Message Header

m A

Will be returned to the Host unchanged

Command Code

2 A

Value “K2”

Mode Flag

1 H

Mode of operation:

0 = Perform Truncated AC verification

1 =  …and MAC verification

Scheme-ID

2 N

00 = MasterCard CAP 

Card Key Derivation Method

1 N

Identifies the *DK-AC key derivation method:

0 = EMV 4.1 Key Derivation Method A

1 = EMV 4.1 Key Derivation Method B

Session Key Derivation Method

1 N

0 = No Session Key

*DK-AC used for Application Cryptograms

1 = MasterCard ICC Session Key for M/Chip 2.1

2 = EMV 4.1 method

*MK-AC(LMK)

32H or

1A+32H

The Issuer Master Key for Application Cryptograms encrypted under Variant 1 of LMK pair 28-29.

IV-AC

16 B

Only present for Session Key Derivation Method 2.

IV for EMV2000 Application Cryptogram session key derivation

PAN Length

2 N

Only present for Card Key Derivation Method 1

Length in bytes of PAN/PAN Sequence Number field.

Valid values 08 to 99.

PAN/PAN Sequence No

8B

or nB

For Scheme ID = 0 this field will be fixed at 8 bytes, and will contain the pre-formatted PAN/PAN Sequence No.

For Scheme ID = 1 the field length is specified by the “PAN Length” field.

It is the responsibility of the host system to ensure that the PAN/PAN Sequence Number is appropriately padded

Branch/Height parameters

1 N

Only present for Session Key Derivation Method 2.

0 = Branch factor 2; Tree Height 16

1 = Branch factor 4; Tree Height 8

Application Transaction Counter

2 B

A value for the ATC derived by the host based on the following information:

The ATC from the last online transaction stored on the host database

The ATC provided by the card in the SecureCode message.

UN

4 B

Unpredictable Number

Only present for Session Key Derivation method = 1

Transaction Data Length

2 H

Length of next field. Can be any length from 1 to 255 bytes.

Transaction Data

N B

Variable length data. If the data supplied is a multiple of 8 bytes, no extra padding is added. If it is not a multiple of 8 bytes, additional zero padding is added.

Note: If alternative padding methods are required, it is the responsibility of the host to provide this.

Delimiter

1A

Only present for Modes 0 and 1.

Delimiter, to indicate end of Transaction Data, value “;”.

Truncated AC

8B

Cryptogram to be validated

This field contains the truncated EMV cryptogram value from the SecureCode message.

This should be right justified into an 8 byte field, padded on the left with zeros.

The HSM will generate a cryptogram using the supplied transaction data; truncate using the supplied IPB; then compare with the value provided in this field.

Cryptogram IPB

8 B

The “Cryptogram” element of the IPB.

IPB MAC

4 B

4 byte MAC generated using MI Console command

This MAC protects against unauthorised manipulation of the IPB.

End Message Delimiter

1 C

Optional. Must be present if the message trailer is present. Value X’19

Message Trailer

n A

Optional. Maximum length 32 characters

Message Header

m A

Will be returned to the Host unchanged

Response Code

2 A

Value “K3”

Error Code

2 N

00 – No error

01 – ARQC/TC/AAC verification failed

04 – Invalid Mode Flag

05 – Invalid Scheme ID

10 – MK parity error

12 – No keys in user storage

13 – LMK parity error

15 – Error in input data

21 – Invalid user storage index

52 – Invalid Branch/Height

80 – Data length error

82 – IPB MAC Verification error

Diagnostic data

8 B

HSM generated “Truncated AC”

This will be right justified into an 8 byte field, padded on the left with zeros.

Returned only if the error code is 01 and the HSM is in Authorised State.

End Message Delimiter

1 C

Will only be present if present in the command message. Value X'19

Message Trailer

n A

Will only be present if present in the command message. Maximum length 32 characters

Message Header

m A

Will be returned to the Host unchanged