Diversifying keys

CCA supports diversifying DES and AES symmetric keys. Key-diversification is a technique often used in working with smart cards. In order to secure interactions with a population of cards, a key-generating key is used with some data unique to a card to derive ('diversify') keys for use with that card. The data is often the card serial number or other quantity stored on the card. The data is often public, and therefore, it is very important to handle the key-generating key with a high degree of security or the interactions with the whole population of cards could be placed in jeopardy. CCA supports diversifying a DES key using the Diversified Key Generate callable service and diversifying an AES key using the Diversified Key Generate2 service.

Several methods of diversifying a DES key are supported. They are CLR8-ENC, TDES-ENC, TDES-DEC, SESS-XOR, TDESEMV2, TDESEMV4, and TDES-XOR.

  • The CLR8-ENC and TDES-ENC methods triple-encrypt data using the generating_key to form the diversified key. The diversified key is then multiply-enciphered by the DES master-key modified by the control vector for the output key. The TDES-DEC method is similar except that the data is triple-decrypted.
  • The TDES-ENC, TDES-CBC, and TDES-DEC methods permit the production of either another key-generating key or a final key. Control-vector bits 19 through 22 associated with the key-generating key specify the permissible type of the final key. For more information, see DKYGENKY in Control-Vector Base Bits. Control-vector bits 12 through 14 associated with the key-generating key specify if the diversified key is a final key or another in a series of key-generating keys. Bits 12 through 14 specify a counter that is decreased by one each time that the diversified key generate service is used to produce another key-generating key. For example, if the key-generating key that you specify has its counter set to B'010', you must specify the control vector for the generated_key with a DKYGENKY key type having the counter bits set to B'001' and specify the same final key type in bits 19 through 22. Use of a generating_key with bits 12 through 14 set to B'000' results in the creation of the final key. Therefore, you can control both the number of diversifications required to reach a final key and you can closely control the type of the final key.
  • The SESS-XOR method provides a means for modifying an existing DATA, DATAC, MAC, DATAM, MACVER, or DATAMV single-length or double-length key. The provided data is exclusive-OR-ed into the clear value of the key. This form of key diversification is specified by several of the credit card associations.
  • The TDESEMV2, TDESEMV4, and TDES-XOR methods also derive a key by encrypting supplied data including a transaction counter value received from an EMV smart card. The processes are described in detail in Visa, MasterCard, and EMV-related smart card formats and processes. For information on the processing capabilities you can use with EMV smart cards, see Working with Europay–MasterCard–Visa smart cards.

Several methods of diversifying an AES key are supported. They are SESS-ENC, MK-OPTC, and KDFFM-DK.

  • The SESS-ENC method of diversifying a key creates a session key by enciphering the 16 bytes of derivation data supplied with the k-bit AES key-generating key to produce a k-bit AES generated session key using the AES algorithm in ECB mode, where k is 128, 192, or 256.
  • The MK-OPTC method creates a sequence level 0 key-generating key using the EMV Option C derivation method. This method uses AES in ECB mode to encipher the 16 bytes of derivation data with the k-bit diversified key generating key (Issuer Master Key) to produce a k-bit generated ICC master key, where k = 128, 192, or 256.
  • The KDFFM-DK method uses a derivation method based on the NIST KDF in Feedback Mode. Note that this method is specific to the DK PIN methods. This method uses AES CMAC to generate the 16 to 40 bytes of derivation data with the k-bit diversified key generating key (banking association specific master key) to produce a k-bit generated Bank specific Issuer Master Key, where k = 128, 192, or 256.