be sent up to three times. After three trials, the
application will return the status bytes SW1 SW2 = ‘6985’.
– Increments the RRP Counter by 1.
– Generates a 4-byte Device Relay Resistance Entropy random value using the
ICC Dynamic Number generated during the GET PROCESSING OPTIONS
command and used for the CDA process. Device Relay Resistance Entropy is
generated as follows:
Device Relay Resistance Entropy = ICC Dynamic Number[(4*RRP
Counter)-3 : 4*RRP Counter].
The ICC Dynamic Number is used to create the Device Relay Resistance
Entropy so that the Device Relay Resistance Entropy can be verified by the
issuer in case RRP has to be processed by the issuer during online
authorization.
– In the ERRD response, returns the following data
– Device Relay Resistance Entropy – 4 bytes
– Min Time For Processing Relay Resistance APDU – 2 bytes
– Max Time For Processing Relay Resistance APDU – 2 bytes
– Transmission Time For Relay Resistance R-APDU – 2 bytes
4. Upon reception of the response, the terminal will evaluate the ERRD command
processing time and compare the value with the Min Time For Processing Relay
Resistance APDU and Max Time For Processing Relay Resistance APDU
returned by the M/Chip application. If within the time limits then the terminal
will set the appropriate bits in the Terminal Verification Results to reflect the
results of the verification. In case the max relay resistance limit is exceeded, the
terminal will generate a new Unpredictable Number and retry the ERRD
command up to 2 times. After three failures, the terminal will report RRP
failure in the Terminal Verification Results.
5. The terminal sends the GENERATE AC command that includes the
Unpredictable Number generated in step 2 or step 4 if ERRD is repeated.
6. As part of the GENERATE AC command processing and if an ERRD command
has been received (RRP Counter > 0), the M/Chip application:

February 2021 15
– Compares the Terminal Relay Resistance Entropy value received in the ERRD
command with the Unpredictable Number value received in the GENERATE
AC command. If they do not match, the M/Chip application will decline the
transaction with an AAC.
– Checks that the Terminal Verification Results indicate that RRP was
performed. If it is not the case, the M/Chip application will decline the
transaction with an AAC.
– Checks that the terminal requested CDA in the GENERATE AC (by checking
Terminal Verification Results for M/Chip Advance and Reference Control
Parameter P1 for M/Chip Mobile). If it is not the case and the ‘Decline If CDA
Not Performed And RRP Performed’ bit in Application Control (Contactless)/
Application Control (CL Payment) is set to 1b, the M/Chip application will
decline the transaction with an AAC.
For M/Chip Advance as part of the GENERATE AC command processing and if
an ERRD command has not been received (RRP Counter = 0), the M/Chip
application:
– If the terminal requested a TC, Online is possible and the ‘Go Online If RRP
Not Performed’ bit in Application Control (Contactless) is set to 1b then an
ARQC is returned.
– If the terminal requested a TC, Online is not possible, and the ‘Decline If
Unable To Go Online And RRP Not Performed’ bit in Application Control
(Contactless) is set to 1b then an AAC is returned.
For M/Chip Mobile as part of the GENERATE AC command processing and if
an ERRD command has not been received (RRP Counter = 0) the M/Chip
application sets the ‘Relay Resistance Not Performed’ bit in the Card
Verification Results
7. Upon reception of the APDU response, as part of the CDA verification process,
the terminal will:
– Verify the integrity of the RRP data values received by the terminal during
the ERRD command and the integrity of the Terminal Relay Resistance
Entropy value received by the M/Chip application. If values are not matching,
it may indicate an attempt to hack the RRP. The terminal will report CDA
failure in Terminal Verification Results and fail the transaction.
– If CDA was not requested by the terminal in the GENERATE AC command
and RRP was performed, the terminal will update the discretionary data of
the track 2 equivalent data as follows:
1. CA Public Key Index – 1 digit
2. RRP Counter – 2 digits
3. Device Relay Resistance Entropy – 3 or 5 digits (5 digits if PAN <= 16)
4. Measured Relay Resistance Processing Time div 10 – 3 digits

February 2021 16
Processing Time Evaluation
Processing Time Evaluation

The terminal calculates the measured relay resistance processing time of the ERRD
command by subtracting the expected communication times values listed below
from the time measured by the terminal between the start of sending the ERRD
command and the completion of the response reception.
• The cardholder device application provides an estimated response transmission
time (Transmission Time For Relay Resistance R-APDU)
• The terminal is personalized with
– An estimated command transmission time (Terminal Expected Transmission
Time For Relay Resistance C-APDU)
– An estimated response transmission time (Terminal Expected Transmission
Time For Relay Resistance R-APDU)
For the response transmission time to subtract, the terminal will use the smallest
value between the Transmission Time For Relay Resistance R-APDU provided by
the cardholder device application and the Terminal Expected Transmission Time
For Relay Resistance R-APDU.
Figure 3: RRP Processing Time
In addition, a small tolerance is given by the reader in the form of a “grace period”
above and below the timing window defined by the cardholder device application
to accommodate potential timing inaccuracy. Two values, Minimum Relay
Resistance Grace Period and Maximum Relay Resistance Grace Period are
personalized in the terminal configuration.

February 2021 17
Impact and Dependency
These represent how far outside the timing window the measured relay resistance
processing time may be and yet still be considered acceptable. These grace periods
are intended to cater for small errors in timing accuracy and the better the quality
of the reader implementation the smaller they can be set. A few milliseconds at
most should be permitted.
• Minimum Relay Resistance Grace Period is subtracted from Min Time For
Processing Relay Resistance APDU to define the lower authorized processing
time window.
• Maximum Relay Resistance Grace Period is added to Max Time For Processing
Relay Resistance APDU to define the upper authorized processing time window.
Impact and Dependency

The relay resistance protocol (RRP) requires that both terminal and cardholder
device application support CDA to ensure the integrity of the entropy values
exchanged and the time limits transmitted to the terminal.
RRP activation may imply that the issuer authorization system supports RRP to
manage situations where RRP fails or where RRP was not performed reliably. In
these situations, the terminal delivers the RRP data to the issuer to permit the
issuer to assess the risk and decide whether to approve or decline the transaction.
The cardholder device application can also be configured to decline offline in these
situations if the issuer authorization system cannot manage them. Issuers may
decide to decline transactions or configure the cardholder device to decline if RRP
was not performed when it should have been.
The typical values for RRP minimum and maximum limits (processing time) are
5ms and 10ms. The time penalty by adding RRP to a transaction is therefore
estimated to be between 10ms to 20ms.

February 2021 18
Relay Resistance Protocol – Card Personalization
Chapter 4 Relay Resistance Protocol – Card

Personalization
This chapter provides information required by application developers to implement relay
resistance protocol on M/Chip Advance and M/Chip Mobile applications.
Application Interchange Profile.......................................................................................................................... 20

Timing Data Objects............................................................................................................................................ 20
Min Time for Processing Relay Resistance APDU.......................................................................................20
Max Time for Processing Relay Resistance APDU......................................................................................21
Transmission Time for Relay Resistance R-APDU...................................................................................... 21
Protocol Specific Fine-Tuning........................................................................................................................ 21
Application Control (Contactless)/(CL Payment)...........................................................................................22
Relay Resistance Protocol – Risk Management............................................................................................... 22
Issuer Action Code - Default..........................................................................................................................22
Issuer Action Code - Online............................................................................................................................23
Card Risk Management..................................................................................................................................23
DGI Definitions......................................................................................................................................................23
DGI ‘B100’ – M/Chip Mobile Relay Resistance Protocol Parameters..................................................... 23
DGI ‘B100’ – M/Chip Advance Contact Relay Resistance Protocol Parameters..................................24
DGI ‘B101’ – M/Chip Advance Contactless Relay Resistance Protocol Parameters........................... 24

February 2021 19
Application Interchange Profile

The Application Interchange Profile (AIP) is a 2-byte data object that indicates the
capabilities of the card application to support specific functions in the application
The ‘Relay resistance protocol is supported’ bit in AIP must be personalized as 1b
to indicate that the M/Chip application supports RRP.
Timing Data Objects

Applications are personalized with a minimum processing time, a maximum
processing time, and a transmission time.
The minimum and maximum times personalized in the M/Chip application must be
close to the expected times and the variation between actual and maximum must
be shorter than the fastest time reasonably available to the attacker. Given that
relay attacks may add as little as 20ms, the difference between actual and
maximum (and therefore between the minimum and maximum) must be less than
about 15ms. For a high-quality implementation, the M/Chip application vendor will
be able to specify that only a short window between minimum and maximum is
required. Some cardholder devices may be able to improve the accuracy of these
time values by dynamically determining them during the processing of the ERRD
command.
Min Time for Processing Relay Resistance APDU

Min Time for Processing Relay Resistance APDU is a 2-byte binary value in units of
hundreds of microseconds that represents the minimum time for processing the
ERRD command by the M/Chip application.
The Min Time For Processing Relay Resistance APDU must be set such that it is not
possible to obtain a response from the device faster than this minimum time under
any circumstances. This ensures that the minimum time is always obeyed
regardless of the operating environment and takes account of the possibility that
an attacker may attempt to operate the device in conditions that are beyond
those expected of a genuine terminal (such as, higher clock rate or carrier
frequency).
A typical value of Min Time For Processing Relay Resistance APDU might be 50
(‘0032’) representing 5ms.
Depending on the protocol(s) used by the device (Type A, Type B, or Type A and B)
some fine-tuning of the value may be applied to give greater accuracy. See section
Protocol Specific Fine-Tuning.
Min Time for Processing Relay Resistance APDU is personalized as follows:

February 2021 20
Max Time for Processing Relay Resistance APDU
• Using DGI ‘B100’ for the contact interface of cards and the contactless
interface of mobile applications
• Using DGI ‘B101’ for the contactless interface of cards
If the card or mobile application provider is unable to confidently specify the
required value of Min Time For Processing Relay Resistance APDU to be used then
a value of ‘0000’ should be personalized to ensure interoperability.
Max Time for Processing Relay Resistance APDU

Max Time For Processing Relay Resistance APDU is a 2-byte binary value in units of
hundreds of microseconds that represents the maximum time for processing the
ERRD command by the M/Chip application.
A typical value of Max Time For Processing Relay Resistance APDU might be 100
('0064') representing 10ms.
Depending on the protocol(s) used by the device (Type A, Type B, or Type A&B)
some fine-tuning of the value may be recommended to give greater accuracy – see
section Protocol Specific Fine-Tuning.
Max Time For Processing Relay Resistance APDU is personalized as follows:
Transmission Time for Relay Resistance R-APDU

Transmission Time for Relay Resistance R-APDU is a 2-byte binary value in units of
hundreds of microseconds that represents the time taken by the M/Chip
application to send the ERRD command response to the terminal.
For contactless device, a typical value might be 15 ('000F') for Type A representing
1.5ms and 19 ('0013') for Type B or Type A & B representing 1.9ms. For contact
device, a typical value might be 206 ('00CE') representing 20.6ms.
The transmission times should be set to the slowest time expected under normal
operating conditions so that any faster transmission (such as, using Type A rather
than Type B) does not extend the maximum processing time that will be measured
but instead is accommodated by the compensation applied to the device’s
minimum processing time.
Transmission Time For Relay Resistance R-APDU is personalized as follows:
Protocol Specific Fine-Tuning

A Type A only device would compensate for the difference expected between Type
A and Type B by subtracting 3 from its expected maximum processing time and

February 2021 21
Application Control (Contactless)/(CL Payment)
provide additional margin in case the reader is configured with the maximum Type
B C-APDU time by subtracting 10 from the expected minimum processing time.
Type A and B devices would provide additional margin in case Type A is used by
subtracting between 13 and 20 from the expected minimum processing time
depending on the device’s Type B response time (1ms for the maximum difference
in C-APDU time and between 0.3ms and 0.6ms for the difference in the R-APDU
time).
Application Control (Contactless)/(CL Payment)

The Application Control (Contactless)/Application Control (CL Payment) activates
or de-activates functions in the M/Chip application when the contactless interface
is active.
If the issuer authorization system supports RRP to manage situations where RRP
cannot be performed reliably by the terminal, then the following bits of Application
Control (Contactless)/Application Control (CL Payment) must be personalized:
• The ‘Include Counters in AC’ bit must be personalized as 1b.
• The ‘Include RRP Data in Counters’ bit must be personalized as 1b.
Relay Resistance Protocol – Risk Management

The result of the RRP processing will be recorded in the Terminal Verification
Results and used as part of the terminal action analysis.
The Issuer should personalize the following sections.
Issuer Action Code - Default

The following bits of Issuer Action Code - Default should be personalized as 1b to
make sure that failure to perform CDA or RRP failure results in the transaction
being declined if it is not possible to send the transaction online for issuer
authorization.
• ‘CDA Failed’
• ‘Offline Data Authentication Was Not Performed’
• ‘Relay resistance threshold exceeded’
• ‘Relay resistance time limits exceeded’
• ‘RRP NOT PERFORMED’

February 2021 22
Issuer Action Code - Online
Issuer Action Code - Online

The following bits of Issuer Action Code – Online should be personalized as 1b to
make sure that failure to perform CDA or RRP failure results in the transaction
being sent online for issuer authorization.
• ‘CDA Failed’
• ‘Offline Data Authentication was not performed’
• ‘Relay resistance threshold exceeded’
• ‘Relay resistance time limits exceeded’
• ‘RRP NOT PERFORMED’
Card Risk Management

For a card the following bits of Application Control (Contactless) should be set to
0b or 1b to define the required behavior of the M/Chip application during the Card
Risk Management according to issuer preference and issuer host capability.
• ‘Decline If CDA Not Performed And RRP Performed’
In this case, although RRP was performed but since CDA was not performed,
issuer action codes cannot be relied upon and they could have been manipulated
by the attacker. An issuer may need to set this bit to 1b if their host system is
unable to process the online RRP data that will be included in Track 2 Equivalent
Data if RRP is performed without CDA.
• ‘Go Online If RRP Not Performed’
• ‘Decline If Unable To Go Online And RRP Not Performed’
For a mobile application the ‘Decline If CDA Not Performed And RRP Performed’ in
Application Control (CL Payment) should be set to 0b or 1b according to issuer
preference and issuer host capability. The ‘Relay Resistance Not Performed’ bit in
Card Issuer Action Code – Decline On Offline Only (CL Payment) and Card Issuer
Action Code – Go Online (CL Payment) set to 0b or 1b according to issuer
preference.
DGI Definitions
DGI ‘B100’ – M/Chip Mobile Relay Resistance Protocol Parameters

Table DGI ‘B100’ – M/Chip Mobile RRP Parameters lists the data objects that for
M/Chip Mobile must be personalized using DGI ‘B100’ to implement RRP.
Encryption is not required for the personalization of these data objects.
Table 1: DGI ‘B100’ – M/Chip Mobile RRP Parameters
Data Object Offset Length

Min Time For Processing Relay Resistance APDU 0 2

February 2021 23
DGI ‘B100’ – M/Chip Advance Contact Relay Resistance Protocol Parameters

Max Time For Processing Relay Resistance APDU 2 2
Transmission Time For Relay Resistance R-APDU 4 2
DGI ‘B100’ – M/Chip Advance Contact Relay Resistance Protocol Parameters

Table DGI ‘B100’–M/Chip Advance Contact RRP Parameters lists the data objects
that must be personalized using DGI ‘B100’ to implement RRP. Encryption is not
required for the personalization of these data objects.
Table 2: DGI ‘B100’ – M/Chip Advance Contact RRP Parameters

Min Time For Processing Relay Resistance APDU (Contact) 0 2
(Contact)
(Contact)
DGI ‘B101’ – M/Chip Advance Contactless Relay Resistance Protocol Parameters

Table DGI ‘B101’ – M/Chip Advance Contact RRP Parameters lists the data objects
that must be personalized using DGI ‘B101’ to implement RRP. Encryption is not
required for the personalization of these data objects.
Table 3: DGI ‘B101’ – M/Chip Advance Contact RRP Parameters

Min Time For Processing Relay Resistance APDU 0 2
(Contactless)
(Contactless)
(Contactless)

February 2021 24
M/Chip Application – Commands Processing
Chapter 5 M/Chip Application – Commands Processing

This chapter explains the changes introduced in different commands supported by M/
Chip Advance and M/Chip Mobile applications to implement the relay resistance protocol.
Get Processing Options........................................................................................................................................26

RRP Counter.....................................................................................................................................................26
ICC Dynamic Number Generation................................................................................................................26
Get / Put Data...................................................................................................................................................... 27
M/Chip Mobile..................................................................................................................................................27
M/Chip Advance...............................................................................................................................................28
First Generate AC.................................................................................................................................................28
State – Start....................................................................................................................................................29
State – TC Requested (M/Chip Advance)................................................................................................... 29
State – CDA (M/Chip Advance) / M/Chip AC Processing (M/Chip Mobile).......................................... 30
Build Counters Field........................................................................................................................................ 30
Recovery Data..................................................................................................................................................30
Second Generate AC............................................................................................................................................31
State – Unable to Go Online (M/Chip Advance)........................................................................................31
Recovery Data..................................................................................................................................................31
Recover AC............................................................................................................................................................. 32

February 2021 25
Get Processing Options
Get Processing Options

The GET PROCESSING OPTIONS command message is specified in below table,
Get Processing Options Command Message.
Table 4: Get Processing Options Command Message
Code Value
CLA ‘80’
INS ‘A8’
P1 ‘00’
P2 ‘00’
Lc Card ‘02’, ‘07’, ‘0A’ or ‘0F’, Mobile ‘02’ or ‘0C’
Data PDOL Related Data
Le ‘00’
RRP Counter
The RRP Counter is set to zero during the processing of the GET PROCESSING
OPTIONS command by the M/Chip application.
The cardholder device will allow the terminal to send the EXCHANGE RELAY
RESPSITANCE DATA C-APDU a maximum of 3 times. RRP Counter is used by the
cardholder device to count the number of ERRD commands sent by the terminal
after a GET PROCESSING OPTIONS command. It is incremented after receiving
the EXCHANGE RELAY RESPSITANCE DATA command and before selecting the
Device Relay Resistance Entropy.
ICC Dynamic Number Generation

When the cardholder device receives ERRD command by the terminal, it returns a
4-byte Device Relay Resistance Entropy in the ERRD R-APDU.
To ensure that the cardholder device takes the least possible time to process the
ERRD command, the ICC Dynamic Number is generated during the GET
PROCESSING OPTIONS command and during the ERRD command, the cardholder
device selects and returns the 4-byte Device Relay Resistance Entropy from the
previously generated ICC Dynamic Number.
Generate the 16-byte ICC Dynamic Number using the ICC Dynamic Number
Master Key (Contactless) as follows:

February 2021 26
Get / Put Data
ICC Dynamic Number := (IDNL | IDNR)

where
IDNL := DES3(MKIDN)[(ATC | 'FF' | '00' | '00' | '00' | '00' | '00')]
IDNR := DES3(MKIDN)[(ATC | '00' | '00' | '00' | '00' | '00' | '00')]
ICC Dynamic Number used in CDA and DDA signatures is therefore ICC Dynamic
Number[9:16].
The Device Relay Resistance Entropy is calculated as follows:
Device Relay Resistance Entropy := ICC Dynamic Number[(4xRRP Counter)-3 :
4xRRP Counter]
Example
When RRP Counter = 1:
Device Relay Resistance Entropy := ICC Dynamic Number[1:4]
Get / Put Data

RRP has introduced new parameters that must be personalized on the M/Chip
application to implement RRP. These new RRP parameters can be read using GET
DATA and updated using PUT DATA. The specific tags used for these RRP
parameters are described in the following sections.
M/Chip Mobile
For MCM 1.1, the table below defines the tags used by GET DATA and PUT DATA
commands for the RRP parameters.
Table 5: GET DATA / PUT DATA Tags for RRP
P1|P2 Data Object Length

'DF05' Min Time For Processing 2
Relay Resistance APDU
'DF04' Max Time For Processing 2
'DF0B' Transmission Time For Relay 2
Resistance R-APDU

February 2021 27
M/Chip Advance
M/Chip Advance
For MCA 1.2, the below table defines the tags used by GET DATA and PUT DATA
commands for the RRP parameters.
Table 6: GET DATA / PUT DATA Tags for RRP
P1|P2 Data Object Length

‘DF05’ Min Time For Processing 2
(Contact)
‘DF04’ Max Time For Processing 2
(Contact)
‘DF0B’ Transmission Time For Relay 2
Resistance R-APDU
(Contact)
‘DF75’ Min Time For Processing 2
(Contactless)
‘DF74’ Max Time For Processing 2
(Contactless)
‘DF76’ Transmission Time For Relay 2
Resistance R-APDU
(Contactless)
First Generate AC
The terminal sends the First GENERATE AC command along with transaction-
related data to the cardholder device, which then computes and returns an
application cryptogram.
Depending on the risk management in the M/Chip application, the cryptogram
returned by the cardholder device may differ from that requested in the command
message. The cardholder device may return an AAC (transaction declined), an
ARQC (online authorization request), or a TC (transaction approved).
NOTE: Refer to [MCCASP] or [MCM] for the detailed description of First GENERATE AC
command processing and First GENERATE AC state diagrams.

February 2021 28
State – Start
State – Start
In the start state of the processing of the First GENERATE AC command, the M/
Chip application performs the following checks.
• Before checking if the application is blocked, if an ERRD command was received
and processed (RRP Counter ≠ ‘00’), the M/Chip application compares the
Unpredictable Number received in the GENERATE AC command with the
Terminal Relay Resistance Entropy which was received in the ERRD command. If
they differ, the transaction is declined with an AAC. The terminal must use the
same value for both Terminal Relay Resistance Entropy in the ERRD command
and the Unpredictable Number in GENERATE AC command. If they differ, it
indicates tampering of the data.
• If an ERRD command was received and processed (RRP Counter ≠ ‘00’) and the
terminal does not indicate in Terminal Verification Results that it has performed
the Relay Resistance Protocol (the ‘RRP Performed’ bits in Terminal Verification
Results are not set to 10b) then the transaction is declined with an AAC. This is
to ensure that the M/Chip application cannot be fooled into believing that RRP
had been performed by the terminal when it had not been performed by the
genuine terminal but rather had been performed by the attacker.
• For M/Chip Mobile if an ERRD command was received and processed (RRP
Counter ≠ ‘00’) and the terminal did not request CDA (’Combined DDA/AC
Generation Requested’ in Reference Control Parameter P1 is not set) and
‘Decline If CDA Not Requested And RRP Performed’ in Application Control (CL
Payment) is set then the transaction is declined with an AAC as without
performing CDA, the RRP APDU processing times cannot be trusted.
• For M/Chip Advance if ‘Offline Data Authentication Was Not Performed’ or
‘CDA Failed’ is set in Terminal Verification Results and ‘Decline If CDA Not
Requested And RRP Performed’ in Application Control (Contactless) then
decline the transaction with an AAC as the genuine terminal would not have
requested CDA.
State – TC Requested (M/Chip Advance)

In the TC requested state of the First GENERATE AC command, the M/Chip
Advance application processes as follows.
• When a TC is requested and online is possible, if an ERRD command was not
received and processed (RRP Counter = ‘00’) and ‘Go Online If RRP Not
Performed’ is set in Application Control (Contactless) then an ARQC is returned.
• When a TC is requested and online is not possible, f an ERRD command was not
received and processed (RRP Counter = ‘00’) and ‘Decline If Unable To Go Inline
And RRP Not Performed’ is set in Application Control (Contactless) then an AAC
is returned.

February 2021 29
State – CDA (M/Chip Advance) / M/Chip AC Processing (M/Chip Mobile)
State – CDA (M/Chip Advance) / M/Chip AC Processing (M/Chip Mobile)

During the First GENERATE AC processing if an ERRD command was received and
processed (RRP Counter ≠ ‘00’), then the data objects in the below table are added
to build ICC Dynamic Data.
Table 7: RRP Data Objects - ICC Dynamic Data
Data Object Length

Terminal Relay Resistance Entropy 4
Device Relay Resistance Entropy 4
Min Time For Processing Relay Resistance 2
APDU
Max Time For Processing Relay Resistance 2
APDU
Transmission Time For Relay Resistance R- 2
APDU
Build Counters Field

During the First GENERATE AC processing if an ERRD APDU was received and
processed (RRP Counter ≠ ‘00’) and ‘Include RRP Data in Counters’ in Application
Control (Contactless)/Application Control (CL Payment)is set, then the process to
build the counters field is modified.
The 8th byte of the counters field is replaced by the maximum time for processing
the relay resistance APDU in milliseconds (Max Time For Processing Relay
Resistance APDU / 10). If the counters field is 16 bytes in length then the 16th byte
is replaced by the minimum time for processing the relay resistance APDU in
milliseconds (Min Time For Processing Relay Resistance APDU / 10). In both cases,
if the value exceeds 255 then the value is set to 255.
NOTE: The RRP related data is only included in the counters field generated during the First
GENERATE AC command.
Recovery Data
The below table lists the RRP related data added to the recovery data.
Table 8: RRP Data Objects – Recovery Data
RRP Performed Flag (Recovery)

Terminal Relay Resistance Entropy (Recovery)

February 2021 30
Second Generate AC
Device Relay Resistance Entropy (Recovery)
NOTE: If an implementation had variable timings but was able to dynamically determine
the timings that need to be reported then it would also need to add the data objects listed
in the below table to the recovery data and use them during RECOVER AC processing.
Table 9: RRP Data Objects – Recovery Data
Min Time For Processing Relay Resistance APDU (Recovery)

Max Time For Processing Relay Resistance APDU (Recovery)
Transmission Time For Relay Resistance R-APDU (Recovery)
During the completion of the First GENERATE AC processing, when the recovery
data is updated, if both RRP and CDA were performed the RRP Performed Flag
(Recovery) is set to indicate that RRP data was included in the CDA signature. If
CDA was not performed or if RRP was not performed the RRP Performed Flag
(Recovery) is cleared. If the RRP Performed Flag (Recovery) is set then the other
RRP recovery values in the recovery data are updated to the corresponding values
used in the transaction.
Second Generate AC
In the Second GENERATE AC command processing, the M/Chip application
processes as follows.
NOTE: Refer to [MCCASP] or [MCM] for the detailed description of Second GENERATE AC
command processing and Second GENERATE AC state diagrams.
State – Unable to Go Online (M/Chip Advance)

For M/Chip Advance if an ERRD APDU was not received and processed (RRP
Counter = ‘00’) and ‘Decline If Unable To Go Online And RRP Not Performed’ is set
in Application Control (Contactless) then an AAC is returned.
Recovery Data
During the completion of the Second GENERATE AC processing, when the recovery
data is updated, the RRP Performed Flag (Recovery) is cleared to indicate that
RRP data was not included in the CDA signature.
NOTE: It’s only necessary to update the RRP Performed Flag (Recovery) if the CDA
Transaction Flag (Recovery) is being set to indicate that CDA was performed.

February 2021 31
Recover AC
Recover AC
The RECOVER AC command is used by the terminal when the terminal did not
receive the response on the First or Second GENERATE AC command.
The command data field contains the Unpredictable Number as an identification
of the AC that was not received. The RECOVER AC processing is modified as
follows for RRP.
If the CDA Transaction Flag (Recovery) is set and the RRP Performed Flag
(Recovery) is set then the M/Chip application will append the data in the below
table to the existing ICC Dynamic Data (after Hash Result or DS Summary 3 if
data storage is performed).
Table 10: ICC Dynamic Data (RRP and No DS)
Data Object Length

Terminal Relay Resistance Entropy 4
(Recovery)
Device Relay Resistance Entropy (Recovery) 4
Min Time For Processing Relay Resistance 2
APDU
Max Time For Processing Relay Resistance 2
APDU
Transmission Time For Relay Resistance R- 2
APDU
The length of the 'BB' padding following the ICC Dynamic Data in the dynamic
application data to be signed is accordingly reduced by 14 bytes.
NOTE: Refer to [MCCASP] or [MCM] for the detailed description of RECOVER AC command
processing and RECOVER AC state diagrams.

February 2021 32
Relay Resistance APDU – M/Chip Application Processing
Chapter 6 Relay Resistance APDU – M/Chip Application

Processing
This chapter explains the new command and it’s response introduced in M/Chip Advance
and M/Chip Mobile applications to implement the relay resistance protocol.
About ERRD Command Message...................................................................................................................... 34

ERRD Command Message.............................................................................................................................34
Data Field Returned in the Response Message..........................................................................................34
Status Bytes.....................................................................................................................................................35
M/Chip Application Processing...........................................................................................................................35
Get Challenge Flag..........................................................................................................................................36
Terminal Relay Resistance Entropy...............................................................................................................36
RRP Counter.....................................................................................................................................................36
Device Relay Resistance Entropy.................................................................................................................. 36
Relay Resistance APDU Processing and Transmission Times...................................................................37

February 2021 33
About ERRD Command Message
About ERRD Command Message

The ERRD command exchanges relay resistance-related data with the cardholder
device. This is a new command introduced to implement relay resistance protocol.
ERRD Command Message

The ERRD command message is coded according to table Exchange Relay
Resistance Data Command Message.
Table 11: Exchange Relay Resistance Data Command Message
Code Value
CLA ‘80’
INS ‘EA’
P1 ‘00’
P2 ‘00’
Lc ‘04’
Data Terminal Relay Resistance Entropy
Le ‘00’
Data Field Returned in the Response Message

The data object returned in the response message is a primitive data object with
the tag ‘80’ and length ‘0A’. The value field consists of the concatenation without
delimiters (tag and length) of the value fields of the data objects specified in table
Exchange Relay Resistance Data Response Message Data Field.
Table 12: Exchange Relay Resistance Data Response Message Data Field
Tag Length Byte Value Presence

'80' '0A' 1-4 Device Relay M
Resistance
Entropy
5-6 Min Time For M
Processing Relay
Resistance
APDU

February 2021 34
Status Bytes
Tag Length Byte Value Presence

7-8 Max Time For M
Processing Relay
Resistance
APDU
9-10 Device M
Estimated
Transmission
Time For Relay
Resistance R-
APDU
Status Bytes
The status bytes that may be sent in response to the ERRD command are listed in
table Status Bytes for Exchange Relay Resistance Data Command.
Table 13: Status Bytes for Exchange Relay Resistance Data Command
SW1 SW2 Meaning

‘67’ ‘00’ Wrong length
‘69’ ‘85’ Conditions of use not
satisfied
‘6A’ ‘86’ Incorrect parameters P1-P2
‘90’ ‘00’ Normal processing
M/Chip Application Processing

The implementation of the processing of the ERRD command should be as
efficient as possible to ensure there is a minimum variation in the expected
processing time under all operating conditions.
In particular, there should be no need for any EEPROM writes, cryptographic
processing, integrity protection, or other security checks during the processing of
this command.
The processing of this command should always take less than the frame waiting
time so that the APDU exchange can be completed without requiring working time
extensions. Requiring a working time extension would mean that time taken for the
exchange could not be predicted by the card as it would (at least in part) depend
on the terminal performance in responding to the working time extension request.

February 2021 35
Get Challenge Flag
Below are the details of the steps involved in the processing of the ERRD
command.
NOTE: Refer to [MCCASP] or [MCM] for the detailed description of ERRD command
processing and ERRD state diagrams.
Get Challenge Flag

The Get Challenge Flag is used to ensure that a VERIFY command with encrypted
PIN is only accepted if it directly follows the GET CHALLENGE command therefore
Get Challenge Flag[1] ‘Successful Get Challenge’ is cleared at the start of ERRD
command processing.
Terminal Relay Resistance Entropy

The terminal sends an Unpredictable Number of 4 bytes called Terminal Relay
Resistance Entropy to the M/Chip application in the ERRD command.
The card stores this Terminal Relay Resistance Entropy in global transient memory.
During the GENERATE AC command, the Unpredictable Number in the GENERATE
AC command is compared with the Unpredictable Number received in the ERRD
command.
RRP Counter
If RRP processing takes too long the first time, the terminal can resend the ERRD
command to the M/Chip application two more times. For example, the terminal
can send the ERRD command to the M/Chip application a maximum of three
times.
For every ERRD command received by the M/Chip application, RRP Counter is
incremented by 1. RRP Counter is stored in global transient memory and is used to
ensure that the value ‘6985’ is returned in SW12 when RRP Counter reaches 3.
Device Relay Resistance Entropy

The M/Chip application returns an Unpredictable Number of 4 bytes of its own
called Device Relay Resistance Entropy to the terminal in ERRD R-APDU.
This Device Relay Resistance Entropy is extracted from ICC Dynamic Number that
was generated during the GET PROCESSING OPTIONS command so that the
Device Relay Resistance Entropy can be verified by the issuer in case RRP has to be
processed by the issuer during online authorization.
The Device Relay Resistance Entropy is calculated as follows:
Device Relay Resistance Entropy := ICC Dynamic Number[(4xRRP Counter)-3 :
4xRRP Counter]
Example
When RRP Counter = 1:

February 2021 36
Relay Resistance APDU Processing and Transmission Times
Device Relay Resistance Entropy := ICC Dynamic Number[1:4]
Relay Resistance APDU Processing and Transmission Times

In the ERRD R-APDU, the M/Chip application sends the relay resistance APDU
processing times and the R-APDU transmission time to the terminal along with the
Device Relay Resistance Entropy.
These values were personalized to the card during the card personalization
process. Alternatively, the cardholder device may be able to improve the accuracy
of these time values by dynamically determining them during the processing of the
ERRD command. The relay resistance APDU processing times sent by the M/Chip
application to the terminal are described in section Timing Data Objects.

February 2021 37
Processing Time Examples
Chapter 7 Processing Time Examples

This chapter provides examples of processing times for Relay Resistance.
About the Processing Time Examples............................................................................................................... 39

Transaction without Relay Attack......................................................................................................................39
Transaction with Relay Attack............................................................................................................................41

February 2021 38
About the Processing Time Examples
About the Processing Time Examples

The examples contained in this chapter consider a typical contactless terminal that
has been configured with the following timing characteristics.
The assumption is that CDA is successful:
• Terminal Expected Transmission Time For Relay Resistance C-APDU: 1.8ms
• Terminal Expected Transmission Time For Relay Resistance R-APDU: 2.4ms
• Minimum Relay Resistance Grace Period: 2ms
• Maximum Relay Resistance Grace Period: 2ms
• Relay Resistance Transmission Time Mismatch Threshold: 50%
• Relay Resistance Accuracy Threshold: 10ms
The examples use a typical M/Chip Advance configuration:
• Min Time For Processing Relay Resistance APDU: 5ms
• Max Time For Processing Relay Resistance APDU: 10ms
• Transmission Time For Relay Resistance R-APDU: 1.9ms
Transaction without Relay Attack

This section explains the calculation of the processing time of the ERRD command
for a transaction without a relay attack.
Figure 4: ERRD Command

February 2021 39
Transaction without Relay Attack
The reader calculates the device RRP APDU processing time as the total time
measured (13ms) minus time taken to transmit RRP APDU (1.8ms) minus the
minimum of the expected time to receive a response (2.4ms) and the device
reported transmission time (1.9ms) that is 1.9ms. See above figure.
13ms – 1.8ms – 1.9ms = 9.3ms calculated RRP APDU processing time
As the calculated RRP APDU processing time (9.3ms), in the above figure, is less
than the maximum time reported by the device (10ms) plus the grace period (2ms)
which is a total of 12ms allowed processing time no retry is required.
Figure 5: EMV Processing
As the calculated RRP ADPU processing time (9.3ms) is less than the allowed
maximum processing time (12ms) the Terminal Verification Results will indicate
that RRP was performed and succeeded so the transaction will continue normal
processing (figure EMV Processing) and will be approved.

February 2021 40
Transaction with Relay Attack

This section explains the calculation of the processing time of the ERRD command
for a transaction with a relay attack.
Figure 6: ERRD Command with Relay Attack
reported transmission time (1.9ms) that is 1.9ms.
29ms – 1.8ms – 1.9ms = 25.3ms calculated RRP APDU processing time.
As the calculated RRP APDU processing time (25.3ms) in the above figure is more
than the maximum time reported by the device (10ms) plus the grace period (2ms)
that is a total of 12ms allowed processing time a retry is attempted.

February 2021 41
Figure 7: ERRD Command with Relay Attack – First Retry
32ms – 1.8ms – 1.9ms = 28.3ms calculated RRP APDU processing time
As the calculated RRP APDU processing time (28.3ms) in figure ERRD Command
with Relay Attack – First Retry is more than the maximum time reported by the
device (10ms) plus the grace period (2ms) that is a total of 12ms allowed
processing time a retry is attempted.

February 2021 42
Figure 8: ERRD Command with Relay Attack – Second Retry
28ms – 1.8ms – 1.9ms = 24.3ms calculated RRP APDU processing time.
As both retry attempts have been used and as the calculated RRP ADPU
processing time (24.3ms) in figure ERRD Command with Relay Attack – Second
Retry is more than the allowed maximum processing time (12ms) the reader
indicates in the Terminal Verification Results that RRP was performed but the
maximum time was exceeded.
The reader continues with normal transaction processing as shown in below figure
EMV Processing.

February 2021 43
Figure 9: EMV Processing
Based on the Terminal Action Codes and the Terminal Verification Results
indicating that the maximum RRP APDU processing time was exceeded, the reader
requests an ARQC from the card to go online to the issuer as shown in below figure
Cryptogram Generation.
Figure 10: Cryptogram Generation
The transaction will be sent online and may be declined by the issuer.

February 2021 44
RRP Time Measurement and Recommendations
Chapter 8 RRP Time Measurement and

Recommendations
Ever since the introduction of RRP in Mastercard specifications and requirements, some
cards being submitted for approval present high variations in the RRP processing time
depending on how and where the card is tapped on the reader device. These variations
could cause potential acceptance issues depending on how the RRP card parameters are
configured.
RRP Time Measurement...................................................................................................................................... 46

RRP Time Measurement Methodology........................................................................................................ 46
RRP Time Measurement Results........................................................................................................................ 46
Recommendations................................................................................................................................................47

February 2021 45
RRP Time Measurement
RRP Time Measurement

Mastercard conducted a study on the stability of the processing time of current
card RRP implementations. The study analyzes, in particular the relation between
the processing time of the RRP command and the strength of the RF field that the
card receives from the reader.
RRP Time Measurement Methodology

Different tests from EMVCo’s PICC analog test cases were identified as
appropriate to provide significant information on the processing of RRP without
introducing a huge additional workload for the laboratories.
For test positions (0,0,0), (1,0,0), (2,0,0), (3,0,0), and (4,0,0), the timing from the
end of the frame of the ERRD C-APDU to the start of the frame of the ERRD R-
APDU was measured. These values represent the PICC processing time for the
ERRD command for given test positions in the operating volume.
RRP Time Measurement Results

A detailed analysis of the test results showed that in terms of RRP processing
time, the performance of a given contactless card product relies heavily on the
following.
• The chip embedded in the contactless card
• The size of the antenna
On the other hand, the influence of the antenna technology on RRP processing
time is not that significant.
The study also showed that a significantly high number of card manufacturers and
card personalization bureaus are implementing RRP correctly. This reduces the
possibility of a successful relay attack significantly without causing acceptance
issues in the field. These contactless cards work as expected with all types of
acceptance devices.
Based on the test results, the contactless card products are classified in the
following two categories:
• Contactless card products with a consistent RRP processing time for the entire
contactless read range [0-4 cm]
• Contactless card products with a significant variation in their RRP processing
time within the contactless read range [0-4 cm]. These contactless card
products are further classified in the following sub-categories:
– The difference between RRP processing time at 0cm and RRP processing time
at 4cm lies between 15ms and 35ms. These contactless card products may
not offer the highest protection against relay attacks. In some cases, they

February 2021 46
Recommendations
may not even be responsive at higher positions in the contactless operating

volume. However, as long as a waiting time extension is not requested during
the EERD command processing, they still offer some degree of protection
against the relay attacks.
Metallic card products are treated differently. Quite often, these card
products are not responsive at higher positions of the contactless operating
volume which results in them failing to obtain the Mastercard LoA. However,
metallic cards are still issued using waivers due to high market interest. The
test results showed that metallic card products can still offer a good degree
of protection against relay attacks in the 0-2cm contactless read range.
– o The difference between RRP processing time at 0cm and RRP processing
time at 4cm exceeds 35ms. These products are not suitable to have RRP
enabled as they do not offer protection against relay attacks.
It must be noted that the study presented in this document was conducted using
contactless card products with M/Chip Advance applications.
Recommendations
In the light of the study of RRP implementation in M/Chip Advance cards seeking
approval, Mastercard recommends the following points to be considered by the
card manufacturers.
1. For a card product to obtain a Mastercard LoA without any restriction, the
difference between RRP processing times at different heights in the contactless
operating volume should not exceed 15ms.
2. For products where the difference between RRP processing time at 0cm and
RRP processing time at 4cm lies between 15ms and 35ms, if a waiting time
extension was not requested after receiving ERRD command, the LoA will
include a note informing that these cards may offer a lower level of protection
against relay attacks. It is recommended that the Max Time For Processing
Relay Resistance APDU for these products is set to a higher value to avoid
acceptance issues in the field.
3. Products that request a waiting time extension during the processing of the
ERRD command are not suitable to have RRP enabled. The LoAs will include a
note informing that these cards do not offer protection against relay attacks.

February 2021 47
Data Dictionary
Appendix A Data Dictionary

This appendix explains the new data objects introduced in M/Chip applications as well as
the changes introduced to the existing data objects to implement RRP.
Application Control (CL Payment).....................................................................................................................49

Application Control (Contactless)......................................................................................................................49
Application Interchange Profile.......................................................................................................................... 50
Card Issuer Action Code – Decline On Offline Only (CL Payment).............................................................. 50
Card Issuer Action Code – Go Online (CL Payment).......................................................................................50
Card Verification Results..................................................................................................................................... 51
Device Estimated Transmission Time For Relay Resistance R-APDU.......................................................... 51
Device Relay Resistance Entropy........................................................................................................................51
ICC Dynamic Number...........................................................................................................................................52
ICC Dynamic Number Master Key (Contactless)............................................................................................ 52
Issuer Action Code – Default.............................................................................................................................. 52
Issuer Action Code – Online.................................................................................................................................52
Maximum Relay Resistance Grace Period.........................................................................................................53
Max Time For Processing Relay Resistance APDU.......................................................................................... 53
Minimum Relay Resistance Grace Period..........................................................................................................53
Min Time For Processing Relay Resistance APDU........................................................................................... 53
Relay Resistance Accuracy Threshold................................................................................................................54
Relay Resistance Transmission Time Mismatch Threshold............................................................................ 54
RRP Counter...........................................................................................................................................................54
RRP Performed Flag (Recovery).........................................................................................................................54
Terminal Expected Transmission Time For Relay Resistance C-APDU.........................................................55
Terminal Expected Transmission Time For Relay Resistance R-APDU.........................................................55
Terminal Relay Resistance Entropy....................................................................................................................55
Terminal Verification Results...............................................................................................................................55
Torn Record.............................................................................................................................................................56
Transmission Time For Relay Resistance R-APDU...........................................................................................56
Unpredictable Number.........................................................................................................................................56
Unpredictable Number (Recovery).....................................................................................................................57

February 2021 48
Data Dictionary
Application Control (CL Payment)
Tag: ‘7’
Length: 6
Description: The Application Control (CL Payment) activates or de-activates
functions in the M/Chip Mobile application when the contactless interface is active.
Below are the details of RRP relevant bits of Application Control (CL Payment).

Byte 2 b1 Include Counters In AC
Byte 5 b4 Include RRP Data in
Counters
Byte 6 b8 Decline If CDA Not
Performed And RRP
Performed
Application Control (Contactless)
Tag: ‘D7’
Length: 6
Description: The Application Control (Contactless) activates or de-activates
functions in the M/Chip Advance application when the contactless interface is
active.
Below are the details of RRP relevant bits of Application Control (Contactless).

Byte 2 b1 Include Counters In AC
Byte 3 b6 Decline If CDA Not
Performed And RRP
Performed
b5 Go Online If RRP Not
Performed
b4 Decline If Unable To Go
Online And RRP Not
Performed

February 2021 49
Data Dictionary

Byte 4 b3 Include RRP Data in
Counters
Tag: ‘82’
Length: 2
Description: The AIP indicates the capabilities of the card to support specific
functions in the application.
Below are the details of RRP specific bits of AIP.

Byte 2 b1 Relay resistance protocol is
supported
Card Issuer Action Code – Decline On Offline Only (CL Payment)
Tag: ‘DF5E’
Length: 3
Description: Card Issuer Action Code – Decline On Offline Only (CL Payment) is
used by the M/Chip Mobile application to set the conditions when a TC request is
always declined at the First GENERATE AC by an offline-only card or an offline-
only terminal.
Card Issuer Action Code – Decline On Offline Only (CL Payment)

Byte 1 b7 Relay Resistance Not
Performed
Card Issuer Action Code – Go Online (CL Payment)
Tag: ‘DF46’

February 2021 50
Data Dictionary
Card Verification Results
Length: 3
Description: Card Issuer Action Code – Go Online (CL Payment) is used by the M/
Chip Mobile application to set the conditions when a TC request is sent online at
the First GENERATE AC by an online terminal or an offline terminal with online
capability.
Card Issuer Action Code – Go Online (CL Payment)

Performed
Tag: ‘9F52’
Length: 6
Description: The purpose of the Card Verification Results is to inform the issuer
about the context of a transaction, as part of the Issuer Application Data.
Below are the details of RRP specific bits of Card Verification Results of the M/
Chip Mobile application.

Performed
Device Estimated Transmission Time For Relay Resistance R-APDU
Tag: ‘DF8305’
Length: 2
Description: Indicates the time the Card expects to need for transmitting the
ERRD R-APDU. The Device Estimated Transmission Time For Relay Resistance R-
APDU is expressed in units of hundreds of microseconds.
Device Relay Resistance Entropy
Tag: ‘DF8302’

February 2021 51
Data Dictionary
ICC Dynamic Number
Length: 4
Description: Random number returned by the Card in response to the ERRD
command.
ICC Dynamic Number
Tag: ‘9F4C’
Length: 16
Description: M/Chip application computes the ICC Dynamic Number in the GET
PROCESSING OPTIONS command. It is used as input for the calculation of the
Signed Dynamic Application Data and the generation of the Device Relay
Resistance Entropy in the response to the ERRD command.
ICC Dynamic Number Master Key (Contactless)
Tag: -
Length: 16
Description: Triple DES key for ICC Dynamic Number generation when the
contactless interface is active.
Issuer Action Code – Default
Tag: ‘9F0D’
Length: 5
Description: This defines the issuer’s conditions that cause a transaction to be
rejected on an offline-only terminal.
Issuer Action Code – Online
Tag: ‘9F0F’
Length: 5
Description: This defines the issuer’s conditions that cause a transaction to be
transmitted online on an online capable terminal.

February 2021 52
Data Dictionary
Maximum Relay Resistance Grace Period
Maximum Relay Resistance Grace Period
Tag: ‘DF8133’
Length: 2
Description: The Minimum Relay Resistance Grace Period and Maximum Relay
Resistance Grace Period represent how far outside the window defined by the
Card that the measured time maybe and yet still be considered acceptable. The
Maximum Relay Resistance Grace Period is expressed in units of hundreds of
microseconds.
Max Time For Processing Relay Resistance APDU
Tag: Card ‘DF74’, Mobile ‘DF04’

Length: 2
Description: A binary value in units of hundreds of microseconds that represents
the maximum time for processing the ERRD command.
Minimum Relay Resistance Grace Period

Tag: ‘DF8132’
Length: 2
Description: The Minimum Relay Resistance Grace Period and Maximum Relay
Resistance Grace Period represent how far outside the window defined by the
Card that the measured time maybe and yet still be considered acceptable. The
Minimum Relay Resistance Grace Period is expressed in units of hundreds of
microseconds.
Min Time For Processing Relay Resistance APDU

Tag: Card ‘DF75’, Mobile ‘DF05’
Length: 2
Description: A binary value in units of hundreds of microseconds that represents
the minimum time for processing the ERRD.

February 2021 53
Data Dictionary
Relay Resistance Accuracy Threshold
Relay Resistance Accuracy Threshold
Tag: ‘DF8136’
Length: 2
Description: Represents the threshold above which the Kernel considers the
variation between Measured Relay Resistance Processing Time and Min Time For
Processing Relay Resistance APDU no longer acceptable. The Relay Resistance
Accuracy Threshold is expressed in units of hundreds of microseconds.
Relay Resistance Transmission Time Mismatch Threshold
Tag: ‘DF8137’
Length: 1
Description: Represents the threshold above which the Kernel considers the
variation between Device Estimated Transmission Time For Relay Resistance R-
APDU and Terminal Expected Transmission Time For Relay Resistance R-APDU is
no longer acceptable. The Relay Resistance Transmission Time Mismatch Threshold
is a percentage and expressed as an integer.
RRP Counter
Tag: -
Length: 1
Description: RRP Counter counts the number of ERRD commands after a GET
PROCESSING OPTIONS command.
RRP Performed Flag (Recovery)

Tag: -
Length: 1
Description: The RRP Performed Flag (Recovery) is used to record whether or not
the transaction stored for recovery was done with RRP.

February 2021 54
Data Dictionary
Terminal Expected Transmission Time For Relay Resistance C-APDU
Terminal Expected Transmission Time For Relay Resistance C-APDU
Tag: ‘DF8134’
Length: 2
Description: Represents the time that the Kernel expects to need for transmitting
the ERRD command to the Card. The Terminal Expected Transmission Time For
Relay Resistance C-APDU is expressed in units of hundreds of microseconds.
Terminal Expected Transmission Time For Relay Resistance R-APDU
Tag: ‘DF8135’
Length: 2
Description: Represents the time that the Kernel expects to need for transmitting
the ERRD R-APDU. The Terminal Expected Transmission Time For Relay Resistance
R-APDU is expressed in units of hundreds of microseconds.
Terminal Relay Resistance Entropy
Tag: ‘DF8301’
Length: 4
Description: Contains a Kernel challenge (random) to be used in the value field of
the ERRD command.
Terminal Verification Results
Tag: ‘95’
Length: 5
Description: Terminal Verification Results provide the status of the different
functions from the Terminal’s perspective.
Below is the description of the bits used for RRP implementation.

February 2021 55
Data Dictionary
Torn Record
Terminal Verification Results

Byte Bit Description
Byte 1 b8 Offline Data Authentication was not
performed
b3 CDA Failed
Byte 5 b4 Relay resistance threshold exceeded
b3 Relay resistance time limits exceeded
b2-1 Relay resistance performed
00: Relay resistance protocol not
supported (not used by this version of
the specification)
01: RRP NOT PERFORMED
10: RRP PERFORMED
11: RFU
Torn Record
Tag: ‘FF8101’
Length: 4
Description: A copy of a record from the Torn Transaction Log that is expired. Torn
Record is sent to the Terminal as part of the Discretionary Data
Transmission Time For Relay Resistance R-APDU
Tag: Card ‘DF76’, Mobile ‘DF0B’

Length: 2
Description: Transmission Time For Relay Resistance R-APDU represents the time
taken to send the ERRD R-APDU. It is a 2-byte binary value in units of hundreds of
microseconds.
Unpredictable Number
Tag: ‘9F37’

February 2021 56
Data Dictionary
Unpredictable Number (Recovery)
Length: 4
Description: Contains a Kernel challenge (random) to be used by the Card to
ensure the variability and uniqueness to the generation of a cryptogram during an
EMV mode transaction.
The terminal uses the same Unpredictable Number for both Terminal Relay
Resistance Entropy in ERRD command as well as the Unpredictable Number sent
during the GENERATE AC command.
Unpredictable Number (Recovery)
Tag: -
Length: 4
Description: A persistent copy of the Unpredictable Number for transaction
recovery.

February 2021 57
Notices
Notices
Following are policies pertaining to proprietary rights, trademarks, translations,
and details about the availability of additional information online.
Proprietary Rights
The information contained in this document is proprietary and confidential to Mastercard
International Incorporated, one or more of its affiliated entities (collectively “Mastercard”), or
both.
This material may not be duplicated, published, or disclosed, in whole or in part, without the
prior written permission of Mastercard.
Trademarks
Trademark notices and symbols used in this document reflect the registration status of
Mastercard trademarks in the United States. Please consult with the Global Customer Service
team or the Mastercard Law Department for the registration status of particular product,
program, or service names outside the United States.
All third-party product and service names are trademarks or registered trademarks of their
respective owners.
Disclaimer
Mastercard makes no representations or warranties of any kind, express or implied, with
respect to the contents of this document. Without limitation, Mastercard specifically disclaims
all representations and warranties with respect to this document and any intellectual property
rights subsisting therein or any part thereof, including but not limited to any and all implied
warranties of title, non-infringement, or suitability for any purpose (whether or not Mastercard
has been advised, has reason to know, or is otherwise in fact aware of any information) or
achievement of any particular result. Without limitation, Mastercard specifically disclaims all
representations and warranties that any practice or implementation of this document will not
infringe any third party patents, copyrights, trade secrets or other rights.
Translation
A translation of any Mastercard manual, bulletin, release, or other Mastercard document into a
language other than English is intended solely as a convenience to Mastercard customers.
Mastercard provides any translated document to its customers “AS IS” and makes no
representations or warranties of any kind with respect to the translated document, including,
but not limited to, its accuracy or reliability. In no event shall Mastercard be liable for any
damages resulting from reliance on any translated document. The English version of any
Mastercard document will take precedence over any translated version in any legal proceeding.
Information Available Online

Mastercard provides details about the standards used for this document—including times
expressed, language use, and contact information—on the Publications Support page available
on Mastercard Connect™. Go to Publications Support for centralized information.

February 2021 58

MasterCard Relay Resistancer Protocol 09022021

Uploaded by

Copyright:

Available Formats

MasterCard Relay Resistancer Protocol 09022021

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MasterCard Relay Resistancer Protocol 09022021

Uploaded by

Copyright:

Available Formats

Relay Resistance

Chapter 1: Using this Guide.............................................................................................. 5

Chapter 2: Introduction to Relay Resistance Protocol......................................... 9

Chapter 3: Relay Resistance Protocol – Generic Processing............................12

Chapter 4: Relay Resistance Protocol – Card Personalization....................... 19

©2021 Mastercard. Proprietary. All rights reserved.

Chapter 5: M/Chip Application – Commands Processing................................. 25

Chapter 6: Relay Resistance APDU – M/Chip Application Processing........33

Chapter 7: Processing Time Examples....................................................................... 38

Chapter 8: RRP Time Measurement and Recommendations...........................45

©2021 Mastercard. Proprietary. All rights reserved.

Appendix A: Data Dictionary......................................................................................... 48

©2021 Mastercard. Proprietary. All rights reserved.

Chapter 1 Using this Guide

About the Relay Resistance Protocol Guide........................................................................................................6

©2021 Mastercard. Proprietary. All rights reserved.

About the Relay Resistance Protocol Guide

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

Chapter 2 Introduction to Relay Resistance Protocol

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

Relay Resistance Protocol

©2021 Mastercard. Proprietary. All rights reserved.

Chapter 3 Relay Resistance Protocol – Generic

About Relay Attack...............................................................................................................................................13

©2021 Mastercard. Proprietary. All rights reserved.

About Relay Attack

Objective of Relay Resistance Protocol

Principle of Relay Resistance Protocol

©2021 Mastercard. Proprietary. All rights reserved.

Relay Resistance Protocol Flow

1. Upon reception of the GPO command, the card:

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

©2021 Mastercard. Proprietary. All rights reserved.

Processing Time Evaluation

©2021 Mastercard. Proprietary. All rights reserved.

Impact and Dependency

©2021 Mastercard. Proprietary. All rights reserved.

Chapter 4 Relay Resistance Protocol – Card

Application Interchange Profile.......................................................................................................................... 20

©2021 Mastercard. Proprietary. All rights reserved.

Application Interchange Profile

Timing Data Objects

Min Time for Processing Relay Resistance APDU

©2021 Mastercard. Proprietary. All rights reserved.

Max Time for Processing Relay Resistance APDU

Transmission Time for Relay Resistance R-APDU

Protocol Specific Fine-Tuning

©2021 Mastercard. Proprietary. All rights reserved.

Application Control (Contactless)/(CL Payment)

Relay Resistance Protocol – Risk Management

Issuer Action Code - Default

©2021 Mastercard. Proprietary. All rights reserved.

Issuer Action Code - Online

Card Risk Management

DGI ‘B100’ – M/Chip Mobile Relay Resistance Protocol Parameters

Table 1: DGI ‘B100’ – M/Chip Mobile RRP Parameters