MasterCard TSM Registration Form V3.3.2
Purpose of this form
This form has been created to enable the registration and coordination of approval requests
relating to Trusted Service Managers and their services in the context of Mobile M/Chip Mobile
issuance. MasterCard will advise on the correct method of filling in the forms if required.
About the registration process
The form will be reviewed by:

MasterCard’s Software Evaluation Team

MasterCard’s Global Vendor Certification Program
The result will be a registration of the submission complete with a unique identifier and entry into
the MasterCard TSM Approval Database.
MasterCard will issue a MasterCard TSM Evaluation Plan which defines the tests and
evaluations that are required for the registered submission based on the information gathered in
this form.
Forms are typically reviewed within 10 business days.
These procedures supplement other written MasterCard policies and procedures that apply to
this subject. Accordingly, compliance with these procedures does not remove the obligation to
comply with such other MasterCard policies and procedures.
Submitting the form
E-mail this completed form to: Software_Evaluations@mastercard.com
MASTERCARD TSM REGISTRATION FORM
1
TSM Registration Form
Approval Type (please tick one only)
☐
New TSM System Installation
Tick if the TSM approval is for an entire new setup to be added into a certified facility/new location.
☐
TSM System Upgrade
Tick if the TSM approval is for an upgrade from an approved TSM system in a certified facility. The upgrade can be platform specific
such as functional enhancement which may include new messaging/notification protocols/processes. It could also be system
specific such as having new external connection which may include on-boarding a new Issuer Bank or SEI.
TSM System to upgrade of existing TSM Version ☐
TSM System to upgrade and list as separate version in the approved list
☐
TSM System Upgrade/Renewal
This option is to verify the reference of existing TSM system which is ready for upgrade or GVCP renewal.
A - Submitting Entity Details
A.1
Holding Company Name
A.2
Contact name
A.3
Address
A.4
Email
A.5
Tel
A.6
Company Registration Number
A.7
Country of Registration
A.8
Tax Code
B - TSM Service Location
Each location might be evaluated individually, so a separate registration form will be required for each physical site.
B.1
Hosting Company Name
B.2
Contact Name
B.3
Address #1
Primary Site
B.4
Address #2
Secondary Site (Disaster Recovery)
MASTERCARD TSM REGISTRATION FORM
2
B.5
Email
B.6
Tel
C - TSM System
Identification of the TSM deployed at service location. Each TSM system might be evaluated individual. See Appendix-A for definition.
C.1
TSM System Name
Unique identification of the system hosted at the facility.
This name should be different from the platform name which
the system is based on.
C.2
TSM System Version
The version should reflect the configuration or any changes
to platform on the system hosted at the facility.
C.3
OID
Identity of the system and used as identification (in dot
notation) to other actors in the ecosystem.
C.4
Roles of the TSM (tick if the TSM is assigned the function)
The functional roles of the TSM pending approval. See Appendix-A for definition on TSM roles.
C.4.1
C.4.2
C.4.3
C.4.4
Secure Element Issuer
Setup the root security domain to grant other actor in the ecosystem to manage the
mobile provisioning
☐
SE lifecycle management
☐
Eligibility check on mobile subscription
☐
Provide device capabilities
☐
Provide SE capabilities
☐
Security Domain Manager
Eligibility check on SE
☐
Eligibility check on device
☐
Service management
☐
SE content management
☐
Device application and mobile payment application access control management
☐
Application Provider Security Domain Manager
Personalization of the mobile payment application
☐
Post-Issuance of Issuer Scripts
☐
Link Platform Operator
MASTERCARD TSM REGISTRATION FORM
3
Operates an OTA platform to setup a secure connection to the SE to transport the mobile
provisioning script via BIP/CAT_TP, SMS using SCP80 or HTTP (admin agent in SE) with
SCP81.
C.4.5
Controlling Authority
Confidential setup of the initial secure channel keys of a security domain via an
associated security domain
Computes the signature of load file data block to ensure authenticity of the mobile
payment application code
C.5
C.6
☐
☐
☐
☐
Hardware Security Module
C.5.1
Brand
C.5.2
Model
C.5.3
Certification
Customization apart from TSM System
Example, Push Messaging, Key Manager, Customer Care
Portal, Service Monitoring, Interface Hub etc.
C.7
Existing MasterCard TSM Approval Reference
C.8
Details of TSM System new version
Applicable if the approval is for an upgrade or renewal.
D - TSM Platform
Details of the TSM provider and solution. See Appendix-A for definition.
D.1
TSM Platform Supplier Name
D.2
TSM Platform Name
D.3
TSM Platform Version
D.4
Technical Specifications / Standards
Reference documents used to implement the platform
D.4.1
SP TSM – SP
D.4.2
SP TSM – UICC
D.4.3
SP TSM – SEI TSM
D.4.4
SP TSM – Mobile Application/Wallet
MASTERCARD TSM REGISTRATION FORM
4
D.4.5
D.5
SP TSM – Controlling Authority
3rd Party TSM Accreditation Reference
Example, Global Platform TSM Compliance Programme.
D.6
Details of the TSM Platform new version.
Applicable if the approval is for an upgrade or renewal with
a new platform.
E - End-to-End Integration
Details of all the actors in the service deployment and their implementations.
E.1
GlobalPlatform Systems End-to-End Simplified Service Management Framework
Applicable if the configuration implements the framework
Version
Configuration
See configuration selector in GPS E2E-SSMF for referenced
scenario.
E.2
Supported Use Cases
E.2.1
Mobile –NFC Service Life Cycle Management
Service Deployment
End-User Life Cycle
Management
E.2.2
UICC
eSE
SMC
Simple Mode
☐
☐
☐
Delegated Mode
☐
☐
☐
☐
☐
Dual Mode
Service Activation
☐
☐
☐
Service Suspension
☐
☐
☐
Service Resumption
☐
☐
☐
Service Upgrade
☐
☐
☐
Service Data Exchange / Update
☐
☐
☐
Service Termination/Deletion
☐
☐
☐
Secure Element Change
☐
☐
☐
Mobile Device Change
☐
☐
☐
Mobile Subscription Identifier Change
☐
☐
☐
Lost/Stolen Mobile Device/SE
☐
☐
☐
Recover Mobile Device/SE After a Loss/Stolen
☐
☐
☐
Get a New Mobile Device After a Loss/Stolen
☐
☐
☐
MASTERCARD TSM REGISTRATION FORM
5
☐
Service Un-Deployment
E.3
☐
☐
TSM Secure Element Issuer / Mobile Network Operator
E.3.1
MNO TSM System
E.3.2
MNO TSM System Version
E.3.3
Card Content Management Mode
Simple Mode
☐
Tick at least one mode granted by the SEI / MNO.
See GlobalPlatform Card Specification v2.2.
Simple Mode (with DAP verification)
☐
Delegated Mode
☐
Dual Mode
☐
E.3.4
☐
Mandated DAP verification.
See GlobalPlatform Card Specification v2.2.
E.3.5
Token Identifier Blacklist for Delegated Management
☐
Applicable if the SEI or MNO grants DM to other TSM for Card Content Management. See GlobalPlatform Card
Specification v2.2 – Amendment A.
E.3.6
☐
Device & Mobile Subscription Registrar
Tick if the TSM has DMSR and supports eligibility query for mobile subscription, device capabilities.
E.3.7
Certificate of Confidential Key Loading Authority
☐
Tick if the TSM supports the retrieval of CA Information from CASD.
E.3.8
Scenario #1 (Pull model using PK scheme)
☐
Scenario #1 (Pull model using non-PK scheme)
☐
Scenario #2.A (Push model with AP certificate)
☐
Scenario #2.B (Push model without AP certificate)
☐
Scenario #3 (using ECKA-EG scheme)
☐
Application or ELF Status (offline)
☐
Application or ELF Status (online)
☐
Available non-volatile free memory in SD
☐
BIP (CAT-TP) or SMS (for UICC only)
☐
RAM over HTTP (Admin Agent in UICC)
☐
RAM over HTTP (Admin Agent in Mobile Device)
☐
Device Application Binding
Binding
☐
See Global Platform Device Technology – Secure
Element Access Control.
Unbinding
☐
Confidential Setup of Initial Secure
Channel Keys (tick one only)
Applicable if F.2.7 is ticked. See Global Platform
Card Specification v2.2 – Amendment A & E.
E.3.9
E.3.10
E.3.11
E.3.12
Secure Element Audit
OTA Channel
Others (state any other implementations)
MASTERCARD TSM REGISTRATION FORM
6
E.4
TSM Security Domain Manager
E.4.1
TSM System Name
E.4.2
TSM System Version
E.4.3
Card Content Management Mode
Simple Mode
☐
Tick at least one mode granted from the SDM.
See Global Platform Card Specification v2.2.
Simple Mode (with DAP verification)
☐
Delegated Mode
☐
Dual Mode
☐
Uses the OTA channel from TSM SEI / MNO
☐
Uses its own OTA channel
☐
BIP (CAT-TP) or SMS (for UICC only)
☐
RAM over HTTP (Admin Agent in UICC)
☐
RAM over HTTP (Admin Agent in Mobile Device)
☐
Device Application Binding
Binding
☐
See Global Platform Device Technology – Secure
Element Access Control.
Unbinding
☐
E.4.4
E.4.5
OTA Capability (tick only one)
OTA Channel
Applicable if the TSM has its own OTA Capability
E.4.6
E.4.7
E.5
Others (state any other implementations)
TSM Application Provider Security Domain Manager
E.5.1
TSM System Name
E.5.2
TSM System Version
E.5.3
Service Deployment
Select the functions undertaken by the APSDM.
E.5.4
E.5.5
OTA Capability (tick only one)
OTA Channel
Applicable if the TSM has its own OTA Capability
E.5.6
Eligibility Check
☐
Global Service Management
☐
Data Preparation
☐
Service Personalization
☐
Issuer Scripts Management
☐
Uses the OTA channel from TSM SDM
☐
Uses its own OTA channel
☐
BIP (CAT-TP) or SMS (for UICC only)
☐
RAM over HTTP (Admin Agent in UICC)
☐
RAM over HTTP (Admin Agent in Mobile Device)
☐
Others (state any other implementations)
MASTERCARD TSM REGISTRATION FORM
7
E.6
Controlling Authority
Details of the trusted third party that enables confidential setup of initial key in TSD and/or APSD.
E.6.1
Trusted Third Party
Actor with the role as Controlling Authority
E.6.2
Root CA RSA Key Size
E.6.3
CASD RSA Key Size
E.6.4
Certificate Management System
E.6.5
Online Certificate Signing
☐
Tick if supported
E.7
E.6.6
Certificate Signing Request Format
E.6.7
Certificate Generation Format
Card Issuer Information System
Details of the information system used in the evaluation.
E.8
E.7.1
Card Issuer
E.7.2
Information System Name
E.7.3
TSM Interface
E.7.4
Capability
Cardholder Verification
☐
Global Service Management
☐
Service Personalization
☐
Issuer Scripts Management
☐
Mobile Device
Details of the device to be used in the evaluation
See approved Mobile Devices.
E.8.1
Manufacturer Name
E.8.2
Model Name
E.8.3
Mobile Platform
E.8.4
Operating System
E.8.5
Operating System Version
E.8.6
Display Size
E.8.7
MasterCard Approval Reference (LoA)
E.8.8
Access Control Enforcer
See Global Platform Device Technology – Secure Element Access Control.
☐
Tick if the device supports the ACF.
MASTERCARD TSM REGISTRATION FORM
8
E.9
Mobile Application (including SDK / Libraries)
Details of the application residing in mobile with/without agent/libraries, to be used in the evaluation.
E.9.1
Application Owner
E.9.2
Application Name
E.9.3
Application Version
E.9.4
SDK Name
E.9.5
SDK Version
E.9.6
Service functions
Describes the verification method, TSM request
functions, TSM notification and access controls
supported in the device application.
E.10
Smart Peripheral
Details of the smart peripheral (wearable devices with a SE hosting the MCM and capable of NFC transaction) to be used in the
evaluation
E.10.1
Manufacturer Name
E.10.2
Product Name
E.10.3
Payment Application (Front-End)
Application running on the peripheral that has
access to the SE
E.10.4
Secure Element API
Software library enabling peripheral application to
access the applets in SE
E.10.5
NFC Controller
Hardware and firmware enabling the NFC
connectivity in the peripheral
E.10.6
Host Pairing Device
Device that pair with the peripheral to provide
online connectivity
E.10.7
Host Interface
Communication channel between the host and
peripheral
E.10.8
TSM Admin Agent (Host-End)
MASTERCARD TSM REGISTRATION FORM
9
Application running on the host device that
connects to the TSM
E.10.9
E.11
MasterCard Approval Reference
Secure Element
Details of the SE to be used in the evaluation.
See approved Secure Element.
E.11.1
Form Factor
E.11.2
Manufacturer Name
E.11.3
Product Name
E.11.4
Product Version
E.11.5
MasterCard Approval Reference (LoA)
E.11.6
Compliance Assessment and Security
Testing Approval Certificate
Mobile Payment Certificate Number.
E.11.7
Pre-installed Controlling Authority
Security Domain in factory
Holds asymmetric keys and certificates for
confidential Security Domain personalization
☐
Tick if present
Holds symmetric keys for confidential Security
Domain personalization
☐
Tick if present
Mandated DAP Verification privilege
☐
Tick if present
E.11.8
Pre-loaded applications / ELF
Describes the state, install parameters and its SD
association.
E.12
MasterCard M/Chip Mobile
See approved MasterCard M/Chip Mobile.
E.12.1
Specification Version
E.12.2
Supplier Name
MASTERCARD TSM REGISTRATION FORM
10
E.12.3
Application Name
E.12.4
Application Version
MASTERCARD TSM REGISTRATION FORM
11
Appendix A - Definitions
Card Issuer
The financial institution providing the NFC services to cardholders.
Secure Element Issuer
The SE Issuer is the owner of the SE and is represented by the Issuer
Security Domain (ISD) in SE.
Security Domain Manager
The SD Manager performs the card content management and prepares the
security environment in the SE on behalf of Card Issuer. It is represented in
SE by the TSD, and is granted with either Authorized or Delegated
Management privilege from SE Issuer.
Application Provider Security
Domain Manager
An APSD Manager manages the personalization on behalf of Card Issuer.
It is represented in SE by the APSD, and is granted the Trusted Path
privilege from SD Manager to securely personalize the MasterCard Mobile
PayPass application.
Link Platform Operator
A Link Platform Operator (LPO) is responsible for setting up a connection to
a UICC in a Mobile Device. This connection uses any remote
communication technology, such as GPRS, UMTS or CDMA. A LPO is
represented by a LPO-SD in the UICC. In many cases, a LPO operates as
a separate entity. The SE Issuer, SD Manager and/or APSD Manager use
the LPO to set up to remote connection to the UICC.
Controlling Authority
A CA is a trusted third-party entity and is represented in SE by the CASD to
provide a mechanism to confidentially setup of secure channel keys of TSD
and/or APSD.
TSM Supplier
An entity that supplies the TSM Platform to a TSM Vendor. A TSM Supplier
and TSM Vendor can be the same entity.
TSM Vendor
An entity that owned the facility where the TSM system is hosted. A TSM
Vendor is responsible for all matters pertaining to TSM approval process.
TSM Platform
An application suite that typically comprises of functional modules including
payment application personalization & lifecycle management, SE lifecycle
management, SE security key management, inter-system messaging
communication & notification, NFC service eligibility control, remote
administration management and monitoring & reporting services.
TSM System
An application server which is configured from a TSM Platform to operate
certain TSM roles in an NFC ecosystem. It connects to one or more
external entities within the same ecosystem for inter-TSM messaging and
notification purposes. There can be more than 1 TSM system in a TSM
vendor’s facility.
Token Service Provider
Token Service Provider is an entity within the payments ecosystem that is
able to provide registered Token Requestors.
MASTERCARD TSM REGISTRATION FORM
12
Appendix B – Secure Element Layout and Off-Card
Entities.
Secure Element
ISD
Secure Element
Issuer
Secure Element
Manufacturer
CASD
LPO SD
TSD
Link Platform
Operator
Security Domain
Manager
APSD
Controlling
Authority
This symbol represents
a cryptographic key
relationship
MCM
Application
Provider Security
Domain Manager
Token Service
Provider
Card
Issuer
MASTERCARD TSM REGISTRATION FORM
13