How to identify cryptogram version from IAD in order to define the SKD method to generate ARQC

[Marcos Brienze]

Hi,

I need to generate ARQC for test environment and I am not sure about the cryptogram version that is contained into IAD.

From the message request I got the following IAD (9F10): 

'0FA501A030F8000000000000000000000F000000000000000000000000000000' 

My reasoning is that according to the IAD, its format is A and the cryptogram version is 5. 

Therefore I infer from the EMV 4.2 Book 2 (Annex A1.4) I should use the methods described there to derive MKac and SKac. 

Am I right about my interpretation of the IAD ? Is the cryptogram version 5 ? 

Thanks a lot and I´d appreciate any comments. 

Marcos 

[Mark Salter]

Marked as Off Topic in subject.

On 17/02/17 11:51, Marcos Brienze wrote:
I think you should simulate chip grade transactions based on the data
embossed on the test card, not from an existing authorisation?

Can you share your full intent to help us give the most appropriate
guidance?

> From the message request I got the following IAD (9F10):
> '0FA501A030F8000000000000000000000F000000000000000000000000000000' My
> reasoning is that according to the IAD, its format is A and the
> cryptogram version is 5.
>
> Therefore I infer from the EMV 4.2 Book 2 (Annex A1.4) I should use the
> methods described there to derive MKac and SKac.
>
> Am I right about my interpretation of the IAD ? Is the cryptogram
> version 5 ?

Yes.

--
Mark

[Marcos Brienze]

Hi Mark,

I am developing a simulator software, which has 2 big features:

- Sending a single message to the Authorization system like a terminal POS. The user may choose card and merchant from the database according to the test case. In addition, the simulator might create reversals and other types of transactions from the response message;

- The other feature would be sending as many transactions per second as necessary to the Authorization system. The simulator will stress the system.

It also should be used ONLY in the test environment, never in the production.

One of the proposals to the customer was generating the transactions using an array of physical cards to generate the ARQC. But, because of the cost and issues post-deploy the customer decided to build a 100% software solution.

As I mentioned before, the company who hired me has been having problems to give me the information I need. Hence, I am trying to do the best I can with the resources (including knowledge) I have.

I don't know exactly what you meant by my full intention, but I hope I have answered your question.

If not, please, let me know and I'll tell you.

Marcos

[Eduardo]

Hey Marcos

A bit late but, why not use this handy tool?:

https://tvr-decoder.appspot.com/t/home

9F10 (issuer application data)  

Derivation key index A5

Cryptogram version number 01

Card verification results  

Byte 2 Bit 8 = 0, Byte 2 Bit 7 = 0 AAC Returned in Second GENERATE AC

Byte 3 Bit 8 = 1 Last online transaction not completed

Byte 3 Bit 7 = 1 Pin try limit exceeded

Byte 3 Bit 6 = 1 Exceeded velocity checking counters

Byte 3 Bit 5 = 1 New card

Byte 3 Bit 4 = 1 Issuer Authentication failure on last online transaction

Byte 4 Bits 8-5 Issuer Script Commands processed on last transaction = 0

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+unsubscribe@googlegroups.com.
To post to this group, send email to jpos-...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/b82a728c-5af5-4a2d-a185-1ebbaae05ba0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.