Cryptographic Calculator – Secure Messaging (VISA)

VISA Secure Messaging

This tutorial focuses on Cryptographic Calculator functionality handling VISA Secure Messaging for EMV card issuers. Following procedure and implementation is compliant with VISA Integrated Circuit Card Specification (VIS) Version 1.5 released on May 2009.

Session Key (for PIN block Encryption)

The Session key function derives a 16-byte Secure messaging Session Key the Unique Derivation Key (UDK) and the 2-byte Application Transaction Counter (ATC) of the ICC. The UDK key needs to be provided in its dual length, which makes precisely 32 hexadecimal characters.

Result of this operation can be streamed to following screens by changing the target radio button to SK Enc (PIN block encryption screen) or SK MAC (MAC calculation).

Visa Secure Messaging: Session Key derivation finished
****************************************
UDK:               94E3194C02105E3B153438D562D5A49D
KCV (Visa):        086020
ATC:               0003
—————————————-
Session key:       94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
(set as SK Enc for PIN encryption)

PIN block encryption

PIN block is exchanged encrypted under the Secure Messaging Encryption Session Key which stores 16 bytes of proprietary formatted PIN. UDK Encryption key is needed for PIN block generation.

Visa Secure Messaging: PIN encryption finished
****************************************
Session Key Enc:   94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
UDK Enc:           64C8621A76A2EA9EF23D5749FE1A64F1
KCV (Visa):        E23347
New PIN:           4222
—————————————-
Encrypted PIN block:    B3511E3333BF9DC56E1EDF6458BB52B6

Session Key (for MAC generation)

Procedure is same as for PIN block encryption Session key, the only difference is that UDK mac has to be different. The Odd parity correction is again applied as default.

Visa Secure Messaging: Session Key derivation finished
****************************************
UDK:               94E3194C02105E3B153438D562D5A49D
KCV (Visa):        086020
ATC:               0003
—————————————-
Session key:       94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
(set as SK MAC for MAC generation)

MAC

While the purpose of PIN block is clearly the confidentiality the Message authentication code (MAC) is implemented for additional data validation. MAC input data matches the same APDU command which was send to the ICC card for the First Cryptogram generation appended by payload itself. Payload is in this case the encrypted PIN block data.

Visa Secure Messaging: MACing operation finished
****************************************
Session Key MAC:   94E3194C02105E38153438D562D55B61
KCV (Visa):        2268BC
MAC Data:          84240002180003EFB5340A1BF07421B3511E3333BF9DC56E1EDF6458BB52B680
—————————————-
MAC:               E36046E6E5C110A2

Summary

In this article, we went through the functionality of Cryptographic Calculator and covered the VISA Secure Messaging screens.

Cryptographic Calculator and other tools covered in EFTtools suite were designed to help and assist payment industry people in their day to day tasks and make their work the most effective. Our team would be grateful if you would suggest any improvements to our applications or report completely new functionality needed. Feedback from our users like this is exactly what drives the development of its and helps us to share our experience to wide public.