There are several services you can use in secure communications
with EMV smart cards. The processing capabilities are consistent with
the specifications provided in these documents:
- EMV 2000 Integrated Circuit Card Specification
for Payment Systems Version 4.0 (EMV4.0) Book 2
- Design Visa Integrated Circuit Card Specification
Manual
- Integrated Circuit Card Specification (VIS)
1.4.0 Corrections
EMV smart cards include the following processing capabilities:
- The diversified key generate (CSNBDKG and CSNEDKG) callable
service with rule-array options TDES-XOR, TDESEMV2, and TDESEMV4 enables
you to derive a key used to cipher and authenticate messages, and
more particularly message parts, for exchange with an EMV smart card.
You use the derived key with services such as encipher, decipher,
MAC generate, MAC verify, secure messaging for keys, and secure messaging
for PINs. These message parts can be combined with message parts created
using the secure messaging for keys and secure messaging for PINs
services.
- The secure messaging for keys (CSNBSKY and CSNESKY) service
enables you to securely incorporate a key into a message part (generally
the value portion of a TLV component of a secure message for a card).
Similarly, the secure messaging for PINs (CSNBSPN and CSNESPN)
service enables secure incorporation of a PIN block into a message
part.
- The PIN change/unblock (CSNBPCU and CSNEPCU) service
enables you to encrypt a new PIN to send to a new EMV card, or to
update the PIN value on an initialized EMV card. This verb generates
both the required session key (from the master encryption key) and
the required authentication code (from the master authentication key).
- The ZERO-PAD option of the PKA encrypt (CSNDPKE)
service enables you to validate a digital signature created according
to ISO 9796-2 standard by encrypting information you format, including
a hash value of the message to be validated. You compare the resulting
enciphered data to the digital signature accompanying the message
to be validated.
- The MAC generate and MAC verify services post-pad a X'80'...X'00' string
to a message as required for authenticating messages exchanged with
EMV smart cards.
|