Versions Compared

Old Version 3

changes.mady.by.user Alexandre Munsch

Saved on

compared with

New Version Current

changes.mady.by.user Alexandre Munsch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PIN entry on Tap to Phone solutions, because of its very sensitive nature, is handled by the Secure Client (and the Secure Backend). The flow is relatively simple, the PIN prompt is triggered by one API call. The output of the PIN entry is provided through a callback.

The following figure describes the message flow between the different merchant’s system components involved in the online PIN verification process:

  • For security reasons, the PAN (card data), returned by the L2/OLA API and the partial PIN block, returned by SCSDK PIN pad are encrypted using two different key set in two independent key spaces, named security domains (identified as PIN and PAN).

  • It is the role of the merchant’s system to transmit and use the PIN and PAN cryptograms for computing the standard PIN block in a secure environment. The resulting PIN block is used in the actual online PIN verification.

...

PIN prompt

To launch the PIN entry screen, once must call the pinEnter() method from the AOneAppSecurity class as follows:

Code Block
AOneAppSecuritySecureClient.getInstance(this.contextactivity, AOneAppSecurityCbk(this.activity))
               .pinEnter(activity, amount, message, min, max, timeout, feedback)

With:

  • amount: the amount string, including currency (ex: $ 51.00)

  • message: the customer message (ex: Please enter PIN)

  • min: the minimum number of PIN digits (usually 4)

  • max: the maximum number of PIN digits

  • timeout: the PIN entry timeout in secondsfeedback: physical and audible feedback flags (ex: AOneAppSecurity.PIN_ENTRY_FB_HAPTIC or AOneAppSecurity.PIN_ENTRY_FB_SOUND)

Info

Once the pinEnter() function is called the screen control is taken over by our security layer until the user presses Enter, Cancel or the timeout is reached.

...

The format of the partial PIN block cryptogram is:

...

E(PIN block) = ID(Kpin-pub)||ERSA-OAEP-SHA-1(Kpin-pub, Kpin-session)||Eaes-ecb(Kpin-session, pin-block)

Which translates into:

Note

The format of the PIN block cryptogram changed staring secure client v1.0.9

Object

Length (bytes)

Comments

RSA Key ID length

2

Length of the key ID (MSB)

RSA Key ID

5var

RSA key ID used for the session key encryption

Encrypted KEK 256length

2

Length of the encrypted KEK (MSB - should be 512)

Encrypted KEK

512

Encrypted KEK block:

  • encrypted with RSA key (RSA/ECB/OAEPWithSHA-256AndMGF1Padding)

  • cleartext contains the KEK (16 bytes) and the IV (16 bytes)

Encrypted pseudo PIN block length

2

Length of the encrypted PIN block (MSB - should be 16)

Encrypted pseudo PIN block

25616

Encrypted pseudo PIN block:

  • encrypted with KEK key (AES/CBCECB/NoPadding)

  • cleartext contains the pseudo PIN block (see below)

HMAC Key ID length

2

Length of the HMAC key ID (MSB)

HMAC Key ID

var

HMAC key ID used for the checksum calculation

HMAC length

2

Length of the HMAC checksum (MSB - should be 32)

HMAC

32

AES-CBC-256 checksum

The pseudo PIN block is encoded in ISO-0 format, with the PIN set as expected and the PAN set to “F…F”:

...

Object

...

Length (bytes)

...

Comments

...

x

...

1

...

Length

...

1

...

PIN

...

4 to 16

...

Non-used digits set to random padding

Example

Below is an example of data received after a successful PIN entry:

Code Block
3cb9dd2f5021af506a74a0b14bf1d67479173e1302404d645fe2ddd382a26097be43c799a6d79bd759e3a
e0cabab835b31cb859ed8d900264522c2cef426de597becad0738c78578aa5538df3ad9f9f6a0c5c25e45
30d1754021c99faa037aabfe90cd1af8c3a68ebeabd9dce2df3cdf9208a55e7c94a13331b362fc3fedc57
e766c8aa8bc3ce750196857b832ff81027bd4168422a7b8ca1334a9df358038c48f9fb3d96c80f06d2899
87ffd313984cd540faa08e280911524fde4956091c8704455d7c652022a244955d6c60407b32a31c52f23
c93896f292f489e9c9349047997024ae33cf997bb5436bfdfb53eed28021354baab0fecd30bf3c58cacf0
d6a309d25919948c521e8d795d16b74a3fe4a114709e

Which can be split into:

  • The key ID:

Code Block
3cb9dd2f50

  • The encrypted KEK:

Code Block
21af506a74a0b14bf1d67479173e1302404d645fe2ddd382a26097be43c799a6d79bd759e3ae0cabab835
b31cb859ed8d900264522c2cef426de597becad0738c78578aa5538df3ad9f9f6a0c5c25e4530d1754021
c99faa037aabfe90cd1af8c3a68ebeabd9dce2df3cdf9208a55e7c94a13331b362fc3fedc57e766c8aa8b
c3ce750196857b832ff81027bd4168422a7b8ca1334a9df358038c48f9fb3d96c80f06d289987ffd31398
4cd540faa08e280911524fde4956091c8704455d7c652022a244955d6c60407b32a31c52f23c93896f292
f489e9c9349047997024ae33cf997bb5436bfdfb53eed28021354baab0fecd30bf3c58cacf0d6a309d259
19

  • The encrypted pseudo PIN-block:

Code Block
948c521e8d795d16b74a3fe4a114709e

Applying an RSA decryption (RSA/ECB/OAEPWithSHA-256AndMGF1Padding) on the “encrypted KEK” block will lead to:

  • The KEK:

Code Block
eaa5e9bbd66899cc561ee20ca9b3e775

  • The IV:

Code Block
00000000000000000000000000000000

Applying a AES decryption (AES/CBC/NoPadding) on the “encrypted pseudo PIN-block” will provide the following pseudo PIN block data:

Code Block
1415958944b2c2d77cb7fad1622bb213

Which can be split into:

  • The PIN:

Code Block
1595

  • The random padding:

...

the following way:

If N is the number of PIN digits, with N in the [4, 12] range, the PIN is encoded in a 16 bytes byte array with the following format:

  • A prefix of (16 - N) random bytes Bi:

    • B0 … B(16 - N - 2) = 0xmn where m and n denote the most and least significant nibbles

    • B(16 - N - 1) = 0xm0, end of prefix

  • The encoded PIN of N bytes, each byte encoding a PIN digit:

    • B0(16 - N) … B15 = 0xmd where m(random) and d(PIN digit) denote the most and least significant nibbles

The following table gives an example of the encoding of the encoding of the PIN value “1234”:

0

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

0xB9

0x6F

0x4A

0x31

0x06

0x9E

0x73

0x48

0x9A

0xA7

0xD3

0x60

0xD1

0x62

0xE3

0xD4