P. 1
Visa Integrated Circuit Card Specification

Visa Integrated Circuit Card Specification

|Views: 9,605|Likes:
Published by lucianozx

More info:

Published by: lucianozx on Sep 29, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/30/2013

pdf

text

original

Data encipherment occurs prior to generation of the MAC. The data
encipherment technique is as follows:

1.LD is set equal to the length of the plaintext data. A block of data is
created by prefixing LD to the plaintext data.

2.The block of data created in step1 is divided into 8-byte data blocks,
labeled D1, D2, D3, D4, and so forth. The last data block may be1 to
8bytes in length.

3.If the last (or only) data block is equal to 8bytes, proceed to step4. If the
last data block is less than 8bytes, it is padded to the right with a
hexadecimal80. If the last data block is now equal to 8bytes, proceed to
step4. If the last data block is still less than 8bytes, it is right filled with
1-byte hexadecimalzeros until it is 8bytes.

4.Each data block is enciphered using the Data Encipherment Session Key
generated as described in SectionB.4 Session Key Generation.

Draft 12/18/00

Secure Messaging

Visa Integrated Circuit Card
Card Specification, Version 1.4.0

B–6

31 Oct 2001

Visa Public

The data block is enciphered using the Data Encipherment Session KeysA
andB as shown in Figure B–2.

Figure B–2:Data Encipherment for Double-Length DEA Key

5.When completed, all of the enciphered data blocks are concatenated
together in order (EncipheredD1, EncipheredD2, and so forth). The
resulting block of data is inserted in the command data field.

D

N

DEA(e)

0

1

Legend:

DEA(e)=Data Encryption Algorithm
(encipherment mode)
DEA(d)=Data Encryption Algorithm
(decipherment mode)

O=Output

D=Data block

KDA=Data Encipherment Session Key A

KDB=Data Encipherment Session Key B

KDA

Enciphered D

N

DEA(d)

KDB

0

2

DEA(e)

KDA

0

3

Draft 12/18/00

Visa Integrated Circuit Card
Card Specification, Version 1.4.0

B.3 Data Confidentiality

B–7

31 Oct 2001

Visa Public

B.3.4 Data Decipherment Calculation

Upon receipt of the command, the card needs to be able to decipher the
enciphered data contained in the command. The data decipherment technique
is as follows:

1.The block of data contained in the command data field is divided into
8-byte blocks, labeled as D1, D2, D3, D4, and so forth. Each data block is
deciphered using the Data Encipherment Session Key generated as
described in SectionB.4 Session Key Generation.

The data block is deciphered using the Data Encipherment Session
KeysA andB as shown in Figure B–3.

Figure B–3:Data Decipherment for Double-Length DEA Key

D

N

DEA(d)

0

1

Legend:

DEA(e)=Data Encryption Algorithm
(encipherment mode)
DEA(d)=Data Encryption Algorithm
(decipherment mode)

O=Output

D=Data block

KDA=Data Encipherment Session Key A

KDB=Data Encipherment Session Key B

KDA

Deciphered D

N

DEA(e)

KDB

0

2

DEA(d)

KDA

0

3

Draft 12/18/00

Secure Messaging

Visa Integrated Circuit Card
Card Specification, Version 1.4.0

B–8

31 Oct 2001

Visa Public

2.When completed, all of the deciphered data blocks are concatenated
together in order (Deciphered D1, Deciphered D2, and so forth). The
resulting block of data is composed of the recovered LD, the recovered
plaintext data, and the recovered pad characters (if added during the
encipherment process described in SectionB.3.3 Data Encipherment
Calculation).

3.Since LD indicates the length of the plaintext data, it is used to recover
the plaintext data.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->