Cardholder Online Pin

The cardholder online pin’s structure, as implemented in Arkos, is documented below.

The tags can be accessed through the class NexoSecurityServicesTags

Message Element	Tag	Java Tag	Format

Message Element

Tag

Java Tag

Format

EncryptedPinBlock

0xFFBF7C

NexoSecurityServicesTags. EncryptedPinBlock

Do

PinFormat

0xDFBF71

NexoSecurityServicesTags. PinFormat

PinFormat.ISO0

PinFormat.ISO1

PinFormat.ISO2

PinFormat.ISO3

PinFormat.ISO4

PinFormat.ISO5

AdditionalInput

0xDFBF7D

NexoSecurityServicesTags. AdditionalInformation

Ascii, 35

Message Element	Tag	Java Tag	Format

Message Element

Tag

Java Tag

Format

ContentType

0xDFBF72

NexoSecurityServicesTags. ContentType

ContentType.DATA

ContentType.SIGN

ContentType.EVLP

ContentType.DGST

ContentType.AUTH

EnvelopedData

0xFFBF7F

NexoSecurityServicesTags. EnvelopedData

Do

Message Element	Tag	Java Tag	Format

Message Element	Tag	Java Tag	Format
Version	0xFFBF61	NexoSecurityServicesTags. Version	Int
Recipient	0xFFBF70	NexoSecurityServicesTags. Recipient	Do
EncryptedContent	0xFFBF80	NexoSecurityServicesTags. EncryptedContent	Do
ContentType	0xDFBF72	NexoSecurityServicesTags. ContentType	`ContentType.DATA` `ContentType.SIGN` `ContentType.EVLP` `ContentType.DGST` `ContentType.AUTH`
ContentEncryptionAlgorithm	0xFFBF82	NexoSecurityServicesTags. ContentEncryptionAlgorithm	Do
Algorithm	0xDFBF65	NexoSecurityServicesTags. Algorithm	`AlgorithmCode15.` `EA2C` `AlgorithmCode15.` `E3DC` `AlgorithmCode15.` `EA9C` `AlgorithmCode15.` `EA5C`
Parameter	0xFF01	NexoSecurityServicesTags. Parameter	Do
EncryptionFormat	0xDFBF75	NexoSecurityServicesTags. EncryptionFormat	`EncryptionFormat.TR31` `EncryptionFormat.TR34`
InitialisationVector	0xDFBF6A	NexoSecurityServicesTags. InitialisationVector	Binary
BytePadding	0xDFBF76	NexoSecurityServicesTags. BytePadding
EncryptedData	0xDFBF81	NexoSecurityServicesTags. EncryptedData	Binary

Message Element	Tag	Java Tag	Format

Message Element	Tag	Java Tag	Format
KeyTransport	0xFF01	NexoSecurityServicesTags. KeyTransport	Do
Version	0xFFBF61	NexoSecurityServicesTags. Version	Int
RecipientIdentifiacation	0xFF01	NexoSecurityServicesTags. RecipientIdentifiacation	Do
IssuerAndSerialNumber	0xFF01	NexoSecurityServicesTags. IssuerAndSerialNumber	Do
Issuer	0xFF01	NexoSecurityServicesTags. Issuer	Do
RelativeDistinguishedName	0xFF01	NexoSecurityServicesTags. RelativeDistinguishedName	Do
AttributeType	0xDFBF7E	NexoSecurityServicesTags. AttributeType
AttributeValue	0xDFBF73	NexoSecurityServicesTags. AttributeValue	Ascii, 140
SerialNumber	0xDFBF64	NexoSecurityServicesTags. SerialNumber	Binary
KeyIdentifier	0xFF03	NexoSecurityServicesTags. KeyIdentifier	Do
KeyEncryptionAlgorithm	0xFF02	NexoSecurityServicesTags. KeyEncryptionAlgorithm	Do
Algorithm	0xDFBF65	NexoSecurityServicesTags. Algorithm
Parameter	0xFF01	NexoSecurityServicesTags. Parameter	Do
EncryptionFormat	0xDFBF75	NexoSecurityServicesTags. EncryptionFormat
DigestAlgorithm	0xDFBF67	NexoSecurityServicesTags. DigestAlgorithm
MaskGeneratorAlgorithm	0xFF01	NexoSecurityServicesTags. MaskGeneratorAlgorithm	D0
Algorithm	0xDFBF65	NexoSecurityServicesTags. Algorithm
Parameter	0xFF01	NexoSecurityServicesTags. Parameter	Do
DigestAlgorithm	0xDFBF67	NexoSecurityServicesTags. DigestAlgorithm
EncryptedKey	0xDFBF68	NexoSecurityServicesTags. EncryptedKey	Binary
Kek	0xFF02	NexoSecurityServicesTags. Kek	Do
Version	0xFFBF61	NexoSecurityServicesTags. Version	Int
kekIdentification	0xFFBF7A	NexoSecurityServicesTags. kekIdentification	Do
KeyEncryptionAlgorithm	0xFF02	NexoSecurityServicesTags. KeyEncryptionAlgorithm	Do
Algorithm	0xDFBF65	NexoSecurityServicesTags. Algorithm
Parameter	0xFF01	NexoSecurityServicesTags. Parameter	Do
EncryptionFormat	0xDFBF75	NexoSecurityServicesTags. EncryptionFormat
InitialisationVector	0xDFBF6A	NexoSecurityServicesTags. InitialisationVector	Binary
BytePadding	0xDFBF76	NexoSecurityServicesTags. BytePadding
EncryptedKey	0xDFBF68	NexoSecurityServicesTags. EncryptedKey	Binary
KeyIdentifier	0xFF03	NexoSecurityServicesTags. KeyIdentifier	Do

Message Element	Tag	Java Tag	Format

Message Element	Tag	Java Tag	Format
KeyIdentification	0xDFBF6C	NexoSecurityServicesTags. KeyIdentification	Ascii, 140
KeyVersion	0xDFBF6D	NexoSecurityServicesTags. KeyVersion	Ascii, 140
SequenceNumber	0xDFBF6E	NexoSecurityServicesTags. SequenceNumber	Int
DerivationIdentification	0xDFBF6F	NexoSecurityServicesTags. DerivationIdentification	Binary

Message Element	Tag	Java Tag	Format

Message Element	Tag	Java Tag	Format
KeyIdentification	0xDFBF6C	NexoSecurityServicesTags. KeyIdentification	Ascii, 140
KeyVersion	0xDFBF6D	NexoSecurityServicesTags. KeyVersion	Ascii, 140
SequenceNumber	0xDFBF6E	NexoSecurityServicesTags. SequenceNumber	Int
DerivationIdentification	0xDFBF6F	NexoSecurityServicesTags. DerivationIdentification	Binary

An example of the AcceptorAuthorisationRequestV06 can be found below alongside the code that produces it.

TlvTree cardholderPin = TlvTree.Empty();

TlvTree encryptedPinBlock = cardholderPin.AddChild(NexoSecurityServicesTags.EncryptedPinBlock); //encrypted pin block
cardholderPin.AddEnum(NexoSecurityServicesTags.PinFormat, PinFormat.ISO0); //Pin format ISO0

encryptedPinBlock.AddEnum(NexoSecurityServicesTags.ContentType, ContentType.EVLP); //content type evlp
TlvTree envelopedData = encryptedPinBlock.AddChild(NexoSecurityServicesTags.EnvelopedData); //Enveloped data

TlvTree recipient = envelopedData.AddChild(NexoSecurityServicesTags.Recipient);//recipient

TlvTree KEK = recipient.AddChild(NexoSecurityServicesTags.KEK);//KEK
TlvTree KEKIdentification = KEK.AddChild(NexoSecurityServicesTags.KEKIdentification);//KeKIdentification
KEKIdentification.AddAscii(NexoSecurityServicesTags.KeyIdentification,"KeyIdentification");
KEKIdentification.AddAscii(NexoSecurityServicesTags.KeyVersion,"keyVersion");
KEK.AddEnum(NexoSecurityServicesTags.Algorithm8Code, AlgorithmCode8.MGF1); // algorithm code 8 //mgf1
KEK.AddBin(NexoSecurityServicesTags.EncryptedKey,new byte[]{0x00});

return cardholderPin.AsBytes();

<?xml version="1.0" encoding="UTF-8"?>
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:caaa.001.001.06">
  <AccptrAuthstnReq>
    <Hdr>
      <MsgFctn>AUTQ</MsgFctn>
      <PrtcolVrsn>6.0</PrtcolVrsn>
      <XchgId>69</XchgId>
      <CreDtTm>2021-10-18T01:56:55.000+00:00</CreDtTm>
      <InitgPty>
        <Id>Amadis</Id>
      </InitgPty>
      <RcptPty>
        <Id>Atheos</Id>
      </RcptPty>
    </Hdr>
    <AuthstnReq>
      <Envt>
        <Acqrr>
          <Id>
            <Id>10009287351</Id>
          </Id>
          <ParamsVrsn>2021-10-07 12:46:54</ParamsVrsn>
        </Acqrr>
        <Mrchnt>
          <Id>
            <Id>00000NEXOMER001</Id>
          </Id>
          <CmonNm>AMADIS 1111 Saint-Urbain Montréal</CmonNm>
        </Mrchnt>
        <POI>
          <Id>
            <Id>ASA00001</Id>
          </Id>
          <Cpblties>
            <CardRdngCpblties>PHYS</CardRdngCpblties>
            <CardRdngCpblties>MGST</CardRdngCpblties>
            <CardRdngCpblties>CICC</CardRdngCpblties>
            <CardRdngCpblties>ECTL</CardRdngCpblties>
            <CrdhldrVrfctnCpblties>FCPN</CrdhldrVrfctnCpblties>
            <CrdhldrVrfctnCpblties>NPIN</CrdhldrVrfctnCpblties>
            <CrdhldrVrfctnCpblties>MNSG</CrdhldrVrfctnCpblties>
            <CrdhldrVrfctnCpblties>FEPN</CrdhldrVrfctnCpblties>
            <ApprvlCdLngth>6</ApprvlCdLngth>
            <OnLineCpblties>SMON</OnLineCpblties>
            <MsgCpblties>
              <Dstn>CRCP</Dstn>
              <Dstn>MDSP</Dstn>
              <Dstn>MRCP</Dstn>
              <AvlblLang>en</AvlblLang>
              <AvlblLang>fr</AvlblLang>
              <AvlblLang>it</AvlblLang>
            </MsgCpblties>
          </Cpblties>
          <Cmpnt>
            <Tp>TERM</Tp>
            <Id>
              <PrvdrId>MANUFACTURER</PrvdrId>
              <Id>MODEL</Id>
              <SrlNb>---DEVSN</SrlNb>
            </Id>
            <Sts />
          </Cmpnt>
          <Cmpnt>
            <Tp>APLI</Tp>
            <Id>
              <PrvdrId>AMADIS</PrvdrId>
              <Id>ARKOS</Id>
            </Id>
            <Sts>
              <VrsnNb>3.x.x</VrsnNb>
            </Sts>
          </Cmpnt>
        </POI>
        <Card>
          <PlainCardData>
            <PAN>5219610200140517</PAN>
            <XpryDt>2021-08</XpryDt>
            <SvcCd>121</SvcCd>
            <Trck2>5219610200140517=210812110000946</Trck2>
          </PlainCardData>
          <IssrBIN>52196102</IssrBIN>
          <CardPdctPrfl>04</CardPdctPrfl>
          <CardBrnd>Carte a Piste</CardBrnd>
          <IntrnlCard>false</IntrnlCard>
        </Card>
        <Crdhldr>
          <Lang>en</Lang>
          <Authntcn>
            <AuthntcnMtd>CSCV</AuthntcnMtd>
            <CrdhldrOnLinePIN>
              <NcrptdPINBlck>
                <CnttTp>EVLP</CnttTp>
                <EnvlpdData>
                  <Vrsn>1</Vrsn>
                  <Rcpt>
                    <KEK>
                      <Vrsn>1</Vrsn>
                      <KEKId>
                        <KeyId>KeyIdentification</KeyId>
                        <KeyVrsn>keyVersion</KeyVrsn>
                        <SeqNb>1</SeqNb>
                      </KEKId>
                      <KeyNcrptnAlgo>
                        <Algo>EA2C</Algo>
                        <Param>
                          <NcrptnFrmt>TR31</NcrptnFrmt>
                          <BPddg>LNGT</BPddg>
                        </Param>
                      </KeyNcrptnAlgo>
                      <NcrptdKey>AE==</NcrptdKey>
                    </KEK>
                  </Rcpt>
                </EnvlpdData>
              </NcrptdPINBlck>
              <PINFrmt>ISO0</PINFrmt>
            </CrdhldrOnLinePIN>
          </Authntcn>
          <TxVrfctnRslt>
            <Mtd>NPIN</Mtd>
          </TxVrfctnRslt>
        </Crdhldr>
      </Envt>
      <Cntxt>
        <PmtCntxt>
          <CardPres>true</CardPres>
          <CrdhldrPres>true</CrdhldrPres>
          <AttndncCntxt>ATTD</AttndncCntxt>
          <TxChanl>ECOM</TxChanl>
          <CardDataNtryMd>MGST</CardDataNtryMd>
          <SpprtdOptn>MSRV</SpprtdOptn>
        </PmtCntxt>
      </Cntxt>
      <Tx>
        <TxCaptr>false</TxCaptr>
        <TxTp>CRDP</TxTp>
        <AddtlSvc>CSHB</AddtlSvc>
        <MrchntCtgyCd>5555</MrchntCtgyCd>
        <TxId>
          <TxDtTm>2021-10-18T01:56:55.000+00:00</TxDtTm>
          <TxRef>00000036</TxRef>
        </TxId>
        <RcncltnId>1</RcncltnId>
        <TxDtls>
          <Ccy>EUR</Ccy>
          <TtlAmt>20.00</TtlAmt>
          <AmtQlfr>ACTL</AmtQlfr>
          <DtldAmt>
            <CshBck>10.00</CshBck>
          </DtldAmt>
          <OnLineRsn>TRMF</OnLineRsn>
        </TxDtls>
      </Tx>
    </AuthstnReq>
  </AccptrAuthstnReq>
</Document>