Hide last authors
Kristian Lingsom 4.1 1 (% class="WordSection1" %)
2 (((
Kristian Lingsom 19.1 3 = Overview =
Kristian Lingsom 5.2 4
5 The purpose of the H2H PayEx link is to enable authorization and settlement of card transactions, where PayEx is end host for that card, or just an PSP. The third party host acts as a gateway in between payment terminals and PayEx.
6
7
8 [[image:pos server.png]]
9
10
11
Kristian Lingsom 4.1 12
Kristian Lingsom 19.1 13 The third party host can be a single or dual host system.
14 PayEx has a fully redundant system, with an active/active configuration.
Pål-Eirik Askerød 30.4 15 The third party host(s) connects through PayEx load balanser.
Kristian Lingsom 19.1 16
17
Kristian Lingsom 20.1 18 == Supported massage types ==
Kristian Lingsom 19.1 19
Kristian Lingsom 4.1 20
Kristian Lingsom 21.1 21 |=Message Type|=Reference
Kristian Lingsom 23.1 22 |1100/1110|[[AUTHORISATION REQUEST>>doc:AUTHORISATION REQUEST 1100/1110]]
Kristian Lingsom 23.2 23 |1200/1210|[[FINANCIAL TRANSACTION REQUEST>>doc:.FINANCIAL TRANSACTION REQUEST 1200/1210.WebHome]]
24 |1220/1221/1230|[[FINANCIAL TRANSACTION ADVICE>>doc:FINANCIAL TRANSACTION ADVICE 1220/1221/1230]]
25 |1420/1421/1430|[[REVERSAL ADVICE>>doc:REVERSAL ADVICE 1420/1421/1430]]
26 |1820/1830|[[NETWORK MANAGEMENT>>doc:.NETWORK MANAGEMENT 1820/1830.WebHome]]
Pål-Eirik Askerød 30.3 27 |1520/1521/1530|RECONCILIATION REQUEST (**Currently not supported)**
Kristian Lingsom 4.1 28
Kristian Lingsom 23.3 29 * Message types not included in the table above are not supported. E-g reconciliation is not supported
30 Only the Financial transaction advice (1220), Reversal Advice (1420) use repeat messages. Repeats are to be sent according to xxxxxxx rules
31 * Advice can be declined by PayEx for technical reasons. In this case the third party host need to retry the advice until manual intervention or the advice has been accepted. It’s expected that the third party implement a retry delay (to-be-defined). After 6 retry attemps have failed manual intervention by third party and PayEx support must be initiated.
Kristian Lingsom 4.1 32
Kristian Lingsom 19.1 33 == Message layout ==
34
Kristian Lingsom 16.1 35 This section covers message types and fields supported by PayEx
Kristian Lingsom 4.1 36
Kristian Lingsom 17.2 37
Kristian Lingsom 16.1 38 |=Presence|=Title|=Description
39 |C|Conditional|The data element’s presence depends on specific circumstances, witch are described either directly or by reference in the message content table.
40 |CE|Conditional echo|The response message must have the same data element if the data element was present in the original message
41 |M|Mandatory|Data element must be present in the specified message
42 |ME|Mandatory echo|The response message must have the same data element and value as sent in the original message request or advice message
43 |O|Optional|The data element may or may not be present in the message
Kristian Lingsom 17.2 44 )))
Kristian Lingsom 4.1 45
Kristian Lingsom 17.2 46 Optional fields may always be present in requests, even when not needed. In such case, they will be ignored. Requests received missing a mandatory field will be 904 - Format Error.
47
48 The third party host must ignore unknown fields included in the response messages.
49
50 When no usage notes are given in the field description, the field should be used as described in IFSF [1].
51
52 The “Format”-column can contain following info:
53
54 * LL: Variable length field, max 99 bytes as data. The field contains 2 bytes holding the length of the data. Example: 303101 a one byte field with LL = 3031 and the data is 01.
55 * LLL: Variable length field, max 999 bytes as data. The field contains 3 bytes holding the length of the data. Example: 30303101 a one byte field with LLL = 303031 and the data is 01.
56 * Date/time field formats, YYMMDDhhmmss (or variations), where:
57 ** YY : Last 2 digits of the year, 00 through 99
58 ** MM: Month, 01 through 12.
59 ** DD: Day, 01 through 31
60 ** hh: Hour, 00 through 23
61 ** mm: Minutes, 00 through 59
62 ** ss: Seconds, 00 through 59
63
64 The “Type”-column can contain:
65
66 * a : Alphabetic character [a..z,A..Z]
67 * n : Numeric BCD-digit. [0..9]
68 * ans: alphabetic, numeric and special characters
69 * an : alphabetic and numeric.
70 * s : Special characters.
71 * b : Binary
72 * p: pad character, space
73 * x: “C” for credit, “D” for debit and shall always be associated with a numerical amount data element.
74
75 The “Size”-column can contain:
76
77 * Variable length fields have a size that looks like “..nn”, where nn is the maximum number of characters or bytes.
78 * A fixed length field has “n” as size content, with n the number of characters or bytes.
79
80 All fixed length “n” data elements are assumed to be right justified with leading zeroes. All other fixed length data elements are left justified with trailing spaces. In all “b” data elements, blocks of 8 bits are assumed to be left justified with trailing zeroes.
81
82
Kristian Lingsom 24.2 83 == Message protocol ==
Kristian Lingsom 17.2 84
Kristian Lingsom 24.2 85 All messages are transferred using TCP/IP sockets.
86
87 The message will be encapsulated in a transmission frame as follows:
88
89 * The first 4 digits contain the length of the message in ASCII (decimal value, most significant digit first). The length field includes all bytes from the first byte of the message ID up to the last byte of the last field.
90 * This 4-digit length field is immediately followed by the message ID, also in ASCII (decimal value, most significant digit first).
91 * An 8 byte message bitmap, which is a binary field (so not ASCII encoded).
92 * Message fields, which could be ASCII or binary encoded. The fields with format ‘n, ns, an, ans, anp or x’ are ASCII encoded, while the fields with format ‘b’ are binary encoded. The following conventions shall be applied to all data elements:
93 ** All fixed length numeric data element values shall be right justified with leading zeroes.
94 ** All fixed length data elements with alphabetic or special characters shall be left justified with trailing blanks.
95 ** All fixed length binary data elements shall be right justified with leading zeroes.
96 ** The position of a character or a bit in a data element shall be counted from the left beginning with one (1).(See also section 5.1 Attribute specification in [01])
97 ** No trailer is included.
98
99 Example: An imaginary message which consists only of a message ID “0300” and an empty bitmap (all zeros) will be transmitted as follows:
Kristian Lingsom 17.2 100
Kristian Lingsom 24.2 101
Kristian Lingsom 24.3 102 |=Length|=(((
103 Message ID
104 )))|=Bitmap
Kristian Lingsom 24.2 105 |=0x30 0x30 0x31 0x32|=0x30 0x33 0x30 0x30|=0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
106
Kristian Lingsom 24.3 107 Example: An 1820 message, without MAC, will be transmitted as follows: Message bytes (hex):
108 303035303138323002300101000000003039313031353238343133383239313030393039313031353238343138333130353130303331
109
110
111 |=Field|=Format|=Encoding|=Data|=Parsed
112 |Message Length|n|ASCII|30303530|0050
113 |Massage ID|n|ASCII|31383230|1820
Pål-Eirik Askerød 30.9 114 |Bitmap|b|Binary|0230010100000000|
Kristian Lingsom 24.3 115 |7 - Date/Time|n|ASCII|30393130313532383431|0910152841
116 |11 - STAN|n|ASCII|333832393130|382910
117 |12 - Date/Time|n|ASCII|303930393130313532383431|090910152841
118 |24 - Function code|n|ASCII|383331|831
Pål-Eirik Askerød 30.9 119 |33 - Forwarding institution identification code|n|ASCII|(((
120 30323135
121 )))|15
Kristian Lingsom 24.3 122
123 The PayEx response timeout is set to XX seconds. If after xx+1 seconds, no response has been received, the third party host needs to take the appropriate action based on the message type. (E.g. send a reversal)
124
125 The third party host has the possibility to perform offline stand-in, thought this needs to be agreed with the indididual card issuers. Otherwise the station might not be reimbursed.
126
Kristian Lingsom 25.1 127 == PIN Validation ==
128
Pål-Eirik Askerød 29.2 129 PayEx perform online PIN validation on payment cards where PayEx is the acquirer, on all other cartds PIN is validated by the third party acuirer. PayEx will not interpret P-22 Point-Of-Service code to determine if it needs to validate PIN or not on PayEx fuel cards, but 3rd patry aquirers might so it's good practice to use P-22 correctly.
Kristian Lingsom 25.1 130
131 Fields required for PIN validation are:
132
133 * P-48-14 – PIN encryption Methodology
134 * P-52 – PIN data
135 * P-53 – Security related information
136
Pål-Eirik Askerød 30.7 137 == Security documentation ==
138
Pål-Eirik Askerød 30.8 139 Here you can find details regarding the security aspects of this H2H integration. __[[SECURITY SPECIFICATION>>doc:.PayEx IFSF H2H Security specification.WebHome]]__
Pål-Eirik Askerød 30.7 140
141 (% class="wikigeneratedid" %)
Pål-Eirik Askerød 30.8 142 == ==
Pål-Eirik Askerød 30.7 143
Kristian Lingsom 26.1 144 == Message field details ==
145
146
147 **P-2 PAN**
148
Pål-Eirik Askerød 30.2 149 Personal Account Number, identifies the card. Only mandatory for Manual PAN transactions (replacement for Track2Data P35)
Kristian Lingsom 26.1 150
151 **P-3 PROCESSING CODE**
152
153 Code used to describe the effect of a transaction on the customer account and the accounts affected. Fixed 00000000 : Goods and services
154
155 **P-4 AMOUNT, TRANSACTION**
156
157 The amount is a numeric value, expressed without a decimal separator. Where a minor unit of currency applies, the relevant minor unit data element indicates the number of decimal places in the relevant amount. Example : 1 kr = 100
158
159 **P-7 DATE AND TIME, TRANSMISSION**
160
161 Date and time of message transmission from the third party host.
162
163 **P-11 SYSTEM TRACE AUDIT NUMBER**
164
165 Number assigned by the third party host to assist in identifying a transaction uniquely. Range 000001 till 999999. Every message must have a new STAN, repeats use the same STAN as the original message.
166 **P-12 DATE AND TIME, LOCAL TRANSACTION**
167
168 Date and time of the transaction when performed on the POS.
169
170 **P-14 DATE EXPIRY**
171
172 Month and year of card expiry. Only mandatory for a manual PAN transaction
173
174 **P-22 POINT OF SERVICE DATA CODE**
175
176 A series of codes intended to identify terminal capability, terminal environment and presentation security data.
177
178 |=Point of service date code|=Description
179 |POS 1: Card data input capabilities|2: magnetic stripe read A: RFID
180 B: Magnetic stripe reader and key entry
181 C: Magnetic stripe reader, ICC and key entry
182 D: Magnetic stripe reader and ICC
183 |Pos 2: Cardholder authentication capability|1: PIN
184 Y: Signature,plaintext/enciphered PIN offline and ‘no cvm’ capable, enciphered pin online
185 |Pos 3: Card capture capability|0:None
186 T: None and SDA/DDA/CDA capable
187 |Pos 4: Operating environment|(((
188 1: On premises of card acceptor, attended
189 2: On premises of card acceptor, unattended
190 )))
191 |Pos 5: Cardholder present|0: Cardholder present
192 |Pos 6: Card present|1: Card present
Kristian Lingsom 27.1 193 |Pos 7: Card data input mode|2: Magnetic stripe read
Kristian Lingsom 26.1 194 3: Bar code
195 5: ICC
196 6: Key entered A: RFID
197 D: Magnetic stripe read following failed chip card read
198 |Pos 8: Cardholder authentication method|0: Not authenticated
199 1: PIN
200 5: Manual signature verification
201 |Pos 9: Cardholder authentication entity|0: Not authenticated
202 1: ICC
203 2: Card acceptor device 3: Authorizing Agent
204 |Pos 10: Card data output capability|1: None
205 3: ICC
206 |Pos 11: Terminal output capability|2: Printing
207 4: Printing and display
208 |Pos 12: PIN capture capability|C: Twelve characters
209
210 **P-24 FUNCTION CODE**
211
212 |=Function code|=Description
213 |101|Original authorization, amount estimated used in 1100
214 |200|Original financial request/advice Used in 1200/1220/1221
215 |201|Previously approved authorisation, amount the same Used in 1220/1221
216 |202|Previously approved authorisation, amount differs Used in 1220/1221
217 |400|Full reversal Used in 1420/1421
218 |831|Echo test Used in 1820
219
220 **P-25 MESSAGE REASON CODE**
221
222 |=reason code |=Description
223 |1003|Card issuer unabailable
224 |1004|Terminal processed
225 |1508|On-line forced by terminal
226 |4000|Customer cancellation
227 |4020|Invalid response, no action taken
228 |4021|Timeout waiting for response
229 |4351|Cancellation - unmatched signature
230
231 **P-30 ORIGINAL AMOUNT**
232
233 The original amount data element is a constructed element of two parts with a total of 24 positions:
234 a) Original amount transaction, n 12;
235 b) Original amount reconciliation, n 12.
236 Absence of data shall be indicated by zeroes. These parts shall be used when attempting to perform a partial approval and shall contain the original amounts.
237
238
239 **P-33 FORWARDING INSTITUTION IDENTIFICATION CODE**
240
241 10 digit code identifying the 3rd patry host. Each 3rd party integrated with PayEx will be assigned a unique code that they are to use in all messages where P-33 is specified.
242
243
244 **P-35 TRACK 2 DATA**
245
246 The information encoded on track 2 of the magnetic stripe as defined in ISO7813, excluding beginning and ending sentinels and longitudinal redundancy check characters as defined therein.
247
248 Example: 123456789012345=00112233
249
250
251 **P-38 APPROVAL CODE**
252
253 Code assigned by the authorising institution indicating approval.
254
255
256 **P-39 ACTION CODE**
257
Kristian Lingsom 27.1 258 See action code page for codes that can be returned by PayEx.
259
260
261 **P-41 Card acceptor terminal identification**
Pål-Eirik Askerød 30.6 262 Needs to be unique per POS terminal at the merchant site. For Indoor terminals use the range 1-99 and for outdoor terminals 100-199. PayEx needs to be informed of how many terminals that are installed at the merchant site.
Kristian Lingsom 27.1 263
264 **P-42 Card acceptor identification code**
265
266 8 digit unique ID provided by PayEx for each merchant.
267
268 **P-43 Card acceptor name/location**
269
270 The name and location of the card acceptor.
271
272 **P-48 MESSAGE CONTROL DATA ELEMENTS**
273 Used for the control of messages between the POS and the FEP. These are present in field 48 as a variable content data element. It uses a standard bit map to identify the specific data elements present in field 48. The format is LLLVAR with a maximum length of 999. The 8 byte bit map is the first item (element 48-0) in the data element.
274
275 P-48-4 BATCH/SEQUENCE NUMBER
276
277 This field identifies the transactions associated with a particular settlement period. This number starts at one and increments with each Reconciliation.
278
279 P-48-8 CUSTOMER DATA
280
281 The customer data is any data entered by the customer or cashier as required by the authorizer to complete the transaction. Transactions requiring customer data may be related to fleet fuelling, cheque authorizations or any other type of retail store management functions. Up to sixteen separate entries are supported. Each entry consists of two elements, the type of customer data entered and the variable length value of the entered data. Successive entries are separated by a back-slash (\). (Note: the LVAR method is not used for these entries.) The entire data element has a maximum length of 250 bytes and is parsed as an LLLVAR field.
282
283 |=Element|=Name|=Attribute|=Description
284 |48-8-1|Number of customer data fields|n2|Count of customer data entries to follow.Note: this value must be from 1 to 16.
285 |48-8-2|Type of customer data|an 1|Identifies the type of customer data entered. (see P48-8-2)
286 |48-8-3|Value of customer data|ans...99|Data entered by customer orcashier.
287
Kristian Lingsom 28.1 288 **P-48-8-2 TYPE OF CUSTOMER DATA**
Kristian Lingsom 27.1 289
Kristian Lingsom 28.1 290 1 - Vehicle Number
291 3 - Driver ID
292 4 - Mileage
293 5 - Driver license number
294 B - Unit number/fleet ID
295 D - Customer verification code
296 G - Alphanumeric entered data
Kristian Lingsom 27.1 297
298
Kristian Lingsom 28.1 299 The information encoded on track 2 of the magnetic stripe as defined in ISO7813, excluding beginning and ending sentinels and longitudinal redundancy check characters.**P-48-9 TRACK II OF VEHICLE CARD**
Kristian Lingsom 27.1 300
301 **P-48-14 PIN ENCRYPTION METHODOLOGY**
302
Pål-Eirik Askerød 30.5 303 ‘13’: PayEx H2H shared keys
304
305 ‘33’: ZKA MS/SK PAC H2H (**Currently not supported**)
306
307
Kristian Lingsom 27.1 308 When P-52 is present, this field must also be present. When field P-52 is NOT present, field 48-14 should also NOT be present.
309
Pål-Eirik Askerød 30.5 310 The value currently supported by PayEx is ‘13’ and refers to PayEx H2H shared keys. **Other values are currently not supported**.
Kristian Lingsom 27.1 311
Pål-Eirik Askerød 30.5 312 PayEx H2H shared key scheme defines a pin encryption key that is used to encrypt the pin block. See security documentation for details. TODO ref security documentation
Kristian Lingsom 27.1 313
314 **P-48-32 VAT PERCENTAGES**
315
316 List of VAT codes accompanied with their corresponding VAT percentage.
317
318 The purpose of this field is to link the VAT codes as used in field P-63 Product data, P-63-8 tax code, to actual VAT percentages. As the incoming link can be multi-country, and PayEx does not have product codes per VAT rate, the VAT rates need to be provided in every transaction.
319
320 Individual items are separated with a backslash character.
321 Only VAT codes used in the product data (P-63) need to be described in this array. Others will be ignored.
322
323
324 **P-48-37 VEHICLE IDENTIFICATION ENTRY MODE**
325 Only present when a vehicle number is available (P48-8). Defines how the vehicle number was entered:
326
327 0 - Manual entry
328 1- On the Card
329 2 - Automatic Licence Plate Recognition
330
331 **P-48-38 PUMP LINKED INDICATOR**
332
Kristian Lingsom 28.1 333 Indicating whether the fuel pump reading is is linked to the payment terminal:
Kristian Lingsom 27.1 334 0 – Unspecified
335 1 – Pump-linked
336 2 – Pump not linked
337
338
339 **P-48-39 DELIVERY NOTE NUMBER**
340 Number allocated by the terminal given to the customer as printed on the ticket.
341
342 **P-49 CURRENCY CODE , TRANSACTION**
343 All transactions are in local currency, as defined during system installation. Actual value is as defined by ISO 4217.
344
345 **P-52 PIN DATA**
Pål-Eirik Askerød 30.2 346 ISO 9564-1 format 0 PIN block encrypted with PIN encryption key.
Kristian Lingsom 28.1 347
348
349 **P-53 SECURITY RELATED CONTROL INFORMATION**
350
Pål-Eirik Askerød 30.2 351 (% style="width:1468px" %)
352 |=Element|=Name|=Format|=Attribute|=(% style="width: 731px;" %)Description
353 |53| |n|2|(% style="width:731px" %)LLVAR length field
354 |53-1|Master key generation number|n|1|(% style="width:731px" %)Identifies the master key generation. **Currently NOT supported**
355 |53-2|Key version of master key|n|1|(% style="width:731px" %)Identifies the key version. **Currently NOT supported**
356 |53-3|MAC random value|b|16|(% style="width:731px" %)ZKA MAC random value. **Currently NOT supported**
357 |53-4|PAC random value|b|16|(% style="width:731px" %)(((
358 ZKA PAC random value. Zero filled if no PIN block in the message. **Currently NOT supported**
359 )))
360 |53-5|Data encryption random value|b|16|(% style="width:731px" %)ZKA Data encryption random value. **Currently NOT supported**
361 |53-6|H2H Key version|n|2|(% style="width:731px" %)Version of keys shared by PayEx with 3rd party.
Kristian Lingsom 28.1 362
Pål-Eirik Askerød 30.6 363 **PayEx shared key scheme**
364
365 PayEx supplies key version to be sent in 53-6. This scheme defines 3 different keys for MAC, PIN and Data encryption which will be shared between PayEx and 3rd party.
366
367
Pål-Eirik Askerød 30.2 368 **ZKA scheme (Currently not supported)**
369
Kristian Lingsom 28.1 370 PayEx defines the value of 53-1 and 53-2. Note that a set of different values are defined for both TEST and LIVE, and is unique for every third party (host).
371
372 For optimal security it is a good practice to use different random values for the MAC and PAC. However the security impact of having the same random number for PAC and MAC is very limited. Especially because in the MK/SK security scheme an XOR of the Master key with a fixed Control Mask is done, where the Control Mask value is different for PIN and MAC. So even if the MAC session key would be compromised the PIN session key still cannot be determined even when the same random number is used.
373
Pål-Eirik Askerød 30.2 374 It is important to assure that different random numbers are used for every transaction.
Kristian Lingsom 28.1 375
376
Kristian Lingsom 28.2 377 **P-56 ORIGINAL DATA ELEMENTS**
378
379 Data elements of original transaction which contains the original “message identifier”, original “STAN” and original “date and time – local transaction”. This must be present if the message is preceded by an 1100 Authorisation Request, it can be omitted if the message is as a result of a store and forward transaction.
380 In Payment advice : Link to previous Authorisation dialog
381 In reversal advice : Link to previous Authorisation request or previous Payment request being reversed.
Kristian Lingsom 28.1 382
Kristian Lingsom 28.2 383
384 **P-62 PRODUCT SETS AND MESSAGE DATA**
385
386 This field contains allowed product sets and message data.
387
388 |=Number|=Name|=Format|=Attribute|=Description
389 |62| |n|3|LLLVAR length field. Sets the length of P-62 data
390 |62-1|Allowed products|ans|...99|LLVAR field, contains the products that are allowed
391 |62-2|Device text|n|1|For what device 62-3 is to be sent to
392 |62-3|Massage text|ans|...999|LLLVAR field. Display text
393
394 All subfields must be present when bit 62 is set. Field 62 shall not be sent if none of the three subfields need to be sent. If one of the subfields needs to be sent, all three subfields shall be sent.
395
Kristian Lingsom 28.3 396
397 **P-63 PRODUCT DATA**
398
399 This data element provides the detailed information on the products purchased or selected by the customer. The first two fields (63-1, 63-2) appear once per transaction. The next seven fields can be repeated up to 18 times.
400
401 Each product is represented by seven fields: Product Code, Unit of Measure, Quantity, Unit Price, Amount, Taxcode and Additional product code. The variable length fields and the succeeding entry are separated by a back-slash (\).
402 Unit price and amount may be negative or positive, but the sum of the amounts in the product data must equal the transaction amount.
403 The values of Quantity and Unit price may have a value that includes both integer and fractional values. The format of these fields consists of a single digit, which specifies the number of fractional digits following the integer, followed by the numeric value.
404 The value must be numeric. The number of fractional digits has a maximum of 4. The Amount field may have fractional digits. The number of fractional digits is specified by the currency code.
405
406 The list of sales items can contain a mixture of normal sales items and refund items. These are included in the online Host message as follows:
407
408
409 |=Number|=Format|=Field|=Description
410 |63|n 3|Product data|LLLVAR length field. Sets the length of P-63 data
411 |63-1|a 1|Service level|(((
412 S - Self-serve
413 F - Full serve
414 Space - Information not available
415 )))
416 |63-2|n 2|Number of products|Count of products (sale item) reported for this transaction.
417
418 Each Sales item consists of the following components:
419
420
421 |=Number|=Format|=Field|=Description
422 |63-3|n 3 |Product code|3-digit product code that defines the type of product sold
423 |63-4|a 1 |Unit ofg measure|Indicates the meaning of the Quantity field. ‘U’ Sold per Unit
424 ‘O’ Unit of Measurement undefined ‘L’ Sold per Litre
425 |63-5|n 9|Quantity|Number of product units
426 | | |Separator|‘\’ To separate Quantity from Unit-Price
427 |63-6|sn 9|Unit price|Starts with a Minus sign when Unit price is negative. First digit is exponent. Typically 3 for fuels, and 2 for shop articles. Remaining digits are actual unit price
428 | | |Separator|‘\’ To separate Unit price from Amount
429 |63-7|sn 12|Amount|Starts with a minus sign in case Item amount is negative. 2 decimals are always implied.
430 | | |Separator|‘\’ To separate the Amount from the Vat Code
431 |63-8|an 1|Tax code|1 digit VAT code
432 |63-9|n 14|Additional Product code|Up to 14 digits article number as known in the POS
433 | | |Teminator |‘\’ To mark the end of this sales item
434
435 **P-64 MAC**
436
437 MAC is calculated/verified according to the “IFSF X9.19 Retail CBC MAC (3DES)” (see Appendix D in [2]), using the “Derivation of the MAC session key” (see 5.2.2 Derivation of the MAC session key in [2]).
438
439 The input for the MAC calculation/verification will be the SHA-256 of the IFSF message. The message length header and the MAC block itself are not included, however the MAC bit in the bitmap is part of the message and is already set when calculating the MAC.
440
441
442 In pseudo code it is as follows (the sign is used for assignment):
443 Input :
444
445 * The four 8-byte blocks B1 .. B4 from the SHA256
446 * MAC session key <Kl, Kr> (left and right halfs)
447
448 Output :
449
450 * 8-byte MAC M
451
452 Function X9.19retailMAC:
453
454 * M <- 0x0000 0000 0000 0000
455
456 For each 8-byte block b in B1 to B4 do:
457
458 * M <- M XOR b
459 * M <- 1DES_encrypt(Kl, M)
460
461 Done
462
463 * M <- 1DES_decrypt(Kr, M)
464 * M <- 1DES_encrypt(Kl, M)
465
466 End function
467