...
PIN entry on Tap to Phone solutions, because of its very sensitive nature, is handled by the Secure Client (and the Secure Backend). The flow is relatively simple, the PIN prompt is triggered by one API call. The output of the PIN entry is provided through a callback.
The following figure describes the message flow between the different merchant’s system components involved in the online PIN verification process:
For security reasons, the PAN (card data), returned by the L2/OLA API and the partial PIN block, returned by SCSDK PIN pad are encrypted using two different key set in two independent key spaces, named security domains (identified as PIN and PAN).
It is the role of the merchant’s system to transmit and use the PIN and PAN cryptograms for computing the standard PIN block in a secure environment. The resulting PIN block is used in the actual online PIN verification.
...
PIN prompt
To launch the PIN entry screen, once must call the pinEnter()
method from the AOneAppSecurity
class as follows:
Code Block |
---|
AOneAppSecuritySecureClient.getInstance(this.contextactivity, AOneAppSecurityCbk(this.activity)) .pinEnter(activity, amount, message, min, max, timeout, feedback) |
With:
amount: the amount string, including currency (ex: $ 51.00)
message: the customer message (ex: Please enter PIN)
min: the minimum number of PIN digits (usually 4)
max: the maximum number of PIN digits
timeout: the PIN entry timeout in seconds
feedback: physical and audible feedback flags (ex:
AOneAppSecurity.PIN_ENTRY_FB_HAPTIC or AOneAppSecurity.PIN_ENTRY_FB_SOUND)
Info |
---|
Once the |
...
Object | Length (bytes) | Comments |
---|---|---|
RSA Key ID length | 2 | Length of the key ID (MSB) |
RSA Key ID | var | RSA key ID used for the session key encryption |
Encrypted KEK length | 2 | Length of the encrypted KEK (MSB - should be 512) |
Encrypted KEK | 512 | Encrypted KEK block:
|
Encrypted pseudo PIN block length | 2 | Length of the encrypted PIN block (MSB - should be 16) |
Encrypted pseudo PIN block | 16 | Encrypted pseudo PIN block:
|
HMAC Key ID length | 2 | Length of the HMAC key ID (MSB) |
HMAC Key ID | var | HMAC key ID used for the checksum calculation |
HMAC length | 2 | Length of the HMAC checksum (MSB - should be 32) |
HMAC | 32 | AES-CBC-256 checksum |
...