|
Command: |
To validate an ARQC (or TC/AAC) and, optionally, to generate an ARPC. Alternatively, the command can be used to generate an ARPC alone. This function is a general purpose command which will validate an ARQC, TC or AAC. |
|
Notes: |
Diagnostic data is produced by this command if the HSM is in Authorised State. The diagnostic data consists of a generated ARQC, which is returned to the host if verification of the supplied ARQC fails. This command performs a similar function to the KQ command, but uses the EMV2000 method for generating the session key. The card schemes use various terms for this method: · Visa “Cryptogram 14”. · M/Chip “ICC Session Key Derivation for EMV2000”. · Europay Security Platform “Pay Now/Pay Later Key Derivation Algorithm #3”. It is the responsibility of the host system to add any scheme specific padding data to the end of the supplied data prior to submission to the HSM. For some schemes this means appending a byte containing hex 80 to the end of the data. If the data supplied by the host is a multiple of 8 bytes, this command adds no further padding data. |
|
Field |
Length & Type |
Details |
|
COMMAND MESSAGE |
||
|
Message header |
m A |
(Subsequently returned to the Host unchanged). |
|
Command code |
2 A |
Value KW. |
|
Mode Flag |
1 H |
Mode of operation: 0 = Perform ARQC verification only 1 = Perform ARQC Verification and EMV 4.1 method ARPC generation 2 = Perform EMV 4.1 method ARPC Generation only 3 = Perform ARQC verification and EMV 4.1 Method 2 ARPC Generation 4 = Perform EMV 4.1 Method 2 ARPC Generation only |
|
Scheme-ID |
1 N |
Specifies the Key Derivation Method to use: 0 = VIS 1.4.0 and M/Chip 4 using Key Derivation Method A. 1 = VIS 1.4.0 and M/Chip 4 using Key Derivation Method B. |
|
*MK-AC(LMK)
|
32H or 1A+32H |
The Issuer Master Key for Application Cryptograms encrypted under Variant 1 of LMK pair 28-29. |
|
IV-AC |
16B |
IV for EMV 2000 Application Cryptogram session key derivation |
|
Field |
Length & Type |
Details |
|
PAN Length |
2N |
Only present for Scheme ID = 1 Length in bytes of PAN/PAN Sequence Number field. Valid values 08 to 99. |
|
PAN/PAN Sequence No |
8B or n B |
For Scheme ID = 0 this field will be fixed at 8 bytes, and will contain the pre-formatted PAN/PAN Sequence No. For Scheme ID = 1 the field length is specified by the “PAN Length” field. It is the responsibility of the host system to ensure that the PAN/PAN Sequence Number is appropriately padded. |
|
Branch/Height parameters |
1N |
0 = Branch factor 2; Tree Height 16 1 = Branch factor 4; Tree Height 8 |
|
Application Transaction Counter |
2 B |
The ATC from the card. This is used for Session Key Generation. For truncated ARQC this will be the last ATC from the host database |
|
Transaction Data Length
|
2 H |
Only present for Modes 0, 1 and 3. Length of next field. Can be any length from 1 to 255 bytes. |
|
Transaction Data
|
N B |
Only present for Modes 0, 1 and 3 Variable length data. If the data supplied is a multiple of 8 bytes, no extra padding is added. If it is not a multiple of 8 bytes, additional zero padding is added. Note: If alternative padding methods are required, it is the responsibility of the host to provide this. |
|
Delimiter |
1A |
Only present for Modes 0 and 1 and 3. Delimiter, to indicate end of Transaction Data, value “;”. |
|
ARQC/TC/AAC
|
8 B |
ARQC/TC/AAC to be validated and/or used for ARPC generation. |
|
ARC
|
2 B |
Only Present for Modes 1 and 2. Authorization Response Code to be used for ARPC Generation. |
|
CSU |
4B |
Only present for Mode 3 or 4 Card Status Update. Used to create ARPC for Common Core Definitions (CCD) cards. |
|
Proprietary Authentication Data Length |
1N |
Only present for Mode 3 or 4 Specifies length of Proprietary Authentication Data field. Valid values 0 to 8. |
|
Proprietary Authentication Data |
0 to 8B |
Only present if Proprietary Authentication Data Length field is present, and is non-zero. Contains optional issuer data for transmission to the card in the Issuer Authentication Data of an online transaction. |
|
Field |
Length & Type |
Details |
|
End Message Delimiter |
1 C |
Optional. Must be present if the message trailer is present. Value X’19 |
|
Message Trailer |
n A |
Optional. Maximum length 32 characters |
|
RESPONSE MESSAGE |
||
|
Message header |
m A |
Returned to the Host unchanged. |
|
Response code |
2 A |
Value KX |
|
Error Code |
2 N |
00 – No error 01 – ARQC/TC/AAC verification failed 04 – Unrecognized Mode Flag 05 – Unrecognized Scheme ID 06 – Invalid Branch/Height 10 – MK parity error 12 – No keys in user storage 13 – LMK parity error 15 – Error in input data 21 – Invalid user storage index 80 – Data length error 81 – Zero length Transaction Data |
|
ARPC |
|
The calculated ARPC. Only present for Modes 1, 2, 3, and 4 if no error is encountered. |
|
Diagnostic data |
8 B |
Calculated ARQC/TC/AAC returned only if the error code is 01 and the HSM is in Authorised State. |
|
End Message Delimiter
|
1 C |
Will only be present if present in the command message. Value X’19. |
|
Message Trailer |
n A |
Will only be present if in the command message. Maximum length 32 characters. |