This section describes the HSM functions which are needed to support on-line transaction processing for the various payment schemes under the EMV umbrella. Whilst EMV specifies most of the details pertaining to cards and terminals, the individual schemes have defined their own cryptographic processes for on-line authorisation functions.
There are three functions supported:
A function which will validate ARQC (or TC/AAC) or generate ARPC (or perform both in one call)
A function to verify a Data Authentication Code or a Dynamic Number
Generate Secure Message with Integrity and optional Confidentiality
These functions have been designed to be as general purpose as possible.
Key Naming Conventions
The various schemes have adopted different naming conventions for the keys used. For consistency the following convention is used:
|
Key Description |
Name used in this specification |
VSDC/UKIS name used |
Europay/MasterCard name used |
|
Master Key for Authentication Cryptograms |
MK-AC |
DMK |
Issuer MK |
|
Master Key for Secure Messaging Integrity |
MK-SMI |
DMK |
Issuer MK |
|
Master Key for Secure Messaging Confidentiality |
MK-SMC |
DMK |
Issuer MK |
|
Master Key for Data Authentication Codes |
MK-DAC |
- |
Issuer MK |
|
Master Key for Dynamic Numbers |
MK-DN |
- |
Issuer MK |
|
Derived Key for Authentication Cryptograms |
DK-AC |
UDK |
ICC MK |
|
Derived Key for Secure Messaging Integrity |
DK-SMI |
UDK |
ICC MK |
|
Derived Key for Secure Messaging Confidentiality |
DK-SMC |
UDK |
ICC MK |
|
Derived Key for Dynamic Numbers |
DK-DN |
- |
ICC MK |