|
Command: |
To validate an ARQC (or TC/AAC) and, optionally, to generate an ARPC. Alternatively, the command can be used to generate an ARPC alone. This function is a general purpose command which will validate an ARQC, TC or AAC. |
|
Notes: |
Diagnostic data is produced by this command if the HSM is in Authorised State. The diagnostic data consists of a generated ARQC, which is returned to the host if verification of the supplied ARQC fails. This command performs a similar function to the KQ command, but uses the EMV2000 method for generating the session key. The card schemes use various terms for this method: · Visa Cryptogram 14. · M/Chip ICC Session Key Derivation for EMV2000. · Europay Security Platform Pay Now/Pay Later Key Derivation Algorithm #3. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value KW. |
|
Mode Flag |
1 H |
Mode of operation: 0 = Perform ARQC verification only 1 = Perform ARQC Verification and ARPC generation 2 = Perform ARPC Generation only |
|
Scheme-ID |
1 N |
Identifier for the Scheme: 0 = VIS 1.4.0 or M/Chip 4 This field is provided to support additional card schemes in the future. |
|
*MK-AC(LMK)
|
32H or 1A+32H |
The Issuer Master Key for Application Cryptograms encrypted under Variant 1 of LMK pair 28-29. |
|
PAN/PAN Sequence No |
8 B |
Pre-formatted PAN/PAN Sequence number |
|
Branch/Height parameters |
1N |
0 = Branch factor 2; Tree Height 16 1 = Branch factor 4; Tree Height 8 |
|
Application Transaction Counter |
2 B |
The ATC from the card. This is used for Session Key Generation. |
|
Transaction Data Length
|
2 H |
Only present for Modes 0 and 1. Length of next field. Can be any length from 1 to 255 bytes. |
|
Transaction Data
|
n B |
Only present for Modes 0 and 1 Variable length data. If the data supplied is a multiple of 8 bytes, no extra padding is added. If it is not a multiple of 8 bytes, additional zero padding is added. |
|
Field |
Length & Type |
Details |
|
Delimiter |
1A |
Only present for Modes 0 and 1. Delimiter, to indicate end of Transaction Data, value ;. |
|
ARQC/TC/AAC
|
8 B |
ARQC/TC/AAC to be validated and/or used for ARPC generation. |
|
ARC
|
2 B |
Only Present for Modes 1 and 2. Authorization Response Code to be used for ARPC Generation. |
|
End Message Delimiter |
1 C |
Optional. Must be present if the message trailer is present. Value X19 |
|
Message Trailer |
n A |
Optional. Maximum length 32 characters |
|
RESPONSE MESSAGE |
||
|
Message header |
n A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value KX |
|
Error Code |
2 N |
00 No error 01 ARQC/TC/AAC verification failed 04 Mode Flag not 0, 1 or 2 05 Unrecognized Scheme ID 06 Invalid Branch/Height 10 MK parity error 12 No keys in user storage 13 LMK parity error 15 Error in input data 21 Invalid user storage index 80 Data length error 81 Zero length Transaction Data |
|
ARPC |
8 B |
The calculated ARPC. Only present for Modes 1 and 2 if no error is encountered. |
|
Diagnostic data |
8 B |
Calculated ARQC/TC/AAC returned only if the error code is 01 and the HSM is in Authorised State. |
|
End Message Delimiter
|
1 C |
Will only be present if present in the command message. Value X19. |
|
Message Trailer |
n A |
Will only be present if in the command message. Maximum length 32 characters. |