Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
The EMV standard distinguishes four types of applied cryptograms generated by the card, depending on the decision it makes on the further processing of the transaction:
In addition, the standard uses a cryptogram generated by the issuer and used by the card to authenticate the issuer. This cryptogram is called ARPC (Authorization Response Cryptogram).
Cryptograms of the TS and AAS cards are formed upon completion of the transaction and are proof of the fact that the transaction was completed by the cardholder and the result of the transaction. In fact, TS and AAS are signatures of the critical parameters of the transaction, made using a symmetric encryption algorithm.
These cryptograms are used by the issuer to ensure that the cardholder cannot refuse the result of the transaction. TS cryptograms are stored for the required time in the processing systems of the servicing banks and are presented by the servicing banks as proof of the fact that the transaction has been processed in the event of disputes over some transactions.
ARQC and ARPC cryptograms are used for mutual authentication of the card and the issuer (online mutual authentication).
The card generates a cryptogram using the MAC calculation algorithm (ISO / IEC 9797-1 algorithm 3) described in clause 3.11.3. Meaning
MAC is calculated for the set of data transmitted to the card by the terminal in the GENERATE AC command in accordance with the CDOL1 / CDOL2 lists, and the data stored on the card. The minimum set of data recommended by the EMV 4.2 standard (Section 8.1 of Book 2) for calculating a cryptogram is given in Table. 3.24. In a specific implementation, this data set is completely determined by the payment system of the card issuer, since the cryptogram is used to resolve disputes arising in the system, and is also checked in the backup authorization systems of the respective payment systems.
Tab. 3.24. Minimum data set recommended by EMV for cryptogram computation
In practice, payment systems must add the results of card checks contained in the Card Verification Results (CVR) data object to the minimum data set. Sometimes, instead of a CVR object, a composite Issuer Application Data object is used that includes a CVR object.
The calculation of the applied cryptogram is performed in two steps. At the first step, a 16-byte session key (a key for generating cryptograms during the current operation) Application Cryptogram Session Key SK AC is generated using a 16-byte card key to generate the MC AC cryptogram .
The algorithm for calculating the session key is generally chosen by the issuer (of course, taking into account the list of symmetric encryption algorithms supported by IPC manufacturers). In practice, this algorithm is determined by the payment system. In addition to the fact that in this case the payment system protects the brand from a possible unsuccessful choice of the issuer, a unified algorithm for generating a cryptogram makes it possible to implement the function of online card authentication in the backup authorization mode. The key management procedures and, in particular, the session keys withdrawal procedures will be discussed in clause 3.16.2.
At the second step, using the MAC calculation algorithm and the 16-byte session key SK AC , the 8-byte value of the applied cryptogram is calculated.
Let us now dwell on the algorithms for calculating the ARPC cryptogram. There are two methods for computing ARPC are considered in EMV 4.2.
Method 1. The ARPC cryptogram is computed by the issuer using the 3DES algorithm using the 16-byte session key SK AC , as well as the ARQC and Authorization Response Data (ARD, 2 bytes) values.
The VIS 1.4.x specification uses the Authorization Response Code (ARC) as an ARD, and the M / Chip 4 specification uses the ARPC Response Code. The ARC element is an authorization code that must at least indicate the result of authorization of the transaction by the issuer:
The ARPC Response Code element is present only in the M / Chip 4 specifications and determines the issuer's decision on the result of transaction authorization, new values of offline card counters, the need to perform the next operation on the card online, synchronization of the PIN Try Counter values on the card and the issuer's host.
Here is an algorithm for calculating ARPC:
• ARD is right-padded with six null bytes:
X: = (ARD || '00' || '00' || '00' || '00' || '00' || '00');
Here is an algorithm for calculating ARPC:
- ТС (Transaction Certificate) - when the card decides to approve the transaction;
- ARQC (Authorization Request Cryptogram) - in the case when the card decides to perform an operation in real time;
- AAR (Application Authorization Referral) - in the case when the card contacts the issuer for authorization confirmation using alternative authorization methods (for example, a phone call, telex, etc.); this method may be relevant for a terminal of the "offline only" type, when it is impossible to contact the issuer using the usual authorization request x100;
- ААС (Application Authentication Cryptogram) - in the case when the card decides to reject the transaction.
In addition, the standard uses a cryptogram generated by the issuer and used by the card to authenticate the issuer. This cryptogram is called ARPC (Authorization Response Cryptogram).
Cryptograms of the TS and AAS cards are formed upon completion of the transaction and are proof of the fact that the transaction was completed by the cardholder and the result of the transaction. In fact, TS and AAS are signatures of the critical parameters of the transaction, made using a symmetric encryption algorithm.
These cryptograms are used by the issuer to ensure that the cardholder cannot refuse the result of the transaction. TS cryptograms are stored for the required time in the processing systems of the servicing banks and are presented by the servicing banks as proof of the fact that the transaction has been processed in the event of disputes over some transactions.
ARQC and ARPC cryptograms are used for mutual authentication of the card and the issuer (online mutual authentication).
The card generates a cryptogram using the MAC calculation algorithm (ISO / IEC 9797-1 algorithm 3) described in clause 3.11.3. Meaning
MAC is calculated for the set of data transmitted to the card by the terminal in the GENERATE AC command in accordance with the CDOL1 / CDOL2 lists, and the data stored on the card. The minimum set of data recommended by the EMV 4.2 standard (Section 8.1 of Book 2) for calculating a cryptogram is given in Table. 3.24. In a specific implementation, this data set is completely determined by the payment system of the card issuer, since the cryptogram is used to resolve disputes arising in the system, and is also checked in the backup authorization systems of the respective payment systems.
Tab. 3.24. Minimum data set recommended by EMV for cryptogram computation
| Meaning | Data source |
| Amount, Authorized (Numeric) | Terminal |
| Amount Other (Numeric) | Terminal |
| Terminal country code | Terminal |
| Terminal Verification Results | Terminal |
| Transaction Currency Code | Terminal |
| Transaction Date | Terminal |
| Transaction Type | Terminal |
| Unpredictable Number | Terminal |
| Application Interchange Profile | ICC |
| Application Transaction Counter | ICC |
In practice, payment systems must add the results of card checks contained in the Card Verification Results (CVR) data object to the minimum data set. Sometimes, instead of a CVR object, a composite Issuer Application Data object is used that includes a CVR object.
The calculation of the applied cryptogram is performed in two steps. At the first step, a 16-byte session key (a key for generating cryptograms during the current operation) Application Cryptogram Session Key SK AC is generated using a 16-byte card key to generate the MC AC cryptogram .
The algorithm for calculating the session key is generally chosen by the issuer (of course, taking into account the list of symmetric encryption algorithms supported by IPC manufacturers). In practice, this algorithm is determined by the payment system. In addition to the fact that in this case the payment system protects the brand from a possible unsuccessful choice of the issuer, a unified algorithm for generating a cryptogram makes it possible to implement the function of online card authentication in the backup authorization mode. The key management procedures and, in particular, the session keys withdrawal procedures will be discussed in clause 3.16.2.
At the second step, using the MAC calculation algorithm and the 16-byte session key SK AC , the 8-byte value of the applied cryptogram is calculated.
Let us now dwell on the algorithms for calculating the ARPC cryptogram. There are two methods for computing ARPC are considered in EMV 4.2.
Method 1. The ARPC cryptogram is computed by the issuer using the 3DES algorithm using the 16-byte session key SK AC , as well as the ARQC and Authorization Response Data (ARD, 2 bytes) values.
The VIS 1.4.x specification uses the Authorization Response Code (ARC) as an ARD, and the M / Chip 4 specification uses the ARPC Response Code. The ARC element is an authorization code that must at least indicate the result of authorization of the transaction by the issuer:
- the transaction is approved, rejected, or the issuer requests an alternative authorization;
- whether it is required to capture the card in the terminal.
The ARPC Response Code element is present only in the M / Chip 4 specifications and determines the issuer's decision on the result of transaction authorization, new values of offline card counters, the need to perform the next operation on the card online, synchronization of the PIN Try Counter values on the card and the issuer's host.
Here is an algorithm for calculating ARPC:
• ARD is right-padded with six null bytes:
X: = (ARD || '00' || '00' || '00' || '00' || '00' || '00');
- D: = ARQC © X;
- ARPC: = DES3 (SK ac ) [D];
- a 10-byte Issuer Authentication Data (Tag '91') item is formed, which is the Issuer Authentication Data - = ARPC || ARC.
Here is an algorithm for calculating ARPC:
- • element Y = ARQC || CSU || Proprietary Authentication Data;
- • Algorithm 3 of ISO / IEC 9797-1 is applied to element Y for calculating the MAC value using a 16-byte session key SK ac h of the 3DES algorithm. In this case, the size of the MAC value is chosen equal to 4 bytes;
- • the Issuer Authentication Data data element (Tag '91') is formed, which is the Issuer Authentication Data = ARPC || CSU || Proprietary Authentication Data.
