Page 1 of 1

ARQC generation algorithm: Does iCVV play role ?

Posted: Sat May 20, 2017 1:26 pm
by Mircea
I need a theoretical answer not a real life one.
From specifications and security papers i read i come to conclusion that if you take 2 new visa bank cards with ATC = 0 and CDOL data all the same and UN from terminal the same number, will both cards generate the same ARQC in this case ? Does iCVV and Card 16 digits play any role in generation algorithm ?

Re: ARQC generation algorithm: Does iCVV play role ?

Posted: Tue May 23, 2017 6:09 am
by UNKNwYSHSA
The both cards generates different result, they uses different session key. Refer to the specification EMV Book 4.3 2 Security and Key Management:
Session keys KS are derived from unique Master Keys KM using diversification
data R as follows
KS := F(KM)[R]
To prevent replay attacks, the diversification data R should have a high
probability of being different for each session key derivation.

For the rules, please see the specification: EMV x.x Book 2 Security and Key Management.