The Racal Transaction Key Scheme (RTKS) is a key management technique that is closely coupled with message authentication. The functions provided by the HSM include key management in addition to MAC generation and verification.
The functions are all for use at an acquirer site:
· Transaction request with PIN (T/AQ key). Used to receive a cardholder request message from a terminal with a PIN encrypted under the T/AQ key.
· Transaction request without PIN. Used to receive a cardholder request message from a terminal with no PIN.
· Transaction request with PIN (T/CI key). Used to receive the request from the terminal when the PIN key cannot be determined by the acquirer.
· KEYVAL translation. Used to pass KEYVAL to the card issuer (required to derive the PIN key) when the PIN key cannot be determined by the acquirer.
· Administration request. Used to receive an administration request message (such as a reconciliation request).
· Transaction response originating at the card issuer. Used when authorization is generated at the card issuer.
· Transaction response originating at the acquirer. Used when authorization is generated by the acquirer.
· Verify confirmation message from terminal. Used to verify the MAC on a confirmation message from the terminal.
The commands RI, RK, RM, RO, RQ, RS and RU are only available when Racal Transaction Key Scheme is selected using the CS (Configure Security) console command.
The existing Racal Transaction key commands have been modified to support longer messages. The new commands are backward compatible with existing systems.
The details of the modifications are as follows:
Old style: Pointer (not all functions) 2 H
Message Length 2 H
Message Text n A
New style: Pointer (if required) 2 H
Message Length 2 H
Message Text n A
Delimiter 1 C Optional, only if original length is 0
Extended Message Pointer(s) 4 H
Optional, only if original length is 0 and function
requires one or two pointers
Extended Message Length 4 H Optional, only if original length is 0
Extended Message n A Optional, only if above field is non zero
To use the extended message length option, the calling application has to set the Message Length field to zero, whereupon the Message Text field will be of zero length, i.e. not present. The zero Message Length enables the HSM to check for the optional Delimiter, any Extended Message Pointer(s), and the Extended Message Length field which defines the length of the Extended Message.
Some of the functions do not include a pointer to items included in the message, whilst other functions include either one or two pointers. If a function does include one or two pointers, one or two Extended Message Pointers are included after the Delimiter as appropriate. The original pointer(s) in the function are ignored when extended messages are used, however the 2 hex digit placeholder(s) for the original pointer(s) must still be supplied.
Whilst the extended commands allow for message sizes up to 65537 characters long (hex FFFF), in practice the limit is imposed by the maximum size of the HSM input buffer. For the standard HSM (Models RG7x00), the input buffer size is limited to 2047 characters. Allowing for the other parts of a command message, the maximum message size will be in the region of 1900 characters. The high speed HSM (Models RG7x10) has a much larger input buffer (32K) although the interface option in use may impose limits which are smaller than this. The HSM will check that the message lengths (and the pointers) are within sensible limits for the HSM platform executing the function.
Users may, if they wish, use the Extended Message Length scheme for small messages (i.e. less than 160 bytes).