Filter
Top Products
CCA Release 2.54
VISA and EMV-Related Smart Card Formats and Processes
The VISA and EMV specifications for performing secure messaging with an EMV
compliant smart card are covered in these documents:
EMV 2000 Integrated Circuit Card Specification for Payment Systems Version
4.0 (EMV4.0) Book 2
Design VISA Integrated Circuit Card Specification Manual.
Book 2, Annex A1.3, describes how a smart-card, card-specific authentication code
is derived from a card-issuer-supplied authentication key (MAC-MDK).
Annex A1.3 describes how a smart-card, card-specific session key is derived from
a card-issuer-supplied PIN-block-encryption key (ENC-MDK). The encryption key is
derived using a “tree-based-derivation” technique. IBM CCA offers two variations of
the tree-based technique (TDESEMV2 and TDESEMV4), and a third technique
CCA designates TDES-XOR.
In addition, Book 2 describes construction of the PIN block sent to an EMV card to
initialize or update the user's PIN.
Design VISA Integrated Circuit Card Specification Manual, Annex B.4, contains a
description of the session-key derivation technique CCA designates TDES-XOR.
Augmented by the above-mentioned documentation, the relevant processes are
described in these sections:
Derivation of the smart-card-specific authentication code
Constructing the PIN-block for transporting an EMV smart-card PIN
Derivation of the CCA TDES-XOR session key
Derivation of the EMV TDESEMVn tree-based session-key
PIN-Block self-encryption.
Derivation of the Smart-Card-Specific Authentication Code
To ensure that an original or replacement PIN is received from an authorized
source, the EMV PIN-transport PIN-block incorporates an authentication code.
The authentication code is the rightmost four bytes resulting from the ECB-mode
triple-DES encryption of (the first) eight bytes of card specific data.
Constructing the PIN-block for Transporting an EMV Smart-Card PIN
The PIN block is used to transport a new PIN value. The PIN block also contains
an authentication code, and optionally the “current” PIN value, enabling the smart
card to further ensure receipt of a valid PIN value. To enable incorporation of the
PIN block into the a message for an EMV smart-card, the PIN block is padded to
16 bytes prior to encryption.
PINs of length 4 to 12 digits are supported.
PIN block construction:
1. Form three 8-byte, 16-digit blocks, -1, -2, and -3, and set all digits to X'0'.
2. Replace the rightmost four bytes of block-1 with the authentication code
described in the previous section.
Appendix E. Financial System Verbs Calculation Methods and Data Formats E-17