Filter
Top Products
CCA Release 2.54 PIN_Change/Unblock
See “VISA and EMV-Related Smart Card Formats and Processes” on
page E-17 which explains the derivation processes and PIN-block formation.
The diversification_data_length to indicate the sum of the lengths of:
– Data, 8 or 16 bytes, encrypted by the verb using the MDK keys
– The 2-byte Application Transfer Counter (ATC)
(You receive the ATC value from the EMV smart card.)
– The optional 16-byte Initial Value used in the TDESEMVn processes.
Valid lengths are 10, 18, 26, and 34 bytes.
The diversification_data variable. Concatenate the 8 or 16-byte data, the ATC,
and optionally the Initial Value.
The 16-bit ATC counter is processed as a two-byte string, not as an integer
value.
The new-reference PIN in an encrypted PIN block. You provide:
– The key to decrypt the PIN block
– The PIN block
– The format information that defines how to parse the PIN block
– When using an ISO-0 format PIN block, personal-account number (PAN)
information to enable PIN recovery from the ISO-0 format PIN block.
If you specified VISAPCU2 (because the target smart card already has a PIN),
the current_reference_PIN in an encrypted PIN block with the associated
decrypting key, PIN-block format, and PAN data. In any case, you must
declare current_reference_PIN... variables.
The output_PIN_message variable to receive the encrypted PIN block for the
smart card, and the length in bytes of the PIN block (16). The PIN-block format
you specify (VISAPCU1 or VISAPCU2) corresponds to the one or two PIN
values to be communicated to the smart card.
You must declare two variables which are reserved for future use:
output_PIN_data_length (valued to zero), and an output_PIN_data string
variable (or set the associated parameter to a null pointer).
The PIN_Change/Unblock verb:
Decrypts the MDK keys and verifies the required control vector permissions.
Diversifies the left-most eight bytes of data using the MAC-MDK key to obtain
the authentication value for placement into the PIN block.
Recovers the supplied PIN value(s) provided that PIN-block encrypting keys are
one of IPINENC or OPINENC type, and the use of the specific type is
authorized with the appropriate access-control command.
Constructs and pads the output PIN block to a 16-byte string. See
“Constructing the PIN-block for Transporting an EMV Smart-Card PIN” on
page E-17.
Generates the session key used to encrypt the output-PIN block using the
ENC-MDK, the key_generation_data, the ATC counter value, and the optional
Initial Value.
Triple encrypts the 16-byte padded PIN-block in ECB mode.
Returns the encrypted, padded PIN-block in the output_PIN_message variable.
Chapter 8. Financial Services Support Verbs 8-53