本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
Mastercard 特定函數
DCVC3
DCVC3 會早於 EMV CSK 和 Mastercard CVN12 結構描述,並代表使用動態金鑰的另一種方法。它有時也會用於其他使用案例。在此配置中,輸入為 PAN、PSN、Track1/Track2 資料、無法預測的數字和交易計數器 (ATC)。
建立金鑰
$aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"DCVC3"},{"Key":"CARD_BIN","Value":"12345678"}]'
回應會回傳請求參數,包括後續呼叫的 ARN 以及金鑰檢查值 (KCV)。
{ "Key": { "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/hrh6qgbi3sk4y3wq", "KeyAttributes": { "KeyUsage": "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "KeyClass": "SYMMETRIC_KEY", "KeyAlgorithm": "TDES_2KEY", "KeyModesOfUse": { "Encrypt": false, "Decrypt": false, "Wrap": false, "Unwrap": false, "Generate": false, "Sign": false, "Verify": false, "DeriveKey": true, "NoRestrictions": false } }, "KeyCheckValue": "08D7B4", "KeyCheckValueAlgorithm": "ANSI_X9_24", "Enabled": true, "Exportable": true, "KeyState": "CREATE_COMPLETE", "KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY", "CreateTimestamp": "2024-03-07T06:41:46.648000-07:00", "UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00" } }
請記下代表金鑰KeyArn的 ,例如 arn:aws:payment-cryptography:us-east-2::key/hrh6qgbi3sk4y3wq。在下一個步驟中,您需要用到。
產生 DCVC3
雖然 DCVC3 可能是由晶片卡產生,但也可以手動產生,例如在此範例中
$aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --generation-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=0000,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000000}''
{ "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk", "KeyCheckValue": "08D7B4", "ValidationData": "865" }
驗證 DCVC3
在此範例中,我們將驗證 DCVC3。請注意,ATC 應做為十六進位號碼提供,例如,計數器 11 應表示為 000B。服務需要 3 位數 DCVC3,因此如果您已儲存 4 (或 5) 位數的值,只需截斷左側字元,直到您有 3 位數為止 (例如 15321 應該導致驗證資料值為 321)。
如果 AWS 付款密碼編譯能夠驗證,則會傳回 http/200。如果未驗證值,則會傳回 http/400 回應。
$aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --verification-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=000B,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000001}' --validation-data 398
{ "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk", "KeyCheckValue": "08D7B4" }
ARQC - CVN14/CVN15
CVN14 和 CVN15 使用金鑰衍生的 EMV CSK 方法。確切的交易資料在這兩種方法之間有所不同 - 如需建構交易資料欄位的詳細資訊,請參閱方案文件。
ARQC - CVN12/CVN13
CVN12 和 CVN13 是適用於 EMV 交易的較舊 Mastercard 特定方法,可將無法預測的數字納入每個交易衍生,也使用不同的承載。如需承載內容的相關資訊,請聯絡 機制。
建立金鑰
$aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CVN12"},{"Key":"CARD_BIN","Value":"12345678"}]'
回應會回傳請求參數,包括後續呼叫的 ARN 以及金鑰檢查值 (KCV)。
{ "Key": { "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk", "KeyAttributes": { "KeyUsage": "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "KeyClass": "SYMMETRIC_KEY", "KeyAlgorithm": "TDES_2KEY", "KeyModesOfUse": { "Encrypt": false, "Decrypt": false, "Wrap": false, "Unwrap": false, "Generate": false, "Sign": false, "Verify": false, "DeriveKey": true, "NoRestrictions": false } }, "KeyCheckValue": "08D7B4", "KeyCheckValueAlgorithm": "ANSI_X9_24", "Enabled": true, "Exportable": true, "KeyState": "CREATE_COMPLETE", "KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY", "CreateTimestamp": "2024-03-07T06:41:46.648000-07:00", "UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00" } }
請記下代表金鑰KeyArn的 ,例如 arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk。在下一個步驟中,您需要用到。
驗證 ARQC
在此範例中,我們將驗證使用 Mastercard CVN12 產生的 ARQC。
如果 AWS 付款密碼編譯能夠驗證 ARQC,則會傳回 http/200。如果未驗證 arqc,則會傳回 http/400 回應。
$aws payment-cryptography-data verify-auth-request-cryptogram --auth-request-cryptogram 31BE5D49F14A5F01 \ --key-identifier arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk \ --major-key-derivation-mode EMV_OPTION_A \ --transaction-data 0000000015000000000000000840000000000008402312120197695905 \ --session-key-derivation-attributes='{"Mastercard":{"PanSequenceNumber":"01" \ ,"PrimaryAccountNumber":"9137631040001422","ApplicationTransactionCounter":"000B","UnpredictableNumber":"34343434"}}'
{ "KeyArn": "arn:aws:payment-cryptography:us-east-2::key/pw3s6nl62t5ushfk", "KeyCheckValue": "08D7B4" }
