PIN Change/Unblock (CSNBPCU)
The PIN Change/Unblock verb is used to generate a special PIN block to change the PIN accepted by an integrated circuit card (smart card).
The special PIN block is based on the new PIN and the card-specific diversified key and, optionally, on the current PIN of the smart card. The new PIN block is encrypted with a session key. The session key is derived in a two-step process. First, the card-specific diversified key (ICC Master Key) is derived according to the algorithm of the key:
- For TDES keys: Using the TDES-ENC algorithm of the Diversified Key Generate service.
- For AES keys: Using the MK-OPTC algorithm of the Diversified Key Generate2 service.
The session key is then generated according to the rule array algorithm:
- TDES-XOR - XOR ICC Master Key with the Application Transaction Counter (ATC).
- TDESEMV2 - Use the EMV2000 algorithm with a branch factor of 2.
- TDESEMV4 - Use the EMV2000 algorithm with a branch factor of 4.
- AES-EMV1 - Use the EMV Book 2 Common Session key derivation option, which is also available as the SESS-ENC algorithm of the Diversified Key Generate2 service.
The TDES generating DKYGENKY cannot have replicated halves. The encryption_master_key is a DKYGENKY that permits generation of a SMPIN key. The authentication_master_key is also a DKYGENKY that permits generation of a double length MAC key.
The AES generating key must have the type DKYGENKY. The encryption_master_key must permit generation of a PINPROT key (D-PPROT or D-ALL). For an AES D-PPROT key, the key usage fields must indicate that the derived key can be used for encryption (ENCRYPT) or decryption (DECRYPT), the encryption mode must be Cipher Block Chaining (CBC), common usage control must be NOFLDFMT, PIN block format usage must be ISO-4, and PIN services control must include PINXLATE or REFORMAT. For the EMV-PCU1 service, the authentication_master_key is not used.
The following output PIN block formats are specified by the mutually exclusive rule array keywords: AMEXPCU1 and AMEXPCU2, or VISAPCU1 and VISAPCU2. They refer to whether the current PIN is used in the generation of the new PIN. Starting with CCA 7.2, the ISO-4 PIN block format is allowed for the new_reference_PIN_block, the current_reference_PIN_block, or both.
- AMEXPCU1 would create the output PIN from the new-reference PIN, the smart card-unique, intermediate key, and the current-reference PIN.
- AMEXPCU2 would create the output PIN from the new-reference PIN and the smart-card-unique, intermediate key.
- VISAPCU1 would create a new PIN for a card without a PIN in an encrypted PIN-block in the new_reference_PIN_block variable. The contents of the five current_reference_PIN_* variables are ignored.
- VISAPCU2 would provide the existing PIN for a card with a current PIN in an encrypted PIN-block in the current_reference_PIN_block variable and supply the new PIN value in an encrypted PIN block in the new_reference_PIN_block variable.
The EMV-PCU1 output PIN block format specified in EMV v4.3 Book 2 Format 1 and detailed in the EMV Common Payment Application (2011) specification as updated by SB165. The new-reference PIN is passed in to the service as an encrypted PIN block. The contents of the five current_reference_PIN_* variables are ignored. Both TDES-CBC and AES encryption of the output PIN block are supported.
An enhanced PIN security mode is available for extracting PINs from encrypted PIN blocks. This mode only applies when specifying a PIN-extraction method for an IBM 3621 or an IBM 3624 PIN-block. To do this, you must enable the Enhanced PIN Security access control point in the domain role. When activated, this mode limits checking of the PIN to decimal digits and a PIN length minimum of 4 is enforced. No other PIN-block consistency checking occurs.
Deriving the CCA TDES-XOR session key
In the Diversified Key Generate and PIN Change/Unblock verbs, the TDES-XOR process first derives a smart-card-specific intermediate key from the issuer-supplied ENC-MDK key and card-specific data. This intermediate key is also used in the TDESEMV2 and TDESEMV4 processes. The intermediate key is then modified using the application transaction counter (ATC) value supplied by the smart card.
The double-length session-key creation steps are as follows:
- Obtain the left-half of an intermediate key by ECB-mode Triple-DES encrypting the (first) eight bytes of card specific data using the issuer-supplied ENC-MDK key.
- Again using the ENC-MDK key, obtain the right-half of the intermediate key by ECB-mode
Triple-DES encrypting with one of these methods:
- The second 8 bytes of card-specific derivation data when 16 bytes have been supplied.
- The exclusive-OR of the supplied 8 bytes of derivation data with X'FFFFFFFF FFFFFFFF'.
- Pad the ATC value to the left with six bytes of X'00' and exclusive-OR the result with the left-half of the intermediate key to obtain the left-half of the session key.
- Obtain the one's complement of the ATC by exclusive-ORing the ATC with X'FFFF'. Pad the result on the left with six bytes of X'00'. Exclusive-OR the 8-byte result with the right-half of the intermediate key to obtain the right-half of the session key.