Java API
HSM Dinamo
|
Electronic funds transfer operations.
The APIs of the EFT(Electronic Funds Transfer) module are intended for user authentication and identity verification operations in Visa and Mastercard transactions.
The identity of the card user can usually be verified in two ways:
The standards adopted are in accordance with Visa's Payment Technology Standards Manual (October 2007).
In general terms, the process of transferring funds by card follows the flow in the figure below. There are several actors involved in the process. The Cardholder (card holder) presents the card to the shopkeeper (Retailer/Merchant), the authenticity of Cardholder can be verified by means of a PIN, which Cardholder enters at the shopkeeper's station (e.g. a POS terminal, Point of Sale). The PIN is then encrypted (a PIN Block is generated) and the transaction data is sent to an electronic payment service provider contracted by the shopkeeper (Acquirer), which then sends the data to the corresponding card scheme, according to the brand of card used by Cardholder, and from there it is sent to the card issuer, which has the identification, credit and other data about Cardholder and maintains a contract with it to use the service. After analyzing the transaction data, in terms of registration, credit and authentication, among others, the issuer can authorize or refuse the transaction, and this response message travels in the opposite direction.
From the point of view of the encryption keys used in the process, the process is shown in the figure below. Each actor keeps their own keys, and whenever an encrypted message needs to go from one actor to another, the encryption must be translated, i.e. the corresponding key of the actor who is to decrypt the message must be used.
Variations or simplifications of the above scheme can be used, for example when the same entity has more than one role, or there is direct communication from the acquirer to the issuer, as can happen in certain debit transactions.
About support for 3-D Secure protocol algorithms:
HSM Dinamo implements the cryptographic algorithms that support the 3-D Secure protocol, developed by Visa. Visa's Verified by Visa and Mastercard's Secure Code services are offered by the brands based on this protocol. The HSM implements the cryptographic card verification algorithms that support the protocol and the services, allowing the HSM user to generate and verify the codes, CVC2 (Card Verification Code 2) and HMAC SHA1 in the case of Mastercard (Secure Payment Application Algorithm) and CAVV (Cardholder Authentication Verification Value, CVV2 with ATN method) in the case of Visa.
HSM supports CAP (Visa) and DPA (Mastercard) authentication mechanisms.
The HSM provides support for ATM Remote Key Loading/Transport through cryptographic functionalities based on RSA and X.509 functions.
The HSM implementation complies with the standards defined in the documentation listed below:
EMVCo
Visa
Mastercard
Link
JCB
Others
There are three ways of generating and verifying CVV(Card Verification Value) in HSM:
The key used for CVV generation and verification calculations is called CVK(Card Verification Key). This key is internal to the HSM; the application only needs to enter its key name (id). Physically, it is a 112-bit 3DES key, which corresponds to two 56-bit DES keys.
The figure below illustrates the diagrams for generating and verifying CVV, iCVV and CVV2.
HSM works by generating PINs (Personal Identification Numbers) using a derivation mechanism, based on an internal key called PGK(PIN Generation Key). This form of generation has several advantages, especially compared to the method of generating PINs with random values, as it does not require the use of a database for validation (with the probable exposure of sensitive data) and also keeps both the generation and validation processes more secure, as they are carried out internally to the HSM.
The standard used to generate the PIN by the HSM is IBM 3624, using offsets to allow the PIN to be changed by the user or the card issuer. To mitigate decimalization and verification attacks, the HSM uses an internal conversion table, which is not exposed to the application. As an additional security factor, a 168-bit 3DES key is used instead of a 112-bit 3DES; there is no interference in the operation of the algorithm, since the DES and 3DES keys use input and output blocks of the same size.
Three PIN generation modes are defined per derivation:
There is no business rule handling for PINs generated within the HSM; this function must be performed by the calling application.
The algorithms for generation using the IBM 3624 standard are shown in the diagrams below.
To allow the user(cardholder) to select their own PIN, a PIN offset is used in the IBM 3624 method, so that two new entries are required, the PIN set by the user and a check of 4 bits. The offset operation is performed after the steps of the IBM 3624 algorithm shown above. This enables the HSM's internal process to validate the PIN, even if the user defines a different PIN to the one initially generated by the HSM.
PIN BlockTranslate operations work with two keys, one source and one destination; there is an intermediate phase to make the input format compatible with the output format, if possible. There are certain block formats that are not interoperable, either because there is no data for conversion or because the standard is restricted.
HSM's default translation mode involves translating the input block into ISO PIN Block Format 0. In automatic translation mode, the conversion is performed opaquely, converting from the block with the source key to the block with the target key, without analyzing the format or content of the block.
When verifying a PIN Block, two key operations take place: first the PIN Block is decrypted using the PTK(PIN Transport Key), the PIN is extracted from the decrypted PIN Block, and then the PIN is verified using the PGK(PIN Generation Key, the same key used to generate the original PIN). This verification can be done with or without the use of an offset; this PIN offset is not part of the PIN Block and is not encrypted by the PTK. The expected PIN Block format is ISO PIN Block Format 0 (equivalent to ANSI PIN Block Format 0 and VISA PIN Block Format 1).
DUKPT(Derived Unique Key Per Transaction) is a way of using unique keys per transaction, derived from a fixed key. This process is defined in ANSI X9.24 part 1.
The KSN(Key Serial Number) is the identifier of a transaction key and is divided into parts such as: KSI(Key Set ID), TRSM(Tamper Resistant Security Module), POS (Point of Sale) identifier also known as DID (Device ID) and the CTR(Transaction Counter).
HSM uses the parts of KSN separated into KSI and DID + CTR each containing 5 bytes.
The steps in the process of using DUKPT are, at each end of the communication:
At the POS:
At HSM:
It is a wrapping/_unwrapping_ process with confidentiality and integrity protection for keys and associated data, defined in the ASC X9 TR 31-2018 document.
KBPK(Key Block Protection Key) is the derivation key used to derive the encryption and authentication keys. This key is only used for derivation. Also known as KWK (Key Wrapping Key). Stored in the HSM.
KBEK(Key Block Encryption Key) is the key derived from KBPK and used only for key klock encryption. It is generated with each wrap/unwrap operation and is not stored persistently in the HSM.
KBAK(Key Block Authentication Key) is the key derived from KBPK and used only for calculating the MAC of the key klock. It is generated with each wrap/unwrap operation and is not stored persistently in the HSM.
KDID(Key Derivation Input Data) is the data used to derive the KBEK and KBAK keys. It contains data such as: counter, key usage indicator, algorithm indicator and size. It varies according to the derivation method used, the key to be derived and other parameters.
The derivation of the KBEK and KBAK keys uses CMAC with the Key Derivation Input Data (specific to each derived key) and the KBPK key as input.
Key block contains the data of the exported key. This block is divided into 3 parts:
Functions | |
String | generateDUKPT (byte[] baKSI, byte[] baDID_CTR, int dwParam) throws TacException |
It generates a DUKPT key within the HSM using a KSI (Key Serial Identification), a DID (Device ID) and a CTR (Transaction Counter) from the same KSN (Key Serial Number). | |
String | generateDUKPTName (byte[] baKSI, byte[] baDID_CTR) throws TacException |
Generates the name of the DUKPT from an entered KSI and CTR. | |
String | generateBDKName (byte[] baKSI) throws TacException |
Generates the BDK name from a KSI (Key Serial Identification). | |
byte[] | translatePINBlock (String srcPEK, String dstPEK, int transBlockType, String PAN, byte[] inPINBlock) throws TacException |
It translates a PIN block, decrypting it with one key and encrypting it with another. | |
byte[] | exportTR31 (String kbpk, String key, int usage, byte mode, byte export) throws TacException |
Exports a key in TR-31 format according to the ASC X9 TR 31-2018 standard. | |
void | importTR31 (String kbpk, String key, int keyAttributes, byte[] keyBlock) throws TacException |
Import a key in TR-31 format according to the ASC X9 TR 31-2018 standard. | |
String generateDUKPT | ( | byte[] | baKSI, |
byte[] | baDID_CTR, | ||
int | dwParam ) throws TacException |
It generates a DUKPT key within the HSM using a KSI (Key Serial Identification), a DID (Device ID) and a CTR (Transaction Counter) from the same KSN (Key Serial Number).
baKSI | Buffer of size TacNDJavaLib.MIN_KSI_LEN containing the KSI (first 05 bytes of the KSN). | ||||||||||||||
baDID_CTR | Buffer of size TacNDJavaLib.MIN_CTR_LEN containing the DID and CTR (last 05 bytes of the KSN). | ||||||||||||||
dwParam | Operating flags according to the table below.
|
TacException |
String generateDUKPTName | ( | byte[] | baKSI, |
byte[] | baDID_CTR ) throws TacException |
Generates the name of the DUKPT from an entered KSI and CTR.
baKSI | Buffer of size TacNDJavaLib.MIN_KSI_LEN containing the KSI (first 05 bytes of the KSN). |
baDID_CTR | Buffer of size TacNDJavaLib.MIN_CTR_LEN containing the DID and CTR (last 05 bytes of the KSN). |
TacException |
String generateBDKName | ( | byte[] | baKSI | ) | throws TacException |
Generates the BDK name from a KSI (Key Serial Identification).
baKSI | Buffer of size TacNDJavaLib.MIN_KSI_LEN containing the KSI (first 05 bytes of the KSN). |
TacException |
byte[] translatePINBlock | ( | String | srcPEK, |
String | dstPEK, | ||
int | transBlockType, | ||
String | PAN, | ||
byte[] | inPINBlock ) throws TacException |
It translates a PIN block, decrypting it with one key and encrypting it with another.
The incoming block format is identified automatically, and the outgoing block format can be defined by the caller, as long as the format change is not from a PAN Unbound to a PAN Bound. PAN Bound formats are those that use PAN information in their composition. It is therefore possible to perform both key translation and format translation. The caller can perform a forced validation of the format by indicating for the outgoing format, the same one they are using in the incoming PIN Block.
srcPEK | Identifier of the decryption key within the HSM. | ||||||||||||
dstPEK | Identifier of the encryption key within the HSM. | ||||||||||||
transBlockType | Output block format identifier. According to the table below.
| ||||||||||||
PAN | PAN (Primary Account Number). | ||||||||||||
inPINBlock | PIN Block input. The buffer must have the size of a PIN Block, TacNDJavaLib.DES_BLOCK (8 bytes) |
TacException |
byte[] exportTR31 | ( | String | kbpk, |
String | key, | ||
int | usage, | ||
byte | mode, | ||
byte | export ) throws TacException |
Exports a key in TR-31 format according to the ASC X9 TR 31-2018 standard.
kbpk | Name of the KBPK key (Key Block Protection Key) used to derive the encryption and authentication keys. | ||||||||||||||||||||||||||
key | Name of the key to be exported from the HSM. | ||||||||||||||||||||||||||
usage | Key usage identifier, as described in ASC X9 TR 31-2018 Section A.5.1 table 6. The following options are accepted. | ||||||||||||||||||||||||||
mode | Key usage mode identifier, as described in ASC X9 TR 31-2018 Section A.5.3 table 8. The following options are accepted.
| ||||||||||||||||||||||||||
export | Key exportability identifier, as described in ASC X9 TR 31-2018 Section A.5.5 table 10. The following options are accepted.
|
TacException |
KBPK algorithm | Export method |
---|---|
3DES | 5.3.2.1 Key Derivation Binding Method - TDEA |
AES | 5.3.2.3 Key Block Binding Method - AES |
void importTR31 | ( | String | kbpk, |
String | key, | ||
int | keyAttributes, | ||
byte[] | keyBlock ) throws TacException |
Import a key in TR-31 format according to the ASC X9 TR 31-2018 standard.
kbpk | Name of the KBPK key (Key Block Protection Key) used to derive the encryption and authentication keys. |
key | Name of the key to be imported into the HSM. |
keyAttributes | Additional key parameters. See the options in the createKey() method. |
keyBlock | key block |
TacException |
KBPK algorithm | Method |
---|---|
3DES | 5.3.2.1 Key Derivation Binding Method - TDEA |
AES | 5.3.2.3 Key Block Binding Method - AES |