kessi kessi -4 years ago 86
Java Question

How does the hsm intervene in the encryption of a transaction with a termianl?

I'm trying to understand how the hsm and keys are linked to the transaction using a terminal. I'm supposed to develop a authentication server that receives transactions from terminals and parse them to get different data. But what I fail to understand is how the hsm is used to secure the data.

Answer Source

Firstly you must understand card personalization. When banks(issuers) want to issue new cards they get new BINs from Mastercard, Visa. Issuers generate new IMKs ( AC,Mac, Enc, CVC3 etc.) tied to those BINs. During card personalization every kind of IMK diversifed with PAN and loaded to card so every card get its UDK (unique derived key, UDKAC, UDKMAC etc.). Key generation and key diversification process is done with using HSM encryption software.

During emv transaction, card generate its encrypted data (cryptogram) with using its UDK and sent it to authentication server. Authentication server look transaction BIN and get card UDK with deriving IMK keys with the help of HSM. So it knows the UDK keys and calculate same cryptogram. If those cryptograms are same so server decide that card has the right keys and it accept transaction.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download