Professional Documents
Culture Documents
This appendix describes the keys and algorithms associated with the
generation of the online authentication cryptograms (Application
Authentication Cryptogram (AAC), Transaction Certificate (TC), and
Authorization Request Cryptogram (ARQC). Although this version of the Visa
Integrated Circuit Card Specification does not support the generation of an
Application Authorization Referral (AAR) by the card, a subsequent version
may support this function.
This appendix includes the following sections:
D.1 Source Data
D.2 Generating the TC, AAC, and ARQC
D.3 Generating the Authorization Response Cryptogram (ARPC)
D.4 Data Conversion
D.5 Derivation Key Methodology
D.6 Host Security Modules (HSM)
31 Oct 2001
Draft 12/18/00 Visa Public D–1
Authentication Keys and Algorithms Visa Integrated Circuit Card
Card Specification, Version 1.4.0
D–2
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.1 Source Data
Card Specification, Version 1.4.0
Table D–1 explains the TC/AAC/ARQC data element order further, including
the order in which the data is processed in the following three cases:
● Data objects that are to be hashed for input to the TC Hash Value
●
Data objects requested by the card in the CDOLs that are to be input to
the cryptographic algorithm
● Data elements obtained internally by the card that are input to the
algorithm
NOTE: Each terminal data object is included in the cryptogram algorithm
either as plaintext data or as part of the TC Hash Value data but not
as both. The Visa-defined cryptogram versions do not use the TC Hash
Value.
Order if in
Data from TC Hash Input by
Data Element Terminal Value Card
Amount, Authorized ! !
Amount, Other ! !
Transaction Date ! !
Transaction Type ! !
Unpredictable Number ! !
31 Oct 2001
Draft 12/18/00 Visa Public D–3
Authentication Keys and Algorithms Visa Integrated Circuit Card
Card Specification, Version 1.4.0
D–4
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.2 Generating the TC, AAC, and ARQC
Card Specification, Version 1.4.0
4. Using triple DEA encipherment, the card shall perform the algorithm
shown in Figure D–1 to generate the TC/AAC or ARQC using the Unique
DEA Keys A and B for Cryptogram Version 10 and the current session
Keys A and B as described in Appendix E.3 Cryptogram Version 14.
(Depending on the length of the concatenated data block created in Step 3,
there may be fewer than five 8-byte data blocks to input to the algorithm.)
NOTE: For Cryptogram Version 10, Key A and Key B refer to Unique DEA
Key A and B. For Cryptogram Version 14, Key A and Key B refer to
current session Keys A and B as described in Appendix E.3
Cryptogram Version 14.
If Issuer Script failed, the terminal sets the “Issuer Script
processing Failed after final GENERATE AC” bit in the Terminal
Verification Results to “1” after the TC or AAC is generated by the
card. Therefore, prior to validating the TC/AAC transmitted in the
clearing message, this bit needs to be reset to “0”. Otherwise, the
TC/AAC cannot be correctly validated.
I1 = D 1 I 2 I3 I 4 I 5
01 02 03 0 4 05 06
+ + + + KA DEA(e)
D2 D 3 D4 D 5
07
Legend: TC/AAC/ARQC
31 Oct 2001
Draft 12/18/00 Visa Public D–5
Authentication Keys and Algorithms Visa Integrated Circuit Card
Card Specification, Version 1.4.0
D–6
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.3 Generating the Authorization Response Cryptogram (ARPC)
Card Specification, Version 1.4.0
I 1 = D 1
KA DEA(e)
0 1
KB DEA(d)
0 2
KA DEA(e)
0 3
ARPC
Legend:
I = Input D = Data block
DEA(e) = Data Encryption Algorithm K A = Key A
(encipherment mode) K B = Key B
DEA(d) = Data Encryption Algorithm
(decipherment mode)
O = Output
31 Oct 2001
Draft 12/18/00 Visa Public D–7
Authentication Keys and Algorithms Visa Integrated Circuit Card
Card Specification, Version 1.4.0
D–8
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.4 Data Conversion
Card Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public D–9
Authentication Keys and Algorithms Visa Integrated Circuit Card
Card Specification, Version 1.4.0
Issuer Host
Security Module
UDKA
UDKB
D–10
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.5 Derivation Key Methodology
Card Specification, Version 1.4.0
To derive the Unique DEA Key A, the Application PAN and Application PAN
Sequence Number shall be concatenated together in a 16-hexadecimal field.
(If the Application PAN Sequence Number is not present, it shall be zero
filled.) If the length of the Application PAN followed by the Application PAN
Sequence Number is not equal to 16 digits, the following formatting rules
shall be applied:
● If the Application PAN plus the Application PAN Sequence Number are
less than 16 digits, right-justify the data in a 16-hexadecimal field and
pad on the left with hexadecimal zeros.
●
If the Application PAN followed by the Application PAN Sequence
Number are greater than 16 digits, use only the right-most 16 digits.
To derive the Unique DEA Key B, the Application PAN and Application PAN
Sequence Number shall first be concatenated together in a 16-hexadecimal
field using the formatting rules described above and then inverted. Inversion
shall be performed at the bit level, where each bit with value “1” is set to “0”
and each bit with value “0” is set to “1”.
NOTE: When triple DEA encipherment is performed using the issuer’s
double-length Master Derivation Key, the encipherment function shall
always be performed using the first half of the issuer’s double-length
key and the decipherment function shall always be performed using
the second half of the issuer’s double-length key. This convention shall
apply regardless of whether the Unique DEA Key A or B is being
generated.
31 Oct 2001
Draft 12/18/00 Visa Public D–11
Authentication Keys and Algorithms Visa Integrated Circuit Card
Card Specification, Version 1.4.0
Figure D–4 illustrates how the Unique DEA Key A (UDKA) and Unique DEA
Key B (UDKB) used by the card and the issuer to perform card
authentication. A similar method is used to perform online Issuer
Authentication and TC generation.
Figure D–4: Using the Unique DEA Keys to Perform Card Authentication
ARQC
As shown, the derivation of the Unique DEA Keys shall be performed in a host
security module and the verification of the ARQC shall also be performed in a
host security module.
D–12
Draft 12/18/00 Visa Public 31 Oct 2001
Visa Integrated Circuit Card D.6 Host Security Modules (HSM)
Card Specification, Version 1.4.0
31 Oct 2001
Draft 12/18/00 Visa Public D–13
Authentication Keys and Algorithms Visa Integrated Circuit Card
Card Specification, Version 1.4.0
D–14
Draft 12/18/00 Visa Public 31 Oct 2001