Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Introduction
Each bank owns its Issuer Master Keys. These keys aimed at generating unique keys by derivation for each
transaction.
The key derivation is performed with a Triple DES algorithm.
A bank owns four types Issuer Master Key (IMK) :
A Master Key (MK) is dedicated to each card. The Master Key is associated to the card during the personalization
phase.
The Master Keys are derived from the Issuer Master Keys.
Master Key Derivation
Input Data : PAN (Private Account Number), PAN_SN (PAN Sequence Number), IMK (Issuer Master Key)
Output Data : MK (Master Key)
1.
2.
3.
4.
Y
ZL
ZR
Z
=
=
=
=
PAN || PAN_SN ;
( || concatenation operation )
DES3 (IMK) (Y) ;
DES3 (IMK) ((Y) xor ('FF' || 'FF' || 'FF' || 'FF' || 'FF' || 'FF' || 'FF' || 'FF')) ;
ZL || ZR ;
The 16-byte ICC Master Key MK is then equal to Z, with the exception of the least significant bit of each byte of Z
which is set to a value that ensures that each of the 16 bytes of MK has an odd number of non-zero bits (this is to
conform with the odd parity requirements for DES keys).
Explanation for each step :
1.
2.
3.
4.
First, we concatenate the PAN with the PAN Sequence Number. ( Exemple : PAN = "12 34 56 78 90 12 3F
FF" ; PAN_SN = "01"; Y = "12 34 56 78 90 12 3F FF 01" )
We apply the Triple DES algorithm on Y. The result is stored in Z L. ZL is 8-byte length.
We apply the Triple DES algorithm on Y after performing an XOR operation between Y and eight bytes set
to 'FF'. The result is stored in ZR. ZR is 8-byte length.
The concatenation result between ZL and ZR is stored in Z. Z is 16-byte length.
Conclusion
Master Key Derivation is the middle step in the Key Derivation Process.
Glossary
ARC
ARQC
ARPC
Authentification
Card master
keys
Cryptogram
DES
IAD
IMK
MAC
PAN
PAN SN
Session Key