Thank you Todd.
Looking further after reading this I think there is a step prior to the
Diversified Key Generate. Don't we need to generate the card's unique key
(Visa term: Unique Derivation Key) based on the Master Derivation Key (Visa's
term) using the PAN as the data? Is this the CSFUDK function or something
else? The result of this would be the key used in the CSNBDKG call to generate
the actual session key. I think! :-)
Frank
From: Todd Arnold <[email protected]>
To: [email protected]
Sent: Monday, May 11, 2015 7:07 AM
Subject: Re: ICSF and EMV
IBM is aware of the difficulty figuring out what combination of CCA verbs to
use for each EMV function, and we are working on things to make this easier.
However, all of the necessary functions are definitely there in CCA - we have
many customers who process EMV transactions and perform EMV key management (and
card personalization) using the crypto functions provided in CCA.
In general, EMV transactions are protected with a TDES MAC that is computed
using a session key. In CCA, this means you must first derive the session key
(Diversified Key Generate verb, CSNBDKG) and then you must compute or verify a
MAC using the derived key (MAC Generate or MAC Verify, CSNBMGN or CSNBMVR).
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
