Working with Europay-Mastercard-Visa Smart cards

Edit online

There are several verbs you can use in secure communications with Europay-Mastercard-Visa (EMV) smart cards.

The processing capabilities are consistent with the specifications provided in these documents:
  • EMV 2000 Integrated Circuit Card Specification for Payment Systems Version 4.0 (EMV4.0) Book 2
  • Design Visa Integrated Circuit Card Specification Manual
  • Integrated Circuit Card Specification (VIS) 1.4.0 Corrections
EMV smart cards include the following processing capabilities:
  • The Diversified Key Generate verb with rule-array options TDES-XOR, TDESEMV2, and TDESEMV4 enables you to derive a key used to cipher and authenticate messages, and more particularly message parts, for exchange with an EMV smart card. You use the derived key with verbs such as: Encipher, Decipher, MAC Generate, MAC Verify, Secure Messaging for Keys, and Secure Messaging for PINs. These message parts can be combined with message parts created using the Secure Messaging for Keys and Secure Messaging for PINs verbs.
  • The Secure Messaging for Keys verb enables secure incorporation of a key into a message part (generally the value portion of a TLV component of a secure message for a card). Similarly, the Secure Messaging for PINs verb enables secure incorporation of a PIN block into a message part.
  • PIN Change/Unblock verb enables encryption of a new PIN to send to a new EMV card, or to update the PIN value on an initialized EMV card. This verb generates both the required session key (from the master encryption key) and the required authentication code (from the master authentication key).
  • The ZERO-PAD option of the PKA Encrypt enables validation of a digital signature created according to ISO 9796-2 standard by encrypting information that you format, including a hash value of the message to be validated. You compare the resulting enciphered data to the digital signature accompanying the message to be validated.
  • The MAC Generate and MAC Verify verbs post-pad a X'80'...X'00' string to a message as required for authenticating messages exchanged with EMV smart cards.