I'm trying to understand how the hsm and keys are linked to the transaction using a terminal. I'm supposed to develop a authentication server that receives transactions from terminals and parse them to get different data. But what I fail to understand is how the hsm is used to secure the data.
Firstly you must understand card personalization. When banks(issuers) want to issue new cards they get new BINs from Mastercard, Visa. Issuers generate new IMKs ( AC,Mac, Enc, CVC3 etc.) tied to those BINs. During card personalization every kind of IMK diversifed with PAN and loaded to card so every card get its UDK (unique derived key, UDKAC, UDKMAC etc.). Key generation and key diversification process is done with using HSM encryption software.
During emv transaction, card generate its encrypted data (cryptogram) with using its UDK and sent it to authentication server. Authentication server look transaction BIN and get card UDK with deriving IMK keys with the help of HSM. So it knows the UDK keys and calculate same cryptogram. If those cryptograms are same so server decide that card has the right keys and it accept transaction.