From version 30.9
edited by Pål-Eirik Askerød
on 2017/10/26 11:47
To version 30.10
edited by Pål-Eirik Askerød
on 2017/10/26 12:04
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -309,7 +309,7 @@
309 309  
310 310  The value currently supported by PayEx is ‘13’ and refers to PayEx H2H shared keys. **Other values are currently not supported**.
311 311  
312 -PayEx H2H shared key scheme defines a pin encryption key that is used to encrypt the pin block. See security documentation for details. TODO ref security documentation
312 +PayEx H2H shared key scheme defines a pin encryption key that is used to encrypt the pin block. See security documentation section for details.
313 313  
314 314  **P-48-32 VAT PERCENTAGES**
315 315  
... ... @@ -362,16 +362,14 @@
362 362  
363 363  **PayEx shared key scheme**
364 364  
365 -PayEx supplies key version to be sent in 53-6. This scheme defines 3 different keys for MAC, PIN and Data encryption which will be shared between PayEx and 3rd party.
365 +PayEx supplies key version to be sent in 53-6. This scheme defines 3 different keys for MAC, PIN and Data encryption which will be shared between PayEx and 3rd party. See security documentation section for details.
366 366  
367 367  
368 368  **ZKA scheme (Currently not supported)**
369 369  
370 -PayEx defines the value of 53-1 and 53-2. Note that a set of different values are defined for both TEST and LIVE, and is unique for every third party (host).
370 +PayEx defines the value of 53-1 and 53-2. Note that a set of different values are defined for both test and production. Also values are unique for every third party (host).
371 371  
372 -For optimal security it is a good practice to use different random values for the MAC and PAC. However the security impact of having the same random number for PAC and MAC is very limited. Especially because in the MK/SK security scheme an XOR of the Master key with a fixed Control Mask is done, where the Control Mask value is different for PIN and MAC. So even if the MAC session key would be compromised the PIN session key still cannot be determined even when the same random number is used.
373 -
374 -It is important to assure that different random numbers are used for every transaction.
372 +For optimal security it is a good practice to use different random values for the MAC and PAC. However the security impact of having the same random number for PAC and MAC is very limited. Especially because in the MK/SK security scheme an XOR of the Master key with a fixed Control Mask is done, where the Control Mask value is different for PIN and MAC. So even if the MAC session key would be compromised the PIN session key still cannot be determined even when the same random number is used. It is important to assure that different random numbers are used for every transaction.
375 375  
376 376  
377 377  **P-56 ORIGINAL DATA ELEMENTS**