Members may select the service platform at which an issuer’s PIN processing will be performed by the simulator. Members may select a service platform indicator, MDS PIN Processing (M) Method or Banknet PIN Processing (B) Method, in the Network Options dialog box. See Network Options for details
concerning service platform selection.
The keys defined under PINKeySet_Reference and PINKeySet_User are used for the MDS PIN Processing (M) Method and the keys defined under
BankNet_PINKeySet_Reference and BankNet_PINKeySet_User are used for the Banknet PIN Processing (B) Method.
Within the MasterCard Authorization Simulator, members can control the key encryption key (KEK) (also known as the communication key) definition by entering the appropriate value in the PIN Key Set or BankNet PIN Key Set located in the Options dialog box. Members may define the Key sets for multiple Group IDs.
For online testing with the MasterCard Test Facility (MTF), MasterCard and the member exchange the clear key used to create the communication key. Each clear key is 16 hexadecimal digits with odd parity on each pair of digits. The communication key is created by the clear key components being “Exclusive OR’ed” (XOR’d) together creating the communication key in its clear text value. The clear text value indicates that the key is unencrypted.
Key Exchange Process
For MasterCard Authorization Simulator testing, the member provides up to three clear key components per key to Exclusive OR to create the Key Encryption Key value. The members are then not dependent on the MasterCard clear key to create the simulators communication key. The following example illustrates the key components XORed for Single DES encryption.
Note 0123456789ABCDEF (first clear key component) XOR’d with,
0E4FEF5BCB257AB6 (second clear key component) equals,
Configuration Options
Note The simulator automatically XORs key components that are entered by the member, thus eliminating the need to XOR key components manually.
The key encryption key (KEK) value is used to encrypt the PIN Encryption Key (PEK) (also known as the working key) when sent in a Network Management Request/0800 dynamic key exchange message. MasterCard recommends that members use the default value for the PIN Encryption Key.
Triple DES Encryption
The MasterCard Authorization Simulator supports Triple Data Encryption Standard (DES) for PIN encryption processing.
Triple DES encryption helps to reduce fraud losses by making it more difficult for criminals to decrypt cardholder information such as PINs. The Triple DES approach uses three passes through the DES algorithm. By increasing the number of passes through the DES algorithm and increasing the number of bits (key size) used in encryption, the resulting data is more difficult to decipher. The Triple DES encryption affects both acquirers and issuers.
Members will have the option to encrypt PIN information using the single DES key algorithm or a triple DES key algorithm with double- or triple-length keys. Within the MasterCard Authorization Simulator, members can define the type of encryption method by entering the appropriate value(s) in the Crypto Keys of the Options dialog box.
As with Single DES, Triple DES uses the KEK key to encrypt the PEK key in the Network Management Request/0800 (Class 1) key exchange message and uses the PEK key to encrypt the ANSI PIN Block in a PIN based transaction. The Triple DES algorithm used is encryption-decryption-encryption and the key encryption mode used is Electronic Codebook (ECB).
MasterCard provides pre-defined Reference PIN Key Sets and BankNet PIN Key Sets that act as the default key sets. Members may not modify the Reference Key Sets but may create and modify User Key Sets.
Configuration Options
Creating User PIN Key Sets
PIN Key Sets are used in the MDS PIN Processing (M) Method.
Use the following procedure to create a PIN Key Set in the User category: Step Action
1. From the Navigator pane, click Set Options.
2. In the Options dialog box, click the Crypto Keys tab.
3. Select any group in the PINKeySet_User category. 4. Click the Adds a new Group button.
5. In the Add Group dialog box, enter a Group ID and description. 6. Click Next.
Note: Members may not create or modify values contained in the
PINKeySet_Reference as these are the simulator default key sets. However, members may create and modify PIN Key Sets in the PIN KeySet_User for multiple Group IDs.
Configuration Options
Step Action
7. Select the DES type by clicking a corresponding radio button.
8. Select the Variant type by clicking the corresponding radio button. 9. Click OK.
Modifying User PIN Key Sets
Use the following procedure to modify a PIN Key Set in the User category: Step Action
1. From the Navigator pane, select Set Options. 2. In the Options dialog box, click the Crypto Keys tab.
MasterCard recommends that members use the default value(s) for the PIN Encryption Key for simulator testing.
3. Expand a PIN Key set by clicking the corresponding plus sign to display the key parameters associated with that group.
Configuration Options
Step Action
5. Double-click a key to launch the Key Data Wizard.
6. Select the number of key components by clicking the corresponding radio button.
Members may select the “Enforce Odd Parity” option if their hardware security module (HSM) requires odd parity.
7. Click Next.
8. In the Key Components dialog box, type a clear key component in a component field.
Members should not use production keys in the MasterCard Authorization Simulator.
9. Click OK.
Configuration Options
Creating User BankNet PIN Key Sets
BankNet PIN Key Sets are used in the BankNet PIN Processing (B) Method. Use the following procedure to create a BankNet PIN Key Set in the User category:
Step Action
1. From the Navigator pane, click Set Options.
2. In the Options dialog box, click the Crypto Keys tab. 3. Click the BankNet_PINKeySet_User category icon.
4. Click the Adds a new Group button.
5. In the Add Group dialog box, enter a Group ID (four digits) and description. 6. Click Next.
Note: Members may not create or modify values contained in the
BankNet_PINKeySet_Reference as these are the simulator default key sets. However, members may create and modify BankNet PIN Key Sets in the BankNet_PINKeySet_User for multiple Group IDs.
Configuration Options
Step Action
7. Select the DES type by clicking a corresponding radio button.
8. Select the Variant type by clicking the corresponding radio button. 9. Click OK.
Modifying User BankNet PIN Key Sets
Use the following procedure to modify a BankNet PIN Key Set in the User category:
Step Action
1. From the Navigator pane, select Set Options. 2. In the Options dialog box, click the Crypto Keys tab.
MasterCard recommends that members use the default value(s) for the BankNet PIN Encryption Key for simulator testing.
3. Expand a BankNet PIN Key set by clicking the corresponding plus sign to display the key parameters associated with that group.
Configuration Options
Step Action
5. Double-click a key to launch the Key Data Wizard.
6. Select the number of key components by clicking the corresponding radio button.
Members may select the “Enforce Odd Parity” option if their hardware security module (HSM) requires odd parity.
7. Click Next.
8. In the Key Components dialog box, type a clear key component in a component field.
Members should not use production keys in the MasterCard Authorization Simulator.
9. Click OK.
Configuration Options
HMAC Keys
A message authentication code (MAC) is a symmetric cryptographic
transformation of data that protects the sender and the recipient of the data against forgery by third parties. HMAC is a construction of message
authentication schemes based on a cryptographic hash function.
Within the simulator, members may create HMAC key sets to support the MasterCard® SecureCode™ Accountholder Authentication Value (AAV)
Verification Service.
Creating User HMAC Keys
Use the following procedure to create a HMAC Key Set in the User category: Step Action
1. Within the Options dialog box, select the Crypto Keys tab. 2. Click any User category HMAC Key group.
3.
Click the Adds a new group button.
4. In the Add new HMAC key dialog box, enter a key identifier and description. 5. Click OK. By default the simulator creates all sixteen keys with the same key
Configuration Options
Step Action
6. Double-click any HMAC key to launch the Edit HMAC Key dialog box. From here you may edit a range of keys or a single key.
7 Enter a Minimal or Maximal BKI value as needed. 8. Enter the key value in the HMAC Key field. 9. Click Change.
Modifying User HMAC Keys
Use the following procedure to modify HMAC Keys in the User category: Step Action
1. Within the Options dialog box, select the Crypto Keys tab. 2. Expand any HMAC Key User category group.
3. Double-click a key to display the Edit HMAC Key dialog box.
4. Enter a Minimal BKI value and/or a Maximal BKI value.
Note: To modify a single key value, enter the same BKI value in both the Minimal and Maximal BKI value fields. To modify a range of keys, enter different values in the Minimal and Maximal BKI value fields.
Configuration Options
Deleting User HMAC Keys
Use the following procedure to delete a HMAC Key set in the User category: Step Action
1. Within the Options dialog box, select the Crypto Keys tab. 2. Click any HMAC Key User category group.
3. Click Delete.
4. Answer appropriately to a confirmation message validating the delete action.
CVC Keys
The card validation code is a two-part security feature identified as CVC 1 and CVC 2. Within the simulator, members may use the CVC Key Set feature in the Options dialog box to calculate the CVC using the data encryption standard (DES) method. From the Crypto Keys tab, members may create CVC keys in a user category for use in CVC calculation within the simulator.
MasterCard provides pre-defined Reference category CVC Keys that act as the system default key sets. Members may not modify the Reference Keys but may create and modify User Keys by following the steps below.
Creating a User CVC Key Set
Use the following procedure to create a CVC Key Set in the User category: Step Action
1. Within the Options dialog box, select the Crypto Keys tab. 2. Click any User category CVC Key group.
3.
Click the Add group button.
Configuration Options
Step Action
5. Click Next.
6. Click OK.
Modifying User CVC Keys
Use the following procedure to modify a CVC Key Set in the User category: Step Action
1. From the Navigator pane, select Set Options. 2. In the Options dialog box, click the Crypto Keys tab.
3. Expand a CVC Key Set by clicking the corresponding plus sign to display the key parameters associated with that group.
Configuration Options
Step Action
5. Double-click a key to launch the Key Data Wizard.
6. Select the number of key components by clicking the corresponding radio button.
Members may select the “Enforce Odd Parity” option if their hardware security module (HSM) requires odd parity.
7. Click Next.
8. In the Key Components dialog box, type a clear key component in the component field.
9. Click OK.
Configuration Options
Deleting User CVC Keys
Use the following procedure to delete a CVC Key set in the User category: Step Action
1. From the Navigator pane, click Set Options.
2. In the Options dialog box, click the Crypto Keys tab.
3. Expand the CVCKeySet_User group by clicking the corresponding plus sign. 4. Click a CVC Key Set group to highlight the row.
5.
Click the Delete button. Answer appropriately to a confirmation message validating the delete action.
CVC3 Keys
MasterCard provides pre-defined Reference category CVC3 Keys that act as the system default key sets. Members cannot modify the Reference category keys but may create and modify User category keys by following the steps below. Creating a User CVC3 Key Set
Use the following procedure to create a CVC3 Key set in the User category: Step Action
1. From the Navigator pane, select Set Options. 2. In the Options dialog box, click the Crypto Keys tab.
Configuration Options
Step Action
3. Click on the CVC3KeySet_User category icon.
4.
Click the Adds a new group toolbar button.
5. In the Add CVC3 Key Index dialog box, enter a Key Index and description.
6. Click OK.
Configuration Options
Step Action
8. Double-click a key to launch the Key Data Wizard.
9. Select the number of key components by clicking the corresponding radio button.
Members may select the “Enforce Odd Parity” option if their hardware security module (HSM) requires odd parity.
10. Click Next.
11. In the Key Components dialog box, type a clear key component in the component field.
12. Click OK.
Configuration Options
Modifying User CVC3 Key Values
Use the following procedure to modify a CVC3 Key in the User category: Step Action
1. From the Navigator pane, select Set Options. 2. In the Options dialog box, click the Crypto Keys tab.
3. Expand a CVC3 Key Set by clicking the corresponding plus sign to display the key parameters associated with that group.
4. Expand the key parameters.
5. Double-click a key to launch the Key Data Wizard.
6. Select the number of key components by clicking the corresponding radio button.
7. In the Key Components dialog box, type the clear key components in the component fields.
8. Click OK.
9. Repeat steps 5 through 8 for each key.
Table 3.4 describes the parameters that are available in the CVC3 PARMS folder: Table 3.4—CVC 3 PARMS
Parameter Description
CVC3 Crypto Log Toggles on or off the CVC3 Crypto Log. This log records information about the CVC3 cryptographic calculations. Position of PAN
Sequence Number
Indicates the position of the PAN sequence number in the discretionary data of the Track 1 or Track 2 data.
Length of
Discretionary Data
Indicates the length of the Track 1 or track 2 discretionary data. The DD length for Track 1 cannot exceed 24 bytes. The DD length for Track 2 cannot exceed 13 bytes.
Length of ATC Indicates the length of the application transaction counter (ATC) in the discretionary data. When the card expiration date is valid for 2 years or less the minimal length of the ATC is 3 digits. When the card expiration date is valid for more than 2 years, the minimal length of the ATC is 4 digits.
Position of ATC Indicates the position of the application transaction counter (ATC) in the discretionary data. The position is determined as shown in the examples below.
Length of UN Indicates the length of the unpredictable number (UN) in the discretionary data.
Configuration Options
Parameter Description
Position of UN Indicates the position of the unpredictable number (UN) in the discretionary data. The position is determined as shown in the examples below.
Length of CVC3 Indicates the length of the CVC3 in the discretionary data. Position of CVC3 Indicates the position of CVC3 in the discretionary data. The
position is determined as shown in the example below.
The CVC 3 Parameters may be defined for both Track 1 and Track 2 data. Figure 3.1—Examples of the position values in DD of Track 1
The CVC3 for a length of 3 in Track 1 DD is located in “20, 21, and 22.” The value “22” should be entered as the Position of CVC3.
484746454443424140393837363534333231302928272625242322212019181716151413121110 9 8 7 6 5 4 3 2 1
PCVC3TRACK1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
The ATC for a length of 3 in Track 1 DD is located in “14, 15, 16” and the UN for a length of 3 is located in “06, 07, 08”. The value ‘16’ should be entered as the Position of ATC; the value “08” should be entered as the Position of UN.
484746454443424140393837363534333231302928272625242322212019181716151413121110 9 8 7 6 5 4 3 2 1
PUNATCTRACK1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 1 1 1 0 0 0 0 0
The position of the PAN Sequence Number in Track 1 DD in this example is ‘00’ since the PAN Sequence Number is not included
484746454443424140393837363534333231302928272625242322212019181716151413121110 9 8 7 6 5 4 3 2 1
PPSEQTRACK1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
Configuration Options
Figure 3.2—Examples of the position values in DD of Track 2
The CVC3 for a length of 3 in Track 2 DD is located in “02, 03, and 04.” The value “04” should be entered as the Position of CVC3.
16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1
PCVC3TRACK2 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0
The ATC for a length of 3 in Track 2 DD is located in “10, 11, and 12” and the UN for a length of 3 is located in “05, 06, and 07”’. The value ‘12’ should be entered as the Position of ATC; the value “07” should be entered as the Position of UN.
1615 14 13 12 11 10 9 8 7 6 5 4 3 2 1
PUNATCTRACK2 0 0 0 0 1 1 1 0 0 1 1 1 0 0 0 0
The position of the PAN Sequence Number in Track 2 DD in this example is ‘00’ since there PAN Sequence Number is not included.
16151413121110 9 8 7 6 5 4 3 2 1
PPSEQTRACK2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
13 12 11 10 9 8 7 6 5 4 3 2 1
Configuration Options
Modifying Parameters in CVC3KeySet_User
Use the following procedure to modify parameters of a CVC3 Key Set in the “CVC3KeySet_User” category:
Step Action
1. From the Crypto Key Set pane, expand a CVC3 Key Set by clicking the corresponding plus sign.
2. Expand Parms by clicking the corresponding plus sign.
3. Right-click either the Track 1 or Track 2 folder. The procedure is the same for modifying either track data.
Configuration Options
Step Action
5. Enter the values in the appropriate Discretionary Data field.
6. Click OK.
Selecting the CVC3 Crypto Log
Members may select the creation of a text log file that records information about the CVC3 cryptographic calculations. This text log is located in the main simulator directory, MasterINQxxx\Bin. When selected, the simulator appends the data to the Crypto log.
Use the following procedure to select the creation of a simulator CVC3 processing log file:
Step Action
1. From the Crypto Key Set pane, expand a CVC3 Key Set by clicking the corresponding plus sign.
2. Expand PARMS by clicking the corresponding plus sign.
3. Double-click the CVC3 Crypto Log value to select/deselect creation of an processing log file for that specific CVC3 Key Set.
Configuration Options
Deleting User CVC3 Keys
Use the following procedure to delete a CVC3 Key set in the User category: Step Action
1. From the Navigator pane, select Set Options. 2. In the Options dialog box, click the Crypto Keys tab. 3. Click a CVC3 Key Set to highlight the row.
4.
Click the Delete button. Answer appropriately to a confirmation message validating the delete action.
TCP/IP
The MasterCard Authorization Simulator is configured by default as a server. When a test mode is selected, the simulator waits for a connection to the specified Port (6034) which is the standard TCP/IP configuration found on the MasterCard interface processor (MIP). The simulator will wait in an active listening mode until the connection request is initiated by the host system. For those members whose host system requires that it be the server, the simulator may be configured as the “client.” The TCP/IP tab is available only when the IPS or the APS Test mode is selected.
Configuring the Simulator as the Client
Use the following procedure to configure the simulator as the “client”: Step Action
1. Set a testing mode.
Configuration Options
Step Action
3. Click the Client radio button in the Choose connection section.
4. Enter a Port number if needed. 5. Enter an IP address in the IP field 6. Click Apply when finished. 7. Close the Options dialog box.
Note If the connection between the host system and the simulator is broken, the