BP-Tools: Cryptographic Calculator - Secure Messaging (VISA)

 

BP-Tools icon

VISA Secure Messaging

This tutorial focuses on Cryptographic Calculator functionality handling VISA Secure Messaging for EMV card issuers. Following procedure and implementation is compliant with VISA Integrated Circuit Card Specification (VIS) Version 1.5 released on May 2009.

Session Key (for PIN block Encryption)

The Session key function derives a 16-byte Secure messaging Session Key the Unique Derivation Key (UDK) and the 2-byte Application Transaction Counter (ATC) of the ICC. The UDK key needs to be provided in its dual length, which makes precisely 32 hexadecimal characters.

Result of this operation can be streamed to following screens by changing the target radio button to SK Enc (PIN block encryption screen) or SK MAC (MAC calculation).

Visa Secure Messaging: Session Key derivation finished
****************************************
UDK:               94E3194C02105E3B153438D562D5A49D
KCV (Visa):        086020
ATC:               0003
----------------------------------------
Session key:       94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
(set as SK Enc for PIN encryption)

PIN block encryption

PIN block is exchanged encrypted under the Secure Messaging Encryption Session Key which stores 16 bytes of proprietary formatted PIN. UDK Encryption key is needed for PIN block generation.

Visa Secure Messaging: PIN encryption finished
****************************************
Session Key Enc:   94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
UDK Enc:           64C8621A76A2EA9EF23D5749FE1A64F1
KCV (Visa):        E23347
New PIN:           4222
----------------------------------------
Encrypted PIN block:    B3511E3333BF9DC56E1EDF6458BB52B6

Session Key (for MAC generation)

Procedure is same as for PIN block encryption Session key, the only difference is that UDK mac has to be different. The Odd parity correction is again applied as default.

Visa Secure Messaging: Session Key derivation finished
****************************************
UDK:               94E3194C02105E3B153438D562D5A49D
KCV (Visa):        086020
ATC:               0003
----------------------------------------
Session key:       94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
(set as SK MAC for MAC generation)

MAC

While the purpose of PIN block is clearly the confidentiality the Message authentication code (MAC) is implemented for additional data validation. MAC input data matches the same APDUcommand which was send to the ICC card for the First Cryptogram generation appended by payload itself. Payload is in this case the encrypted PIN block data.

Visa Secure Messaging: MACing operation finished
****************************************
Session Key MAC:   94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
MAC Data:          84240002180003EFB5340A1BF07421B3511E3333BF9DC56E1EDF6458BB52B680
----------------------------------------
MAC:               E36046E6E5C110A2

Summary

 

In this article, we went through the functionality of Cryptographic Calculator and covered the VISA Secure Messaging screens.

Cryptographic Calculator and other tools covered in BP-Tools suite were designed to help and assist payment industry people in their day to day tasks and make their work the most effective. Our team would be grateful if you would suggest any improvements to our applications or report completely new functionality needed. Feedback from our users like this is exactly what drives the development of its and helps us to share our experience to wide public.

BP-Tools

BP-Tools is a set of freeware applications for EFT testing, benchmarking and transaction service development.

See more...

Download...

Download Flyer...

BP-Sim

The Babylon Payments Simulator (BP-Sim) is a family of highly efficient regression and stress testing tools, designed for deployment in development and pre-production environments. BP-Sim allows users to perform an extensive range of tests across the chain of payment services.

See more...

Download Flyer...

BP-Processing

The Babylon Payments Processing Suite(BP-Processing) is a suite of EFTlab's products for realtime payment transaction processing and authorisation.

See more...