Explain TC generation process

[Papa Carder]

Overview of TC Generation Process​

The Transaction Certificate (TC) is an 8-byte cryptographic value generated by an EMV chip card to confirm approval of a transaction, either offline or after successful online authorization. It acts as a Message Authentication Code (MAC) that provides proof of the transaction's integrity and the card's approval, allowing the merchant to capture funds during settlement. Unlike the Authorization Request Cryptogram (ARQC), which requests online issuer approval, the TC is used for final confirmation when the card decides the transaction can proceed without further checks or after verifying the issuer's Authorization Response Cryptogram (ARPC). The TC is one type of Application Cryptogram (AC), computed using the same session key (SK_AC) and cryptographic methods as ARQC, following EMV specifications (e.g., EMV Book 2: Security and Key Management). It typically employs Triple DES (3DES) in CBC mode with ISO 9797-1 MAC Algorithm 3, though AES may be used in newer implementations.

TC generation occurs in response to the terminal's GENERATE AC command, and the card produces a TC (indicated by tag 9F27 = 0x40) if the transaction is approved based on risk management (e.g., Issuer Action Codes, Terminal Verification Results). In offline scenarios, it's generated in the first GENERATE AC; in online, it's in the second after ARPC verification.

Step-by-Step TC Generation Process​

The process is similar to ARQC generation but focuses on approval confirmation. It uses the session key SK_AC and transaction data from the Card Risk Management Data Object List (CDOL1 for offline/first AC, CDOL2 for online/second AC).

1. Derive the Session Key (SK_AC):
   • SK_AC is a 16-byte transaction-specific key derived from the ICC Application Cryptogram Master Key (MK_AC) and the Application Transaction Counter (ATC), using the Common Session Key (CSK) method (as detailed in prior explanations). This ensures uniqueness per transaction.
2. Prepare the Input Data:
   • Collect transaction data as specified in CDOL1 (for offline) or CDOL2 (for online, which may include ARPC and ARC). Common elements include: Authorized Amount (9F02), Transaction Currency Code (5F2A), Terminal Verification Results (95), Unpredictable Number (9F37), and for online, the ARPC (9F26) and ARC (9F10).
   • Concatenate these in the order defined by the CDOL (typically 21-55 bytes).
   • Pad the data to a multiple of 8 bytes using ISO 9797-1 Method 2 (append 0x80 followed by 0x00 as needed).
3. Compute the MAC (TC):
   • Use SK_AC to compute a CBC MAC over the padded input data, following Retail MAC (ISO 9797-1 Algorithm 3).
     • Split SK_AC into two 8-byte DES keys (left and right).
     • Initialize IV to 0x0000000000000000.
     • Encrypt blocks sequentially: For each block, XOR with previous ciphertext (or IV for first), then apply 3DES (encrypt with left, decrypt with right, encrypt with left for the final block).
   • The TC is the leftmost 8 bytes of the resulting MAC. The card only generates TC if approval conditions are met (e.g., ARC indicates success and ARPC verifies).
4. Send the TC:
   • The card includes the TC in the GENERATE AC response to the terminal, along with other data (e.g., Issuer Application Data). The terminal logs it for clearing/settlement, where the issuer may verify the TC post-transaction.

Key Differences from ARQC/ARPC​

• ARQC: Requests authorization (MAC over CDOL1 data); sent to issuer.
• ARPC: Issuer's response (MAC over ARQC XOR ARC); verified by card.
• TC: Confirms approval (MAC over CDOL data); used for settlement, not real-time request/response.

This process ensures tamper-proof approval. For normative details, refer to EMVCo specifications.