The basic cryptographic technique is the Data Encryption Algorithm (DEA), defined in AS2805 Part 5. This is the same as the Data Encryption Standard (DES). It is represented as:
The function can be either an encrypt function denoted by an E in the box or a decrypt function denoted by a D. The key input is 64 bits, of which 8 bits correspond to DEA parity bits and are not used as part of the function.
Function f1 takes two 64 bit values K and D and forms an output as follows:
The + signifies a 64 bit exclusive-OR function (modulo 2 addition). For the K input, only 56 bits are used as part of the function, the other eight being DEA parity bits.
Function f2 is used to form a MAC Key (MK).
X = 2424242424242424 (16 hexadecimal characters representing 64 bits).
D and K are both 64 bit values, but for K, 8 bits correspond to DEA key parity bits and are not used as part of the process. TK is a 64 bit value without parity adjustment, so parity should NOT be checked when recovering it from encryption under an LMK as all 64 bits are active.
Function f3 is used to form a PIN Encrypting Key (PEK).
X = 2828282828282828 (16 hexadecimal characters representing 64 bits).
D and K are both 64 bit values, but for K, 8 bits correspond to DEA key parity bits and are discarded. TK is a 64 bit value without parity adjustment, so parity should NOT be checked when recovering it from encryption under an LMK as all 64 bits are active.
The A and B fields are in the reverse order compared with MAC key formation.
The HSM contains an area of memory which can be used for storage of frequently used values such as keys. The use of user storage for Terminal Keys is not recommended because the memory is volatile and not automatically updated.
The Authorization Parameter (Auth Para) and Card Key are formed as follows:
ABCD represent the fields from the card as described in the Formation of AB and CD Fields from Card Data section. The Systems Trace Audit Number (STAN), the Card Acceptor Terminal Identification (CATID) and the Amount Transaction (AT) are values supplied to the generating function. They are combined as follows:
· The 6 digits (24 bits) of STAN are left-justified, right zero-filled to a total of 64 bits, shifted left one bit (with a zero added on the right), and exclusive-OR combined with the 8 characters (64 bits) of CATID shifted left one bit and zero filled.
· The result of (1) is exclusive-OR combined with the 12 digits (48 bits) of AT, right justified, left zero-filled to a total of 64 bits.
· The value Card Key is used as data into a One Way Function, therefore all 64 bits are active, so the usual parity adjustment for DEA keys must NOT be performed.
The Terminal Key (TK) is updated at the end of a transaction in readiness for the next transaction. It is updated using the two MAC residues, MR1 and MR2 and the One Way Function, f1, as follows:
Parity is NOT adjusted on the next Terminal Key.
It is the responsibility of the application software to maintain on the Host database two Terminal Keys in order to perform re-synchronization in the event of lost messages. Usually these are defined to be the last used (and known to be correct) key, and the next predicted key. Care must be exercised to ensure that the database is updated at the correct point in the transaction.