BP-Tools: Cryptographic Calculator - Secure Messaging (MasterCard)

 

BP-Tools icon

MasterCard Secure Messaging

This tutorial focuses on Cryptographic Calculator functionality handling MasterCard Secure Messaging for EMV card issuers. Following procedure and implementation is compliant with MasterCard M/Chip Lite 2.1 Card Application Specifications for Debit and Credit released on April 2003.

Session Keys

The Session key tab derives two 16-byte Secure messaging Session Keys (SMI & SMC) based on the input selection of the Unique Derivation Key (UDK) or Master Derivation Key (MK). Mandatory values are then 8-byte Application Cryptogram and single-byte Command number.

The MK/UDK keys needs to be provided in its dual length, which makes precisely 32 hexadecimal characters, Application Cryptogram matches the one for First Application Cryptogram issuance command and Command number is provided to distinguish keys between multiple chained issuer scripts (commonly single script provided).

Result of this operation is then streamed to following PIN block encryption and MAC calculation screens.

MasterCard Secure Messaging: Session Key derivation finished (MK & PAN input)
****************************************
MK-SMI:        862F13DF807A13B9D9AEAEC885FE7CA4
KCV:           8D2921
MK-SMC:        BF89B32308CDADDC04B952C7DF0715E0
KCV:           760B6D
UDK-SMI:       AEB0F198A498E067C4E63D94A770A80E
KCV:           CA2DB2
UDK-SMC:       640167C1D3C7623804FE97A75E2FC102
KCV:           70BEF3
AC:            51DB71A5DCC47F8A
Command nr.:   0
----------------------------------------
SK-SMI:        1241B9DB1E953A02D5620E8B97418AE8
KCV:           742B2E
SK-SMC:        46AEA9871A61315C4E174FD9EBEB8AAC
KCV:           332C1C

MasterCard Secure Messaging: Session Key derivation finished (UDK only input)
****************************************
UDK-SMI:       AEB0F198A498E067C4E63D94A770A80E
KCV:           CA2DB2
UDK-SMC:       640167C1D3C7623804FE97A75E2FC102
KCV:           70BEF3
AC:            51DB71A5DCC47F8A
Command nr.:   0
----------------------------------------
SK-SMI:        1241B9DB1E953A02D5620E8B97418AE8
KCV:           742B2E
SK-SMC:        46AEA9871A61315C4E174FD9EBEB8AAC
KCV:           332C1C

PIN block encryption

PIN block is exchanged encrypted under the Secure Messaging Encryption Session Key which stores 16 bytes of proprietary formatted PIN. Session SMC key is needed for PIN block generation. Standard EMV (Thales PIN block 34) or Europay/MasterCard Pay Now & Pay Later (Thales PIN block 35) PIN block outputs are supported (ask the chip vendor for the one supported).

Note that Standard EMV PIN block can be already decommissioned on some security devices (Thales RG9000 PayShield).

MasterCard Secure Messaging: PIN encryption finished
****************************************
PIN block:     Standard EMV
Session Key Enc:   46AEA9871A61315C4E174FD9EBEB8AAC
KCV:           A77DB4
New PIN:       4222
----------------------------------------
Plaintext PIN block:   244222FFFFFFFFFF
Encrypted PIN block:   C3921CE396085F97

MasterCard Secure Messaging: PIN encryption finished
****************************************
PIN block:     Europay/MasterCard Pay Now & Pay Later
Session Key Enc:   46AEA9871A61315C4E174FD9EBEB8AAC
KCV:           A77DB4
New PIN:       4222
----------------------------------------
Plaintext PIN block:   244261FEFFFFFEA8
Encrypted PIN block:   912561CB3C207ED1

MAC

While the purpose of PIN block is clearly the confidentiality the Message authentication code (MAC) is implemented for additional data validation. MAC input data matches the same APDU command which was originally send to the ICC card for the First Cryptogram generation appended by payload itself. Payload is in this case the encrypted PIN block data.

MasterCard Secure Messaging: MACing operation finished
****************************************
Session Key MAC:   1241B9DB1E953A02D5620E8B97418AE8
KCV:           D338D4
MAC Data:      8424000210001051DB71A5DCC47F8A912561CB3C207ED180
----------------------------------------
MAC:           700F29D079940A73

Summary

 

In this article, we went through the functionality of Cryptographic Calculator and covered the MasterCard Secure Messaging screens.

Cryptographic Calculator and other tools covered in BP-Tools suite were designed to help and assist payment industry people in their day to day tasks and make their work the most effective. Our team would be grateful if you would suggest any improvements to our applications or report completely new functionality needed. Feedback from our users like this is exactly what drives the development of its and helps us to share our experience to wide public.

BP-Tools

BP-Tools is a set of freeware applications for EFT testing, benchmarking and transaction service development.

See more...

Download...

Download Flyer...

BP-Sim

The Babylon Payments Simulator (BP-Sim) is a family of highly efficient regression and stress testing tools, designed for deployment in development and pre-production environments. BP-Sim allows users to perform an extensive range of tests across the chain of payment services.

See more...

Download Flyer...

BP-Processing

The Babylon Payments Processing Suite(BP-Processing) is a suite of EFTlab's products for realtime payment transaction processing and authorisation.

See more...