PINBlock encryption via Master/Session encryption


PINBlock encryption via Master/Session encryption

 
Master/Session keys are Double Length and are sent to the iVeri Gateway in Hexadecimal format.
The Master/Session PINBlock encryption process flow is the following: A Device (with a DeviceSerialNumber and a DeviceMake) is injected in a Trusted Centre with a Device Master Key. A merchant periodically sends a request for a session key (GetDevicePINKey) which is returned encrypted under the Device Master Key. When performing a Debit with PIN, the PINBlock is sent encrypted using the current session key.

Key Injection for Master/Session Mode Test
There is one Test Device Master Key that is public knowledge. When a Device is to be injected with the Test Device Master Key, it can be done within the iVeri Test Loading Centre, or by the merchant. When a device is loaded with a test device master key by the merchant, then the merchant must contact their iVeri Distributor with the device information: Make, Model and Serial Number.
The Test Device Master Key is: 375DE602546843B68089911652E951CB
(MAC: CA40C1F2)

Get Device PIN Key
The command “GetDevicePINKey” (which is only relevant for PINBlock encryption via Master/Session) has the following mandatory input parameters:
DeviceMake
DeviceSerialNumber

Unlike other commands to the iVeri Gateway, “GetDevicePINKey” does not require the input parameter ApplicationID. Using iVeri Enterprise in iVeri https://client.net,/ this can be prepared using the following syntax:
enterprise.prepare("Security", "GetDevicePINKey", new Guid(), mode);
or using java:
enterprise.prepare("Security", "GetDevicePINKey", "", mode);
“GetDevicePINKey” must be called if “Debit with PIN” or “Balance Enquiry” reply with the Result code: “Device PIN Key expired” [20]. It should be called upon startup and every 24 hours, or 200 transactions thereafter. “GetDevicePINKey” returns the following output parameters, which can be stored for later usage with “Debit with PIN” and “Balance Enquiry”:
DevicePINKey
MACDevicePINKey