This discussion is archived
5 Replies Latest reply: Jul 20, 2012 7:05 PM by safarmer RSS

Need reference for Visa2 Key Diversification Function

893199 Explorer
Currently Being Moderated
I've been trying to find a definitive specification for the Visa2 master key to card key diversification function, but with no luck. I did find a Gemalto document that instead of using the diversification data supplied in the 0xCF 'GET DATA' response and the response to an "INIT UPDATE", specifies derivation based on the CPLC data (and calls that Visa2).

Has any one got a better pointer?
  • 1. Re: Need reference for Visa2 Key Diversification Function
    safarmer Expert
    Currently Being Moderated
    Hi,

    The response to GET-DATA 00CF is the same as the first 10 bytes of the INIT-UPDATE response.
    init-update
    => 8050000008810050013D7F01BB00
    <= 00001097001545955529 04020014C343BDBA9544852B384F1799D577 9000
    
    get-data
    => 80CA00CF00
    <= CF 0A 00001097001545955529 9000
    You should be able to use the Gemalto documentation of the Visa2 protocol. You can get the KEY DATA from either command.

    Shane
  • 2. Re: Need reference for Visa2 Key Diversification Function
    893199 Explorer
    Currently Being Moderated
    Sorry - no.

    The Gemalto document says to use data from the CPLC info, not from the diversification info. I believe that's incorrect so I'm looking for the SOURCE VISA2 document.

    The version of this in GPShell uses the diversification info (CF and Init Data - and yes I do know they're the same thing), but I can't find the original specification on-line.
  • 3. Re: Need reference for Visa2 Key Diversification Function
    safarmer Expert
    Currently Being Moderated
    You may be able to find what comes from the CPLC and you should find it is the same as tag CF and the INIT-UPDATE response as well. Are you able to describe your use case a little more? Do you have cards from a vendor that come with diversified keys? Are you trying to add diversified keys to cards that use a specific algorithm?

    To find the details you are after, you could try looking at the EMV CPS 1.1 document. Section 4.1 describes key derivation. It is much the same as the Gemalto document but the KEY DATA is a little different.

    Shane
  • 4. Re: Need reference for Visa2 Key Diversification Function
    893199 Explorer
    Currently Being Moderated
    My question was "what is the reference document for the VISA2 key diversification function?".

    I didn't ask about EMV key derivation because I already had that reference.

    The CPLC data is NOT the same as the tag CF or INIT UPDATE diversification array. And in no GP document that I've found is it required to be. In fact the guidance is that CF is derived from tag 42 and tag 45 - card issuer and card id.


    And FYI - I think the reference document for Visa2 key diversification is "VISA Card Production Guide" - probably 1.0, but I can't get a copy of that. Given other text I've found, I think the Gemalto "use the CPLC for diversification for VISA" is probably correct. But without a copy of the reference I can't confirm that.
  • 5. Re: Need reference for Visa2 Key Diversification Function
    safarmer Expert
    Currently Being Moderated
    You don't seem to be readin my response very well. I had questions that if you bothered to answer may give me more details to help. I also did not say CPLC == 00CF or INIT-UPDATE response.

    As you may know, the VISA (and MasterCard) specs are often based on the EMV specs with implementation details defined more strictly. Given the only difference between EMV CPS and Gemalto documentation is what data they use (CSN + 2 bytes of selected applet AID or KEY DATA). You may be able to use either to work out how to diversify the keys you need.

    Shane

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points