PayEx IFSF H2H Security specification
Key schemes
Currently PayEx only support H2H Shared keys for MAC, PIN and Data Encryption.
This solution defines three different keys which are shared with the 3rd party that integrates the PayEx H2H IFSF protocol.
3rd partys will be assigned a unique key version that needs to be specified in requests towards PayEx Host.
Security Related Control Information
This information is transported in field P-53 towards PayEx Host. For scheme H2H Shared keys only 53-1 needs to be populated with the version of keys.
This field (53-1) needs to be present in all request that have MAC, PIN or encrypted data. Field P-53 is binary with LLVAR length. Only P-53-1 needs to be populated to use H2H Shared Keys.
| Element | Name | Format | Attribute | Description |
|---|---|---|---|---|
| 53 | n | 2 | LLVAR length field | |
| 53-1 | H2H Key version | n | 2 | Version of keys shared by PayEx with 3rd party. Eks "02" |
| 53-2 | Master key generation number | n | 1 | Identifies the master key generation. Currently NOT supported |
| 53-3 | Key version of master key | n | 1 | Identifies the key version. Currently NOT supported |
| 53-4 | MAC random value | b | 16 | ZKA MAC random value. Currently NOT supported |
| 53-5 | PAC random value | b | 16 | ZKA PAC random value. Currently NOT supported |
| 53-6 | Data encryption random value | b | 16 | ZKA Data encryption random value. Currently NOT supported |
PayEx shared key scheme
PayEx supplies key version to be sent in 53-1. This scheme defines 3 different keys for MAC, PIN and Data encryption which will be shared between PayEx and 3rd party.
ZKA scheme (Currently not supported)
PayEx defines the value of 53-2 and 53-3. Note that a set of different values are defined for both test and production. Also values are unique for every third party (host).
For optimal security it is a good practice to use different random values for the MAC and PAC. However the security impact of having the same random number for PAC and MAC is very limited. Especially because in the MK/SK security scheme an XOR of the Master key with a fixed Control Mask is done, where the Control Mask value is different for PIN and MAC. So even if the MAC session key would be compromised the PIN session key still cannot be determined even when the same random number is used. It is important to assure that different random numbers are used for every transaction.
Message Authentication Code (MAC)
We use ANS X9.9 Option 1 (binary data) procedure using ISO 16609 CBC-mode Triple-DES (TDES) encryption of the data.
PayEx uses a double-length key. (128 bit)
The input for the MAC calculation/verification will be the SHA-256 of the IFSF message. The message length header and the MAC block itself are not included, however the MAC bit in the bitmap is part of the message and is already set when calculating the MAC.
Mac calculation method:
Figure shows the MAC calculation for ANS X9.9 Option 1 (binary data). In this figure, KEY is a 64-bit key, and T1 through Tn are 64-bit data blocks of text. If Tn is less than 64 bits long, binary zeros are appended to the right of Tn. Data blocks T1...Tn are DES CBC-encrypted with all output discarded except for the final output block, On.
Note: ANS X9.19 Basic Procedure and ISO/IEC 9797-1 MAC Algorithm 1 are the same as ANS X9.9 Option 1.
Transport of MAC
MAC value is transported in P-64 or P-128 towards PayEx. P-128 is used when P-127 is present. Field is binary with a length of 8.
Personal Identification Number (PIN)
Pin enciphered block is transported in P-52 towards PayEx. Format is binary, length 8.
PIN-block format is ISO-0 (same as ANS X9.8, VISA-1, and ECI-1).
Pin encryption key must be used to encrypt pin block sent to PayEx.
PIN Encryption Methodology
This information is transported in P-48.14 field towards PayEx Host.
| Element | Name | Format | Attribute | Description |
|---|---|---|---|---|
| 48 | n | 3 | LLLVAR length field | |
| 48-14 | PIN Encryption Methodology | ans | 2 | Identifies the PIN encryption scheme used for pin block encryption. Supported values listed below. |
‘13’: PayEx H2H shared keys
‘33’: ZKA MS/SK PAC H2H (Currently not supported)
When P-52 is present in request, this field must also be present. When field P-52 is NOT present, field 48-14 should also NOT be present.
The value currently supported by PayEx is ‘13’ and refers to PayEx H2H shared keys. Other values are currently not supported.
PayEx H2H shared key scheme defines a pin encryption key that is used to encrypt the pin block.
Data encryption
Encrypted card data (track2) is transported in P-127 field towards PayEx. Format is LLLBinary
Data must be encrypted with Triple-DES CBC mode using the data encryption key provided by PayEx.