Teacher
Professional
- Messages
- 2,670
- Reaction score
- 775
- Points
- 113
There are 2a algorithms for generating / verifying a pin (known to me): IBM 3624 and VISA PVV
Well, let's start with the more common and well-known one: VISA PVV
Let's start with deciphering the abbreviations:
PAN11 is the binary representation of the last 11 digits of the card number (counted from right to left, skipping the extreme left number).
For example: card number: 1234 5678 9012 3456, then PAN11: 56789012345
PVKI-binary representation of the index that determines the 3DES-key of the PIN card
-well, everything is simple.
The question arises, why do we need all this gibberish?
And everything is simple, in order to understand what TSP (Transformed Security Parameter) is and what it is eaten with.
TSP = PAN11 + PVKI + PIN usually TSP is encrypted with the DES algorithm, but there were also more advanced types: tripleDES Using
the PVKI index, you can extract a pair of keys that form the issuer's 3DES key.
We decrypt the first key, encrypt (the second key and the decrypted first), all encryption / decryption occurs using the DES algorithm (these values are also called PGK).
From left to right, all decimal values are written out (what we got after operations with encryption), and then hexadecimal values are written out a second time (in this case, we subtract 10 from each value beforehand). This procedure is called: decimalization.
The PVV value (or in simple language pin) is equal to four digits to the left.
Fuh, you can exhale))
Let's move on to the second algorithm: IBM 3624
We take the card number (this will be the PAN). We calculate the 3DES key value from PAN and PGK.
We apply decimalization.
You should get 16 decimal digits. According to the system, we select 4 digits, which are called PIN natural.
We are looking for the PIN Offset value (stored on the magnetic stripe or at the issuing bank.
The PIN natural values are added to the PIN offset value. PIN offset
We're done with, let's just say: some banks store some interesting data on magnetic stripes.
Well, let's start with the more common and well-known one: VISA PVV
Let's start with deciphering the abbreviations:
PAN11 is the binary representation of the last 11 digits of the card number (counted from right to left, skipping the extreme left number).
For example: card number: 1234 5678 9012 3456, then PAN11: 56789012345
PVKI-binary representation of the index that determines the 3DES-key of the PIN card
-well, everything is simple.
The question arises, why do we need all this gibberish?
And everything is simple, in order to understand what TSP (Transformed Security Parameter) is and what it is eaten with.
TSP = PAN11 + PVKI + PIN usually TSP is encrypted with the DES algorithm, but there were also more advanced types: tripleDES Using
the PVKI index, you can extract a pair of keys that form the issuer's 3DES key.
We decrypt the first key, encrypt (the second key and the decrypted first), all encryption / decryption occurs using the DES algorithm (these values are also called PGK).
From left to right, all decimal values are written out (what we got after operations with encryption), and then hexadecimal values are written out a second time (in this case, we subtract 10 from each value beforehand). This procedure is called: decimalization.
The PVV value (or in simple language pin) is equal to four digits to the left.
Fuh, you can exhale))
Let's move on to the second algorithm: IBM 3624
We take the card number (this will be the PAN). We calculate the 3DES key value from PAN and PGK.
We apply decimalization.
You should get 16 decimal digits. According to the system, we select 4 digits, which are called PIN natural.
We are looking for the PIN Offset value (stored on the magnetic stripe or at the issuing bank.
The PIN natural values are added to the PIN offset value. PIN offset
We're done with, let's just say: some banks store some interesting data on magnetic stripes.
