Filter
Top Products
CCA Release 2.54
3. Set the second digit of block-2 to the length of the new PIN (4 to 12), followed
by the new PIN, and padded to the right with X'F'.
4. Include any current PIN by placing it into the leftmost digits of block-3.
5. Exclusive-OR blocks -1, -2, and -3 to form the 8-byte PIN block.
6. Pad the PIN block with other portions of the message for the smart card:
Prepend X'80'
Append X'80'
Append and additional six bytes of X'00'.
The resulting message is ECB-mode triple-encrypted with an appropriate session
key.
Derivation of the CCA TDES-XOR Session Key
In the Diversified_Key_Generate and PIN_Change/Unblock verbs, the TDES-XOR
process first derives a smart-card-specific intermediate key from the issuer-supplied
ENC-MDK key and card-specific data. (This intermediate key is also used in the
TDESEMV2 and TDESEMV4 processes. See the next section.) The intermediate
key is then modified using the application transaction counter (ATC) value supplied
by the smart card.
The double-length session-key creation steps:
1. Obtain the left-half of an intermediate key by ECB-mode triple-DES encrypting
the (first) eight bytes of card specific data using the issuer-supplied ENC-MDK
key.
2. Again using the ENC-MDK key, obtain the right-half of the intermediate key by
ECB-mode triple-DES encrypting:
The second eight-bytes of card-specific derivation data when 16-bytes have
been supplied, else
The exclusive-OR of the supplied 8-bytes of derivation data with
X'FFFFFFFF FFFFFFFF'.
3. Pad the ATC value to the left with six bytes of X'00' and exclusive-OR the
result with the left-half of the intermediate key to obtain the left-half of the
session key.
4. Obtain the one's complement of the ATC by exclusive-ORing the ATC with
X'FFFF'. Pad the result on the left with six bytes of X'00'. Exclusive-OR the
8-byte result with the right-half of the intermediate key to obtain the right-half of
the session key.
Derivation of the EMV TDESEMVn Tree-Based Session-Key
In the Diversified_Key_Generate and PIN_Change/Unblock verbs, the TDESEMV2
and TDESEMV4 keywords call for the creation of the session key with this process:
1. The intermediate key is obtained as explained above for the TDES-XOR
process.
2. Combine the intermediate key with the two-byte Application Transaction
Counter (ATC) and an optional Initial Value. The process is defined in the
EMV 2000 Integrated Circuit Card Specification for Payment Systems Version
4.0 (EMV4.0) Book 2 Book 2, Annex A1.3.
E-18 IBM 4758 CCA Basic Services, Release 2.54, February 2005