ICSF EMV Simplification IBM ICSF Team 1 I © 2015 IBM Corporation Setting the Context EMV Founded in 1994 by Europay, MasterCard and Visa with the purpose of creating an international standard for chip-based payments (smart card, chip card, integrated circuit card (ICC)) The EMV standards are currently managed by EMVCo EMVCo has 6 equity owners: MasterCard, Visa, American Express, Japan Credit Bureau (JCB), Discover, and China UnionPay EMVCo also has a variety of associates that include retailers, banks, payment processors, other credit card companies and financial institutes. The associates provide both technical and strategic business input. As the industry changes EMV specs are updated and new specs are defined to advance new payment initiatives Todays most recent version is EMV Version 4.3, Integrated Circuit Card Specifications for Payment Systems, Books 1 – 4, published November 2011 In addition to the EMV specification for contact chip, there are also specifications for contactless chip, common payment application (CPA), card personalization, mobile payments, and tokenisation. 2 I © 2015 IBM Corporation Worldwide Adoption of EMV Worldwide adoption of EMV has been steadily progressing for over a decade A surge of U.S. acceptance is expected in 2015 Attributing factors include Yearly increases in credit card fraud The October 2015 'liability shift' milestone announced by the payment brands President Obama's BuySecure Initiative In addition to driving contact EMV support, this activity has also pushed forward technology for contactless and mobile EMV payments. Smart Card Readers Smart Cards 3 I © 2015 IBM Corporation ICSF Support for EMV ICSF contains cryptographic services needed to implement EMV (CSNBKTB, CSNBKGN, CSNBKRC2, CSNBDKG, CSNBKEX, CSNBKIM, CSNBMGN, CSNBMVR, CSNBSPN, CSFNBPCU, CSNBENC, CSNBDEC). However, using these services to build EMV applications is a challenging task because of the architectural and terminology differences between IBM's Common Cryptographic Architecture (CCA) and EMV. The ICSF team has received customer requests for better documentation and samples on how to use our existing EMV support. The ICSF team has also provided education during client engagements to help our customers use our EMV support. 4 I © 2015 IBM Corporation New ICSF Services for EMV Simplification Available with PTFs for OA46017 Generate EMV Issuer Master Keys Service Derive EMV ICC Master Keys Service Derive EMV Session Keys Service EMV Transaction (ARQC/ARPC) Service EMV Scripting Service EMV Verification Service 5 I © 2015 IBM Corporation Generate EMV Issuer Master Keys Service Summary This service is intended to help with the initial EMV setup by generating and storing the Issuer Master Keys. Optionally, the Issuer Master Keys can be returned as external tokens under KEKs that are shared with the ICC personalization system. Issuer Master Application Cryptogram Key (AC) Used during EMV Transaction Processing (ARQC/ARPC) Double Length TDES, DKYGENKY, DMAC, DKYL1/DKYL0 Issuer Master Secure Messaging Authentication Key (MAC) Used to provide integrity for EMV scripting Double Length TDES, DKYGENKY, DMAC, DKYL1/DKYL0 Issuer Master Secure Confidentiality Key (ENC) Used to provide confidentiality for EMV scripts containing PINs Double Length TDES, DKYGENKY, DMPIN, DKYL1/DKYL0 6 I © 2015 IBM Corporation Generate EMV Issuer Master Keys Service continued User Inputs CKDS key labels for each of the 3 Issuer Master Keys (AC, MAC, and ENC) Optionally, a Key Encrypting Key (KEK) to receive tokens in exportable form that can be sent to your ICC personalization system Logical Flow Build skeleton tokens for the Issuer Master Keys. Optionally build external skeleton tokens if a KEK is specified. Generate the Issuer Master Keys using the previously built skeleton tokens. Optionally, generate tokens wrapped under the KEK if specified. Create records for the Issuer Master Keys in the CKDS, write the Issuer Master Keys to the CKDS records, and update ICSFs internal CKDS cache. Return the tokens in internal form, or external form if a KEK was specified. Benefits This eliminates the need for users to call this sequence of services 3 times, once for each of the Issuer Master Keys: CSNBKTB → CSNBKGN → CSNBKRC2 → optionally CSNBKEX or CSNBKIM Simplifies EMV processing by using EMV terminology and correctly formats input parameters for ICSF callable services and the HSM 7 I © 2015 IBM Corporation ICC Personalization Once the Issuer Master Keys have been established, they can be shared with the Personalization System for ICC personalization These keys are shared using KEKs KEKs between the Host System and the Personalization System can be imported to z/OS from TKE as key parts for compliance The KEK can then be specified with the Generate Issuer Master Key Service to return external CCA tokens protected by the KEK Trusted Key Entry (TKE) 8 I © 2015 IBM Corporation Derive EMV ICC Master Keys Service Summary This service generates the ICC Master Key from the Issuer Master Key. The ICC Master Key is needed for ICC Personalization, EMV transaction processing and EMV scripting. Optionally this service returns the ICC Master Key as an external token wrapped under the KEK. ICC Master Application Cryptogram Key (AC) Used during EMV Transaction Processing (ARQC/ARPC) Double Length TDES, DKYGENKY, DMAC, DKYL1/DKYL0 ICC Master Secure Messaging Authentication Key (MAC) Used to provide integrity for EMV scripting Double Length TDES, DKYGENKY, DMAC, DKYL1/DKYL0 ICC Master Secure Confidentiality Key (ENC) Used to provide confidentiality for EMV scripts containing PINs Double Length TDES, DKYGENKY, DMPIN, DKYL1 9 I © 2015 IBM Corporation Derive EMV ICC Master Keys Service continued User Inputs The Issuer Master Keys (AC, MAC, and ENC) as either tokens or CKDS key labels Payment Brand, PAN, PAN Sequence Number Optionally, a Key Encrypting Key to receive tokens in exportable form that can be sent to your ICC personalization system Logical Flow Retrieves the Issuer Master Key from the CKDS if a key label was passed Builds the skeleton token for the ICC Master Key Calls Diversified Key Generate (CSNBDKG) to derive the ICC Master Key from the Issuer Master Key Optionally calls Key Export (CSNBKEX) to export the ICC Master Key under the KEK Benefits This eliminates the need for users to call this sequence of services 3 times, once for each of the ICC MKs: CSNBKTB → CSNBDKG → CSNBKEX Simplifies EMV processing by using EMV terminology and correctly formats input parameters for ICSF callable services and the HSM 10 I © 2015 IBM Corporation Derive EMV Session Keys Service Summary This service generates Session Keys from each of the ICC Master Keys for EMV processing. The Session Keys are needed for EMV transaction processing and EMV scripting. Application Cryptogram Session Key (AC) Used during EMV Transaction Processing (ARQC/ARPC) Double Length TDES, MAC Secure Messaging Authentication Session Key (MAC) Used to provide integrity for EMV scripting Double Length TDES, MAC Secure Confidentiality Session Key (ENC) Used to provide confidentiality for EMV scripts containing PINs Double Length TDES, SECMSG, SMPIN 11 I © 2015 IBM Corporation Derive EMV Session Keys Service continued User Inputs The Issuer Master Key (AC, MAC, and ENC) as either a token or a CKDS key label Payment Brand, PAN, PAN Sequence Number, Application Transaction Counter (ATC), Unpredictable Number, and a Branching Factor Logical Flow Retrieves the Issuer Master Key from the CKDS if a key label was passed Builds a skeleton token for the ICC Master Key Calls Diversified Key Generate (CSNBDKG) to derive the ICC Master Key from the Issuer Master Key Builds a skeleton token for the Session Key Calls Diversified Key Generate (CSNBDKG) to derive the Session Key from the ICC Master Key Benefits This eliminates the need for users to call this sequence of services 3 times, once for each of the Session Keys: CSNBKTB → CSNBDKG Simplifies EMV processing by using EMV terminology and correctly formats input parameters for ICSF callable services and the HSM 12 I © 2015 IBM Corporation EMV Transaction (ARQC/ARPC) Service Summary This service simplifies EMV ARQC and ARPC transaction processing. An ARQC is generated by the EMV card upon request from the point of sales terminal to obtain authorization for payment. The ARQC is then forwarded across the payment network to the issuer for verification. After the issuer has verified the ARQC, it generates a response, the ARPC. The ARPC is then sent back through the payment network to the point of sales terminal to authorize the transaction. This service will simplify ARQC verification and ARPC generation. 13 I © 2015 IBM Corporation EMV Transaction (ARQC/ARPC) Service continued... This service performs the following 3 EMV functions Verification of the Authorization Request Cryptogram (ARQC) Generation of the Authorization Response Cryptogram (ARPC) Both operations combined - verify the ARQC and generate the ARPC User Inputs The Issuer AC Master Key(s) as either a token or CKDS key label Action, Payment Brand, PAN, PAN Sequence Number, Cryptogram Information, Application Transaction Counter (ATC), Authorization Response Code (ARC), Authorization Request Cryptogram (ARQC), Unpredictable Number, and a Branching Factor for session key derivation. 14 I © 2015 IBM Corporation EMV Transaction (ARQC/ARPC) Service continued... Logical Flow Retrieves the Issuer Master Key from the CKDS if a label was passed Builds a skeleton token and derives the ICC Master Key Builds a skeleton token and derives the Session Key For ARQC verification, call MAC Verify with the ARQC and the input Cryptogram Information For ARPC generation, XOR the ARC and the ARQC, and call MAC Generate with the result Benefits This eliminates the need for users to call this sequence of services: CSNBKRR → CSNBKTB → CSNBDKG → CSNBMVR and/or CSNBMGN Simplifies EMV processing by using EMV terminology and correctly formats input parameters for ICSF callable services and the HSM 15 I © 2015 IBM Corporation EMV Scripting Service Summary EMV Scripting is a mechanism for sending commands to an EMV payment card. The commands can be updates of card parameters (that only need integrity protection) or PIN change/unblocking which must be enciphered and integrity protected. Scripts are generated by the Issuer, or the issuer's agent, when a transaction is received from a card. This service simplifies EMV Scripting. This service performs the following 4 EMV functions Scripting with integrity Scripting with confidentiality (for protection of PINs included in the script) Scripting with confidentiality and integrity PIN change/unblock 16 I © 2015 IBM Corporation EMV Scripting Service continued... User Inputs The Issuer MAC and ENC Master Key(s) as either a token or CKDS key label Action, Payment Brand, PAN, PAN Sequence Number, Script Message, Application Transaction Counter (ATC), Random Number, PIN Block, PIN Key, PIN Format, and a Branching Factor for session key derivation. Logical Flow Retrieves the Issuer Master Key from the CKDS if a key label was passed Builds a skeleton token and derives the ICC Master Key Builds a skeleton token and derives the Session Key For Scripting with Integrity, call MAC Generate to create a MAC for the input Script Message For Scripting with Confidentiality, call Secure Messaging for PINs to encrypt the Script Message For Scripting with Confidentiality and Integrity, first call Secure Messaging for PINs and then MAC Generate to create a MAC of the encrypted Script Message For PIN change/unblock, call PIN Change/Unblock to encrypt the new PIN 17 I © 2015 IBM Corporation EMV Scripting Service Benefits Benefits This eliminates the need for users to call this sequence of services: CSNBKRR → CSNBKTB → CSNBDKG → CSNBMGN and/or CSNBSPN and/or CSNBMGN or CSNBPCU Simplifies EMV processing by using EMV terminology and correctly formats input parameters for ICSF callable services and the HSM 18 I © 2015 IBM Corporation EMV Verification Service Summary This service provides additional functions used by MasterCard for their EMV cards in addition to application cryptograms and scripting. This service performs the following 3 EMV functions Verification of Data Authentication Codes Verification of ICC Dynamic Numbers Decryption of Encrypted Counters User Inputs The Issuer Master Key as either a token or CKDS key label Action, Payment Brand, PAN, PAN Sequence Number, Data Field, Application Transaction Counter (ATC), Unpredictable Number and a Branching Factor for session key derivation. 19 I © 2015 IBM Corporation EMV Verification Service continued... Logical Flow Retrieves the Issuer Master Key from the CKDS if a label was passed Builds a skeleton token and derives the ICC Master Key Builds a skeleton token and derives the Session Key For Verification of Data Authentication Codes, encrypt the PAN and PAN sequence number and compare the result to the data field that was passed in For Verification of ICC Dynamic Numbers, encrypt the ATC and compare the result to the data field that was passed in For Decryption of Encrypted Counters, decrypt the encrypted counter from the data field that was passed in Benefits This eliminates the need for users to call this sequence of services: CSNBKTB → CSNBDKG → CSNBENC or CSNBDEC Simplifies EMV processing by using EMV terminology and correctly formats input parameters for ICSF callable services and the HSM 20 I © 2015 IBM Corporation EMV Simplification Documentation z/OS Cryptographic Services Integrated Cryptographic Service Facility EMV Simplification Services APAR OA47016 ftp://public.dhe.ibm.com/eserver/zseries/zos/icsf/pdf/oa47016.pdf Presentations and samples can be found on the IBM Crypto Education Community website. https://www-304.ibm.com/connections/communities/community/crypto/ 21 I © 2015 IBM Corporation