Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 963
- Points
- 113
This article will only consider the issue of checking the so-called. online PIN, i.e. PIN, which is entered at the terminal and transmitted for further verification to the system, which authorizes the transaction.
Before proceeding directly to the issue of validating a PIN card, let us dwell on some theoretical questions.
Applied Cryptography
DES Algorithm
At the moment, the main encryption algorithm for all operations with bank cards is the DES algorithm (and not 3DES, which is used only for encryption operations, mainly at the transport layer). Without going into the terminology and classification of encryption algorithms, I will simply say that this is a block encryption algorithm with a block size of 8 bytes and a key of 56 bits (7 bytes). In practice, the DES key is usually represented as a block of 8 bytes, where in each byte the most significant 7 bits are significant, and the last bit is insignificant. It can be used to control the integrity of the key (more on this later).
Since, at present, a 56-bit key is insufficient from a security point of view, instead of the DES algorithm for encryption, accept the use of the 3DES algorithm in EDE mode (hereinafter, I will mean the use of the EDE scheme by 3DES). Typically, in a banking environment, the 3DES algorithm is used with a double-length key (112 bits, 16 bytes), in which the same key is used in the first and third steps (see the algorithm description).
PIN verification algorithms
At the moment, the following 2 PIN verification algorithms are mainly used: Visa PVV and IBM 3624 PIN offset.
Visa PVV
This algorithm was originally developed by the Visa payment system, but is currently the recommended PIN verification algorithm for both Visa and MasterCard. This algorithm is based on the PVV value (PIN verification value), which is a cryptogram obtained on the basis of the following values:
- Card number (hereinafter PAN)
- PIN verification key index (hereinafter PVKI)
- PIN verification key ( PIN verification key, hereinafter PVK)
- the card's PIN code
To obtain PVV, a block is formed from PAN (the last 11 digits, except for the check number of the card), PVKI, PIN (strictly, the first 4 digits), which is encrypted using PVK, after which a 4-digit number, which is the value of PVV [1]. This PVV value is a reference for checking the PIN code. Those. upon receipt of a transaction with the entered PIN, to verify it based on PAN, PVKI, PVK, a new PVV value is generated and compared with the reference PVV for the card. If the values match, then the PIN is considered correct, if they do not match, it is incorrect.
The features of this algorithm include the following "restrictions":
- Fundamental impossibility of recovering PIN from PVV value
- Using a PIN code of strictly 4 digits
IBM 3624 PIN offset
This algorithm was originally developed by IBM for use in IBM 3624 ATMs. History is silent as to how it was planned to use it, and the author of the article does not know, but, in this case, it is not important. At present, this algorithm is considered outdated, but it is used quite successfully for several reasons:
- card systems of "old" regions (Western Europe, North America) are quite conservative and, in many ways, work on "sufficiently" old systems, which suits them quite well
- this algorithm allows you to recover the PIN code value from the verification value (see below), which can be used. very useful under certain conditions
This algorithm is based on the PIN offset (PIN verification value), which is a cryptogram obtained on the basis of the following values:
- Validation data (hereinafter VD) - some value (usually part of the card number, but this is not necessary)
- Decimalization table (hereinafter referred to as DT)
- PIN verification key (hereinafter PVK)
- The PIN code of the card
For simplicity of further description, under the PIN verification key in the case of the IBM 3624 PIN offset method, we will use the combination of the PVK key and the decimalization table value DT.
To obtain the PIN offset, the control value VD is encrypted using the PVK key, after which a block of 16 decimal digits is obtained from the obtained value using the decimalization table DT.
From the received block, the first N digits are taken, where N is the PIN length (the IBM 3624 method allows you to check a PIN with a length of up to 16 digits), then the corresponding digit of the received block is subtracted from each PIN digit modulo 10. The resulting value will be the PIN offset value.
HSM
HSM - hardware security module, software hardware complex designed to perform cryptographic operations in a secure environment. The HSM itself must be secured to prevent unauthorized access to the data it contains. Its functions include performing various cryptographic checks, including card verification, PIN verification, cryptographic message signature (MAC) and various encryption operations in such a way as to prevent access to sensitive information (keys, PIN code values). It is worth clarifying here that when using HSM, the key value itself, in the general case, in clear form (i.e., in a form suitable for performing operations in accordance with the DES / 3DES algorithm) is present only inside the HSM at the time of performing this operation. How this is achieved depends on the specific HSM.
- Key encryption under the so-called. Master key HSM in various versions. In this case, the key value itself is stored encrypted on an external medium (usually in a processing system) and transferred to the HSM during the operation. In this case, when performing the operation, the HSM first decrypts the key using the Master Key, after which it already performs, directly, the operation that was requested
- Storing the key in the protected internal HSM storage. In this case, usually, the key identifier is supplied as input, by which the HSM retrieves it from the internal storage.
In this case, the very principle of performing an operation on an HSM does not depend on which of the key storage methods is used.
Everywhere below, unless it is explicitly indicated, we will assume that the key is transmitted in a protected HSM form (i.e., encrypted under the HSM Master key or as an identifier).
PIN check
Terminology
To simplify further description, we introduce some terms:
- PIN block - the value of the PIN code of the card, in some special way packed into a block of 8 bytes. It is worth clarifying that no encryption is used in this process. Packaging methods, in this case, are different, but this is not essential.
- Encrypted PIN block - the value of the PIN block, encrypted using the DES / 3DES algorithm using a key (terminal key, bank, payment network, etc.) specially allocated for the purpose of encrypting the PIN block.
- PIN verification value - PVV or PIN offset, depending on which PIN verification method is used.
- Additional PIN verification data - data, except for PIN and PIN verification value, required for PIN verification in accordance with Visa PVV / IBM 3624 PIN offset algorithms in accordance with the list given in the description of algorithms (see above).
Payment systems requirements
In terms of PIN verification, you can specify the following:
- Open PIN and PIN block values should not be transferred, stored or processed in any way outside of specially designated software and hardware systems (HSM on the side of processing systems or EPP and some other terrible abbreviations on the side of terminal devices (ATMs, POS terminals, etc.)).
- The encrypted PIN block should not be stored after the completion of the operation in systems responsible for online / offline processing of transactions (there are also systems responsible for issuing the cards themselves, this requirement does not apply to them).
PIN check
As we have already defined earlier, to check the PIN we need the following data:
- The PIN itself, which we will check
- PIN verification value
- Additional PIN verification data
With the PIN, everything is quite simple. As already mentioned above, we cannot receive an open PIN value under any circumstances. Thus, we are left with only an encrypted PIN block. In addition to it, we need a key to decrypt it. Let's call this key PPK (PIN protection key, the term is taken from the HSM documentation from SafeNet).
Next, you need to decide on the PIN verification value and additional data.
The first option is to store the verification value on the magnetic stripe of the card after the Service Code field. A modified version of ISO 7813 showing where the PVV is stored can be viewed here. According to the above description of the track format, it is worth adding that the 5-character PVV value means the following sequence of 1 PVKI character and 4 characters of the PVV itself, and for PIN offset - the PIN offset value for a 5-digit PIN. If the PIN has a length other than 5 digits, then the size of the PIN offset will change accordingly. What are the advantages of this method. Of course - the ability to check PIN for anyone who has the keys necessary for verification. It should be noted here that when a new card product is launched, the keys on which the card is issued are usually transferred to the payment network. Thus, when using this method, both the card issuer and the payment network can verify the PIN. The disadvantages of this method include the fact that this option makes the card PIN static until the card is reissued.
The second option is to store the check value in some storage, usually the database of the system responsible for performing checks during card authorization. In this case, when verifying the PIN, it is necessary to retrieve the verification value from this storage, and only then perform verification using this value. As a consequence, when using this method, it is impossible to complete the PIN check in an external system (in the same payment system) and it can be used. executed only on the system that has access to the store of check values. However, such a system allows you to change the PIN code of the card without any costs for changing the plastic (what is it for, what needs to be done and what problems after that, I will not describe, since this is beyond the scope of this articles).
Regardless of how and by whom (card issuer or payment network) all the necessary information was obtained, the PIN verification itself is performed on the HSM, which receives the PPK in a protected form for verification, a secure PIN verification key, an encrypted PIN block, PIN verification value and additional verification data, in response to which only the verification result is returned: correct PIN, incorrect PIN, other error. Those. during the verification process, the system responsible for authorization does not in any way come into contact with the open value of the PIN code itself.
Before proceeding directly to the issue of validating a PIN card, let us dwell on some theoretical questions.
Applied Cryptography
DES Algorithm
At the moment, the main encryption algorithm for all operations with bank cards is the DES algorithm (and not 3DES, which is used only for encryption operations, mainly at the transport layer). Without going into the terminology and classification of encryption algorithms, I will simply say that this is a block encryption algorithm with a block size of 8 bytes and a key of 56 bits (7 bytes). In practice, the DES key is usually represented as a block of 8 bytes, where in each byte the most significant 7 bits are significant, and the last bit is insignificant. It can be used to control the integrity of the key (more on this later).
Since, at present, a 56-bit key is insufficient from a security point of view, instead of the DES algorithm for encryption, accept the use of the 3DES algorithm in EDE mode (hereinafter, I will mean the use of the EDE scheme by 3DES). Typically, in a banking environment, the 3DES algorithm is used with a double-length key (112 bits, 16 bytes), in which the same key is used in the first and third steps (see the algorithm description).
PIN verification algorithms
At the moment, the following 2 PIN verification algorithms are mainly used: Visa PVV and IBM 3624 PIN offset.
Visa PVV
This algorithm was originally developed by the Visa payment system, but is currently the recommended PIN verification algorithm for both Visa and MasterCard. This algorithm is based on the PVV value (PIN verification value), which is a cryptogram obtained on the basis of the following values:
- Card number (hereinafter PAN)
- PIN verification key index (hereinafter PVKI)
- PIN verification key ( PIN verification key, hereinafter PVK)
- the card's PIN code
To obtain PVV, a block is formed from PAN (the last 11 digits, except for the check number of the card), PVKI, PIN (strictly, the first 4 digits), which is encrypted using PVK, after which a 4-digit number, which is the value of PVV [1]. This PVV value is a reference for checking the PIN code. Those. upon receipt of a transaction with the entered PIN, to verify it based on PAN, PVKI, PVK, a new PVV value is generated and compared with the reference PVV for the card. If the values match, then the PIN is considered correct, if they do not match, it is incorrect.
The features of this algorithm include the following "restrictions":
- Fundamental impossibility of recovering PIN from PVV value
- Using a PIN code of strictly 4 digits
IBM 3624 PIN offset
This algorithm was originally developed by IBM for use in IBM 3624 ATMs. History is silent as to how it was planned to use it, and the author of the article does not know, but, in this case, it is not important. At present, this algorithm is considered outdated, but it is used quite successfully for several reasons:
- card systems of "old" regions (Western Europe, North America) are quite conservative and, in many ways, work on "sufficiently" old systems, which suits them quite well
- this algorithm allows you to recover the PIN code value from the verification value (see below), which can be used. very useful under certain conditions
This algorithm is based on the PIN offset (PIN verification value), which is a cryptogram obtained on the basis of the following values:
- Validation data (hereinafter VD) - some value (usually part of the card number, but this is not necessary)
- Decimalization table (hereinafter referred to as DT)
- PIN verification key (hereinafter PVK)
- The PIN code of the card
For simplicity of further description, under the PIN verification key in the case of the IBM 3624 PIN offset method, we will use the combination of the PVK key and the decimalization table value DT.
To obtain the PIN offset, the control value VD is encrypted using the PVK key, after which a block of 16 decimal digits is obtained from the obtained value using the decimalization table DT.
From the received block, the first N digits are taken, where N is the PIN length (the IBM 3624 method allows you to check a PIN with a length of up to 16 digits), then the corresponding digit of the received block is subtracted from each PIN digit modulo 10. The resulting value will be the PIN offset value.
HSM
HSM - hardware security module, software hardware complex designed to perform cryptographic operations in a secure environment. The HSM itself must be secured to prevent unauthorized access to the data it contains. Its functions include performing various cryptographic checks, including card verification, PIN verification, cryptographic message signature (MAC) and various encryption operations in such a way as to prevent access to sensitive information (keys, PIN code values). It is worth clarifying here that when using HSM, the key value itself, in the general case, in clear form (i.e., in a form suitable for performing operations in accordance with the DES / 3DES algorithm) is present only inside the HSM at the time of performing this operation. How this is achieved depends on the specific HSM.
- Key encryption under the so-called. Master key HSM in various versions. In this case, the key value itself is stored encrypted on an external medium (usually in a processing system) and transferred to the HSM during the operation. In this case, when performing the operation, the HSM first decrypts the key using the Master Key, after which it already performs, directly, the operation that was requested
- Storing the key in the protected internal HSM storage. In this case, usually, the key identifier is supplied as input, by which the HSM retrieves it from the internal storage.
In this case, the very principle of performing an operation on an HSM does not depend on which of the key storage methods is used.
Everywhere below, unless it is explicitly indicated, we will assume that the key is transmitted in a protected HSM form (i.e., encrypted under the HSM Master key or as an identifier).
PIN check
Terminology
To simplify further description, we introduce some terms:
- PIN block - the value of the PIN code of the card, in some special way packed into a block of 8 bytes. It is worth clarifying that no encryption is used in this process. Packaging methods, in this case, are different, but this is not essential.
- Encrypted PIN block - the value of the PIN block, encrypted using the DES / 3DES algorithm using a key (terminal key, bank, payment network, etc.) specially allocated for the purpose of encrypting the PIN block.
- PIN verification value - PVV or PIN offset, depending on which PIN verification method is used.
- Additional PIN verification data - data, except for PIN and PIN verification value, required for PIN verification in accordance with Visa PVV / IBM 3624 PIN offset algorithms in accordance with the list given in the description of algorithms (see above).
Payment systems requirements
In terms of PIN verification, you can specify the following:
- Open PIN and PIN block values should not be transferred, stored or processed in any way outside of specially designated software and hardware systems (HSM on the side of processing systems or EPP and some other terrible abbreviations on the side of terminal devices (ATMs, POS terminals, etc.)).
- The encrypted PIN block should not be stored after the completion of the operation in systems responsible for online / offline processing of transactions (there are also systems responsible for issuing the cards themselves, this requirement does not apply to them).
PIN check
As we have already defined earlier, to check the PIN we need the following data:
- The PIN itself, which we will check
- PIN verification value
- Additional PIN verification data
With the PIN, everything is quite simple. As already mentioned above, we cannot receive an open PIN value under any circumstances. Thus, we are left with only an encrypted PIN block. In addition to it, we need a key to decrypt it. Let's call this key PPK (PIN protection key, the term is taken from the HSM documentation from SafeNet).
Next, you need to decide on the PIN verification value and additional data.
The first option is to store the verification value on the magnetic stripe of the card after the Service Code field. A modified version of ISO 7813 showing where the PVV is stored can be viewed here. According to the above description of the track format, it is worth adding that the 5-character PVV value means the following sequence of 1 PVKI character and 4 characters of the PVV itself, and for PIN offset - the PIN offset value for a 5-digit PIN. If the PIN has a length other than 5 digits, then the size of the PIN offset will change accordingly. What are the advantages of this method. Of course - the ability to check PIN for anyone who has the keys necessary for verification. It should be noted here that when a new card product is launched, the keys on which the card is issued are usually transferred to the payment network. Thus, when using this method, both the card issuer and the payment network can verify the PIN. The disadvantages of this method include the fact that this option makes the card PIN static until the card is reissued.
The second option is to store the check value in some storage, usually the database of the system responsible for performing checks during card authorization. In this case, when verifying the PIN, it is necessary to retrieve the verification value from this storage, and only then perform verification using this value. As a consequence, when using this method, it is impossible to complete the PIN check in an external system (in the same payment system) and it can be used. executed only on the system that has access to the store of check values. However, such a system allows you to change the PIN code of the card without any costs for changing the plastic (what is it for, what needs to be done and what problems after that, I will not describe, since this is beyond the scope of this articles).
Regardless of how and by whom (card issuer or payment network) all the necessary information was obtained, the PIN verification itself is performed on the HSM, which receives the PPK in a protected form for verification, a secure PIN verification key, an encrypted PIN block, PIN verification value and additional verification data, in response to which only the verification result is returned: correct PIN, incorrect PIN, other error. Those. during the verification process, the system responsible for authorization does not in any way come into contact with the open value of the PIN code itself.
