payShield 9000

v2.3c
Australian Standards Reference Manual

www.thales-esecurity.com
 payShield 9000 – Australian Standards Reference Manual

>> Revision Status

Document No. Manual Set Software Version Release Date

1270A547-017 Issue 17 payShield 9000 v2.3c November 2014

ii Thales e-Security
payShield 9000 – Australian Standards Reference Manual

>> References

The following documents are referenced in this document:

1 RG7000 Host Security Module, Operation and Installation Manual,

Document Number 1270A513 Issue 7.
2 RG7000 Host Security Module, Programmers Manual, Document
Number 1270A514 Issue 7.
3 payShield 9000 Security Operations Manual
4 payShield 9000 Installation Manual
5 payShield 9000 Console Reference Manual
6 payShield 9000 Host Programmers Manual
7 payShield 9000 Host Command Reference Manual
8 AS2805 Electronic Funds Transfer – various parts: Specifically

8.1 AS2805 4.1 Electronic Funds Transfer – Requirements for

Interfaces; Message Authentication Mechanism using a block cipher.
8.2 AS2805 5.2 Electronic Funds Transfer – Requirements for
Interfaces; Modes of operation for an n-bit block cipher algorithm
8.3 AS2805.5.4, Electronic Funds Transfer – Requirements for
Interfaces; DEA3 and related techniques.
8.4 AS2805.6.2, Electronic Funds Transfer – Requirements for
Interfaces; Key Management – Transaction Keys, 2002.
8.5 AS2805.6.3, Electronic Funds Transfer – Requirements for
Interfaces; Key Management – Session Keys – Node-to-Node, 2000
8.6 AS2805.6.4, Electronic Funds Transfer – Requirements for
Interfaces; Key Management – Session Keys – Terminal-to-Acquirer,
2000
8.7 AS2805.6.5.1, Electronic Funds Transfer – Requirements for
Interfaces; TCU initialisation Principles

9 HSM Support for the Australian Transaction Key Scheme to AS2805 Part
6.2, Document Number 40-1018-02, written by Racal-Guardata Financial
Systems Ltd, 08 June 1989

The term PRODUCT is used throughout this document to refer to the device or
system that this document describes.

Thales e-Security iii

 payShield 9000 – Australian Standards Reference Manual

>> Abbreviations

Abbreviation Meaning
KEK Double length Key Encryption Key
TDES Triple DES
ANSI American National Standard Institute
CBC Cipher Block Chaining
DES Data Encryption Standard
ECB Electronic Code Book
IV Initialization Vector
LMK Local Master Key
MAC Message Authentication Code
MK MAC Key
PIN Personal Identification Number
PVK PIN Verification Key
TMK Terminal Master Key
TPK Terminal PIN Key
PKr Public Key of recipient
PKs Public Key of sender
SKr Secret Key of recipient
SKs Secret Key of sender
ZAK Zone Authentication Key
ZEK Zone Encryption Key
ZMK Zone Master Key
ZPK Zone PIN Key
KHSK Host RSA Secret Key

iv Thales e-Security
payShield 9000 – Australian Standards Reference Manual

Host Command Conventions

The following conventions will be used when describing various host commands.

Code Convention
L Encrypted PIN length. This is either H or N format (see below)
depending on how it is specified in each command. Set during
configuration.
m Message header length. Set during configuration. Value 1 to 255
see Ref. 1 page 3-10. Message header is always format A –
Alphanumeric characters.
n Variable length field.
A Alphanumeric characters. ASCII values between X’20 and X’7F
inclusive and EBCDIC values between X’40 and X’7F inclusive.
H Hexadecimal characters sent Hex-Encoded. For example, the data
X’1A9F would be sent as the 4 bytes, X’31413946(ASCII), or
X’F1C1F9C6(EBCDIC).
N Numeric field sent Hex-Encoded. For example, the data 975
(decimal) would be sent as the 3 bytes, X’393735(ASCII), or
X’F9F7F5(EBCDIC).
B Raw binary data, in bytes. For example, the data X’1FA7 would be
sent as the 2 bytes X’1FA7.
C Control characters. ASCII values between X’00 and X’1F inclusive
and EBCDIC values between X’00 and X’3F inclusive.

Additionally, the headers and control characters associated with the transport layer
protocol will not be shown. For example, control characters STX and ETX which
bracket every Host command on the async host interface will not be shown.
Further explanation of these codes can be found in reference [2] and [6].

Thales e-Security v
 payShield 9000 – Australian Standards Reference Manual

>> List of Chapters

>> Chapter 1 - Introduction ......................................................................... 1

>> Chapter 2 – Console Commands ............................................................. 5

>> Chapter 3 – Host Commands .................................................................. 6

>> Chapter 4 – RSA Host Commands ......................................................... 83

>> Chapter 5 – AS2805.6.2 Support – Introduction .................................... 94

>> Chapter 6 – AS2805.6.2 Support – Host Commands .............................. 98

vi Thales e-Security
payShield 9000 – Australian Standards Reference Manual

>> Table of Contents

>> Revision Status ...................................................................................... ii

>> References ........................................................................................... iii

>> Abbreviations ........................................................................................ iv

>> List of Chapters .................................................................................... vi

>> Table of Contents ..................................................................................vii

>> End User License Agreement ................................................................. xii

>> Chapter 1 - Introduction ......................................................................... 1

Overview .............................................................................................. 1
PCI HSM Certification and Compliance ...................................................... 1
Table of commands ............................................................................... 2
Other firmware changes......................................................................... 4
LMK pair validation and usage .............................................................. 4

>> Chapter 2 – Console Commands ............................................................. 5

EA – Convert (KEK)ZMK into a KEKr or KEKs ............................................. 5

>> Chapter 3 – Host Commands .................................................................. 6

OI/OJ Generate a Set of Zone Keys ......................................................... 6
OK/OL Translate a Set of Zone Keys to Encryption under the Local Master Key10
C0/C1 Generate Initial Terminal Master Keys (AS2805 – 2001) ............... 14
OU/OV Update Terminal Master Key 1................................................... 16
OW/OX Update Terminal Master Keys ................................................... 18
PI/PJ Generate a Set of Terminal Keys .................................................. 20
PK/PL Generate a PIN Pad Acquirer Security Number .............................. 23
PO/PP Translate a PIN Block to Encryption under a Zone PIN Key .............. 25
PQ/PR Generate a Message Authentication Code AS2805.4 - 1985 .......... 27
C2/C3 Generate a Message Authentication Code (large messages) ........... 29
PS/PT Validate a Message Authentication Code AS2805.4 -1985 ............ 31
C4/C5 Verify a Message Authentication Code (large messages) ................ 33
PU/PV Encrypt Data ........................................................................... 35
PW/PX Decrypt Data.......................................................................... 37
C8/C9 Generate an Acquirer Master Key Encrypting Key .......................... 39
D4/D5 Translate a PIN Block to Encryption under a PIN Encryption Key ...... 41
D6/D7 Translate an Acquirer Master Key Encrypting Key ......................... 43
E0/E1 Generate a KEKs Validation Request ............................................ 45
E2/E3 Generate a KEKr Validation Response .......................................... 47
E4/E5 Verify a PIN Pad Proof of End Point .............................................. 49
F0/F1 Verify a Terminal PIN using the IBM Method (AS2805 6.4). ............ 51
F2/F3 Verify a Terminal PIN using the VISA Method (AS2805 6.4). ........... 54
F4/F5 Calculate KMACI ....................................................................... 56

Thales e-Security vii

 payShield 9000 – Australian Standards Reference Manual

F6/F7 KEKGEN – 6.3 .......................................................................... 58

F8/F9 KEKREC – 6.3 .......................................................................... 60
C6/C7 Generate a Random Number ..................................................... 62
D0/D1 Generate a PIN Pad Authentication Code ..................................... 63
D8/D9 Encrypt a CPAT Authentication Value .......................................... 64
D2/D3 Verify a PIN Pad Authentication Code .......................................... 66
E6/E7 Generate a PIN Pad Proof of Endpoint (POEP) ................................ 68
E8/E9 Generate a KCA and KMACH ...................................................... 69
QI/QJ Translate a PPASN from old to new LMK ...................................... 71
PY/PZ Verify and Generate an IBM PIN Offset (of a customer selected PIN) . 72
P0/P1 Verify and Generate a VISA PVV (of a customer selected PIN).......... 76
P2/P3 Generate a VISA PVV (of a customer selected PIN) ........................ 79
P4/P5 Generate a Proof of Host value ................................................... 82

>> Chapter 4 – RSA Host Commands ......................................................... 83

Introduction ....................................................................................... 83
H2/H3 Calculate a RSA Public Key Verification Code ................................ 83
H4/H5 Generate a KEKs for use in Node to Node interchange using RSA.... 84
H6/H7 Receive a KEKr for use in Node to Node interchange using RSA ...... 86
H0/H1 Decrypt a PIN Pad Public Key .................................................... 88
H8/H9 Encrypt a Cross Acquirer Key Encrypting Key under an Initial Transport
Key ................................................................................................... 90
I0/I1 Encrypt a Terminal Key under the Local Master Key ......................... 92

>> Chapter 5 – AS2805.6.2 Support – Introduction .................................... 94

Purpose of this Section ........................................................................ 94
Summary of Transaction Key Scheme..................................................... 94
Summary of Commands Specified in this section ...................................... 96
Transaction with no PIN and AP Generated by the Acquirer ..................... 96
Transaction with no PIN and AP Generated by the Issuer ........................ 96
PIN Verification at the Acquirer .......................................................... 96
PIN Verification at the Issuer .............................................................. 96
Other Commands ............................................................................. 97

>> Chapter 6 – AS2805.6.2 Support – Host Commands .............................. 98

RE/RF Verify a Transaction Request, without PIN..................................... 98
RG/RH Verify a Transaction Request, with PIN, when CD Field Available .... 100
RI/RJ Verify a Transaction Request, with PIN, when CD Field not Available
(when selected Transaction Key Scheme is Australian) ............................ 102
HI/HJ Verify a Transaction Request, with PIN, when CD Field not Available
(when selected Transaction Key Scheme is Racal) .................................. 105
RK/RL Generate Transaction Response, with Auth Para Generated by Acquirer
(when selected Transaction Key Scheme is Australian) ............................ 106
HK/HL Generate Transaction Response, with Auth Para Generated by Acquirer
(when selected Transaction Key Scheme is Racal) .................................. 109
RM/RN Generate Transaction Response with Auth Para Generated by Card
Issuer (when selected Transaction Key Scheme is Australian) ................... 111
HM/HN Generate Transaction Response with Auth Para Generated by Card
Issuer (when selected Transaction Key Scheme is Racal) ......................... 114
RO/RP Translate a PIN from PEK to ZPK Encryption (when selected
Transaction Key Scheme is Australian) ................................................. 116

viii Thales e-Security

payShield 9000 – Australian Standards Reference Manual

HO/HP Translate a PIN from PEK to ZPK Encryption (when selected

Transaction Key Scheme is Racal) ....................................................... 118
RQ/RR Verify a Transaction Completion Confirmation (when selected
Transaction Key Scheme is Australian) ................................................. 120
HQ/HR Verify a Transaction Completion Confirmation (when selected
Transaction Key Scheme is Racal) ....................................................... 122
RS/RT Generate a Transaction Completion Response (when selected
Transaction Key Scheme is Australian) ................................................. 124
HS/HT Generate a Transaction Completion Response (when selected
Transaction Key Scheme is Racal) ....................................................... 126
QQ/QR Verify a PIN at Card Issuer using IBM Method ............................ 128
QS/QT Verify a PIN at Card Issuer using the Diebold Method ................... 130
QU/QV Verify a PIN at Card Issuer using Visa Method ............................ 132
QW/QX Verify a PIN at Card Issuer using the Comparison Method ........... 134
RU/RV Generate Auth Para at the Card Issuer (when selected Transaction Key
Scheme is Australian) ........................................................................ 137
HU/HV Generate Auth Para at the Card Issuer (when selected Transaction Key
Scheme is Racal) .............................................................................. 140
RW/RX Generate an Initial Terminal Key (when selected Transaction Key
Scheme is Australian) ........................................................................ 142
HW/HX Generate an Initial Terminal Key (when selected Transaction Key
Scheme is Racal) .............................................................................. 144
QM/QN Data Encryption Using a Derived Privacy Key ............................. 145
QO/QP Data Decryption Using a Derived Privacy Key .............................. 147

>> Appendices ....................................................................................... 149

Appendix A – One-Way Functions ............................................................ 149
OWF - 1988 .................................................................................... 149
Single Length Key.............................................................................. 149
Double Length Key ............................................................................ 149
OWF - 2000 .................................................................................... 149
Appendix B – Derivation of the Privacy Key ............................................... 150
Appendix C – Key Check Value ................................................................ 151
Single Length Key.............................................................................. 151
Double Length Key ............................................................................ 151
Appendix D – Key Encrypting Key Variants ................................................ 152
Zone or Terminal Authentication keys ................................................... 152
ZAK / TAK (Variant A) .................................................................... 152
ZAKs / TAKs (Variant B) ................................................................. 152
ZAKr / TAKr (Variant C) ................................................................. 152
Zone or Terminal Encryption keys ........................................................ 152
ZEK / TEK (Variant E) ..................................................................... 152
ZEKs / TEKs (Variant F) .................................................................. 152
ZEKr / TEKr / KA / KCA (Variant G) ................................................ 153
Zone or Terminal PIN keys (ZPK or TPK) (Variant H) ............................... 153
Variant 7 (Variant I) ........................................................................ 153
Variant 8 (Variant J) ....................................................................... 153
Variant 88 (Variant K)..................................................................... 153
Variant 0 (Variant M) ...................................................................... 154
Appendix G – Definition of Card Values ..................................................... 155
Appendix H – Generation of Initial Terminal Master Keys ............................. 156

Thales e-Security ix
 payShield 9000 – Australian Standards Reference Manual

Appendix I – Terminal Master Key Update ................................................ 157

AS2805 – 1988 Method ................................................................... 157
Update TMK1 only .......................................................................... 157
Update TMK1 and TMK2 .................................................................. 157
AS2805 – 2001 Method ................................................................... 157
Update TMK1 only .......................................................................... 157
Update TMK1 and TMK2 .................................................................. 157
Terminal KEK update ......................................................................... 158
General ........................................................................................ 158
Inputs .......................................................................................... 158
Algorithm KEK1 update ................................................................... 158
Algorithm KEK2 update ................................................................... 159
Appendix J – Derivation of the PIN Encryption Key ..................................... 160
Single Length TPK ............................................................................. 160
Double Length TPK............................................................................ 161
PIN enciphering key (KPE) ................................................................ 161
Appendix K – AS2805.3 PIN block formats .............................................. 163
AS2805 Format 1 PIN block .............................................................. 163
AS2805.3 Format 8 PIN block (format 46) ........................................... 163
Support for “zero” length PIN block.................................................... 163
Appendix L – Error messages ................................................................ 164
Appendix M – Australian Key Schemes .................................................... 166
Examples: ........................................................................................ 166
G Scheme. (Single Length Data/Session Key) ..................................... 166
H Scheme. (Double Length Data/Session Key) .................................... 166
I Scheme. (Triple Length Data/Session Key) ....................................... 167
Commands that support Australian key schemes ................................... 167
Standard console commands ........................................................... 167
Standard host commands................................................................ 167
Custom host commands ................................................................. 167
Appendix N – AS 2805.6.2 Support Appendices ....................................... 168
Appendix N-A: One-way Function .......................................................... 168
Case 1 – D* has length 64 (and so n  64) ....................................... 168
Case 2 – D* has length greater than 64 (and so n > 64) ..................... 168
Appendix N-B: Derivation of Data Values ............................................... 169
Appendix N-C: MAC Key Derivation....................................................... 170
Appendix N-D: PIN Encipherment Key Derivation ..................................... 171
Appendix N-E: Privacy Key Derivation .................................................... 172
Appendix N-F: Terminal Key Update (AS2805.6.2) ................................. 173
Appendix N-G: MAC and MAC Residue Calculation .................................. 174
Appendix N-H: Authentication Parameter .............................................. 175
Appendix O – AS 2805.6.2 (Single DES) Support Appendices ...................... 176
Appendix O-A: One-way Function .......................................................... 176
Appendix O-B: Derivation of Card and Data Values .................................. 177
Appendix O-C: MAC Key Derivation ....................................................... 178
Appendix O-D: PIN Encipherment Key Derivation ..................................... 179
Appendix O-E: Terminal Key Update ...................................................... 180
Appendix O-F: MAC and MAC Residue Calculation ................................... 181
Appendix O-G: Card Key and Authentication Parameter............................ 182
Appendix S – APCA Functional Specification Comparison Guide .................... 183
Appendix T – Key Notation comparison table............................................. 187

x Thales e-Security
payShield 9000 – Australian Standards Reference Manual

Appendix U1 – DEA 2 Text Block - DFormat 1 ........................................... 189

Appendix U2 – Public Key Encoding ......................................................... 191

Thales e-Security xi
 payShield 9000 – Australian Standards Reference Manual

>> End User License Agreement

(“EULA”)

Please read this Agreement carefully.

Opening this package or installing any of the contents of this package or using this product in
any way indicates your acceptance of the terms and conditions of this License.

This document is a legal agreement between Thales UK Ltd., (“THALES”) and the company that has purchased a THALES product
containing a computer program (“Customer”). If you do not agree to the terms of this Agreement, promptly return the product and all
accompanying items (including cables, written materials, software disks, etc.) at your mailing or delivery expense to the company from
whom you purchased it or to Thales e-Security, Meadow View House, Crendon Industrial Estate, Long Crendon, Aylesbury, Bucks HP18
9EQ, United Kingdom and you will receive a refund.

1. OWNERSHIP. Computer programs, ("Software") provided by THALES are provided either separately or as a bundled part of a computer
hardware product. Software shall also be deemed to include computer programs which are intended to be run solely on or withi n a
hardware machine, (“Firmware”).Software, including any documentation files accompanying the Software, ("Documentation")
distributed pursuant to this license consists of components that are owned or licensed by THALES or its corporate affiliates. Other
components of the Software consist of free software components (“Free Software Components”) that are identified in the text files
that are provided with the Software. ONLY THOSE TERMS AND CONDITIONS SPECIFIED FOR, OR APPLICABLE TO, EACH SPECIFIC FREE
SOFTWARE COMPONENT SHALL BE APPLICABLE TO SUCH FREE SOFTWARE COMPONENT. Each Free Software Component is the
copyright of its respective copyright owner. The Software is licensed to Customer and not sold. Customer has no ownership rights in
the Software. Rather, Customer has a license to use the Software. The Software is copyrighted by THALES and/or its suppliers. You
agree to respect and not to remove or conceal from view any copyright or trademark notice appearing on the Software or
Documentation, and to reproduce any such copyright or trademark notice on all copies of the Software and Documentation or any
portion thereof made by you as permitted hereunder and on all portions contained in or merged into other programs and
Documentation.

2. LICENSE GRANT. THALES grants Customer a non-exclusive license to use the Software with THALES provided computer equipment
hardware solely for Customer’s internal business use only. This license only applies to the version of Software shipped at the time of
purchase. Any future upgrades are only authorised pursuant to a separate maintenance agreement. Customer may copy the
Documentation for internal use. Customer may not decompile, disassemble, reverse engineer, copy, or modify the THALES owned or
licensed components of the Software unless such copies are made in machine readable form for backup purposes. In addition,
Customer may not create derivative works based on the Software except as may be necessary to permit integration with other
technology and Customer shall not permit any other person to do any of the same. Any rights not expressly granted by THALES to
Customer are reserved by THALES and its licensors and all implied licenses are disclaimed. Any other use of the Software by any other
entity is strictly forbidden and is a violation of this EULA. The Software and any accompanying written materials are protected by
international copyright and patent laws and international trade provisions.

3. NO WARRANTY. Except as may be provided in any separate written agreement between Customer and THALES, the software is
provided "as is." To the maximum extent permitted by law, THALES disclaims all warranties of any kind, either expressed or i mplied,
including, without limitation, implied warranties of merchantability and fitness for a particular purpose. THALES does not warrant that
the functions contained in the software will meet any requirements or needs Customer may have, or that the software will oper ate
error free, or in an uninterrupted fashion, or that any defects or errors in the software will be corrected, or that the software is
compatible with any particular platform. Some jurisdictions do not allow for the waiver or exclusion of implied warranties so they may
not apply. If this exclusion is held to be unenforceable by a court of competent jurisdiction, then all express and implied warranties
shall be limited in duration to a period of thirty (30) days from the date of purchase of the software, and no warranties sha ll apply after
that period.

4. LIMITATION OF LIABILITY. In no event will THALES be liable to Customer or any third party for any incidental or consequential
damages, including without limitation, indirect, special, punitive, or exemplary damages for loss of business, loss of profit s, business
interruption, or loss of business information) arising out of the use of or inability to use the program, or for any claim by any other
party, even if THALES has been advised of the possibility of such damages. THALES’ aggregate liability with respect to its obligations
under this agreement or otherwise with respect to the software and documentation or otherwise shall be equal to the purchase price.

xii Thales e-Security

 payShield 9000 – Australian Standards Reference Manual

However nothing in these terms and conditions shall however limit or exclude THALES’ liability for death or personal injury res ulting
from negligence, fraud or fraudulent misrepresentation or for any other liability which may not be excluded by law. Because some
countries and states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation
may not apply.

5. EXPORT RESTRICTIONS. The software is subject to the export control laws of the United Kingdom, the United States and other
countries. This license agreement is expressly made subject to all applicable laws, regulations, orders, or other restrictions on the
export of the software or information about such software which may be imposed from time to time. Customer shall not export the
software, documentation or information about the software and documentation without complying with such laws, regulations,
orders, or other restrictions.

6. TERM & TERMINATION. This EULA is effective until terminated. Customer may terminate this EULA at any time by destroying or
erasing all copies of the Software and accompanying written materials in Customer’s possession or control. This license will terminate
automatically, without notice from THALES if Customer fails to comply with the terms and conditions of this EULA. Upon such
termination, Customer shall destroy or erase all copies of the Software (together with all modifications, upgrades and merged portions
in any form) and any accompanying written materials in Customer’s possession or control.

7. SPECIAL PROCEDURE FOR U.S. GOVERNMENT. If the Software and Documentation is acquired by the U.S. Government or on its
behalf, the Software is furnished with "RESTRICTED RIGHTS," as defined in Federal Acquisition Regulation ("FAR") 52.227-19(c)(2), and
DFAR 252.227-7013 to 7019, as applicable. Use, duplication or disclosure of the Software and Documentation by the U.S. Government
and parties acting on its behalf is governed by and subject to the restrictions set forth in FAR 52.227-19(c)(1) and (2) or DFAR 252.227-
7013 to 7019, as applicable.

8. TRANSFER RIGHTS. Customer may transfer the Software, and this license to another party if the other party agrees to accept the terms
and conditions of this Agreement. If Customer transfers the Software, it must at the same time either transfer all copies wh ether in
printed or machine-readable form, together with the computer hardware machine on which Software was intended to operate to the
same party or destroy any copies not transferred; this includes all derivative works of the Software. FOR THE AVOIDANCE OF DOUBT,
IF CUSTOMER TRANSFERS POSSESSION OF ANY COPY OF THE SOFTWARE TO ANOTHER PARTY, EXCEPT AS PROVIDED IN THIS SECTION
8, CUSTOMER’S LICENSE IS AUTOMATICALLY TERMINATED.

9. GOVERNING LAW AND VENUE. This License Agreement shall be construed, interpreted and governed either by the laws of England
and Wales or by the laws of the State of New York, United States of America, in both cases without regard to conflicts of law s and
provisions thereof. If the Software is located or being used in a country located in North America, South America, Central America or
the Caribbean region, the laws of the State of the State of New York, United States of America shall apply and the exclusive forum for
any disputes arising out of or relating to the EULA, including the determination of the scope or applicability of this EULA to arbitrate,
shall be shall be settled by arbitration in accordance with the Arbitration Rules of the International Chamber of Commerce (“ICC”) by
one arbitrator appointed in accordance with said Rules. The arbitration shall be administered by the ICC. The arbitration shall be held
in New York City (State of New York), and shall be conducted in the English language. Either Party may seek interim or provisional
relief in any court of competent jurisdiction if necessary to protect the rights or property of that party pending the appointment of the
arbitrator or pending the arbitrator’s determination of the merits of the dispute. The arbitration award will be in writing and will
specify the factual and legal basis for the award. The arbitration award will be final and binding upon the parties, and any judgment on
the award rendered by the arbitrator may be entered by any court having jurisdiction thereof. If the Software is located or being used
in any other location throughout the world, then in that event the laws of England and Wales shall apply and the exclusive forum for
any disputes arising out of or relating to this EULA shall be an appropriate court sitting in England, United Kingdom.

Thales e-Security xiii

>> Chapter 1 - Introduction

>> Chapter 1 - Introduction

Overview
This document specifies the functions to be provided by a payShield 9000 host
security module (HSM) to support the Australian AS2805 Standards. This
document also provides the functionality to support the Australian Payments
Clearing Association (APCA) Security Control Module specifications.
PIN Block 46 in Appendix K, is applicable to standard HSM PIN translate and verify
function calls. The standard HSM function calls used are CA, CC, DA, DC, EA and
EC.
A comparison guide between the APCA specifications and the Thales equivalent
functions is provided in Appendix S. This is not a definitive guide but seeks to
provide an equivalent where there is no direct comparison.
The functionality described in this manual is enabled by applying optional license
HSM9-LIC003 to the payShield 9000.

PCI HSM Certification and Compliance

From version 1.1b, a number of payShield 9000 software versions have been
certified to the PCI HSM security standard. Prior to PCI HSM certification being
mandated by the card schemes, only some versions of base payShield 9000
software will be certified. Once the mandates are in place, all versions of base
software will be PCI HSM certified.
See Chapter 10 of the General Information Manual on PCI HSM Compliance for
information about PCI HSM compliance. This includes a table that indicating which
versions of payShield 9000 software are PCI HSM certified: this information is also
accessible in the Release Notes.

Thales e-Security 1
 >> Chapter 1 - Introduction

Table of commands
Console / Interchange /
Code Name Chapter
Host Terminal
Console Commands
EA Console Convert (KEK)ZMK into a KEKr or KEKs 2 Inter

DES Host Commands

OI Host Generate a Set of Zone Keys 3 Inter
OK Host Translate a Set of Zone Keys to Encryption 3 Inter
under the Local Master Key
PO Host Translate a PIN Block to Encryption under a 3 Inter
Zone PIN Key
PQ Host Generate a Message Authentication Code 3 Inter
AS2805 – 1985
C2 Host Generate a Message Authentication Code 3 Inter
(large messages)
PS Host Validate a Message Authentication Code 3 Inter
AS2805 –1985
C4 Host Verify a Message Authentication Code (large 3 Inter
messages)
PU Host Encrypt Data 3 Inter
PW Host Decrypt Data 3 Inter
E0 Host Generate a KEKs Validation Request 3 Inter
E2 Host Generate a KEKr Validation Response 3 Inter
F6 Host KEKGEN 3 Inter
F8 Host KEKREC 3 Inter
C0 Host Generate Initial Terminal Master Keys 3 Term
OU Host Update Terminal Master Key 1 3 Term
OW Host Update Terminal Master Keys 3 Term
PI Host Generate a Set of Terminal Keys 3 Term
PK Host Generate a PIN Pad Acquirer Security 3 Term
Number
C8 Host Generate an Acquirer Master Key Encrypting 3 Term
Key
D4 Host Translate a PIN Block to Encryption under a 3 Term
PIN Encryption Key
D6 Host Translate an Acquirer Master Key Encrypting 3 Term
Key
E4 Host Verify a PIN Pad Proof of End Point 3 Term
F0 Host Verify a Terminal PIN using the IBM Method 3 Term
F2 Host Verify a Terminal PIN using the VISA Method 3 Term
F4 Host Calculate KMACI 3 Term
C6 Host Generate a Random Number 3 Term
D0 Host Generate a PIN Pad Authentication Code 3 Term
D8 Host Encrypt a CPAT Authentication Value 3 Term
D2 Host Verify a PIN pad Authentication code 3 Term
E6 Host Generate a PIN Pad Proof of Endpoint 3 Term
E8 Host Generate a KCA and KMACH 3 Term
QI Host Translate a PPASN from old to new LMK 3 Term
PY Host Verify and Generate an IBM PIN Offset 3 Term
P0 Host Verify and Generate a VISA PVV 3 Term

2 Thales e-Security
>> Chapter 1 - Introduction

Console / Interchange /
Code Name Chapter
Host Terminal
P2 Host Generate a VISA PVV 3 Term
P4 Host Generate a Proof of Host value 3 Term

AS2805.6.2 functionality
RE Host Verify a Transaction Request, without PIN 6 Term
Verify a Transaction Request, with PIN, when Term
RG Host 6
CD Field Available
Verify a Transaction Request, with PIN, when Term
RI Host 6
CD Field not Available
Generate Transaction Response, with Auth
RK Host 6 Term
Para Generated by Acquirer
Generate Transaction Response with Auth
RM Host 6 Term
Para Generated by Card Issuer
RO Host Translate a PIN from PEK to ZPK Encryption 6 Term
Verify a Transaction Completion Confirmation
RQ Host 6 Term
Request
Generate a Transaction Completion
RS Host 6 Term
Response
Verify a PIN at Card Issuer using IBM
QQ Host 6 Term
Method
Verify a PIN at Card Issuer using the Diebold
QS Host 6 Term
Method
Verify a PIN at Card Issuer using Visa
QU Host 6 Term
Method
Verify a PIN at Card Issuer using the
QW Host 6 Term
Comparison Method
RU Host Generate Auth Para at the Card Issuer 6 Term
RW Host Generate an Initial Terminal Key 6 Term
QM Host Data Encryption Using a Derived Privacy Key 6 Term
QO Host Data Decryption Using a Derived Privacy Key 6 Term

RSA Host Commands

H0 Host Decrypt a PIN Pad Public Key 6 Term
H2 Host Generate a RSA Public Key Verification Code 6 Inter
H4 Host Generate a KEKs for use in Node to Node 6 Inter
interchange using RSA
H6 Host Receive a KEKr for use in Node to Node 6 Inter
interchange using RSA
H8 Host Encrypt a Cross Acquirer Key Encrypting Key 6 Term
under an Initial Transport Key
I0 Host Encrypt a Terminal Key under the Local 6 Term
Master Key

Thales e-Security 3
 >> Chapter 1 - Introduction

Other firmware changes

LMK pair validation and usage

Generic commands are used to generate keys and to export and import them. An
export command is one that translates a key from LMK encryption to encryption
under a ZMK, for sending to another party. Import is the reverse, for receiving keys
and translation for local storage. A table of ‘permitted actions’ controls both
console and host generic commands. These generic commands will be used to
generate, import and export keys. Some of these keys use their own specific LMK
pairs and variants. To permit these actions, changes have been made to the Key
Type Table – see Chapter 4 of the General Information Manual.
Errors are created when an action breaks the rules imposed by the table. The error
given in this case:
29 : Key function not permitted
The commands to which the table applies are:

Command Console Host

Generate a key KG A0
Generate & print a component A2
Form a key from encrypted components A4
Import a key KI A6
Export a key KE A8
Generate & print a key as split components NE
Generate key component GC
Generate key component & write to smart card GS
Encrypt a clear component EC
Form a key from components FK

NOTES for the Key Table at Chapter 1 of the Host Command Reference Manual:
KR & KS keys are only available under variants of KEK (ZMK)
G = Generate. E = Export. I = Import.
N = Not allowed. A = allowed in Authorized state. U = allowed Unconditionally,
i.e. without Authorized state.
The A6 & A8 commands should take the permissions from the table and not have
an overriding requirement for Authorized state.
Three new key encryption schemes are specified in Appendix M they are only
applicable for import and export. These schemes use CBC method to encrypt the
keys and apply an appropriate transport variant documented in Appendix D.

4 Thales e-Security
>> Chapter 2 – Console Commands

>> Chapter 2 – Console Commands

EA – Convert (KEK)ZMK into a KEKr or KEKs

Function: To move a (KEK)ZMK from encryption under LMK Pair 4 – 5 to

encryption under LMK Pair 4 – 5 variant 3 or 4.
Notes: The payShield 9000 must be in Authorized State.
This command supports Variant LMKs only.
Input: KEK (ZMK) encrypted under LMK pair 4 – 5: 32 Hex or 1 Alpha + 32
Hex or 1 Alpha + 48 Hex.
Key Check Value: 6 Hex
KEK type (R/ S) : KEKr or KEKs
Key scheme: Key scheme for encrypting key under LMK.
Output: KEKr or KEKs.
Errors: NOT AUTHORISED – Self explanatory.
KEY PARITY ERROR – The KEK (ZMK) does not have odd parity.
KEY CHECK VALUE FAILURE – The Key Check Value does not match the
key.
MASTER KEY PARITY ERROR – The contents of LMK storage have been
corrupted or erased. Do not continue – inform the Security
Department.
Example:
Online–AUTH > EA <RETURN>
Enter ZMK: U AAAA AAAA AAAA AAAA BBBB BBBB BBBB BBBB <RETURN>
Enter Key check value: XXXXXX <RETURN>
Enter KEK type (R/S): R <RETURN>
Key Scheme: U <RETURN>
KEKr : U CCCC CCCC CCCC CCCC DDDD DDDD DDDD DDDD

Thales e-Security 5
 >> Chapter 3 – Host Commands

>> Chapter 3 – Host Commands

OI/OJ Generate a Set of Zone Keys

Command: To generate a Zone PIN Key (ZPK), Zone Authentication Key (ZAK) and
Zone Encryption Key (ZEK) and return each key encrypted under their
appropriate variants of a Key Encrypting Key Send (KEKs) / Zone
Master Key (ZMK) and the appropriate LMK pair.

Notes: Each of the zone keys will be adjusted for odd parity on each byte. A
check value for each key will be generated (as defined in Appendix C).
The definition of each of the KEKs / ZMK variants is given in Appendix
D.
If the Key type flag is used, the key scheme must also be used.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'OI'

KEKs / Zone Master 32 H KEKs, encrypted under LMK pair 04-05 variant 4 or ZMK,
Key or encrypted under LMK pair 04-05
1 A + 32 H
or
1 A + 48 H

Delimiter 1A Optional: If present the following three fields must be

present. Value ';'

Key Scheme KEKs / 1A Optional. Key Scheme for encrypting keys under KEKs /
ZMK ZMK
Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Optional: If present the following field must be present.

Value ';'

Key type Flag 1N Optional flag to indicate if KEKs or ZMK is used.

1 = KEKs; 2 = ZMK
ONLY AVAILABLE IF PRECEDING KEY SCHEME IS USED

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X’19
Message Trailer nA Optional. Maximum length 32 characters

6 Thales e-Security
>> Chapter 3 – Host Commands

Thales e-Security 7
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'OJ'

Error Code 2N 00 – No errors

10 – ZMK parity error
12 – No keys loaded in user storage
13 – LMK error; report to supervisor
15 – Error in input data
21 – Invalid user storage index
26 – Invalid Key Scheme
27 – Incompatible key length
28 – Invalid key type

PIN Key (LMK) 16 H ZPK, encrypted under LMK pair 06-07

or
1 A + 32 H
or
1 A + 48 H

PIN Key (ZMK) 16 H ZPK, encrypted under appropriate variant of ZMK

or
1 A + 16 H
or
1 A + 32 H
or
1 A + 48 H

ZPK Check Value 6H Check value (KCV) for ZPK

Authentication Key 16 H ZAK, encrypted under LMK pair 26-27 variant 1

(LMK) or
1 A + 32 H
or
1 A + 48 H

Authentication Key 16 H ZAK, encrypted under appropriate variant of ZMK

(ZMK) or
1 A + 16 H
or
1 A + 32 H
or
1 A + 48 H

ZAK Check Value 6H Check value (KCV) for ZAK

Encryption Key (LMK) 16 H ZEK, encrypted under LMK pair 30-31 variant 1
or
1 A + 32 H
or
1 A + 48 H

Encryption Key (ZMK) 16 H ZEK, encrypted under appropriate variant of ZMK

or
1 A + 16 H
or
1 A + 32 H
or
1 A + 48 H

8 Thales e-Security
>> Chapter 3 – Host Commands

ZEK Check Value 6H Check value (KCV) for ZEK

End Message Delimiter 1C Will only be present if present in the command message.
Value X’19
Message Trailer nA Will only be present if in the command message. Maximum
length 32 characters

Thales e-Security 9
 >> Chapter 3 – Host Commands

OK/OL Translate a Set of Zone Keys to Encryption under the

Local Master Key

Command: To translate a Zone PIN Key (ZPK) and/or a Zone Authentication Key
(ZAK) and/or a Zone Encryption Key (ZEK) from encryption under a Key
Encrypting Key Receive (KEKr) / Zone Master Key (ZMK) to encryption
under the appropriate LMK pair.

Note: The command will translate one, two or all three key types depending on
the state of the key flags. If a flag is set ('1') the key is to be translated.
If the flag is clear ('0') the input key (ZPK, ZAK or ZEK) will not be
translated but the HSM will generate a random value and return it in
clear as the key (ZPK, ZAK or ZEK).
All translated key types (ZPK,ZAK & ZEK) MUST be the same length.
The plaintext keys will be adjusted for odd parity on each byte before
they are encrypted under the LMK. Each of the three zone keys will be
received encrypted under a different variant of the KEKr / ZMK (see
Appendix D for definition of these variants).
If no key schemes are specified the KEKr/ZMK will be treated as ZMK;
e.g. for a ZPK, the single-length version of variant H is used, regardless
of the length of the ZPK. Likewise, variant A is used for the ZAK and
variant E for the ZEK, regardless of length.
If the Key type flag is used, the key scheme must also be used.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged
Command Code 2A Value 'OK'

KEKr / Zone Master Key 32 H KEKr, encrypted under LMK pair 04-05 variant 3 or ZMK,
or encrypted under LMK pair 04-05
1 A + 32 H
or
1 A + 48 H

KCV Processing Flag 1N Flag to denote how KCV’s are processed:

0 = KCV on input & output
1 = KCV on input only
2 = KCV on output only

ZPK flag 1N ZPK flag. If set ('1') ZPK is to be translated. If clear ('0') a
clear random value will be returned (appropriate dummy
values should be entered in the following 2 fields if flag set
to '0')

10 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

Zone PIN Key 16 H ZPK, encrypted under appropriate variant of KEKr / ZMK
or
1 A + 16 H
or
1 A + 32 H
or
1 A + 48 H

ZPK Check Value 6H Check value (KCV) for ZPK Only present if KCV processing is
set to 0 or 1

ZAK flag 1N ZAK flag. If set ('1') ZAK is to be translated. If clear ('0') a
clear random value will be returned (appropriate dummy
values should be entered in the following 2 fields if flag set
to '0')

Zone Authentication Key 16 H ZAK, encrypted under appropriate variant of KEKr / ZMK
or
1 A + 16 H
or
1 A + 32 H
or
1 A + 48 H

ZAK Check Value 6H Check value (KCV) for ZAK Only present if KCV processing is
set to 0 or 1

ZEK flag 1N ZEK flag. If set ('1') ZEK is to be translated. If clear ('0') a
clear random value will be returned (appropriate dummy
values should be entered in the following 2 fields if flag set
to '0')

Zone Encryption Key 16 H ZEK, encrypted under appropriate variant of KEKr / ZMK (A
or dummy value should be entered if ZEK flag set to '0')
1 A + 16 H
or
1 A + 32 H
or
1 A + 48 H

ZEK Check Value 6H Check value (KCV) for ZEK Only present if KCV processing is
set to 0 or 1

Delimiter 1A Optional: If present the following three fields must be

present.
Value ';'

Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK
Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)
Delimiter 1A Optional: If present the following field must be present.
Value ';'
Flag 1N Optional flag to indicate if KEKs or ZMK is used.
1 = KEKr; 2 = ZMK
ONLY AVAILABLE IF PRECEDING KEY SCHEME IS USED

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.

Thales e-Security 11
 >> Chapter 3 – Host Commands

Field Length and Type Details

LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

12 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'OL'

Error Code 2N 00 - No errors

01 - ZPK KCV validation failure
02 - ZAK KCV validation failure
03 - ZEK KCV validation failure
10 - ZMK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

KCV Processing Flag 1N Flag to denote how KCV’s are processed:

0 = KCV on input & output
1 = KCV on input only
2 = KCV on output only

Zone PIN Key 16 H ZPK, encrypted under LMK pair 06-07 or a random value if
or the ZPK flag was clear ('0')
1 A + 32 H
or
1 A + 48 H

ZPK Check Value 6H Check value (KCV) for ZPK Only present if KCV processing is
set to 0 or 2

Zone Authentication Key 16 H ZAK, encrypted under LMK pair 26-27 variant 2 or a
or random value if the ZAK flag was clear ('0')
1 A + 32 H
or
1 A + 48 H

ZAK Check Value 6H Check value (KCV) for ZAK Only present if KCV processing is
set to 0 or 2

Zone Encryption Key 16 H ZEK, encrypted under LMK pair 30-31 variant 2 or a
or random value if the ZEK flag was clear ('0')
1 A + 32 H
or
1 A + 48 H

ZEK Check Value 6H Check value (KCV) for ZEK Only present if KCV processing is
set to 0 or 2

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 13
 >> Chapter 3 – Host Commands

C0/C1 Generate Initial Terminal Master Keys

(AS2805 – 2001)

Command: To generate two random initial Terminal Master Keys (TMK1 and TMK2)
and encrypt them under a Acquirer Initialization Key (KIA) and the
appropriate LMK pair.

Notes: The plaintext keys will be adjusted for odd parity on each byte before
they are encrypted under the LMK. A check value for each key is
generated (see Appendix C).
If the TMK’s are required to be output under KIA without any variants
applied, for backward compatibility, then Key Scheme X is used. This
must be enabled under the 'CS' command before usage.
PPASN use is only permitted when key scheme option is used.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'C0'

KIA 1 A + 32 H Acquirer Initialization Key (KIA) encrypted under LMK pair

or 14-15 variant 6
1 A + 48 H
Delimiter 1A Optional: If present the following three fields must be
present.
Value ';'
Key Scheme KIA 1A Optional. Key Scheme for encrypting keys under KIA

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Optional: If present the following field must be present.

Value ';'
Only available if preceding key scheme fields are present,

PPASN Flag 1N Optional, value 1. if present PPASN will be present in

response message

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

14 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'C1'

Error Code 2N 00 - No errors

10 - KIA parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

Terminal Master Key 1 1 A + 32 H TMK1, encrypted under Variant 1 of LMK pair 14-15
or
1 A + 48 H

Terminal Master Key 1 1 A + 32 H TMK1, encrypted under KIA

or
1 A + 48 H

TMK1 Check Value 6H Check value (KCV) for TMK1

Terminal Master Key 2 1 A + 32 H TMK2, encrypted under Variant 2 of LMK pair 14-15
or
1 A + 48 H

Terminal Master Key 2 1 A + 32 H TMK2, encrypted under KIA

or
1 A + 48 H

TMK2 Check Value 6H Check value (KCV) for TMK2

PPASN (LMK) 16 H PPASN, encrypted under Variant 8 of LMK pair 14-15

PPASN (KIA) 16 H PPASN, encrypted under the KIA. Variant 88 applied when
1 A + 32 H key used in input.

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 15
 >> Chapter 3 – Host Commands

OU/OV Update Terminal Master Key 1

Command: To generate a new Terminal Master Key (TMK1) and encrypt it under
Variant 1 of LMK pair 14-15.

Notes: The plaintext key will be adjusted for odd parity on each byte before it is
encrypted under the LMK. A check value for the key is generated (see
Appendix C). The method of updating the Terminal Master Key is
defined in Appendix I.
The PIN Pad Acquirer Security Number (PPASN) is not checked for
parity.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'OU'

Terminal Master Key 1 32 H Old TMK1, encrypted under Variant 1 of LMK pair 14-15
or
1 A + 32 H

PPASN 16 H PPASN, encrypted under Variant 8 of LMK pair 14-15

Delimiter 1A Optional: If present the following field must be present.

Value ';'

Key update process 1N Optional: If present

0 = AS2805 – 1988 method
1 = AS2805 – 2001 method

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

16 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'OV'

Error Code 2N 00 - No errors

10 - Old TMK1 parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

Terminal Master Key 1 32 H New TMK1, encrypted under Variant 1 of LMK pair 14-15
or
1 A + 32 H
TMK1 Check Value 6H Check value (KCV) for New TMK1

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 17
 >> Chapter 3 – Host Commands

OW/OX Update Terminal Master Keys

Command: To generate two new Terminal Master Keys (TMK1 and TMK2) and
encrypt them under the appropriate LMK pairs.

Notes: The plaintext keys will be adjusted for odd parity on each byte before
they are encrypted under the LMK. A check value for each key is
generated (see Appendix C). The method of updating the Terminal
Master Keys is defined in Appendix I.
The PIN Pad Acquirer Security Number (PPASN) is not checked for
parity.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'OW'

Terminal Master Key 2 32 H Old TMK2, encrypted under Variant 2 of LMK pair 14-15
or
1 A + 32 H

PPASN 16 H PPASN, encrypted under Variant 8 of LMK pair 14-15

Delimiter 1A Optional: If present the following field must be present.

Value ';'

Key update process 1N Optional: If present

0 = AS2805 – 1988 method
1 = AS2805 – 2001 method

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

18 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'OX'

Error Code 2N 00 - No errors

10 - Old TMK2 parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

Terminal Master Key 1 32 H New TMK1, encrypted under Variant 1 of LMK pair 14-15
or
1 A + 32 H
TMK1 Check Value 6H Check value (KCV) for New TMK1

Terminal Master Key 2 32 H New TMK2, encrypted under Variant 2 of LMK pair 14-15
or
1 A + 32 H

TMK2 Check Value 6H Check value (KCV) for New TMK2

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 19
 >> Chapter 3 – Host Commands

PI/PJ Generate a Set of Terminal Keys

Command: To generate a Terminal PIN Key (TPK), Terminal Authentication Key

Receive (TAKr), Terminal Authentication Key Send (TAKs), Terminal
Encryption Key Receive (TEKr) and Terminal Encryption Key Send (TEKs)
and return each key encrypted under a variant of a Terminal Master
Key (TMK) or KMA and the appropriate LMK pair.

Notes: A flag will indicate whether TMK1 , TMK2 or KMA will be used.
Each of the terminal keys will be adjusted for odd parity on each byte.
A check value for each key will be generated (as defined in Appendix C).
The definition of each of the TMK and KMA variants is given in
Appendix D.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged
Command Code 2A Value 'PI'

Flag 1N Flag to indicate which TMK is used

Flag = 0 if KMA is used
Flag = 1 if TMK1 is used
Flag = 2 if TMK2 is used

TMK or KMA, encrypted under the appropriate variant* of

LMK pair 14-15 if the security setting “Enforce key type
32 H
002 separation for PCI HSM compliance” has the value “N”.
or
If the setting has the value “Y” then for Flag=1 or Flag=2 the
Terminal Master Key 1 A + 32 H
encryption is as above, but for Flag=0 the key is encrypted
or
under LMK pair 36-37 variant 8.
1 A + 48 H
* Variant 0 if flag = 0; Variant 1 if Flag = 1; Variant 2 if Flag
=2

Delimiter 1A Optional: If present the following three fields must be

present.
Value ';'

Key Scheme TMK 1A Optional. Key Scheme for encrypting keys under TMK or
KMA

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

20 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PJ'

Error Code 2N 00 - No errors

10 - TMK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

If Key Delimiter Not used

PIN Key (LMK) 16 H TPK, encrypted under:
 LMK pair 14-15 variant 0 if the security setting
“Enforce key type 002 separation for PCI HSM
compliance” has the value “N”.
 LMK pair 36-37 variant 7 if the security setting
“Enforce key type 002 separation for PCI HSM
compliance” has the value “Y”.

PIN Key (TMK) 16 H TPK, encrypted under appropriate variant of TMK or KMA
TPK Check Value 6H Check value (KCV) for TPK

Authentication Key(LMK) 16 H TAK, encrypted under LMK pair 16-17

Authentication Key 16 H TAK, encrypted under appropriate variant of TMK or KMA

(TMK)
TAK Check Value 6H Check value (KCV) for TAK

Encryption Key (LMK) 16 H TEK, encrypted under LMK pair 32-33

Encryption Key (TMK) 16 H TEK, encrypted under appropriate variant of TMK or KMA

TEK Check Value 6H Check value (KCV) for TEK

If Key Delimiter used

PIN Key (LMK) TPK, encrypted under:
16 H  LMK pair 14-15 variant 0 if the security setting
or “Enforce key type 002 separation for PCI HSM
1 A + 32 H compliance” has the value “N”.
or  LMK pair 36-37 variant 7 if the security setting
1 A + 48 H “Enforce key type 002 separation for PCI HSM
compliance” has the value “Y”.
PIN Key (TMK) 16 H TPK, encrypted under appropriate variant of TMK or KMA
or
1 A + 32 H
or
1 A + 48 H

TPK Check Value 6H Check value (KCV) for TPK

Authentication Key(LMK) 16 H TAKs, encrypted under LMK pair 16-17 Variant 1

Send or
1 A + 32 H
or

Thales e-Security 21
 >> Chapter 3 – Host Commands

Field Length and Type Details

1 A + 48 H

Authentication Key(LMK) 16 H TAKr, encrypted under LMK pair 16-17 Variant 2

Receive or
1 A + 32 H
or
1 A + 48 H
Authentication Key 16 H TAKs, encrypted under appropriate variant of TMK or KMA
(TMK) Send or
1 A + 32 H
or
1 A + 48 H
TAKs Check Value 6H Check value (KCV) for TAKs

TAKr Check Value 6H Check value (KCV) for TAKr

Encryption Key (LMK) 16 H TEKs, encrypted under LMK pair 32-33 Variant 1
Send or
1 A + 32 H
or
1 A + 48 H

Encryption Key (LMK) 16 H TEKr, encrypted under LMK pair 32-33 Variant 2
Receive or
1 A + 32 H
or
1 A + 48 H

Encryption Key (TMK) 16 H TEKs, encrypted under appropriate variant of TMK or KMA
Send or
1 A + 32 H
or
1 A + 48 H

Encryption Key (TMK) 16 H TEKr, encrypted under appropriate variant of TMK or KMA
Receive or
1 A + 32 H
or
1 A + 48 H
TEKs Check Value 6H Check value (KCV) for TEKs

TEKr Check Value 6H Check value (KCV) for TEKr

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

22 Thales e-Security
>> Chapter 3 – Host Commands

PK/PL Generate a PIN Pad Acquirer Security Number

Command: To generate a PIN Pad Acquirer Security Number (PPASN) and return it
encrypted under an Acquirer Key (KIA) and Variant 8 of LMK pair 14-
15.

Note: The PPASN is not a key and so will not be adjusted for odd parity.
If KIA is double length (1 A + 32 H) then output eKIAV88(PPASN) as
per AS2805.6.4 section 7.2.4
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'PK'

Acquirer Key 16 H KIA, encrypted under either Variant 1 or Variant 6 of LMK

or pair 14-15.
1 A + 32 H

PIN Pad Serial Number 16 H Optional PIN Pad Serial Number

Delimiter 1A Optional: If present the following field must be present.

Value ';'

Acquirer Key flag 1N Optional field, present if delimiter is present.

1 = KIA under Variant 1 of LMK pair 14-15
2 = KIA under Variant 6 of LMK pair 14-15

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 23
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PL'

Error Code 2N 00 - No errors

10 - KIA parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 – Invalid user storage index

PPASN (LMK) 16 H PPASN, encrypted under Variant 8 of LMK pair 14-15

PPASN (KIA) 16 H PPASN, encrypted under the KIA. Variant 88 applied when
1 A + 32 H key used in input.

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

24 Thales e-Security
>> Chapter 3 – Host Commands

PO/PP Translate a PIN Block to Encryption under a Zone PIN

Key

Command: To translate a PIN block from encryption under a PIN Encryption Key
(KPE) to encryption under a Zone PIN Key (ZPK).

Notes: The KPE is derived from a Terminal PIN Key (TPK) and two other values,
the Systems Trace Audit Number (STAN) and the transaction amount.
The method of derivation of the KPE varies between single and double
length TPK. These are defined in Appendix J.
The PIN block formats supported by the HSM are either given in Ref.2,
Chapter 3. or a “zero” PIN block. The HSM will identify the “zero” PIN
block type and translate it accordingly.
“Zero” PIN block defined in Appendix K.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'PO'

16 H
or
Zone PIN Key 1 A + 32 H ZPK, encrypted under LMK pair 06-07
or
1 A + 48 H
TPK, encrypted under LMK pair 14-15 variant 0 if the
16 H
security setting “Enforce key type 002 separation for PCI
Terminal PIN Key or
HSM compliance” has the value “N”, or under LMK pair 36-
1 A + 32 H
37 variant 7 if the setting has the value “Y”.

STAN 6N Systems Trace Audit Number

Transaction Amount 12 N Transaction amount

Incoming PIN Block
2N A valid PIN block format code
Format Code
Outgoing PIN Block
2N A valid PIN block format code
Format Code

Incoming PIN Block 16 H PIN block, encrypted under KPE

Account Number 12 N Account number, used in PIN Block Format 01 or 04

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 25
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PP'

Error Code 2N 00 - No errors

10 - TPK parity error
11 - ZPK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
20 - PIN block error
21 - Invalid user storage index
23 - Invalid PIN block format code
24 - PIN length error
88 - Warning AS2805.3 “zero” PIN block received

Outgoing PIN Block 16 H PIN block, encrypted under the ZPK

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

26 Thales e-Security
>> Chapter 3 – Host Commands

PQ/PR Generate a Message Authentication Code AS2805.4 -

1985

Command: To generate a Message Authentication Code (MAC) using either a Zone

Authentication Key (ZAK) or a Terminal Authentication Key (TAK).

Notes: The method of generating the MAC is defined in AS2805.4 (1985).

The HSM input and output buffers can support 2K bytes of data. It is
recommended that the Authentication Data field in the command
message is no greater than 1800 bytes.
If the Host communication link is configured for standard
asynchronous communications then the Authentication Data will be
in expanded hexadecimal format, with two hexadecimal characters
representing each 8 bits of data. Thus 400 bytes of data would be
represented by 800 hexadecimal characters.
If the Host communication link is configured for non asynchronous
communications then the Authentication Data will be in binary
format, with each byte representing 8 bits of data.
The Authentication Data field must be an exact multiple of 16
hexadecimal characters if standard asynchronous communications are
used or an exact multiple of 8 bytes if the non asynchronous mode is
used.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'PQ'

Key Flag 1N Flag to indicate which authentication key is used
0 = ZAK, encrypted under LMK pair 26-27
1 = TAK, encrypted under LMK pair 16-17

Authentication Key 16 H ZAK or TAK, encrypted under relevant LMK pair

Length 3H Number of characters or bytes (non-asynchronous

communications) of data to be authenticated.
Note: For Asynchronous data, if the data is in expanded-hex
format, the value given will be half the length of the data.

Authentication Data nH Data to be authenticated (asynchronous communications)

or Data to be authenticated (non asynchronous
nB communications)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 27
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PR'

Error Code 2N 00 - No errors

10 - ZAK or TAK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
80 - Invalid data length

MAC 8H MAC, calculated on the data, using the given key

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

28 Thales e-Security
>> Chapter 3 – Host Commands

C2/C3 Generate a Message Authentication Code

(large messages)

Command: To generate a MAB for a large message using either a TAK or a ZAK.
This command supports ANSI X9.9, X9.19, AS2805.4.1 (2001)
standards.

Note: The command can operate on binary data or expanded Hex. If the HSM
is set for Async/ASCII operation and binary data used ensure that:
The host port has been set for 8 data bit operation by the CH
(Configure Host) command. The data for which the MAC is to be
generated does not contain either EM (X’19) or ETX(X’03). Expanded
Hex mode uses 2 hexadecimal characters for each binary byte. If the
message block is the first or a middle block it must be a multiple of 8
bytes. Consideration to the buffer size of the HSM must be made before
the value n message length is selected.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'C2'

Message Block Number 1N Message block processing number

0 - Only Block
1 - First Block
2 - A Middle Block
3 - Last Block

Key Type 1N Key type

0 – TAK (Terminal Authentication Key)
1 – ZAK (Zone Authentication Key)
2 – TAKs (Send Terminal Authentication Key)
3 – ZAKs (Send Zone Authentication Key)

MAC generation Mode 1N Mode =

0 – X9.9
1 – X9.19
2 – AS2805.4.1 (2001) MAB output
3 – AS2805.4.1 (2001) MAC output

Message Type 1N Message Type

0 – Message data is binary
1 – Message data is expanded Hex

Key Key, encrypted under appropriate LMK pair

16 H
or TAK under LMK pair 16 – 17
1 A + 32 H ZAK under LMK pair 26 – 27
or TAKs under LMK pair 16 – 17 variant 1
1 A + 48 H
ZAKs under LMK pair 26 – 27 variant 1
IV 16 H Initialization value, present only when message block number

Thales e-Security 29
 >> Chapter 3 – Host Commands

Field Length and Type Details

is 2 or 3. Encrypted under LMK pair 16-17 variant 3.

Message Length 4H Length of Message to be MACED (length of following field if

message type binary, Half the length of the following field if
expanded Hex)
Message Block n B or H The message block either in binary or as expanded Hex

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MEESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'C3'

Error Code 2N 00 - No errors

03 - Invalid Message Type Code
04 - Invalid Key Type Code
05 - Invalid Message Block Number
06 - Invalid MAC generation Mode
07 - Invalid key length
10 - KEY parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
80 - Incorrect input data length

MAB / MAC 8 H or 16 H Used as IV for next block when message block number is 1
or 2. Encrypted under LMK pair 16-17 variant 3.
Used as message authenticator when message block is 0
or 3
If MAC generation mode = 3 output is MAC (8H)

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

30 Thales e-Security
>> Chapter 3 – Host Commands

PS/PT Validate a Message Authentication Code

AS2805.4 -1985

Command: To validate a Message Authentication Code (MAC) using either a Zone

Authentication Key (ZAK) or a Terminal Authentication Key (TAK).

Notes: The method of generating the MAC is defined in AS2805.4 (1985).

The input and output buffers can support 2K bytes of data. It is
recommended that the Authentication Data field in the command
message is no greater than 1800 bytes.
If the Host communication link is configured for standard
asynchronous communications then the Authentication Data will be
in expanded hexadecimal format, with two hexadecimal characters
representing each 8 bits of data. Thus 400 bytes of data would be
represented by 800 hexadecimal characters.
If the Host communication link is configured for non asynchronous
communications then the Authentication Data will be in binary
format, with each byte representing 8 bits of data.
The Authentication Data field must be an exact multiple of 16
hexadecimal characters if standard asynchronous communications are
used or an exact multiple of 8 bytes if the non asynchronous mode is
used.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged
Command Code 2A Value 'PS'

Key Flag 1N Flag to indicate which authentication key is used

0 = ZAK, encrypted under LMK pair 26-27
1 = TAK, encrypted under LMK pair 16-17

Authentication Key 16 H ZAK or TAK, encrypted under relevant LMK pair

MAC 8H MAC, for validation

Length 3H Number of characters or bytes (non-asynchronous

communications) of data to be authenticated.
Note: For Asynchronous data, if the data is in expanded-hex
format, the value given will be half the length of the data.

Authentication Data n H or n B Data to be authenticated (asynchronous communications)

Data to be authenticated (non asynchronous
communications)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 31
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PT'

Error Code 2N 00 - No errors

01 - MAC validation failure
10 - ZAK or TAK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
80 - Invalid data length

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

32 Thales e-Security
>> Chapter 3 – Host Commands

C4/C5 Verify a Message Authentication Code

(large messages)

Command: To verify a MAC for a large message using either a TAK or a ZAK. This
command supports ANSI X9.9, X9.19, AS2805.4.1 (2001) standards

Note: The command can operate on binary data or expanded Hex. If the HSM
is set for Async/ASCII operation and binary data used ensure that:
The host port has been set for 8 data bit operation by the CH
(Configure Host) command.
The data for which the MAC is to be verified does not contain either EM
(X’19) or ETX(X’03).
Expanded Hex mode uses 2 hexadecimal characters for each binary
byte.
If the message block is the first or a middle block it must be a multiple
of 8 bytes.
Consideration to the buffer size of the HSM must be made before the
value n message length is selected.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'C4'

Message Block Number 1N Message block processing number

0 - Only Block
1 - First Block
2 - A Middle Block
3 - Last Block

Key Type 1N Key type

0 – TAK (Terminal Authentication Key)
1 – ZAK (Zone Authentication Key)
2 – TAKr (Receive Terminal Authentication Key)
3 – ZAKr (Receive Zone Authentication Key)
MAC verification Mode 1N Mode =
0 – X9.9
1 – X9.19
2 – AS2805.4.1 (2001)
Message Type 1N Message Type
0 – Message data is binary
1 – Message data is expanded Hex

Key Key, encrypted under appropriate LMK pair

16 H
or TAK under LMK pair 16 – 17
1 A + 32 H ZAK under LMK pair 26 – 27
or TAKr under LMK pair 16 – 17 variant 2
1 A + 48 H
ZAKr under LMK pair 26 – 27 variant 2

Thales e-Security 33
 >> Chapter 3 – Host Commands

Field Length and Type Details

IV 16 H Initialization value, present only when message block number
is 2 or 3. Encrypted under LMK pair 16-17 variant 3.

MAC 8H MAC for verification, present only when message block

number is either 0 or 3

Message Length 4H Length of Message to be MACED (length of following field if

message type binary, Half the length of the following field if
expanded Hex)

Message Block n B or n H The message block either in binary or as expanded Hex

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged
Response Code 2A Value 'C5'

Error Code 2N 00 - No errors

01 – MAC verification failure
03 – Invalid Message Type Code
04 – Invalid Key Type Code
05 - Invalid Message Block Number
06 – Invalid MAC Verification Mode
07 - Invalid key length
10 - KEY parity error
12 No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
80 - Incorrect input data length

MAB 16 H MAB encrypted under LMK pair 16-17 variant 3. Only

output if message block number is 1 or 2. Used as IV for
next block.

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

34 Thales e-Security
>> Chapter 3 – Host Commands

PU/PV Encrypt Data

Command: To encrypt a block of data, using either a Zone Encryption Key (ZEK) or
a Terminal Encryption Key (TEK).

Note: The modes of encryption supported by this command are Electronic

Codebook (ECB), Cipher Block Chaining (CBC), 8-bit Cipher Feedback
(CFB-8), and OFB (8 Bit or 8 Byte) - see AS2805.5.2 (Ref.8.2).
The input and output buffers can support 2K bytes of data. It is
recommended that the Plaintext Data field in the command message is
no greater than 1800 bytes.
If the Host communication link is configured for standard
asynchronous communications then the input Plaintext Data and the
output Encrypted Data will be in expanded hexadecimal format, with
two hexadecimal characters representing each 8 bits of data. Thus
400 bytes of data would be represented by 800 hexadecimal
characters.
If the Host communication link is configured for transparent
asynchronous communications then the input Plaintext Data and the
output Encrypted Data will be in binary format, with each byte
representing 8 bits of data.
The Plaintext Data field must be an exact multiple of 16 hexadecimal
fields if standard asynchronous communications are used or an exact
multiple of 8 bytes if the transparent asynchronous mode is used. The
Encrypted Data field will be the same size as the Plaintext Data field.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'PU'

Key Flag 1N Flag to indicate which encryption key is used

0 = ZEK, encrypted under LMK pair 30-31
1 = TEK, encrypted under LMK pair 32-33
2 = ZEKs, encrypted under LMK pair 30-31 variant 1
3 = TEKs, encrypted under LMK pair 32-33 variant 1

Encryption Key 16 H ZEK or TEK, encrypted under relevant LMK pair

or
1 A + 32 H
or
1 A + 48 H

Encryption Mode 1N Flag to indicate the mode of encryption

0 = ECB mode of encryption
1 = CBC mode of encryption
2 = CFB-8 mode of encryption
3 = OFB mode of encryption

Thales e-Security 35
 >> Chapter 3 – Host Commands

Field Length and Type Details

Initialization Value 16 H Initialization value, used with the CBC, CFB-8 or OFB modes
of encryption
Plaintext Value (j) 1N Only used with OFB mode, value of either 1 for 1 byte (8bits)
feedback or 8 for 8 byte (64bits) feedback

Length 3H Length (in bytes) of data to be encrypted

Plaintext Data nH Data to be encrypted (asynchronous mode)
or Data to be encrypted (transparent asynchronous mode)
nB

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PV'

Error Code 2N 00 - No errors

10 - ZEK or TEK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
80 - Invalid data length

Encrypted Data nH Encrypted data (asynchronous mode)

or
nB Encrypted data (transparent asynchronous mode)

OCV 16 H Output Chaining Value, only used when OFB mode is used

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

36 Thales e-Security
>> Chapter 3 – Host Commands

PW/PX Decrypt Data

Command: To decrypt a block of data, using either a Zone Encryption Key (ZEK) or
a Terminal Encryption Key (TEK).

Note: The modes of encryption supported by this command are Electronic

Codebook (ECB), Cipher Block Chaining (CBC) or 8-bit Cipher Feedback
(CFB-8) - see AS2805.5.2 (Ref.8.2).
The HSM input and output buffers can support 2K bytes of data. It is
recommended that the Encrypted Data field in the command message
is no greater than 1800 bytes.
If the Host communication link is configured for standard
asynchronous communications then the input Encrypted Data and
the output Plaintext Data will be in expanded hexadecimal format,
with two hexadecimal characters representing each 8 bits of data.
Thus 400 bytes of data would be represented by 800 hexadecimal
characters.
If the Host communication link is configured for transparent
asynchronous communications then the input Encrypted Data and
the output Plaintext Data will be in binary format, with each byte
representing 8 bits of data.
The Encrypted Data field must be an exact multiple of 16 hexadecimal
fields if standard asynchronous communications are used or an exact
multiple of 8 bytes if the transparent asynchronous mode is used. The
Plaintext Data field will be the same size as the Encrypted Data field.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'PW'

Key Flag 1N Flag to indicate which encryption key is used

0 = ZEK, encrypted under LMK pair 30-31
1 = TEK, encrypted under LMK pair 32-33
2 = ZEKr, encrypted under LMK pair 30-31 Variant 2
3 = TEKr, encrypted under LMK pair 32-33 Variant 2

Encryption Key 16 H ZEK or TEK, encrypted under relevant LMK pair

or
1 A + 32 H
or
1 A + 48 H

Encryption Mode 1N Flag to indicate the mode of encryption

0 = ECB mode of encryption
1 = CBC mode of encryption
2 = CFB-8 mode of encryption
3 = OFB mode of encryption
Initialization Value 16 H Initialization value, used with the CBC, CFB-8 or OFB modes
of encryption

Thales e-Security 37
 >> Chapter 3 – Host Commands

Field Length and Type Details

Plaintext Value (j) 1N Only used with OFB mode, value of either 1 for 1 byte (8bits)
feedback or 8 for 8 byte (64bits) feedback
Length 3H Length (in bytes) of data to be decrypted

Encrypted Data nH Data to be decrypted (asynchronous mode)

or Data to be decrypted (transparent asynchronous mode)
nB

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PX'

Error Code 2N 00 - No errors

10 - ZEK or TEK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
80 - Invalid data length

Plaintext Data nH Plaintext data (asynchronous mode)

or
nB Plaintext data (transparent asynchronous mode)

OCV 16 H Output Chaining Value, only used when OFB mode is used

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

38 Thales e-Security
>> Chapter 3 – Host Commands

C8/C9 Generate an Acquirer Master Key Encrypting Key

Command: To generate an Acquirer Master Key Encrypting Key (KIA) and return
the result encrypted under LMK pair 14-15.

Note: The KIA is generated from a Cross Acquirer Key Encrypting Key (KCA)
and an Acquiring Institution Identification Code (AIIC) using the one-way
function defined in Appendix A.
The key scheme flags are ignored in processing.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'C8'

KCA 16 H KCA, encrypted under LMK pair 14-15 variant 0 if the

or security setting “Enforce key type 002 separation for PCI
1 A + 32 H HSM compliance” has the value “N”, or under LMK pair 36-
or 37 variant 8 if the setting has the value “Y”.
1 A + 48 H
Flag 1N Flag to denote format of AIIC following:
1 = 11N
2 = 16H
3 = 32H
AIIC 11N or 16H or 32H Acquiring Institution Identification Code

Delimiter 1A Optional: If present the following three fields must be

present.
Value ';'

Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 39
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'C9'

Error Code 2N 00 - No errors

10 - KCA parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

KIA 16 H KIA, encrypted under LMK pair 14-15 variant 6

or
1 A + 32 H

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

40 Thales e-Security
>> Chapter 3 – Host Commands

D4/D5 Translate a PIN Block to Encryption under a PIN

Encryption Key

Command: To translate a PIN Block from encryption under a Terminal PIN Key
(KTP) to encryption under a PIN Encryption Key (KPE).

Note: The input PIN block will be either a standard AS2805 (ANSI X9.8) PIN
block or a zero PIN block. The HSM will identify the PIN block type and
translate it accordingly.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'D4'

Terminal PIN Key 16 H TPK, encrypted under LMK pair 14-15 variant 0 if the
or security setting “Enforce key type 002 separation for PCI
1 A + 32 H HSM compliance” has the value “N”, or under LMK pair 36-
or 37 variant 7 if the setting has the value “Y”.
1 A + 48 H
PIN Encryption Key 16 H KPE, encrypted under LMK pair 06-07
or
1 A + 32 H
or
1 A + 48 H

PIN Block 16 H PIN block, encrypted under TPK

Account Number 12 N Rightmost 12 digits of the Primary Account Number (PAN),
excluding the check digit.

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 41
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'D5'

Error Code 2N 00 - No errors

10 - KTP parity error
11 - KPE parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
20 - PIN block error
21 - Invalid user storage index
24 - PIN length error
88 : Warning AS2805.3 “zero” PIN block received

PIN Block 16 H PIN block, encrypted under the KPE

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

42 Thales e-Security
>> Chapter 3 – Host Commands

D6/D7 Translate an Acquirer Master Key Encrypting Key

Command: To translate an Acquirer Master Key Encrypting Key (TMK 1) to

encryption under LMK pair 14-15 variant 1.

Note: The TMK 1 is received encrypted under a Privacy Key (KP) which in turn
is received encrypted under a Communications Key (KC). The KC will be
received encrypted under LMK pair 04-05.
The key scheme flags are ignored in processing.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'D6'

KC 16 H KC, encrypted under LMK pair 04-05

or
1 A + 32 H
or
1 A + 48 H
KP 16 H KP, encrypted under KC
or
1 A + 32 H
or
1 A + 48 H
TMK 1 16 H TMK 1, encrypted under KP
or
1 A + 32 H
or
1 A + 48 H

Delimiter 1A Optional: If present the following three fields must be

present.
Value ';'

Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK
Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 43
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'D7'

Error Code 2N 00 - No errors

10 - KC parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

TMK 1 16 H TMK 1, encrypted under LMK pair 14-15 variant 1

or
1 A + 32 H
or
1 A + 48 H
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

44 Thales e-Security
>> Chapter 3 – Host Commands

E0/E1 Generate a KEKs Validation Request

Command: To generate a random key (KRs) and encrypt it with a variant of a

double length Key Encrypting Key (KEKs). In addition, KRs is inverted (to
form KRr) and the result encrypted with another variant of the KEKs.

Note: The definition of the KEKs variants is given in Appendix D.

If no key scheme flags are supplied, the HSM generates a single length
KRs & KRr, and the single length KEKs variants are used. If key
scheme flags are used the HSM generates the appropriate length KRs
& KRr as per the scheme and appropriate KEKs variants for the length
of KR are used.
If the Key type flag is used, the key scheme flags must also be present.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged
Command Code 2A Value 'E0'

KEKs / Zone Master 32 H KEKs, encrypted under LMK pair 04-05 variant 4 or ZMK,
or
Key encrypted under LMK pair 04-05
1 A + 32 H
or
1 A + 48 H
Delimiter 1A Optional: If present the following three fields must be
present.
Value ';'

Key Scheme KEKs / 1A Optional. Key Scheme for encrypting keys under KEKs /
ZMK ZMK
Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Optional: If present the following field must be present.

Value ';'

Flag 1N Optional flag to indicate if KEKs or ZMK is used.

1 = KEKs; 2 = ZMK
ONLY AVAILABLE IF PRECEDING KEY SCHEME IS USED

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 45
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'E1'

Error Code 2N 00 - No errors

10 - KEKs parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

KRs 16 H KRs, encrypted with variant 7 of KEKs or variant 7 of ZMK

or
(see Appendix D)
1 A + 32 H
or
1 A + 48 H
KRr 16 H KRr (i.e. inverted KRs), encrypted with variant 8 of KEKs or
or
variant 8 of ZMK (see Appendix D)
1 A + 32 H
or
1 A + 48 H
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

46 Thales e-Security
>> Chapter 3 – Host Commands

E2/E3 Generate a KEKr Validation Response

Command: To receive a random key (KRs) encrypted under a variant of a double

length Key Encrypting Key (KEKr), compute from KRs another value,
denoted KRr and encrypt it under another variant of the KEKr

Note: The definition of the KEKr variants is given in Appendix D.

If no key scheme flags are supplied, the HSM will use the single length
KEKr variant for the input KRs and output KRr, regardless of length of
the KRs. If key scheme flags are supplied the HSM uses the
appropriate variant of KEKr, depending on length for the input KRs and
output KRr.
If the Key type flag is used, the key scheme flags must also be used.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'E2'

32 H
or
KEKr / Zone Master Key KEKr, encrypted under LMK pair 04-05 variant 3 or ZMK,
1 A + 32 H
or encrypted under LMK pair 04-05
1 A + 48 H
16 H
or
KRs, encrypted with variant 7 of KEKr or variant 7 of ZMK
KRs 1 A + 32 H
or (see Appendix D)
1 A + 48 H
Delimiter 1A Optional: If present the following three fields must be
present.
Value ';'

Key Scheme KEKr 1A Optional. Key Scheme for encrypting keys under KEKr

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Optional: If present the following field must be present.

Value ';'

Flag 1N Optional flag to indicate if KEKr or ZMK is used.

1 = KEKr; 2 = ZMK
ONLY AVAILABLE IF PRECEDING KEY SCHEME IS USED

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 47
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'E3'

Error Code 2N 00 - No errors

10 – KEKr parity error
12 - No keys loaded in user storage
13 LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type
16 H
or
KRr (i.e. inverted KRs, encrypted with variant 8 of KEKr or
KRr 1 A + 32 H
or variant 8 of ZMK(see Appendix D)
1 A + 48 H
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

48 Thales e-Security
>> Chapter 3 – Host Commands

E4/E5 Verify a PIN Pad Proof of End Point

Command: To verify a PIN Pad Proof of End point (POEP).

Note: The proof of end point (POEP) is generated by the PIN pad by encrypting
the PPASN (PIN Pad Acquirer Secret Number) with one of the Terminal
Master Keys (known as KEK1 or KEK2 in AS2805 Part 6.4) or a
Terminal Encryption Key. Only the left 32 bits is used for the POEP.
This command will validate a proof of endpoint provided by the PIN Pad.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'E4'

Flag 1N Flag to indicate which TMK is used

Flag = 1 if TMK1 is used
Flag = 2 if TMK2 is used
Flag = 3 if TEKr is used
Terminal Master Key or 32 H TMK, encrypted under a Variant of LMK pair 14-15 (Variant
Terminal Encryption Key or 1 if Flag = 1; Variant 2 if Flag = 2). TEKr, encrypted under
1 A + 32 H
LMK pair 32-33 variant 2
or
1 A + 48 H

PPASN 16 H PIN Pad Acquirer Secret Number encrypted under Variant 8

of LMK pair 14-15
POEP 8H Proof of end point to be validated

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X’19
Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 49
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'E5'

Error Code 2N 00 - No errors

01 – POEP does not Verify
10 - TMK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
88 - Warning AS2805.3 “zero” PIN block received

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

50 Thales e-Security
>> Chapter 3 – Host Commands

F0/F1 Verify a Terminal PIN using the IBM Method (AS2805

6.4).

Command: To verify a PIN from a terminal using the IBM 3624 method.

Note: The PIN block shall be as specified in AS2805.3. The KPE shall be
calculated as specified in AS2805.6.4 (Refer Appendix J)
The decimalization table can be stored in user storage and referenced
in the same way as keys. The decimalization table of 16 digits must
contain at least 8 different digits, with no digit occurring more than 4
times. If this condition is not met, Error Code 25 is returned.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'F0'

The TPK under which the PIN block is encrypted; encrypted

16 H under LMK pair 14-15 variant 0 if the security setting
TPK or “Enforce key type 002 separation for PCI HSM compliance”
1 A + 32 H has the value “N”, or under LMK pair 36-37 variant 7 if the
setting has the value “Y”.
PVK 16 H PVK encrypted under LMK pair 14-15 variant 0
or
1 A + 32 H
or
1 A + 48 H
STAN 6N Systems Trace Audit Number

Transaction Amount 12 N Transaction Amount

PIN block 16 H The PIN block encrypted under the KPE

PIN block format code 2N One of the valid format codes.

Check length 2N The minimum PIN length.

Account number 12 N The 12 right-most digits of the account number, excluding
the check digit.

Decimalization table 16 N The table for converting hexadecimal values to decimal

or
1A+3H ‘K’ + 3 H to reference a decimalization table held in the
HSM’s User Storage Area.
PIN validation data 12A User-defined data consisting of hexadecimal characters and
the character N, which indicates to the HSM where to
insert the last 5 digits of the account number.

Offset 12H IBM offset value, left-justified and padded with F.

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 51
 >> Chapter 3 – Host Commands

52 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'F1'

Error Code 2N 00 - No errors.

01 - Verification failure.
02 - Warning PVK not single length
10 - TPK parity error.
11 - PVK parity error.
12 - No keys or table loaded in user storage.
13 - LMK error; report to supervisor.
15 - Error in input data.
20 - PIN block error.
21 - Invalid user storage index.
23 - Invalid PIN block format code.
24 - PIN is fewer than 4 or more than 12 digits.
25 - Decimalization table error.
88 - Warning AS2805.3 “zero” PIN block received

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 53
 >> Chapter 3 – Host Commands

F2/F3 Verify a Terminal PIN using the VISA Method (AS2805

6.4).

Command: To verify a PIN from a terminal using the VISA method.

Note: The PIN block shall be as specified in AS2805.3. The KPE shall be
calculated as specified in AS2805.6.4 (Refer Appendix J)
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'F2'

The TPK under which the PIN block is encrypted; encrypted

16 H under LMK pair 14-15 variant 0 if the security setting
TPK or “Enforce key type 002 separation for PCI HSM compliance”
1 A + 32 H has the value “N”, or under LMK pair 36-37 variant 7 if the
setting has the value “Y”.

PVK pair 32 H PVK encrypted under LMK pair 14-15 variant 0

or
1 A + 32 H
or
1 A + 48 H
STAN 6N Systems Trace Audit Number

Transaction Amount 12 N Transaction Amount

PIN block 16 H The PIN block encrypted under the KPE

PIN block format code 2N One of the valid format codes.

Account number 12 N The 12 right-most digits of the account number, excluding

the check digit.

PVKI 1N The PVKI (should be between 0 and 6).

PVV 4N The PIN Verification Value

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

54 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'F3'

Error Code 2N 00 - No errors.

01 - Verification failure.
10 - TPK parity error.
11 - PVK parity error.
12 - No keys or table loaded in user storage.
13 - LMK error; report to supervisor.
15 - Error in input data.
20 - PIN block does not contain valid values
21 - Invalid user storage index.
23 - Invalid PIN block format code.
24 - PIN is fewer than 4 or more than 12 digits.
88 - Warning AS2805.3 “zero” PIN block received

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 55
 >> Chapter 3 – Host Commands

F4/F5 Calculate KMACI

Command: To calculate a initial MAC key.

Note: The key scheme flags are ignored in processing.

This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'F4'

KIA 16 H The KIA encrypted under LMK pair 14-15 Variant 6

or
1 A + 32 H
or
1 A + 48 H
Flag 1N Flag to denote format of AIIC following:
1 = 11N
2 = 16H
3 = 32H

AIIC 11N or 16H or 32H The Acquirer Institution Identification Code

Delimiter 1A Optional: If present the following three fields must be
present.
Value ';'

Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

56 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'F5'

Error Code 2N 00 : No errors.

10 : KIA parity error.
12 : No keys or table loaded in user storage.
13 : LMK error; report to supervisor.
15 : Error in input data.
21 : Invalid user storage index.
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

KMACI 16 H The KMACI encrypted under LMK pair 16-17

or
1 A + 32 H
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 57
 >> Chapter 3 – Host Commands

F6/F7 KEKGEN – 6.3

Command: To generate a KEK send key and KEK receive key, return the keys
enciphered under a KTK (ZMK) with appropriate variants and under the
LMK.

Note: If no key scheme flags are supplied, the HSM will use the single length
KTK (ZMK) variant on the output KEKs & KEKr. If key scheme flags are
supplied the HSM uses the appropriate variant of ZMK, depending on
length for the output KEKs & KEKr.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'F6'

ZMK 16 H The ZMK encrypted under LMK pair 4-5

or
32 H
or
1 A + 32 H
or
1 A + 48 H
Delimiter 1A Optional: If present the following three fields must be
present.
Value ';'
Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

58 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'F7'

Error Code 2N 00 : No errors.

10 : ZMK parity error.
12 : No keys or table loaded in user storage.
13 : LMK error; report to supervisor.
15 : Error in input data.
21 : Invalid user storage index.
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

eZMK(KEKs) 16 H The KEKs encrypted under supplied ZMK with variant 7

or
1 A + 32 H
eZMK(KEKr) 16 H The KEKr encrypted under supplied ZMK with variant 8
or
1 A + 32 H
eLMK(KEKs) 16 H The KEKs encrypted under LMK 04-05 variant 4
or
1 A + 32 H
eLMK(KEKr) 16 H The KEKr encrypted under LMK 04-05 variant 3
or
1 A + 32 H
KCV(KEKs) 6H Only present if KCV type = 1 in input message
KCV(KEKr) 6H Only present if KCV type = 1 in input message

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 59
 >> Chapter 3 – Host Commands

F8/F9 KEKREC – 6.3

Command: To receive a Interchange partner’s KEK send key and KEK receive key
encrypted under a KTK (ZMK) and return the keys enciphered under the
LMK.

Note: The partner’s KEKs becomes the host KEKr, and conversely the
partner’s received KEKr becomes the host KEKs
If no key scheme flags are supplied, the HSM will use the single length
KTK (ZMK) variant on the input KEKs & KEKr. If key scheme flags are
supplied the HSM uses the appropriate variant of ZMK, depending on
length for the input KEKs & KEKr
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'F8'

ZMK 16 H The ZMK encrypted under LMK pair 4-5

or
32 H
or
1 A + 32 H
or
1 A + 48 H
eZMK(KEKs) [Partner] 16 H The KEKs encrypted under supplied ZMK with variant 7
or
1 A + 32 H
eZMK(KEKr) [Partner] 16 H The KEKr encrypted under supplied ZMK with variant 8
or
1 A + 32 H
Delimiter 1A Optional: If present the following three fields must be
present.
Value ';'

Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

60 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'F9'

Error Code 2N 00 : No errors.

10 : ZMK parity error.
12 : No keys or table loaded in user storage.
13 : LMK error; report to supervisor.
15 : Error in input data.
21 : Invalid user storage index.
26 - Invalid Key Scheme
27 - Incompatible key length
28 - Invalid key type

eLMK(KEKs) [Host] 16 H The KEKs encrypted under LMK 04-05 variant 4

or
1 A + 32 H
eLMK(KEKr) [Host] 16 H The KEKr encrypted under LMK 04-05 variant 3
or
1 A + 32 H
KCV(KEKs) 6H Only present if KCV type = 1 in input message

KCV(KEKr) 6H Only present if KCV type = 1 in input message

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 61
 >> Chapter 3 – Host Commands

C6/C7 Generate a Random Number

Command: To generate a random 64 bit number.

Notes: This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'C6'

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'C7'

Error Code 2N 00 - No errors

Random Number 16 H Random Number

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

62 Thales e-Security
>> Chapter 3 – Host Commands

D0/D1 Generate a PIN Pad Authentication Code

Command: To generate a PIN Pad Authentication Code (PPAC).

Note: The PPAC is formed by encrypting the PIN Pad Serial Number (PPSN)
with the Acquirer Master Key Encrypting Key (KMA) and using the
leftmost 32 bits of the result as the PPAC.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'D0'

KMA 16 H KMA, encrypted under LMK pair 14-15 variant 0 if the

or
security setting “Enforce key type 002 separation for PCI
1 A + 32 H
or HSM compliance” has the value “N”, or under LMK pair 36-
1 A + 48 H 37 variant 8 if the setting has the value “Y”.

PPSN 16 N PIN Pad Serial Number

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged
Response Code 2A Value 'D1'

Error Code 2N 00 - No errors

10 - KMA parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index

PPAC 8H PIN Pad Authentication Code

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 63
 >> Chapter 3 – Host Commands

D8/D9 Encrypt a CPAT Authentication Value

Command: To encrypt a CPAT Authentication Value (CAV).

Note: The CAV is encrypted with a privacy key, denoted KD, which is derived
from the current value of the Transaction Key (KT), the Systems Trace
Audit Number (STAN) and the Card Acceptor Terminal Identification
(CATID) according to the method defined in Appendix B for 16H and
Appendix N-E for 32H key lengths.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'D8'

KT KT, encrypted under LMK pair 14-15 variant 0 if the

16 H
security setting “Enforce key type 002 separation for PCI
or
HSM compliance” has the value “N”, or under LMK pair 36-
1 A + 32 H
37 variant 8 if the setting has the value “Y”.
STAN 6N Systems Trace Audit Number

CATID 16 H Card Acceptor Terminal Identification

CAV 16 H CPAT Authentication Value

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

64 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'D9'

Error Code 2N 00 - No errors

10 - KT parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index

Encrypted CAV 16 H CAV, encrypted with KD

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 65
 >> Chapter 3 – Host Commands

D2/D3 Verify a PIN Pad Authentication Code

Command: To verify a PIN Pad Authentication Code (PPAC).

Note: The PPAC is formed by encrypting the PIN Pad Serial Number (PPSN)
with the Acquirer Master Key Encrypting Key (KMA) and using the
leftmost 32 bits of the result as the PPAC.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'D2'

KMA 16 H KMA, encrypted under LMK pair 14-15 variant 0 if the

or security setting “Enforce key type 002 separation for PCI
1 A + 32 H HSM compliance” has the value “N”, or under LMK pair 36-
or 37 variant 8 if the setting has the value “Y”.
1 A + 48 H

PPSN 16 N PIN Pad Serial Number

PPAC 8H PIN Pad Authentication Code

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged
Response Code 2A Value 'D3'

Error Code 2N 00 - No errors

01 – PPAC Verification error
10 - KMA parity error
12 - No keys loaded in user storage
13 LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19
Message Trailer nA Will only be present if in the command message. Maximum
length 32 characters

66 Thales e-Security
>> Chapter 3 – Host Commands

Thales e-Security 67
 >> Chapter 3 – Host Commands

E6/E7 Generate a PIN Pad Proof of Endpoint (POEP)

Command: To generate a PIN Pad Proof of End point (POEP).

Note: The proof of end point (POEP) is generated by the PIN pad by encrypting
the PPASN (PIN Pad Acquirer Secret Number) with one of the Terminal
Master Keys (known as KEK1 or KEK2 in AS2805 Part 6.4) or a
Terminal Encryption Key. Only the left 32 bits is used for the POEP.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'E6'

Flag 1N Flag to indicate which TMK is used

Flag = 1 if TMK1 is used
Flag = 2 if TMK2 is used
Flag = 3 if TEKs is used
Terminal Master Key or 32 H TMK, encrypted under a Variant of LMK pair 14-15 (Variant
Terminal Encryption Key or 1 if Flag = 1; Variant 2 if Flag = 2). TEKs, encrypted under
1 A + 32 H LMK pair 32-33 variant 1
or
1 A + 48 H
PPASN 16 H PIN Pad Acquirer Secret Number encrypted under Variant 8
of LMK pair 14-15

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'E7'

Error Code 2N 00 - No errors

01 - TMK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
Generated POEP 8H Generated POEP
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19
Message Trailer nA Will only be present if in the command message. Maximum
length 32 characters

68 Thales e-Security
>> Chapter 3 – Host Commands

E8/E9 Generate a KCA and KMACH

Command: To generate a Sponsor Cross Acquirer Key (KCA) and Sponsor MAC
key. Return the keys under appropriate LMK key pairs, and PIN Pad
Initial Transport key (KI).

Note: The key schemes for KI and LMK must be H & U respectively. If these
values are not entered, error code 04 will be returned.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'E8'

Flag 1N Flag to indicate which LMK pair input is stored under

0 = LMK 14-15 variant 0 if the security setting “Enforce key
type 002 separation for PCI HSM compliance” has the
value “N”, or under LMK pair 36-37 variant 8 if the
setting has the value “Y”.
1 = LMK 14-15 variant 6

KI 16 H Initial Transport Key, encrypted under:

or  If Flag=0: LMK pair 14-15 variant 0 if the security
1 A + 32 H setting “Enforce key type 002 separation for PCI HSM
or compliance” has the value “N”, or under LMK pair 36-
1 A + 48 H 37 variant 8 if the setting has the value “Y”.
 If Flag=1: LMK 14-15 variant 6

Delimiter 1A Optional: If present the following three fields must be

present.
Value ';'

Key Scheme KI 1A Optional. Key Scheme for encrypting keys under KI

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 69
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'E9'

Error Code 2N 00 - No errors

04 - Invalid key scheme
10 - KI parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
KCA (LMK) 16 H Sponsor Cross Acquirer Key encrypted under LMK pair
or 14-15 variant 0 if the security setting “Enforce key type 002
1 A + 32 H separation for PCI HSM compliance” has the value “N”, or
or under LMK pair 36-37 variant 8 if the setting has the value
1 A + 48 H “Y”.

KCA (KI) 16 H Sponsor Cross Acquirer Key encrypted under KI with

or appropriate variant
1 A + 32 H
or
1 A + 48 H

KMACH (LMK) 16 H Sponsor MAC key encrypted under LMK pair 16-17 variant
or 1
1 A + 32 H
or
1 A + 48 H

KMACH (KI) 16 H Sponsor MAC key encrypted under KI with appropriate

or variant
1 A + 32 H
or
1 A + 48 H

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

70 Thales e-Security
>> Chapter 3 – Host Commands

QI/QJ Translate a PPASN from old to new LMK

Command: To translate a PPASN from encrypted under the old LMK, held in key
change storage, to encryption under a new LMK .

Note: For details of loading the old LMK into Key Change Storage see Ref 3.
The PPASN is not a key so will not be checked for parity.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'QI'

PPASN 16 H PIN PAD Acquirer Security Number encrypted under old

LMK 14-15 variant 8 held in key change storage

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'QJ'

Error Code 2N 00 - No errors

12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
PPASN 16 H PIN PAD Acquirer Security Number encrypted under new
LMK 14-15 variant 8

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 71
 >> Chapter 3 – Host Commands

PY/PZ Verify and Generate an IBM PIN Offset (of a customer

selected PIN)

Command: To Verify an IBM PIN Offset using the AS2805 6.4 key scheme, and if
successful, generate the PIN offset of the customer selected PIN using
the IBM 3624 method. The current and new PINs are supplied in
encrypted PIN Blocks.

Note: The PIN blocks shall be as specified in AS2805.3. The KPE’s shall be
calculated as specified in AS2805.6.4 (Refer Appendix J)
The decimalisation table can be stored in user storage and referenced
in the same way as keys. The decimalisation table of 16 digits must
contain at least 8 different digits, with no digit occurring more than 4
times. If this condition is not met, Error Code 25 is returned.
This command supports Variant LMKs only.
Caution: The behaviour of this command is affected by the following CS
(Configure Security) console command settings:
Decimalization Table: Encrypted/Plaintext [E/P]
 When set to ‘E’ (the default setting), the supplied decimalization
table must be encrypted (using console command ED), and will
consist of 16 hexadecimal digits.
 When set to ‘P’, the supplied decimalization table must be
plaintext, and will consist of 16 decimal digits
Decimalization Table checks enabled? [Yes/No]
 When set to ‘Yes’ (the default setting), the decimalization table
must contain at least 8 different digits, with no digit occurring
more than 4 times. If this condition is not met, error code 25 is
returned.
 When set to ‘No’, the decimalization table is not checked.
Enable support for variable length PIN offset? [Yes/No]
 When set to ‘No’ (the default setting), the length of the generated
Offset is determined by the value of the Check Length parameter.
This setting makes the command backward compatible with
previous versions of HSM software.
 When set to ‘Yes’, the length of the generated Offset matches the
length of the input PIN.
Enable Weak PIN checking? [Yes/No]
 When set to ‘Yes’, the incoming PIN field is checked to ensure it
does not match one of the entries in the appropriate global
‘Excluded PIN Table’. If present, the local ‘Excluded PIN Table’ is
also checked. If a match is found in either list, then the command
fails, returning error code 86

72 Thales e-Security
>> Chapter 3 – Host Commands

 When set to ‘No’ (the default setting), the global ‘Excluded PIN
Table’ is not checked. If present, the local ‘Excluded PIN Table’ is
checked. If a match is found, then the command fails, returning
error code 86.
 When the global ‘Excluded PIN Table’ is required to be checked,
only the one corresponding to the PIN’s length is checked.
 Before the local ‘Excluded PIN Table’ is checked, the ‘Excluded PIN
Length’ parameter is checked to ensure that it matches the length
of the PIN being checked

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'PY'

The TPK under which the PIN block is encrypted; encrypted

32 H under LMK pair 14-15 variant 0 if the security setting
TPK or “Enforce key type 002 separation for PCI HSM compliance”
1 A + 32 H has the value “N”, or under LMK pair 36-37 variant 7 if the
setting has the value “Y”.
PVK 32 H PVK encrypted under LMK pair 14-15 variant 0
or
1 A + 32 H
or
1 A + 48 H

STAN 6N Systems Trace Audit Number

Transaction Amount 12 N Transaction Amount

Current PIN block 16 H The PIN block encrypted under the KPE

PIN block format code 2N One of the valid format codes.

Check length 2N The minimum PIN length.

Account number 12 N For all PIN Block formats except 04, this is a 12 digit field,
or consisting of the 12 right-most digits of the account
18 N number, excluding the check digit.
For PIN Block format 04, this is an 18 digit field consisting
of the account number, excluding the check digit, right-
justified and padded with X'F on the left if necessary

Old Decimalization table 16 N 16 N if console CS cmd is set for Plaintext decimalisation

or tables.
16 H 16 H if console CS cmd is set for Encrypted decimalisation
or tables
1A+3H ‘K’ + 3 H if the decimalization table is held in the
HSM’s User Storage Area

PIN validation data 12 A User-defined data consisting of hexadecimal characters and

or the character N, which indicates to the HSM where to
1 A + 16 H insert the last 5 digits of the account number.
or
User-defined data consisting of the ASCII character 'P'
followed by 16 hexadecimal digits which will be used as input
to the PIN generation algorithm.

Thales e-Security 73
 >> Chapter 3 – Host Commands

Field Length and Type Details

Current Offset 12 H IBM offset value, left-justified and padded with F.

New PIN block 16 H The New PIN block encrypted under the KPE

New Decimalization table 16 N 16 N if console CS cmd is set for Plaintext decimalisation

or tables.
16 H 16 H if console CS cmd is set for Encrypted decimalisation
or tables
1A+3H ‘K’ + 3 H if the decimalization table is held in the
HSM’s User Storage Area
Delimiter 1A Value ‘*'
Only present if the following Excluded PIN fields are present
Excluded PIN Count 2N ‘00’ .. ‘99’ : The number of excluded PINs listed in the
following Excluded PIN Table

Excluded PIN Length 2N ‘04’ .. ‘12’ The length of each excluded PIN in the following
Excluded PIN Table
Only present if Excluded PIN Count > ‘00’

Excluded PIN Table nN A list of PINs to be excluded. The length of this field will be
Excluded PIN Count multiplied by the Excluded PIN Length
characters
Only present if Excluded PIN Count > ‘00’

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

74 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'PZ'

Error Code 2N 00 - No errors.

01 - Verification failure.
10 - TPK parity error.
11 - PVK parity error.
12 - No keys or table loaded in user storage.
13 - LMK error; report to supervisor.
15 - Error in input data.
20 - PIN block error.
21 - Invalid user storage index.
23 - Invalid PIN block format code.
24 - PIN is fewer than 4 or more than 12 digits.
25 - Decimalization table error.
81 - PIN length mismatch
86 - PIN exists in either global or local Excluded PIN Table
88 - AS2805.3 “zero” PIN block received

New Offset 12 H The new offset value; left justified and padded with ‘F’

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 75
 >> Chapter 3 – Host Commands

P0/P1 Verify and Generate a VISA PVV (of a customer

selected PIN)

Command: To Verify a VISA PVV, and if successful, generate the PVV of the
customer selected PIN using the VISA method. The Current & New
PINs are supplied in an encrypted PIN Block.

Note: The PIN blocks shall be as specified in AS2805.3. The KPE’s shall be
calculated as specified in AS2805.6.4 (Refer Appendix J)
VISA defines the PIN Verification Key Indicator (PVKI) to be between 0
and 6. The HSM does not enforce this restriction.
This command will optionally check the input PIN against an ‘Excluded
PIN Table’ in order to exclude ‘weak’ PINs.
The PIN change process requires verifying the existing PIN and
creating a PVV for the new PIN.
This command supports Variant LMKs only.

Caution: The behaviour of this command is affected by the following CS

(Configure Security) console command setting:
Enable Weak PIN checking? [Yes/No]
 When set to ‘Yes’, the incoming PIN field is checked to ensure it
does not match one of the entries in the appropriate global
‘Excluded PIN Table’. If present, the local ‘Excluded PIN Table’ is
also checked. If a match is found in either list, then the command
fails, returning error code 86.
 When set to ‘No’ (the default setting), the global and local
‘Excluded PIN Table’ are not checked. Error code 15 is returned if
a local ‘Excluded PIN Table’ is provided in the command.
 When the global ‘Excluded PIN Table’ is required to be checked,
only the one corresponding to the PIN’s length is checked.
 Before the local ‘Excluded PIN Table’ is checked, the ‘Excluded PIN
Length’ parameter is checked to ensure that it matches the length
of the PIN being checked.

76 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'P0' (P-zero)

The TPK under which the PIN block is encrypted; encrypted

32 H under LMK pair 14-15 variant 0 if the security setting
TPK or “Enforce key type 002 separation for PCI HSM compliance”
1 A + 32 H has the value “N”, or under LMK pair 36-37 variant 7 if the
setting has the value “Y”.
PVK pair 32 H PVK encrypted under LMK pair 14-15 variant 0.
or
1 A + 32 H
or
1 A + 48 H

STAN 6N Systems Trace Audit Number

Transaction Amount 12 N Transaction Amount

Current PIN block 16 H The Current PIN block encrypted under the KPE

PIN block format code 2N One of the valid format codes.

Account number 12 N For all PIN Block formats except 04, this is a 12 digit field,
or consisting of the 12 right-most digits of the account
18 N number, excluding the check digit,
For PIN Block format 04, this is an 18 digit field consisting
of the account number, excluding the check digit, right-
justified and padded with X'F on the left if necessary

PVKI 1N The PVKI (value 0 to 9).

Current PVV 4N The PIN Verification Value for the current PIN

New PIN Block 16 H The New PIN block encrypted under the KPE

Delimiter 1A Value ‘*'

Only present if the following Excluded PIN fields are present

Excluded PIN Count 2N ‘00’ .. ‘99’ : The number of excluded PINs listed in the
following Excluded PIN Table

Excluded PIN Length 2N ‘04’ .. ‘12’ The length of each excluded PIN in the following
Excluded PIN Table
Only present if Excluded PIN Count > ‘00’

Excluded PIN Table nN A list of PINs to be excluded. The length of this field will be
Excluded PIN Count multiplied by the Excluded PIN Length
characters
Only present if Excluded PIN Count > ‘00’

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Thales e-Security 77
 >> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'P1'

Error Code 2N 00 - No errors.

01 - PIN Verification failure.
10 - TPK parity error.
11 - PVK parity error.
12 - No keys or table loaded in user storage.
13 - LMK error; report to supervisor.
15 - Error in input data.
20 - PIN block does not contain valid values
21 - Invalid user storage index.
23 - Invalid PIN block format code.
24 - PIN is fewer than 4 or more than 12 digits.
27 - PVK not double length
81 - PIN length mismatch
86 - PIN exists in either global or local Excluded PIN Table
88 - AS2805.3 “zero” PIN block received

New PVV 4N The PVV for the new PIN

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

78 Thales e-Security
>> Chapter 3 – Host Commands

P2/P3 Generate a VISA PVV (of a customer selected PIN)

Command: Generate a 4 digit VISA PVV. The PIN (for which a PVV is required) is
supplied in an encrypted PIN Block.

Note: The PIN blocks shall be as specified in AS2805.3. The KPE’s shall be
calculated as specified in AS2805.6.4 (Refer Appendix J)
VISA defines the PIN Verification Key Indicator (PVKI) to be between 0
and 6. The HSM does not enforce this restriction.
This command will optionally check the input PIN against an ‘Excluded
PIN Table’ in order to exclude ‘weak’ PINs.
This command supports Variant LMKs only.

Caution: The behaviour of this command is affected by the following CS

(Configure Security) console command setting:
Enable Weak PIN checking? [Yes/No]
 When set to ‘Yes’, the incoming PIN field is checked to ensure it
does not match one of the entries in the appropriate global
‘Excluded PIN Table’. If present, the local ‘Excluded PIN Table’ is
also checked. If a match is found in either list, then the command
fails, returning error code 86.
 When set to ‘No’ (the default setting), the global and local
‘Excluded PIN Table’ are not checked. Error code 15 is returned if
a local ‘Excluded PIN Table’ is provided in the command.
 When the global ‘Excluded PIN Table’ is required to be checked,
only the one corresponding to the PIN’s length is checked.
 Before the local ‘Excluded PIN Table’ is checked, the ‘Excluded PIN
Length’ parameter is checked to ensure that it matches the length
of the PIN being checked.

Thales e-Security 79
 >> Chapter 3 – Host Commands

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'P2'

The TPK under which the PIN block is encrypted; encrypted

32 H under LMK pair 14-15 variant 0 if the security setting
TPK or “Enforce key type 002 separation for PCI HSM compliance”
1 A + 32 H has the value “N”, or under LMK pair 36-37 variant 7 if the
setting has the value “Y”.
PVK pair 32 H PVK encrypted under LMK pair 14-15 variant 0
or
1 A + 32 H
or
1 A + 48 H

STAN 6N Systems Trace Audit Number

Transaction Amount 12 N Transaction Amount

PIN block 16 H The PIN block encrypted under the KPE

PIN block format code 2N One of the valid format codes.

Account number 12 N For all PIN Block formats except 04, this is a 12 digit field,
or consisting of the 12 right-most digits of the account
18 N number, excluding the check digit,
For PIN Block format 04, this is an 18 digit field consisting
of the account number, excluding the check digit, right-
justified and padded with X'F on the left if necessary

PVKI 1N The PVKI (value 0 to 9).

Delimiter 1A Value ‘*'

Only present if the following Excluded PIN fields are present

Excluded PIN Count 2N ‘00’ .. ‘99’ : The number of excluded PINs listed in the
following Excluded PIN Table

Excluded PIN Length 2N ‘04’ .. ‘12’ The length of each excluded PIN in the following
Excluded PIN Table
Only present if Excluded PIN Count > ‘00’

Excluded PIN Table nN A list of PINs to be excluded. The length of this field will be
Excluded PIN Count multiplied by the Excluded PIN Length
characters
Only present if Excluded PIN Count > ‘00’

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

80 Thales e-Security
>> Chapter 3 – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'P3'

Error Code 2N 00 - No errors.

10 - TPK parity error.
11 - PVK parity error.
12 - No keys or table loaded in user storage.
13 - LMK error; report to supervisor.
15 - Error in input data.
20 - PIN block does not contain valid values
21 - Invalid user storage index.
23 - Invalid PIN block format code.
24 - PIN is fewer than 4 or more than 12 digits.
27 - PVK not double length
81 - PIN length mismatch
86 - PIN exists in either global or local Excluded PIN Table
88 - AS2805.3 “zero” PIN block received

PVV 4N The PVV for the PIN

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 81
 >> Chapter 3 – Host Commands

P4/P5 Generate a Proof of Host value

Command: To generate a value for the host to send to the PIN pad to prove the
host is the bona fide host for the terminal. As per AS2805 6.4 terminal
key management.

Note: The One Way Function is as specified in AS2805.5.4. (Refer to

Appendix N-A).
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'P4'

Terminal Master Key 1 1 A + 32 H TMK1, encrypted under Variant 1 of LMK pair 14-15
or
1 A + 48 H

PPASN (LMK) 16 H PPASN, encrypted under Variant 8 of LMK pair 14-15

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'P5'

Error Code 2N 00 - No errors.

10 – TMK1 parity error.
12 - No keys or table loaded in user storage.
13 - LMK error; report to supervisor.
15 - Error in input data.

Host Proof 8H The value for host proof of endpoint

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

82 Thales e-Security
>> Chapter 4 – RSA Host Commands

>> Chapter 4 – RSA Host Commands

Introduction
This section specifies the RSA Host commands provided to support the
requirements of the AS2805 standards.

H2/H3 Calculate a RSA Public Key Verification Code

Command: Calculate a Public Key Verification Code.

Notes: This command supports Variant LMKs only.

This command requires optional license LIC002 (RSA).

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'H2'

Public key encoding 2N Encoding rules for public key (must allow public key length to
be inferred).

Public key nB Public key, encoded appropriately

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'H3'

00 : No errors.
03 : Invalid public key encoding type.
04 : Length error.
06 : Public exponent length error.
08 : Supplied public exponent is even.
15 : Error in input data.

PVC 16 H The Public Key Verification Code

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19
Message Trailer nA Will only be present if in the command message. Maximum
length 32 characters

Thales e-Security 83
 >> Chapter 4 – RSA Host Commands

H4/H5 Generate a KEKs for use in Node to Node interchange

using RSA

Command: To generate a new Random Key Encrypting Key (Send) KEKs for use
with interchange partners, Encrypt the key under the supplied Public
Key, and encrypt it under LMK pair 04-05 variant 4.

Note: This command supports Variant LMKs only.

This command requires optional license LIC002 (RSA).

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'H4'

Public Key encoding 2N Encoding rules for the supplied public key (must allow the
public key to be inferred)

MAC 4B MAC on the public key and authentication data, calculated

using LMK pair 36-37

Public Key Rcv nB PKr Public Key of Interchange partner

Authentication Data nA Optional. Additional data to be included in the MAC

calculation (must not include ;).

Delimiter 1A Value ';'

Secret key flag 2N The number is the index of the stored secret key, except 99
which means use the key supplied in the command

Secret key length 4N Length (in bytes) of the next field (present only if the secret
key flag is 99).
Secret Key nB SKs Secret Key encrypted under LMK pair 34-35. (present
only if the secret key flag is 99).

Delimiter 1A Optional: If present the following three fields must be

present.
Value ';'

Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

84 Thales e-Security
>> Chapter 4 – RSA Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'H5'

Error Code 2N 00 - No Errors

01 - PK MAC failure
03 - Invalid PK encoding value (only '01' defined).
04 - Invalid SK flag
05 - SK modulus length < 512.
06 - Corrupt PK
07 - Invalid SK type
08 - PK modulus length < 512.
13 - LMK parity error
15 - Input data error
47 - DSP failure
49 - Corrupt SK
78 - SK length error
KEKs 1 A + 32 H KEKs, encrypted under LMK pair 04-05 variant 4

ePKr (KEKs) nB Key Block encrypted by Public Key of recipient

sSKs(H(KEKs)) nB Signed SHA-1 hash of Key Block

KVC 6H Key Check Value of KEKs

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19
Message Trailer nA Will only be present if in the command message. Maximum
length 32 characters

Thales e-Security 85
 >> Chapter 4 – RSA Host Commands

H6/H7 Receive a KEKr for use in Node to Node interchange

using RSA

Command: To decrypt a Key Encrypting Key from under a RSA key pair and to
encrypt it under LMK pair 04-05 variant 3.

Note: This command supports Variant LMKs only.

This command requires optional license LIC002 (RSA).

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'H6'

Public Key encoding 2N Encoding rules for the supplied public key (must allow the
public key to be inferred)
MAC 4B MAC on the public key and authentication data, calculated
using LMK pair 36-37

Public Key Send nB PKs Public Key of Interchange partner ASN.1 encoded

Authentication Data nA Optional. Additional data to be included in the MAC

calculation (must not include ;).

Delimiter 1A Value ';'

Secret key flag 2N The number is the index of the stored secret key, except 99
which means use the key supplied in the command

Secret key length 4N Length (in bytes) of the next field (present only if the secret
key flag is 99).
Secret Key nB SKs Secret Key encrypted under LMK pair 34-35. (present
only if the secret key flag is 99).
Delimiter 1A Value ';' (present only if the secret key flag is 99)

Data Length 4N Length (in bytes) of the following data block

sSKs(H(KEKr)) nB Signed SHA-1 hash of Key Block

Delimiter 1A Value ';'

Data Length 4N Length (in bytes) of the following data block

ePKr (KEKr) nB Key Block encrypted by Public Key

Delimiter 1A Value ';'

KVC 6H Key Check Value of KEKs

Delimiter 1A Optional: If present the following three fields must be

present. Value ';'
Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Key Check Value type 1A Optional. Key check value calculation method.
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

86 Thales e-Security
>> Chapter 4 – RSA Host Commands

Field Length and Type Details

End Message Delimiter 1C Optional. Must be present if a message trailer is present.
Value X'19
Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'H7'

Error Code 2N 00 - No errors

01 - PK MAC failure
02 - Signature failure
03 - Invalid PK encoding value (only '01' defined).
04 - Invalid SK flag
05 - SK modulus length < 512.
06 - Corrupt PK
07 - Invalid SK type
08 - PK modulus length < 512.
09 - KCV failure
13 - LMK parity error
15 - Input data error
47 - DSP failure
49 - Corrupt SK
76 - Signature/KEK length <> modulus length
77 - Decrypted Signature/KEK blocks corrupt
78 - SK length error

KEKr 1 A + 32 H KEKr encrypted under LMK 04-05 variant 3

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 87
 >> Chapter 4 – RSA Host Commands

H0/H1 Decrypt a PIN Pad Public Key

Command: To decrypt a PIN Pad Public Key (PPPK) from encryption under a
Manufacturer Secret Key (MSK), using the Manufacturer Public Key
(MPK).

Note: All RSA data blocks will conform to the format defined in “APCA2000
SPECIFICATION FOR A SECURITY CONTROL MODULE FUNCTION SET”,
version 3.3, section 5.4.4.1 DEA 2 Text Block - DFormat 1 (see
appendix Z1).
This command supports Variant LMKs only.
This command requires optional license LIC002 (RSA).

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'H0'

Public Key encoding 2N Encoding rules for the supplied public key (must allow the
public key to be inferred)

MAC 4B MAC on the public key and authentication data, calculated

using LMK pair 36-37

Manufacturer Public Key nB MPK Public Key of Manufacturer ASN.1 encoded

Authentication Data nA Optional. Additional data to be included in the MAC
calculation (must not include ';').

Delimiter 1A Value ';'

Data Length 4N Length (in bytes) of the following data block

sMSK( PPPK ) nB PIN PAD Public Key signed by Manufacturer Secret Key

Delimiter 1A Optional; if present, the following two fields must be

present. Value ':'

Exponent Length 4N Optional; indicates the length (in bits) of the PPPK exponent.
PPPK Exponent nB Optional; PPPK exponent. If supplied, this field must be an
odd value.

Delimiter 1A Optional, if present following field must be present Value ';'

PPPK Authentication nA Optional; additional data to be included in the MAC

Data calculation (must not include ';').

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

88 Thales e-Security
>> Chapter 4 – RSA Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'H1'

Error Code 2N 00 - No errors

01 - MPK MAC failure
02 - Signature failure
03 - Invalid PK encoding value
06 - Corrupt PK
13 - LMK parity error
15 - Input data error
47 - DSP failure
76 – Data Length not equal to MPK modulus length
77 – RSA block checksum failure
80 - sMSK( PPPK ) length error

PPPK nB PIN PAD Public Key ASN.1 encoded

MAC 4B MAC on the PIN PAD Public Key and authentication data,
calculated using LMK pair 36-37

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 89
 >> Chapter 4 – RSA Host Commands

H8/H9 Encrypt a Cross Acquirer Key Encrypting Key under an

Initial Transport Key

Command: To decrypt an Initial Transport Key (KTI) from encryption under a Host
RSA Public Key (KHPK) and a PIN Pad Secret Key (PPSK) and to
encrypt a newly generated Cross Acquirer Key Encrypting Key (KCA)
under a variant of the KTI and also under the appropriate LMK pair.

Note: IT IS THE RESPONSIBILITY OF THE PROGRAMMER TO ENSURE THE

KEY SIZES ARE CONSISTENT WITH THE RELEVENT AS2805
STANDARD.
e.g. AS2805.6.5.3 currently recommends these to be 1024 bits
for the Manufacturer PK/SK. 960 bits for the PIN Pad PK/SK and
896 bits for the Acquirer (HSM) PK/SK
This command supports Variant LMKs only.
This command requires optional license LIC002 (RSA).

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'H8'

Public Key encoding 2N Encoding rules for the supplied public key (must allow the
public key to be inferred)

MAC 4B MAC on the public key and authentication data, calculated

using LMK pair 36-37

PIN PAD Public Key nB PPPK Public Key of PIN PAD ASN.1 encoded
Authentication Data nA Optional. Additional data to be included in the MAC
calculation (must not include ;).

Delimiter 1A Value ';'

Secret key flag 2N The number is the index of the stored secret key, except 99
(SKsp) which means use the key supplied in the command

Secret key length 4N Length (in bytes) of the next field (present only if the secret
key flag is 99).

Secret Key nB SK Secret Key (SKsp) encrypted under LMK pair 34-35.
(present only if the secret key flag is 99).

Delimiter 1A Value ';' Only present if the secret key flag is 99.

Data Length 4N Length (in bytes) of the following data block

Data Block nB Data block encrypted by the Host Public Key, and the PIN
PAD Secret Key

Delimiter 1A Optional, If present following field must be present Value ';'

Random Number 16 H Random number

Delimiter 1A Optional: If present the following three fields must be

present. Value
Key Scheme KTI 1A Optional. Key Scheme for encrypting keys under KTI

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

90 Thales e-Security
>> Chapter 4 – RSA Host Commands

Field Length and Type Details

Optional. Key check value calculation method.
Key Check Value type 1A
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19
Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'H9'

Error Code 2N 00 - No errors

01 - PPPK MAC failure
03 - Invalid Secret Key index
04 - Public Key does not match encoding rules
05 - Data block format error
10 - KTI parity error; advice only
13 - LMK parity error
15 - Error in input data
47 - DSP error; report to supervisor
49 - SKsp corrupt; report to supervisor
50 - Random number error
76 - Key length/data block length mismatch
77 - Clear data block does not conform to encoding rules
78 - SKsp length error
80 - PPPK length error
KCA (KTI) 1 A + 32 H KCA, encrypted under Variant G of KTI

KCA (LMK) 1 A + 32 H KCA, encrypted under LMK pair 14-15 variant 0 if the
security setting “Enforce key type 002 separation for PCI
HSM compliance” has the value “N”, or under LMK pair 36-
37 variant 8 if the setting has the value “Y”.

DTS 10 N Date/Time Stamp

PPSN 16 N PIN Pad Serial Number

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 91
 >> Chapter 4 – RSA Host Commands

I0/I1 Encrypt a Terminal Key under the Local Master Key

Command: To decrypt a Terminal Key (KT) from encryption under a Host RSA
Public Key (KHPK) and a PIN Pad Secret Key (PPSK) and to encrypt it
under the appropriate LMK pair.

Note: This command supports Variant LMKs only.

This command requires optional license LIC002 (RSA).

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'I0'

Public Key encoding 2N Encoding rules for the supplied public key (must allow the
public key to be inferred)

MAC 4B MAC on the public key and authentication data, calculated

using LMK pair 36-37

PIN PAD Public Key nB PPPK Public Key of PIN PAD ASN.1 encoded
Authentication Data nA Optional. Additional data to be included in the MAC
calculation (must not include ;).
Delimiter 1A Value ';'

Secret key flag 2N The number is the index of the stored secret key, except 99
(SKsp) which means use the key supplied in the command

Secret key length 4N Length (in bytes) of the next field (present only if the secret
key flag is 99).

Secret Key nB SK Secret Key (SKsp) encrypted under LMK pair 34-35.
(present only if the secret key flag is 99).

Delimiter 1A Value ';' Only present if the secret key flag is 99.

Data Length 4N Length (in bytes) of the following data block

Data Block nB Data block, encrypted with the KHPK and the PPSK, right
justified and padded with 0 if necessary
Delimiter 1A Value ';'

Random Number 16 H Random Number

Delimiter 1A Optional, if present following field must be present Value ';'

Key Scheme ZMK 1A Optional. Key Scheme for encrypting keys under ZMK

Key Scheme LMK 1A Optional. Key Scheme for encrypting keys under LMK

Optional. Key check value calculation method.

Key Check Value type 1A
1 = KCV 6H (Appendix C)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

92 Thales e-Security
>> Chapter 4 – RSA Host Commands

Field Length and Type Details

End Message Delimiter 1C Optional. Must be present if a message trailer is present.
Value X'19
Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'I1'

Error Code 2N 00 - No errors

01 - PPPK MAC failure
03 – Invalid Secret Key index
04 - Public Key does not match encoding rules
05 - Data block format error
10 - KTI parity error; advice only
13 - LMK parity error
15 - Error in input data
47 - DSP error; report to supervisor
49 – SKsp corrupt; report to supervisor
50 - Random number error
76 – Key length/data block length mismatch
77 – Clear data block does not conform to encoding rules
78 – SKsp length error
80 – PPPK length error

KT 1 A + 32 H KT, encrypted under LMK pair 14-15 variant 0 if the

security setting “Enforce key type 002 separation for PCI
HSM compliance” has the value “N”, or under LMK pair 36-
37 variant 8 if the setting has the value “Y”.

DTS 10 N Date/Time Stamp

PPID 16 N PIN Pad Identification Number

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

Thales e-Security 93
 >> Chapter 5 – AS2805.6.2 Support – Introduction

>> Chapter 5 – AS2805.6.2 Support –

Introduction

This section details all the host commands required to support the AS2805.6.2 –
2002 standard.

Purpose of this Section

The Australian Standard AS2805.6.2 - 2002 (Ref.8) on transaction key
management supersedes the earlier (1988) standard (Ref.3). The main difference
between the two standards is that the 2002 version of the standard specifies the
use of double length keys, whereas the 1988 standard uses single length keys only.
The standard firmware for the Thales payShield 9000 has a number of functions to
support the 1988 standard (see Ref.1, Chapter 28, and Ref.4).
This section specifies new functions for the payShield 9000 to support the 2002
standard. In order to maintain backwards compatibility with existing applications,
the new commands have been written to permit both single length key (1988
standard) and double length key (2002 standard) processing. Where the 2002
standard processing requirements necessitate additional fields, these have been
included as optional fields at the end of each command.

Summary of Transaction Key Scheme

The AS2805.6.2 transaction key management scheme is based on each terminal
having a key (the Terminal Key (TK)) that is updated automatically with each
transaction. The update is based on the current TK and Message Authentication
Code (MAC) Residues of the current transaction. The MAC Residue is calculated
using a MAC Key, derived from the current TK and the Primary Account Number
(PAN) of the current debit or credit card. Similarly, a PIN Encryption Key is derived
from the TK and the card data.
Thus, the current TK at a terminal is a function of the initial TK at that terminal and
all previous cards and transaction details at that terminal.
The Acquirer system maintains a database of current TKs for all the terminals it
supports, and updates each TK as described above.

94 Thales e-Security
>> Chapter 5 – AS2805.6.2 Support – Introduction

Details of all processing primitives used during a transaction are given in the
Appendices at the end of this document. Specifically Appendix N, under the
following headings:
> One-Way Function (OWF)
> Derivation of Data Values
> MAC Key Derivation
> PIN Encipherment Key Derivation
> Privacy Key Derivation
> Terminal Key Update
> MAC and MAC Residue (MAR) Calculation
> Authentication Parameter (AP)
The following diagram shows a transaction flow, between a terminal and the
Acquirer. The transaction is initiated from the terminal. The shaded fields are not
transmitted, but where they precede the MAC they form part of the data used to
calculate the MAC.

The Authentication Parameter (AP) is calculated from card data, including

discretionary data (possibly non-transmitted), certain transaction details and the
terminal identifier. In the most secure version of the scheme, where the
discretionary data is not transmitted, only the Card Issuer can calculate the AP.
Thus, the inclusion of the AP in the MAC calculation for the Response Message is
“proof” of the Card Issuer’s involvement in the transaction.

Thales e-Security 95
 >> Chapter 5 – AS2805.6.2 Support – Introduction

If the discretionary card data is transmitted in the Request Message then the AP
may be calculated by the Acquirer.

Summary of Commands Specified in this section

The commands specified in this section fall, naturally, into five categories:

Transaction with no PIN and AP Generated by the Acquirer

In this case, the sequence of commands is:
Command Description Notes

'RE' Verify Transaction Request, without PIN Acquirer function

'RK' Generate Transaction Response when AP Generated by Acquirer function
the Acquirer
'RQ' Verify Transaction Completion Confirmation Request Acquirer function (optional)
'RS' Generate Transaction Completion Response Acquirer function (only if previous
command ('RQ') is required)

Transaction with no PIN and AP Generated by the Issuer

In this case, the sequence of commands is:
Command Description Notes

'RE' Verify Transaction Request, without PIN Acquirer function

'RU' Generate AP at Card Issuer Issuer function
'RM' Generate Transaction Response when AP Generated by Acquirer function
the Issuer
'RQ' Verify Transaction Completion Confirmation Request Acquirer function (optional)
'RS' Generate Transaction Completion Response Acquirer function (only if previous
command ('RQ') is required)

PIN Verification at the Acquirer

In this case, the sequence of commands is:

Command Description Notes

'RG' Verify Transaction Request, with PIN, when CD Field Acquirer function
Available
'DA','CG', PIN Verify (standard commands) Acquirer function
'DC','BC'
'RK' Generate Transaction Response when AP Generated Acquirer function
by the Acquirer
'RQ' Verify Transaction Completion Confirmation Request Acquirer function (optional)
'RS' Generate Transaction Completion Response Acquirer function (only if previous
command ('RQ') is required)

PIN Verification at the Issuer

In this case, the sequence of commands is:

96 Thales e-Security
>> Chapter 5 – AS2805.6.2 Support – Introduction

Command Description Notes

'RI' Verify Transaction Request, with PIN, when CD Field Acquirer function
not Available
'RO' Translate PIN from PEK to ZPK Encryption Acquirer function
'QQ','QS', PIN Verify (various methods) Issuer function
'QU','QW'
'RM' Generate Transaction Response when AP Generated Acquirer function
by the Issuer
'RQ' Verify Transaction Completion Confirmation Request Acquirer function (optional)
'RS' Generate Transaction Completion Response Acquirer function (only if previous
command ('RQ') is required)

Other Commands
The RW command is a “new” command, in that there is no equivalent function
specified in Ref.1. The QM & QO commands are required to satisfy the requirement
to encipher track 2 data in terminals supporting AS2805.6.2 functionality

Command Description Notes

'RW' Generate Initial Terminal Key Acquirer function

'QM' Data Encryption Using a Derived Privacy Key Acquirer function
'QO' Data Decryption Using a Derived Privacy Key Acquirer function

Thales e-Security 97
 >> Chapter 6 – AS2805.6.2 Support – Host Commands

>> Chapter 6 – AS2805.6.2 Support –

Host Commands

RE/RF Verify a Transaction Request, without PIN

Command: To verify a transaction Request Message, without PIN, and return the
MAC Residue (MARX) for subsequent inclusion in the MAC calculation
for the Response Message.

Note: If the host system is unable to support binary communication then this
command will use standard (ASCII) asynchronous mode, in which case
the message text is in expanded hexadecimal format.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'RE'

TK Single or double length Terminal Key, encrypted under LMK

16 H pair 14-15 variant 0 if the security setting “Enforce key type
or 002 separation for PCI HSM compliance” has the value “N”,
1 A + 32 H or under LMK pair 36-37 variant 8 if the setting has the
value “Y”.

AB Field 16 H AB field, as defined in AS2805.6.2

EITHER (for binary communication) the following two fields

Message Length 3H Length (in bytes) of the next field; max value X’320

Message Text nB Message text; the last 64 bits (8 bytes) contain the MAC
field, of which the leftmost 4, 6 or 8 bytes contain the MAC
(depends on value of optional MAC Length field)

OR (for standard asynchronous (ASCII) communication) the following two fields

Message Length 3H Length (in characters) of the next field; max value X’320

Message Text nH Message text; the last 16 characters contain the MAC field,
of which the leftmost 8, 12 or 16 characters contain the
MAC (depends on value of optional MAC Length field)

Delimiter 1A Optional field; present only if MAC Length field is present;

value = ';'
MAC Length 1N Optional field; if field not present then value 0 is assumed:
0 = 32-bit MAC (single or double length TK)
1 = 48-bit MAC (double length TK only)
2 = 64-bit MAC (double length TK only)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

98 Thales e-Security
>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

End Message Delimiter 1C Optional field; must be present if a message trailer is
present; value X’19
Message Trailer nA Optional field; maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RF'

Error Code 2N 00: No errors
01: MAC verification failure
10: Terminal Key parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
65: Transaction Key Scheme set to None
80: Message length error
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error

MARX 8 H or 16 H Encrypted MAC Residue (X) for use in the transaction

response message:
8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11
End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 99
 >> Chapter 6 – AS2805.6.2 Support – Host Commands

RG/RH Verify a Transaction Request, with PIN, when CD Field

Available

Command: To verify a transaction Request Message, with PIN, and return the
encrypted derived Terminal PIN Key (TPK), the PIN block encrypted
under the TPK and the MAC Residue (MARX) for subsequent inclusion
in the MAC calculation for the Response Message.

Notes: The output encrypted TPK and PIN block can be used by the Acquirer to
verify the PIN using a standard PIN verification command ('DA', 'CG', 'DC'
or 'BC').
If the host system is unable to support binary communication then this
command will use standard (ASCII) asynchronous mode, in which case
the message text is in expanded hexadecimal format.
The PIN Block Pointer field represents the position of the first byte of
the PIN block (8 bytes) in the binary representation of the Message Text
(it is therefore independent of the communication protocol).
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RG'

TK Single or double length Terminal Key, encrypted under LMK

16 H pair 14-15 variant 0 if the security setting “Enforce key type
or 002 separation for PCI HSM compliance” has the value “N”,
1 A + 32 H or under LMK pair 36-37 variant 8 if the setting has the
value “Y”.

AB Field 16 H AB field, as defined in AS2805.6.2

CD Field 16 H CD field, as defined in AS2805.6.2

PIN Block Pointer 3H Pointer to first byte of encrypted PIN block in binary
message text; value X’000 to X’310

EITHER (for binary communication) the following two fields

Message Length 3H Length (in bytes) of the next field; max value X’320

Message Text nB Message text; the last 64 bits (8 bytes) contain the MAC
field, of which the leftmost 4, 6 or 8 bytes contain the MAC
(depends on value of optional MAC Length field)

OR (for standard asynchronous (ASCII) communication) the following two fields

Message Length 3H Length (in characters) of the next field; max value X’320

Message Text nH Message text; the last 16 characters contain the MAC field,
of which the leftmost 8, 12 or 16 characters contain the
MAC (depends on value of optional MAC Length field)

Delimiter 1A Optional field; present only if MAC Length field is present;

value = ';'
MAC Length 1N Optional field; if field not present then value 0 is assumed:
0 = 32-bit MAC (single or double length TK)

100 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

1 = 48-bit MAC (double length TK only)
2 = 64-bit MAC (double length TK only)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RH'

Error Code 2N 00: No errors

01: MAC verification failure
10: Terminal Key parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
20: PIN block error
21: Invalid user storage index
65: Transaction Key Scheme set to None
80: Message length error
88: Zero PIN block encountered: advice only.
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error

TPK Derived Terminal PIN Key, encrypted under LMK pair 14-15
16 H variant 0 if the security setting “Enforce key type 002
or separation for PCI HSM compliance” has the value “N”, or
1 A + 32 H under LMK pair 36-37 variant 7 if the setting has the value
“Y”.

PIN Block 16 H PIN block, encrypted under the derived TPK

MARX 8 H or 16 H Encrypted MAC Residue (X) for use in the transaction

response message:
8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 101

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

RI/RJ Verify a Transaction Request, with PIN, when CD Field

not Available (when selected Transaction Key Scheme is
Australian)

Command: To verify a transaction Request Message, with PIN, and return the
encrypted PIN Encipherment Key (PEK), for use in the 'RO' command,
and the MAC Residue (MARX) for subsequent inclusion in the MAC
calculation for the Response Message.

Notes: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HI Host
command can be used, which provides exactly the same functionality as
the RI Host command described below.
b) If the host system is unable to support binary communication then
this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
c) This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RI'

Single or double length Terminal Key, encrypted under LMK

16 H pair 14-15 variant 0 if the security setting “Enforce key type
TK or 002 separation for PCI HSM compliance” has the value “N”,
1 A + 32 H or under LMK pair 36-37 variant 8 if the setting has the
value “Y”.

AB Field 16 H AB field, as defined in AS2805.6.2

EITHER (for binary communication) the following two fields

Message Length 3H Length (in bytes) of the next field; max value X’320

Message Text nB Message text; the last 64 bits (8 bytes) contain the MAC
field, of which the leftmost 4, 6 or 8 bytes contain the MAC
(depends on value of optional MAC Length field)

OR (for standard asynchronous (ASCII) communication) the following two fields

Message Length 3H Length (in characters) of the next field; max value X’320
Message Text nH Message text; the last 16 characters contain the MAC field,
of which the leftmost 8, 12 or 16 characters contain the
MAC (depends on value of optional MAC Length field)

Delimiter 1A Optional field; present only if MAC Length field is present;

value = ';'

MAC Length 1N Optional field; if field not present then value 0 is assumed:
0 = 32-bit MAC (single or double length TK)
1 = 48-bit MAC (double length TK only)

102 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

2 = 64-bit MAC (double length TK only)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

Thales e-Security 103

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RJ'

Error Code 2N 00: No errors

01: MAC verification failure
10: Terminal Key parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
65: Transaction Key Scheme set to None
80: Message length error
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error

PIN Encipherment Key, encrypted under LMK pair 14-15

16 H variant 0 if the security setting “Enforce key type 002
PEK or separation for PCI HSM compliance” has the value “N”, or
1 A + 32 H under LMK pair 36-37 variant 7 if the setting has the value
“Y (for use with the “RO” command)

MARX 8 H or 16 H Encrypted MAC Residue (X) for use in the transaction

response message:
8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

104 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

HI/HJ Verify a Transaction Request, with PIN, when CD Field

not Available (when selected Transaction Key Scheme is Racal)

Command: To verify a transaction Request Message, with PIN, and return the
encrypted PIN Encipherment Key (PEK), for use in the 'RO' command,
and the MAC Residue (MARX) for subsequent inclusion in the MAC
calculation for the Response Message.
Notes: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RI command
described in this manual. This allows both Australian and Racal
Transaction Key Schemes to be used on the same payShield 9000.
The structure of this command and response is identical to the RI Host
command described in this manual, except that:
Command Code = HI
Response Code = HJ
If Transaction Key Scheme has been set to Australian, then the RI Host
command (as described in this manual) must be used. (With this
setting, the HI command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual

b) If the host system is unable to support binary communication then

this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
c) This command supports Variant LMKs only.

Thales e-Security 105

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

RK/RL Generate Transaction Response, with Auth Para

Generated by Acquirer (when selected Transaction Key Scheme
is Australian)

Command: To generate a transaction Response Message (when Auth Para is

generated by the Acquirer) and to update the Terminal Key.

Notes: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HK Host
command can be used, which provides exactly the same functionality as
the RK Host command described below. For further details, see
Chapter 12 of the payShield 9000 General Information Manual.
b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')
c) If the host system is unable to support binary communication then
this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
d) The AT, STAN and CATID Pointer fields represent the position of the
first byte of each of the relevant data items in the binary representation
of the Message Text (they are therefore independent of the
communication protocol). Note that the AT is 6 bytes (12 digits) in
length, the STAN is 3 bytes (6 digits) and the CATID is 8 bytes (16
digits).
e) This function can also be used to generate a MAC and update the
Terminal Key for an Administration Response Message. In this case
the AP Include Flag should be set to 'E'.
f) This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RK'

TK Single or double length Terminal Key, encrypted under LMK

16 H pair 14-15 variant 0 if the security setting “Enforce key type
or 002 separation for PCI HSM compliance” has the value “N”,
1 A + 32 H or under LMK pair 36-37 variant 8 if the setting has the
value “Y”.
AB Field 16 H AB field, as defined in AS2805.6.2

MARX 8 H or 16 H Encrypted MAC Residue (X) from the transaction request:

8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under

106 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

LMK pair 10-11

AP Include Flag 1A Flag to indicate whether to include Auth Para in the MAC
calculation; Value 'I' = include, 'E' = exclude
CD Field 16 H CD field, as defined in AS2805.6.2; only present if AP
Include Flag = 'I'
AT Pointer 3H Pointer to first byte of transaction amount in binary
message text; value X’000 to X’31A only present if AP
Include Flag = 'I'

STAN Pointer 3H Pointer to first byte of systems trace audit number in binary
message text; value X’000 to X’31D; only present if AP
Include Flag = 'I'
CATID Pointer 3H Pointer to first byte of card acceptor terminal identification
in binary message text; value X’000 to X’318; only present
if AP Include Flag = 'I'

EITHER (for binary communication) the following two fields

Message Length 3H X’001 to X’320 indicating the length of the next field.

Message Text nB 1 to 800 bytes of message.

OR (for standard asynchronous (ASCII) communication) the following two fields

Message Length 3H Length (in characters) of the next field; max value X’320

Message Text nH Message text (maximum length = 800 hexadecimal

characters, representing 400 bytes)
Delimiter 1A Optional field; present only if MAC Length field is present;
value = ';'

MAC Length 1N Optional field; if field not present then value 0 is assumed:
0 = 32-bit MAC (single or double length TK)
1 = 48-bit MAC (double length TK only)
2 = 64-bit MAC (double length TK only)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19
Message Trailer nA Optional field; maximum length 32 characters

Thales e-Security 107

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RL'

Error Code 2N 00: No errors

10: Terminal Key parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
20: PIN block error
21: Invalid user storage index
65: Transaction Key Scheme set to None
80: Message length error
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error

MARY 8 H or 16 H Encrypted MAC Residue (Y) from the transaction response:

8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11

MAC 8 H, 12H or 16 H MAC (length dependent on value of MAC Length field)

New TK New single or double length Terminal Key, encrypted under

16 H LMK pair 14-15 variant 0 if the security setting “Enforce key
or type 002 separation for PCI HSM compliance” has the value
1 A + 32 H “N”, or under LMK pair 36-37 variant 8 if the setting has
the value “Y”.

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

108 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

HK/HL Generate Transaction Response, with Auth Para

Generated by Acquirer (when selected Transaction Key Scheme
is Racal)

Command: To generate a transaction Response Message (when Auth Para is

generated by the Acquirer) and to update the Terminal Key.

Notes: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RK command
described in this manual. This allows both Australian and Racal
Transaction Key Schemes to be used on the same payShield 9000.
The structure of this command and response is identical to the RK Host
command described in this manual, except that:
Command Code = HK
Response Code = HL
If Transaction Key Scheme has been set to Australian, then the RK Host
command (as described in this manual) must be used. (With this
setting, the HK command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual

For further details, see Chapter 12 of the payShield 9000 General

Information Manual.

b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')

Thales e-Security 109

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

c) If the host system is unable to support binary communication then

this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
d) The AT, STAN and CATID Pointer fields represent the position of the
first byte of each of the relevant data items in the binary representation
of the Message Text (they are therefore independent of the
communication protocol). Note that the AT is 6 bytes (12 digits) in
length, the STAN is 3 bytes (6 digits) and the CATID is 8 bytes (16
digits).
e) This function can also be used to generate a MAC and update the
Terminal Key for an Administration Response Message. In this case
the AP Include Flag should be set to 'E'.
f) This command supports Variant LMKs only.

110 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

RM/RN Generate Transaction Response with Auth Para

Generated by Card Issuer (when selected Transaction Key
Scheme is Australian)

Command: To generate a transaction Response Message (when Auth Para has

been generated by the Card issuer) and to update the Terminal Key.

Notes: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HM Host
command can be used, which provides exactly the same functionality as
the RM Host command described below. For further details, see
Chapter 12 of the payShield 9000 General Information Manual.
b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')
c) If the host system is unable to support binary communication then
this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
d) This command supports Variant LMKs only.

Field Length & Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RM'

TK Single or double length Terminal Key, encrypted under LMK

16 H pair 14-15 variant 0 if the security setting “Enforce key type
or 002 separation for PCI HSM compliance” has the value “N”,
1 A + 32 H or under LMK pair 36-37 variant 8 if the setting has the
value “Y”.

AB Field 16 H AB field, as defined in AS2805.6.2

MARX 8 H or 16 H Encrypted MAC Residue (X) from the transaction request:

8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11

AP Include Flag 1A Flag to indicate whether to include Auth Para in the MAC
calculation; Value 'I' = include, 'E' = exclude; must have value
'I' for double length TK

ZPK 16 H Zone PIN Key, encrypted under LMK pair 06-07; only
or
present if AP Include Flag = 'I'
1 A + 32 H
or
1 A + 48 H
Auth Para 16 H Auth Para, encrypted under variant 1 of the ZPK; only
present if AP Include Flag = 'I';

Thales e-Security 111

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

EITHER (for binary communication) the following two fields

Message Length 3H Length (in bytes) of the next field; max value X’320

Message Text nB Message text (maximum length = 800 bytes)

OR (for standard asynchronous (ASCII) communication) the following two fields

Message Length 3H Length (in characters) of the next field; max value X’320

Message Text nH Message text (maximum length = 800 hexadecimal

characters, representing 400 bytes)

Delimiter 1A Optional field; present only if MAC Length field is present;

value = ';'

MAC Length 1N Optional field; if field not present then value 0 is assumed:
0 = 32-bit MAC (single or double length TK)
1 = 48-bit MAC (double length TK only)
2 = 64-bit MAC (double length TK only)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

Field Length & Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RN'

Error Code 2N 00: No errors

04: AP include flag error
10: Terminal Key parity error
11: ZPK parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
65: Transaction Key Scheme set to None
80: Message length error
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error

MARY 8 H or Encrypted MAC Residue (Y) from the transaction response:

16 H
8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11
MAC 8 H, 12 H or MAC (length dependent on value of MAC Length field)
16 H

112 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

New TK New single or double length Terminal Key, encrypted under

16 H LMK pair 14-15 variant 0 if the security setting “Enforce key
or type 002 separation for PCI HSM compliance” has the value
1 A + 32 H “N”, or under LMK pair 36-37 variant 8 if the setting has
the value “Y”.

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19
Message Trailer nA Optional field; present only if present in the command
message; maximum length 32 characters

Thales e-Security 113

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

HM/HN Generate Transaction Response with Auth Para

Generated by Card Issuer (when selected Transaction Key
Scheme is Racal)

Command: To generate a transaction Response Message (when Auth Para has

been generated by the Card issuer) and to update the Terminal Key.

Notes: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RM
command described in this manual. This allows both Australian and
Racal Transaction Key Schemes to be used on the same payShield
9000.
The structure of this command and response is identical to the RM
Host command described in this manual, except that:
Command Code = HM
Response Code = HN
If Transaction Key Scheme has been set to Australian, then the RM
Host command (as described in this manual) must be used. (With this
setting, the HM command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual

For further details, see Chapter 12 of the payShield 9000 General

Information Manual.

114 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')
c) If the host system is unable to support binary communication then
this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
d) This command supports Variant LMKs only.

Thales e-Security 115

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

RO/RP Translate a PIN from PEK to ZPK Encryption (when

selected Transaction Key Scheme is Australian)

Command: To translate a PIN block from encryption under Card Key and a PIN
Encipherment Key (PEK) to encryption under Card Key and a Zone PIN
Key (ZPK).

Notes: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HO Host
command can be used, which provides exactly the same functionality as
the RO Host command described below. For further details, see
Chapter 12 of the payShield 9000 General Information Manual.
b) This command is used, by the Acquirer, with the 'RI' command. In
this case, the Acquirer has no access to the CD field and hence is
unable to calculate Card Key.
c) This command is essentially a standard PIN translation command,
with the exception that no PIN block validation occurs. The processing
described is independent of the AS2805.6.2 standard(s).
d) This command supports Variant LMKs only.

Field Length & Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RO'

PEK PIN Encipherment Key, encrypted under LMK pair 14-15

16 H variant 0 if the security setting “Enforce key type 002
or separation for PCI HSM compliance” has the value “N”, or
1 A + 32 H under LMK pair 36-37 variant 7 if the setting has the value
“Y”. (as returned from the 'RI' command)

ZPK 16 H Zone PIN Key, encrypted under LMK pair 06-07

or
1 A + 32 H
or
1 A + 48 H
PIN Block 16 H PIN block, doubly encrypted with Card Key and PEK

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

116 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length & Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RP'

Error Code 2N 00: No errors

10: PEK parity error
11: ZPK parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
65: Transaction Key Scheme set to None

PIN Block 16 H PIN block, doubly encrypted with Card Key and ZPK

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 117

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

HO/HP Translate a PIN from PEK to ZPK Encryption (when

selected Transaction Key Scheme is Racal)

Command: To translate a PIN block from encryption under Card Key and a PIN
Encipherment Key (PEK) to encryption under Card Key and a Zone PIN
Key (ZPK).

Notes: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RO command
described in this manual. This allows both Australian and Racal
Transaction Key Schemes to be used on the same payShield 9000.
The structure of this command and response is identical to the RO Host
command described in this manual, except that:
Command Code = HO
Response Code = HP
If Transaction Key Scheme has been set to Australian, then the RO Host
command (as described in this manual) must be used. (With this
setting, the HO command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual
For further details, see Chapter 12 of the payShield 9000 General
Information Manual.
b) This command is used, by the Acquirer, with the 'RI' command. In
this case, the Acquirer has no access to the CD field and hence is
unable to calculate Card Key.

118 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

c) This command is essentially a standard PIN translation command,

with the exception that no PIN block validation occurs. The processing
described is independent of the AS2805.6.2 standard(s).
d) This command supports Variant LMKs only.

Thales e-Security 119

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

RQ/RR Verify a Transaction Completion Confirmation (when

selected Transaction Key Scheme is Australian)

Command: To verify a transaction Completion Confirmation Message and return the

MAC Residue (MARZ) for subsequent inclusion in the MAC calculation
for the Completion Response Message.

Notes: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HQ Host
command can be used, which provides exactly the same functionality as
the RQ Host command described below. For further details, see
Chapter 12 of the payShield 9000 General Information Manual.
b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')
c) If the host system is unable to support binary communication then
this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
d) This command supports Variant LMKs only.

Field Length & Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RQ'

TK Single or double length Terminal Key, encrypted under LMK

16 H pair 14-15 variant 0 if the security setting “Enforce key type
or 002 separation for PCI HSM compliance” has the value “N”,
1 A + 32 H or under LMK pair 36-37 variant 8 if the setting has the
value “Y”.

AB Field 16 H AB field, as defined in AS2805.6.2

MARY 8 H or 16 H Encrypted MAC Residue (Y) from the transaction response:

8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11

EITHER (for binary communication) the following two fields

Message Length 3H Length (in bytes) of the next field; max value X’320
Message Text nB Message text; the last 64 bits (8 bytes) contain the MAC
field, of which the leftmost 4, 6 or 8 bytes contain the MAC
(depends on value of optional MAC Length field)

OR (for standard asynchronous (ASCII) communication) the following two fields

Message Length 3H Length (in characters) of the next field; max value X’320

Message Text nH Message text; the last 16 characters contain the MAC field,
of which the leftmost 8, 12 or 16 characters contain the

120 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length & Type Details

MAC (depends on value of optional MAC Length field)

Delimiter 1A Optional field; present only if MAC Length field is present;

value = ';'
MAC Length 1N Optional field; if field not present then value 0 is assumed:
0 = 32-bit MAC (single or double length TK)
1 = 48-bit MAC (double length TK only)
2 = 64-bit MAC (double length TK only)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

Field Length & Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RR'

Error Code 2N 00: No errors

01: MAC verification failure
10: Terminal Key parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
80: Message length error
65: Transaction Key Scheme set to None
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error

MARZ 8 H or 16 H Encrypted MAC Residue (Z) for use in the completion

response message:
8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11
End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 121

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

HQ/HR Verify a Transaction Completion Confirmation (when

selected Transaction Key Scheme is Racal)

Command: To verify a transaction Completion Confirmation Message and return the

MAC Residue (MARZ) for subsequent inclusion in the MAC calculation
for the Completion Response Message.

Notes: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RQ
command described in this manual. This allows both Australian and
Racal Transaction Key Schemes to be used on the same payShield
9000.
The structure of this command and response is identical to the RQ Host
command described in this manual, except that:
Command Code = HQ
Response Code = HR
If Transaction Key Scheme has been set to Australian, then the RQ Host
command (as described in this manual) must be used. (With this
setting, the HQ command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual
For further details, see Chapter 12 of the payShield 9000 General
Information Manual.
b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')

122 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

c) If the host system is unable to support binary communication then

this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
d) This command supports Variant LMKs only.

Thales e-Security 123

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

RS/RT Generate a Transaction Completion Response (when

selected Transaction Key Scheme is Australian)

Command: To generate a transaction Completion Response Message.

Notes: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HS Host
command can be used, which provides exactly the same functionality as
the RS Host command described below. For further details, see
Chapter 12 of the payShield 9000 General Information Manual.
b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')
c) If the host system is unable to support binary communication then
this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.
d) This command supports Variant LMKs only.

Field Length & Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RS'

TK Single or double length Terminal Key, encrypted under LMK

16 H pair 14-15 variant 0 if the security setting “Enforce key type
or 002 separation for PCI HSM compliance” has the value “N”,
1 A + 32 H or under LMK pair 36-37 variant 8 if the setting has the
value “Y”.

AB Field 16 H AB field, as defined in AS2805.6.2

MARZ 8 H or Encrypted MAC Residue (Z) from the transaction completion

16 H confirmation request:
8 hex characters if TK is single length, encrypted under
LMK 10
16 hex characters if TK is double length, encrypted under
LMK pair 10-11

EITHER (for binary communication) the following two fields

Message Length 3H Length (in bytes) of the next field; max value X’320

Message Text nB Message text (maximum length = 800 bytes)

OR (for standard asynchronous (ASCII) communication) the following two fields

Message Length 3H Length (in characters) of the next field; max value X’320

Message Text nH Message text (maximum length = 800 hexadecimal

characters, representing 400 bytes)

Delimiter 1A Optional field; present only if MAC Length field is present;

value = ';'

124 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length & Type Details

MAC Length 1N Optional field; if field not present then value 0 is assumed:
0 = 32-bit MAC (single or double length TK)
1 = 48-bit MAC (double length TK only)
2 = 64-bit MAC (double length TK only)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

Field Length & Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RT'

Error Code 2N 00: No errors

10: Terminal Key parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
65: Transaction Key Scheme set to None
80: Message length error
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error
MAC 8 H, 12 H or MAC (length dependent on value of MAC Length field)
16 H
End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 125

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

HS/HT Generate a Transaction Completion Response (when

selected Transaction Key Scheme is Racal)

Command: To generate a transaction Completion Response Message.

Notes: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RS command
described in this manual. This allows both Australian and Racal
Transaction Key Schemes to be used on the same payShield 9000.
The structure of this command and response is identical to the RS Host
command described in this manual, except that:
Command Code = HS
Response Code = HT
If Transaction Key Scheme has been set to Australian, then the RS Host
command (as described in this manual) must be used. (With this
setting, the HS command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual
For further details, see Chapter 12 of the payShield 9000 General
Information Manual.
b) The Terminal Key used in this command is the original Terminal Key
used when the initial Request Message was processed (see Commands
'RE', 'RG' and 'RI')
c) If the host system is unable to support binary communication then
this command will use standard (ASCII) asynchronous mode, in which
case the message text is in expanded hexadecimal format.

126 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

d) This command supports Variant LMKs only.

Thales e-Security 127

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

QQ/QR Verify a PIN at Card Issuer using IBM Method

Command: To verify a PIN at the Card Issuer, using the IBM 3624 method and
return Auth Para.

Notes: The PIN block input to this command is doubly encrypted with Card Key
and a Zone PIN Key (ZPK).
The input fields for this command are identical to those for the original
'QQ' command, as defined in the 40-1018-02 specification (Ref.4).
Thus, an optional field (“Processing Flag”) has been included. If the field
is not present then the original processing occurs. If the field is present
then either the original processing or the new processing described in
this document occurs, depending on the value of the field.
If a double or triple length PVK is used in this command then processing
will continue as normal, but a different error code ('02') will be returned.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'QQ'

ZPK(S) 16 H Source Zone PIN Key, encrypted under LMK pair 06-07
or
1 A + 32 H
or
1 A + 48 H

ZPK(D) 16 H Destination Zone PIN Key, encrypted under LMK pair 06-07
or
1 A + 32 H
or
1 A + 48 H

PVK 16 H PIN Verification Key, encrypted under LMK pair 14-15

or variant 0
1 A + 32 H
or
1 A + 48 H

AB Field 16 H AB field, as defined in AS2805.6.2

CD Field 16 H CD field, as defined in AS2805.6.2

STAN 6N Systems trace audit number

CATID 16 H Card acceptor terminal identification

AT 12 H Transaction amount

Maximum PIN Length 2N Value = 12

PIN Block 16 H PIN block, doubly encrypted with Card Key and ZPK(S)

PIN Block Format Code 2N Valid formats are: 01, 05 & 46

Check Length 2N Minimum PIN length

Account Number 12 N Rightmost 12 digits of the card account number, excluding

the check digit
Decimalization Table 16 N 16 N if console CS cmd is set for Plaintext decimalisation
or tables.

128 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

1A+3H ‘K’ + 3 H if the decimalization table is held in the
HSM’s User Storage Area

PIN Validation Data 16 H The 16 character field used as input to the IBM PIN
verification algorithm
Offset 12 H PIN offset, left justified and padded with X’F

Delimiter 1A Optional field, if present then the following field is present.

value = ';'

Processing Flag 1N Optional field; if not present then value = 0 is assumed;

values:
0 = old processing (1988 standard)
1 = new processing (2002 standard)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

Field Length & Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'QR'

Error Code 2N 00: No errors

01: PIN verification failure
02: Warning – PVK not single length (PIN OK)
10: ZPK(S) parity error
11: ZPK(D) or PVK parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
20: PIN block error
21: Invalid user storage index
23: Invalid PIN block format code
24: PIN length error
25: Invalid decimalization table
65: Transaction Key Scheme set to None

Auth Para 16 H Auth Para, encrypted under variant 1 of ZPK(D)

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19
Message Trailer nA Optional field; present only if present in the command
message; maximum length 32 characters

Thales e-Security 129

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

QS/QT Verify a PIN at Card Issuer using the Diebold Method

Command: To verify a PIN at the Card Issuer, using the Diebold method and return
Auth Para.

Notes: The PIN block input to this command is doubly encrypted with Card Key
and a Zone PIN Key (ZPK).
The input fields for this command are identical to those for the original
'QS' command, as defined in the 40-1018-02 specification (Ref.9).
Thus, an optional field (“Processing Flag”) has been included. If the field
is not present then the original processing occurs. If the field is present
then either the original processing or the new processing described in
this document occurs, depending on the value of the field.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'QS'

ZPK(S) 16 H or Source Zone PIN Key, encrypted under LMK pair 06-07
1 A + 32 H or
1 A + 48 H

ZPK(D) 16 H or Destination Zone PIN Key, encrypted under LMK pair 06-07
1 A + 32 H or
1 A + 48 H

AB Field 16 H AB field, as defined in AS2805.6.2

CD Field 16 H CD field, as defined in AS2805.6.2

STAN 6N Systems trace audit number

CATID 16 H Card acceptor terminal identification

AT 12 H Transaction amount

Index Flag 1A Value 'K'

Index Pointer 3N Index to stored Diebold table

Algorithm Number 2N Diebold algorithm required

PIN Block 16 H PIN block, doubly encrypted with Card Key and ZPK(S)
PIN Block Format Code 2N Valid formats are: 01, 05 & 46

Account Number 12 N Rightmost 12 digits of the card account number, excluding

the check digit

PIN Validation Data 20 H The 20 character field used as input to the PIN verification
algorithm

Offset 4N PIN offset

Delimiter 1A Optional field, if present then the following field is present.

value = ';'

Processing Flag 1N Optional field; if not present then value = 0 is assumed;

values:
0 = old processing (1988 standard)

130 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

1 = new processing (see this document)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'QT'

Error Code 2N 00: No errors

01: PIN verification failure
10: ZPK(S) parity error
11: ZPK(D) or PVK parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
20: PIN block error
21: Invalid user storage index
23: Invalid PIN block format code
24: PIN length error
65: Transaction Key Scheme set to None

Auth Para 16 H Auth Para, encrypted under variant 1 of ZPK(D)

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 131

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

QU/QV Verify a PIN at Card Issuer using Visa Method

Command: To verify a PIN at the Card Issuer, using the Visa method and return
Auth Para.

Notes: The PIN block input to this command is doubly encrypted with Card Key
and a Zone PIN Key (ZPK).
The input fields for this command are identical to those for the original
'QU' command, as defined in the 40-1018-02 specification (Ref.4).
Thus, an optional field (“Processing Flag”) has been included. If the field
is not present then the original processing occurs. If the field is present
then either the original processing or the new processing described in
this document occurs, depending on the value of the field.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'QU'

16H
or
ZPK(S) 1 A + 32 H Source Zone PIN Key, encrypted under LMK pair 06-07
or
1 A + 48 H
16 H
or
ZPK(D) 1 A + 32 H Destination Zone PIN Key, encrypted under LMK pair 06-07
or
1 A + 48 H
PVK 32 H PIN Verification Key, encrypted under LMK pair 14-15
or
variant 0
1 A + 32 H
AB Field 16 H AB field, as defined in AS2805.6.2

CD Field 16 H CD field, as defined in AS2805.6.2

STAN 6N Systems trace audit number

CATID 16 H Card acceptor terminal identification

AT 12 H Transaction amount

PIN Block 16 H PIN block, doubly encrypted with Card Key and ZPK(S)

PIN Block Format Code 2N Valid formats are: 01, 05 & 46

Account Number 12 N Rightmost 12 digits of the card account number, excluding

the check digit

PVKI 1N PVK indicator; value 0 to 6

PVV 4N PIN verification value

Delimiter 1A Optional field, if present then the following field is present.

value = ';'

Processing Flag 1N Optional field; if not present then value = 0 is assumed;

values:
0 = old processing (1988 standard)
1 = new processing (see this document)

132 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

Delimiter 1A Value '%'. Optional; if present, the following field must be
present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19
Message Trailer nA Optional field; maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'QV'

Error Code 2N 00: No errors

01: PIN verification failure
10: ZPK(S) parity error
11: ZPK(D) or PVK parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
20: PIN block error
21: Invalid user storage index
23: Invalid PIN block format code
24: PIN length error
27: PVK not double length
65: Transaction Key Scheme set to None
Auth Para 16 H Auth Para, encrypted under variant 1 of ZPK(D)

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 133

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

QW/QX Verify a PIN at Card Issuer using the Comparison

Method
Command: To verify a PIN at the Card Issuer, using the Comparison method and
return Auth Para.

Notes: The PIN block input to this command is doubly encrypted with Card Key
and a Zone PIN Key (ZPK).
The input fields for this command are identical to those for the original
'QW' command, as defined in the 40-1018-02 specification (Ref.4).
Thus, an optional field (“Processing Flag”) has been included. If the field
is not present then the original processing occurs. If the field is present
then either the original processing or the new processing described in
this document occurs, depending on the value of the field.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'QW'

16 H
or
ZPK(S) 1 A + 32 H Source Zone PIN Key, encrypted under LMK pair 06-07
or
1 A + 48 H
16 H
or
ZPK(D) 1 A + 32 H Destination Zone PIN Key, encrypted under LMK pair 06-07
or
1 A + 48 H
AB Field 16 H AB field, as defined in AS2805.6.2

CD Field 16 H CD field, as defined in AS2805.6.2

STAN 6N Systems trace audit number

CATID 16 H Card acceptor terminal identification

AT 12 H Transaction amount

PIN Block 16 H PIN block, doubly encrypted with Card Key and ZPK(S)

PIN Block Format Code 2N Valid formats are: 01, 05 & 46

Account Number 12 N Rightmost 12 digits of the card account number, excluding

the check digit

Encrypted PIN LN PIN, encrypted using the account number and LMK pair 02-
03, stored on host database
Delimiter 1A Optional field, if present then the following field is present.
value = ';'

Processing Flag 1N Optional field; if not present then value = 0 is assumed;

values:
0 = old processing (1988 standard)
1 = new processing (see this document)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by

134 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19
Message Trailer nA Optional field; maximum length 32 characters

Thales e-Security 135

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'QX'

Error Code 2N 00: No errors

01: PIN verification failure
10: ZPK(S) parity error
11: ZPK(D) parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
14: Database PIN error
15: Error in input data
20: PIN block error
21: Invalid user storage index
23: Invalid PIN block format code
24: PIN length error
65: Transaction Key Scheme set to None
Auth Para 16 H Auth Para, encrypted under variant 1 of ZPK(D)

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

136 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

RU/RV Generate Auth Para at the Card Issuer (when selected

Transaction Key Scheme is Australian)
Command: To generate Auth Para at the Card Issuer and return it encrypted under
variant 1 of a Zone PIN Key (ZPK).
Notes: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HU Host
command can be used, which provides exactly the same functionality as
the RU Host command described below. For further details, see
Chapter 12 of the payShield 9000 General Information Manual.
b) This command allows the Card Issuer to generate Auth Para when
no PIN is to be verified, but the CD fields are not known to the Acquirer.
c) The input fields for this command are identical to those for the
original 'RU' command, as defined in the 40-1018-02 specification
(Ref.4). Thus, an optional field (“Processing Flag”) has been included. If
the field is not present then the original processing occurs. If the field is
present then either the original processing or the new processing
described in this document occurs, depending on the value of the field.
d) This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged

Command Code 2A Value 'RU'

ZPK 16 H Zone PIN Key, encrypted under LMK pair 06-07

or
1 A + 32 H
or
1 A + 48 H
AB Field 16 H AB field, as defined in AS2805.6.2

CD Field 16 H CD field, as defined in AS2805.6.2

STAN 6N Systems trace audit number

CATID 16 H Card acceptor terminal identification

AT 12 H Transaction amount

Delimiter 1A Optional field, if present then the following field is present.

value = ';'

Processing Flag 1N Optional field; if not present then value = 0 is assumed;

values:
0 = old processing (1988 standard)
1 = new processing (see this document)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Thales e-Security 137

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

Message Trailer nA Optional field; maximum length 32 characters

138 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RV'

Error Code 2N 00: No errors

10: ZPK parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
65: Transaction Key Scheme set to None
90: Communications link parity error
91: Communications link LRC error
92: Transparent asynch data length error

Auth Para 16 H Auth Para, encrypted under LMK pair 06-07 variant 1

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 139

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

HU/HV Generate Auth Para at the Card Issuer (when selected

Transaction Key Scheme is Racal)

Command: To generate Auth Para at the Card Issuer and return it encrypted under
variant 1 of a Zone PIN Key (ZPK).

Notes: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RU
command described in this manual. This allows both Australian and
Racal Transaction Key Schemes to be used on the same payShield
9000.
The structure of this command and response is identical to the RU Host
command described in this manual, except that:
Command Code = HU
Response Code = HV
If Transaction Key Scheme has been set to Australian, then the RU Host
command (as described in this manual) must be used. (With this
setting, the HU command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual

For further details, see Chapter 12 of the payShield 9000 General

Information Manual.

b) This command allows the Card Issuer to generate Auth Para when
no PIN is to be verified, but the CD fields are not known to the Acquirer.

140 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

c) The input fields for this command are identical to those for the
original 'RU' command, as defined in the 40-1018-02 specification
(Ref.4). Thus, an optional field (“Processing Flag”) has been included. If
the field is not present then the original processing occurs. If the field is
present then either the original processing or the new processing
described in this document occurs, depending on the value of the field.
d) This command supports Variant LMKs only.

Thales e-Security 141

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

RW/RX Generate an Initial Terminal Key (when selected

Transaction Key Scheme is Australian)

Command: To generate an initial double length Terminal Key (TK) and return the
result encrypted under the appropriate LMK pair.

Note: a) This command is only available if Transaction Key Scheme has been
set to Australian (using the CS Console command or HSM Manager
Initial Settings). If access to this functionality is required when
Transaction Key Scheme has been set to Racal then the HW Host
command can be used, which provides exactly the same functionality as
the RW Host command described below. For further details, see
Chapter 12 of the payShield 9000 General Information Manual.
b) This command uses a previously established double length Acquirer
Initialization Key (KIA) and the Card Acceptor Terminal Identification
(CATID) to generate the initial TK for the terminal.
c) This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Subsequently returned to the host unchanged
Command Code 2A Value 'RW'

KIA 1 A + 32 H Double length Acquirer Initialization Key, encrypted under

LMK pair 14-15 variant 6

CATID 16 H Card acceptor terminal identification

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional field; must be present if a message trailer is

present; value X’19

Message Trailer nA Optional field; maximum length 32 characters

142 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Returned to the host unchanged

Response Code 2A Value 'RX'

Error Code 2N 00: No errors

10: KIA parity error
12: No keys loaded in user storage
13: LMK error – report to Supervisor
15: Error in input data
21: Invalid user storage index
65: Transaction Key Scheme set to None
Initial TK 1 A + 32 H Initial double length Terminal Key, encrypted under LMK pair
14-15 variant 0 if the security setting “Enforce key type 002
separation for PCI HSM compliance” has the value “N”, or
under LMK pair 36-37 variant 8 if the setting has the value
“Y”.

End Message Delimiter 1C Optional field; present only if present in the command
message; value X’19

Message Trailer nA Optional field; present only if present in the command

message; maximum length 32 characters

Thales e-Security 143

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

HW/HX Generate an Initial Terminal Key (when selected

Transaction Key Scheme is Racal)

Command: To generate an initial double length Terminal Key (TK) and return the
result encrypted under the appropriate LMK pair.

Note: a) This command code should be used where the Transaction Key
Scheme has been set to Racal (using the CS Console command or HSM
Manager Initial Settings) but it is also required to process commands
for the Australian Transaction Key Scheme.
In this environment, the HI commands acts exactly like the RW
command described in this manual. This allows both Australian and
Racal Transaction Key Schemes to be used on the same payShield
9000.
The structure of this command and response is identical to the RW
Host command described in this manual, except that:
Command Code = HW
Response Code = HX
If Transaction Key Scheme has been set to Australian, then the RW
Host command (as described in this manual) must be used. (With this
setting, the HW command code is as described in the payShield 9000
Host Command Reference Manual .)
In summary …

If Transaction Key If Transaction Key

Scheme = Racal Scheme = Australian
You want to process Use the Rx variant of Use the Hx variant of
Racal Transaction the command* the command*
Key commands
You want to process Use the Hx variant of Use the Rx variant of
Australian ø ø
the command  the command
Transaction Key
commands

* As described in the payShield 9000 Host Command Reference

Manual
Ø
As described in this manual
For further details, see Chapter 12 of the payShield 9000 General
Information Manual.
b) This command uses a previously established double length Acquirer
Initialization Key (KIA) and the Card Acceptor Terminal Identification
(CATID) to generate the initial TK for the terminal.
c) This command supports Variant LMKs only.

144 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

QM/QN Data Encryption Using a Derived Privacy Key

Command: To encrypt a block of data, using a double length Privacy Key (KP)
derived from the Terminal Key (KT), the Systems Trace Audit Number
(STAN) and the Card Acceptor Terminal Identification (CATID).

Notes: The modes of encryption supported by this command are Electronic

Codebook (ECB), Cipher Block Chaining (CBC), 8-bit Cipher Feedback
(CFB-8), and OFB (8-bit or 8-byte) - see AS2805.5.2 (Ref.8.2).
The HSM input and output buffers can support 2K bytes of data. It is
recommended that the Plaintext Data field in the command message is
no greater than 1800 bytes.
If the Host communication link is configured for standard
asynchronous communications then the input Plaintext Data and the
output Encrypted Data will be in expanded hexadecimal format, with
two hexadecimal characters representing each 8 bits of data. Thus
400 bytes of data would be represented by 800 hexadecimal
characters.
If the Host communication link is configured for transparent
asynchronous communications then the input Plaintext Data and the
output Encrypted Data will be in binary format, with each byte
representing 8 bits of data.
The Plaintext Data field must be an exact multiple of 16 hexadecimal
characters if standard asynchronous communications are used or an
exact multiple of 8 bytes if the transparent asynchronous mode is used.
The Encrypted Data field will be the same length as the Plaintext Data
field.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'QM'

TK 1 A + 32 H Double length Terminal Key, encrypted under LMK pair 14-

15 variant 0 if the security setting “Enforce key type 002
separation for PCI HSM compliance” has the value “N”, or
under LMK pair 36-37 variant 8 if the setting has the value
“Y”.

STAN 6N Systems Trace Audit Number

CATID 16 H Card Acceptor Terminal Identification

Encryption Mode 1N Flag to indicate the mode of encryption

0 = ECB mode of encryption
1 = CBC mode of encryption
2 = CFB-8 mode of encryption
3 = OFB mode of encryption
Initialization Value 16 H Initialization value, used when Encryption Mode = 1, 2 or 3
(CBC, CFB-8 or OFB)

Thales e-Security 145

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

Plaintext Value (j) 1N Only used when Encryption Mode = 3 (OFB); j = 1 for 8-bit
feedback or j = 8 for 8-byte (64-bit) feedback

Length 3H Length (in bytes) of data to be encrypted

Plaintext Data nH Data to be encrypted (asynchronous mode)
or
nB Data to be encrypted (transparent asynchronous mode)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'QN'

Error Code 2N 00 - No errors

10 - TK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
65: Transaction Key Scheme set to None
80 - Invalid data length

Encrypted Data nH Encrypted data (asynchronous mode)

or
nB Encrypted data (transparent asynchronous mode)
OCV 16 H Output Chaining Value, only returned when Encryption Mode
= 3 (OFB)

End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

146 Thales e-Security

>> Chapter 6 – AS2805.6.2 Support – Host Commands

QO/QP Data Decryption Using a Derived Privacy Key

Command: To decrypt a block of data, using a double length Privacy Key (KP)
derived from the Terminal Key (KT), the Systems Trace Audit Number
(STAN) and the Card Acceptor Terminal Identification (CATID).

Notes: The modes of encryption supported by this command are Electronic

Codebook (ECB), Cipher Block Chaining (CBC), 8-bit Cipher Feedback
(CFB-8), and OFB (8-bit or 8-byte) - see AS2805.5.2 (Ref.8.2).
The HSM input and output buffers can support 2K bytes of data. It is
recommended that the Encrypted Data field in the command message
is no greater than 1800 bytes.
If the Host communication link is configured for standard
asynchronous communications then the input Encrypted Data and
the output Plaintext Data will be in expanded hexadecimal format,
with two hexadecimal characters representing each 8 bits of data.
Thus 400 bytes of data would be represented by 800 hexadecimal
characters.
If the Host communication link is configured for transparent
asynchronous communications then the input Encrypted Data and
the output Plaintext Data will be in binary format, with each byte
representing 8 bits of data.
The Encrypted Data field must be an exact multiple of 16 hexadecimal
characters if standard asynchronous communications are used or an
exact multiple of 8 bytes if the transparent asynchronous mode is used.
The output Plaintext Data field will be the same length as the Encrypted
Data field.
This command supports Variant LMKs only.

Field Length and Type Details

COMMAND MESSAGE
Message Header mA Will be returned to the Host unchanged

Command Code 2A Value 'QO'

TK 1 A + 32 H Double length Terminal Key, encrypted under LMK pair 14-

15 variant 0 if the security setting “Enforce key type 002
separation for PCI HSM compliance” has the value “N”, or
under LMK pair 36-37 variant 8 if the setting has the value
“Y”.

STAN 6N Systems Trace Audit Number

CATID 16 H Card Acceptor Terminal Identification

Encryption Mode 1N Flag to indicate the mode of encryption

0 = ECB mode of encryption
1 = CBC mode of encryption
2 = CFB-8 mode of encryption
3 = OFB mode of encryption

Initialization Value 16 H Initialization value, used when Encryption Mode = 1, 2 or 3

(CBC, CFB-8 or OFB)

Thales e-Security 147

 >> Chapter 6 – AS2805.6.2 Support – Host Commands

Field Length and Type Details

Plaintext Value (j) 1N Only used when Encryption Mode = 3 (OFB); j = 1 for 8-bit
feedback or j = 8 for 8-byte (64-bit) feedback
Length 3H Length (in bytes) of data to be decrypted

Encrypted Data nH Data to be decrypted (asynchronous mode)

or
nB Data to be decrypted (transparent asynchronous mode)

Delimiter 1A Value '%'. Optional; if present, the following field must be

present.
LMK Identifier 2N LMK identifier; min value = '00'; max value is defined by
license; must be present if the above Delimiter is present.

End Message Delimiter 1C Optional. Must be present if a message trailer is present.

Value X'19

Message Trailer nA Optional. Maximum length 32 characters

Field Length and Type Details

RESPONSE MESSAGE
Message Header mA Will be returned to the Host unchanged

Response Code 2A Value 'QP'

Error Code 2N 00 - No errors

10 - TK parity error
12 - No keys loaded in user storage
13 - LMK error; report to supervisor
15 - Error in input data
21 - Invalid user storage index
65: Transaction Key Scheme set to None
80 - Invalid data length
Plaintext Data nH Decrypted data (asynchronous mode)
or
nB
Decrypted data (transparent asynchronous mode)

OCV 16 H Output Chaining Value, only returned when Encryption Mode

= 3 (OFB)
End Message Delimiter 1C Will only be present if present in the command message.
Value X'19

Message Trailer nA Will only be present if in the command message. Maximum

length 32 characters

148 Thales e-Security

Appendix A – One-Way Functions

>> Appendices

Appendix A – One-Way Functions

OWF - 1988
One-way functions for single and double length keys are defined as follows:

Single Length Key

Let K be a single length key and let D be a 64-bit data block.
Step 1 Decrypt D with K.
Step 2 Combine the result of Step 1 with D using the exclusive-or operation.
The result of Step 2 is the required value, denoted OWF(K,D).

Double Length Key

Let *K be a double length key and let D be a 64-bit data block.
Step 1 Decrypt D with the left half of *K.
Step 2 Encrypt the result of Step 1 with the right half of *K.
Step 3 Decrypt the result of Step 2 with the left half of *K.
Step 4 Combine the result of Step 3 with D using the exclusive-or operation.
The result of Step 4 is the required value, denoted *OWF(*K,D).

OWF - 2000
Described in Appendix N.

Thales e-Security 149

 Appendix B – Derivation of the Privacy Key

Appendix B – Derivation of the Privacy Key

The Privacy Key (denoted KD) is derived from the Transaction Key (KT) and two 64-
bit fields (known as the E Field and the F Field) as described below.
The E Field is derived from the Systems Trace Audit Number (STAN) and the F Field
is derived from the Card Acceptor Terminal Identification (CATID) as follows:
E Field: The 6 digits (24 bits) of the STAN, left justified and right zero filled to
a total length of 64 bits, shifted left 1 bit.
F Field: The 16 characters (64 bits) of the CATID, shifted left 1 bit and zero
filled.
Step 1 Combine the E Field and the F Field using the exclusive-or operation.
Step 2 Combine the KT and the constant value 2222222222222222 (hex)
using the exclusive-or operation.
Step 3 The KD is the result of the OWF (see Appendix A) with the result of
step 1 as the key and the result of step 2 as the data.

150 Thales e-Security

Appendix C – Key Check Value

Appendix C – Key Check Value

Check values for single and double length keys are defined as follows:

Single Length Key

Let K be a single length key.
Step 1 Encrypt a block of 64 binary zeros with K.
The leftmost 24 bits of the result of Step 1 is the required check value, denoted
KCV(K).

Double Length Key

Let K be a double length key.
Step 1 Encrypt a block of 64 binary zeros with the left half of K.
Step 2 Decrypt the result of Step 1 with the right half of K.
Step 3 Encrypt the result of Step 2 with the left half of K.
The leftmost 24 bits of the result of Step 3 is the required check value, denoted
KCV(K).
See Ref.8.4 - AS2805.6.3,
See Ref.8.5 - AS2805.6.4,

Thales e-Security 151

 Appendix D – Key Encrypting Key Variants

Appendix D – Key Encrypting Key Variants

Different variants of key encrypting keys (ZMK or TMK) are required to encrypt
different types of session keys during distribution between communicating entities.
These variants are defined as follows:
NOTE: The variant used is determined by the length of the key being encrypted, NOT
the length of the key performing the encryption

Zone or Terminal Authentication keys

ZAK / TAK (Variant A)

variant Single length = 2424 2424 2424 2424 (hex)
variant Double length = 2424 2424 2424 2424 2424 2424 2424 2424 (hex)
variant Triple length = N /A

ZAKs / TAKs (Variant B)

Generate variant Single Length = 2424 2424 2424 2424 (hex)
Generate variant Double Length = 24C0 24C0 24C0 24C0 24C0 24C0 24C0
24C0 (hex)
Generate variant Triple Length = 2430 2430 2430 2430 2430 2430 2430
2430 2430 2430 2430 2430 (hex)

ZAKr / TAKr (Variant C)

Verify variant Single Length = 4848 4848 4848 4848 (hex)
Verify variant Double Length = 48C0 48C0 48C0 48C0 48C0 48C0 48C0
48C0 (hex)
Verify variant Triple Length = 4830 4830 4830 4830 4830 4830 4830
4830 4830 4830 4830 4830 (hex)

Zone or Terminal Encryption keys

ZEK / TEK (Variant E)

variant Single Length = 2222 2222 2222 2222 (hex)
variant Double Length = 2222 2222 2222 2222 2222 2222 2222 2222
(hex)
variant Triple Length =N/A

ZEKs / TEKs (Variant F)

Encipher variant Single Length = 2222 2222 2222 2222 (hex)
Encipher variant Double Length = 22C0 22C0 22C0 22C0 22C0 22C0 22C0
22C0 (hex)
Encipher variant Triple Length = 2230 2230 2230 2230 2230 2230 2230
2230 2230 2230 2230 2230 (hex)

152 Thales e-Security

Appendix D – Key Encrypting Key Variants

ZEKr / TEKr / KA / KCA (Variant G)

Decipher variant Single Length = 4444 4444 4444 4444 (hex)
Decipher variant Double Length = 44C0 44C0 44C0 44C0 44C0 44C0 44C0
44C0 (hex)
Decipher variant Triple Length = 4430 4430 4430 4430 4430 4430 4430
4430 4430 4430 4430 4430 (hex)

Zone or Terminal PIN keys (ZPK or TPK) (Variant H)

variant Single Length = 2828 2828 2828 2828 (hex)
variant Double Length = 28C0 28C0 28C0 28C0 28C0 28C0 28C0
28C0 (hex)
variant Triple Length = 2830 2830 2830 2830 2830 2830 2830
2830 2830 2830 2830 2830 (hex)

Variant 7 (Variant I)
variant Single Length = 8282 8282 8282 8282 (hex)
variant Double Length = 8282 8282 8282 8282 8282 8282 8282 8282
(hex)
variant Triple Length = N /A

Note: When key scheme type is H

variant Double Length = 82C0 82C0 82C0 82C0 82C0 82C0 82C0 82C0
(hex)

Variant 8 (Variant J)
variant Single Length = 8484 8484 8484 8484 (hex)
variant Double Length = 8484 8484 8484 8484 8484 8484 8484 8484
(hex)
variant Triple Length = N /A
Note: When key scheme type is H
variant Double Length = 84C0 84C0 84C0 84C0 84C0 84C0 84C0 84C0
(hex)

Variant 88 (Variant K)
variant = 88888888888888888888888888888888 (hex)
{Used for enciphering PPASN under KIA}
In each case the appropriate variant is combined with the double length key
encrypting key using the exclusive-or operation and the result is used to encrypt the
session key.

Thales e-Security 153

 Appendix D – Key Encrypting Key Variants

Variant 0 (Variant M)
variant = 00000000 00000000 00000000 00000000 (hex)
{Used for enciphering TMK* under KIA}
In each case the appropriate variant is combined with the double length key
encrypting key using the exclusive-or operation and the result is used to encrypt the
session key.

154 Thales e-Security

Appendix G – Definition of Card Values

Appendix G – Definition of Card Values

Card Values CV1 - CV5 are generated from four values, each 8 hexadecimal
characters in length, known as the A Field, B Field, C Field and D Field.
CV1 - CV5 are formed from the concatenation of pairs of these fields as follows:
CV1: concatenation of A and B
CV2: concatenation of B and A
CV3: concatenation of A and C
CV4: concatenation of B and D
CV5: concatenation of C and D
See Ref.8.5 - AS2805.6.4,.

Thales e-Security 155

 Appendix H – Generation of Initial Terminal Master Keys

Appendix H – Generation of Initial Terminal Master

Keys
Initial double length Terminal Master Keys (TMKs) are derived from the Card Values
CV1 - CV6 and the PIN Pad Acquirer Security Number (PPASN). CV 1 - CV5 are
derived from the A, B, C and D Fields, as defined in Appendix G.
Step 1 - Derive a Temporary TMK1
This value is formed from the concatenation of OWF(CV 6,CV1) and OWF(CV6,CV5),
where OWF(K,D) is defined in Appendix A.
Step 2 - Derive a Temporary TMK2
This value is formed from the concatenation of OWF(CV 6,CV2) and OWF(CV6,CV4),
where OWF(K,D) is defined in Appendix A.
Step 3 - Form Initial TMK1
Let KL and KR denote, respectively, the left and right halves of the result of Step 1.
The Initial TMK1 is formed from the concatenation of OWF(KL,PPASN) and
OWF(KR,PPASN), where OWF(K,D) is defined in Appendix A.
Step 4 - Form Initial TMK2
Let KL and KR denote, respectively, the left and right halves of the result of Step 2.
The Initial TMK2 is formed from the concatenation of OWF(KL,PPASN) and
OWF(KR,PPASN), where OWF(K,D) is defined in Appendix A.
See Ref.8.5 - AS2805.6.4

156 Thales e-Security

Appendix I – Terminal Master Key Update

Appendix I – Terminal Master Key Update

There are two possibilities for the update of the Terminal Master Keys - either TMK1
only needs to be updated or else both TMK1 and TMK2 need to be updated.

AS2805 – 1988 Method

Update TMK1 only

The inputs in this case are Old TMK1 and the PIN Pad Acquirer Security Number
(PPASN). The output is the New TMK1.
Let KL and KR denote, respectively, the left and right halves of Old TMK1, then New
TMK1 is formed from the concatenation of OWF(KL,PPASN) and OWF(KR,PPASN),
where OWF(K,D) is defined in Appendix A.

Update TMK1 and TMK2

The inputs in this case are Old TMK2 and the PIN Pad Acquirer Security Number
(PPASN). The output is the New TMK1 and New TMK2.
Step 1
Form an Intermediate TMK, by combining each half of the Old TMK2 with PPASN,
using the exclusive-or operation. Let KL and KR denote, respectively, the left and right
halves of Intermediate TMK, then New TMK1 is formed from the concatenation of
OWF(KL,PPASN) and OWF(KR,PPASN), where OWF(K,D) is defined in Appendix A.
Step 2
Let KL and KR denote, respectively, the left and right halves of Old TMK2, then New
TMK2 is formed from the concatenation of OWF(KL,PPASN) and OWF(KR,PPASN),
where OWF(K,D) is defined in Appendix A.

AS2805 – 2001 Method

Update TMK1 only

The inputs in this case are Old TMK1 and the PIN Pad Acquirer Security Number
(PPASN). The output is the New TMK1.
See AS2805.6.4 – 2001 section 6.4.3 as follows, for method. (uses OWF – 2000
{AS2805.4 – 2000 section 6})

Update TMK1 and TMK2

The inputs in this case are Old TMK2 and the PIN Pad Acquirer Security Number
(PPASN). The output is the New TMK1 and New TMK2.
See AS2805.6.4 – 2001 section 6.4.4 as follows, for method. (uses OWF – 2000
{AS2805.4 – 2000 section 6})

Thales e-Security 157

 Appendix I – Terminal Master Key Update

Terminal KEK update

General
The terminal maintains two terminal master keys for each acquirer with which it is
required to communicate. These are known as KEK1 and KEK2

Inputs
The inputs to the key enciphering key update procedure shall be PPASN and the
existing terminal key enciphering keys.

Algorithm KEK1 update

KEK1 shall be update as follows
(a) Concatenate PPASN with itself to form the temporary value D.
(b) Use the OWF with the existing KEK1 as the key and the temporary value D as the
data to produce the new 128-bit value of KEK1.
(c) The new value of KEK1 replaces the existing value in storage.
The process is illustrated in Figure 1.

158 Thales e-Security

Appendix I – Terminal Master Key Update

Algorithm KEK2 update

KEK2 shall be updated as follows:
(a) Concatenate PPASN with itself to form the temporary value D.
(b) Create a temporary new KEK by the modulo 2 addition of D to the existing
KEK2.
(c) Use the OWF with the existing KEK2 as the key and the D as the data to
produce the new 128-bit value of KEK2.
(d) The new value of KEK2 replaces the existing value in storage.
(e) Use the OWF with the temporary KEK produced in Step (b) as the key and the
value D as the data to produce the new 128-bit value of KEK1.
(f) The new value of KEK1 replaces the old KEK1 in storage.
The process is illustrated in Figure 2.

Thales e-Security 159

 Appendix J – Derivation of the PIN Encryption Key

Appendix J – Derivation of the PIN Encryption Key

Single Length TPK
The PIN Encryption Key (KPE) is formed by combining a single length Terminal PIN
Key (TPK) with two 64-bit fields (known as the E Field and the F Field) using the
exclusive-or operation.
The E Field is derived from the Systems Trace Audit Number (STAN) and the F Field
is derived from the transaction amount, as follows:
E Field: The 6 digits (24 bits) of the STAN, left justified and right zero filled to
a total length of 64 bits, shifted left 1 bit.
F Field: The 12 digits (48 bits) of the transaction amount, right justified and
left zero filled to a total length of 64 bits, shifted left 1 bit.
Fields E & F are X’or ed to form a temporary value.
This temporary value is then X’or ed with the TPK to form the KPE
Example:

160 Thales e-Security

Appendix J – Derivation of the PIN Encryption Key

Double Length TPK

See Ref.8.5 - AS2805.6.4 section 6.6.3 (2001) as follows:

PIN enciphering key (KPE)

General
The PIN enciphering key (KPE) is used to encipher the PIN block.

Inputs
The inputs to the KPE calculation shall be the systems trace audit number (STAN),
transaction amount, and PIN protection key (KPP)

Algorithm
KPE shall be calculated as follows:
(a) Field E comprises the 6 digits (24 bits) of the STAN, left justified, and right
zero-filled to a total length of 64 bits.
(b) Field F comprises the 12 digits (48 bits) of the transaction amount, right
justified and left zero-filled to a total length of 64 bits.
(c) Field E and F are concatenated to produce the temporary value D.
(d) Use the OWF with the KPP as the key and D as the data.
(e) The result is KPE.
The process is illustrated in Figure 3.

Thales e-Security 161

 Appendix J – Derivation of the PIN Encryption Key

162 Thales e-Security

Appendix K – AS2805.3 PIN block formats

Appendix K – AS2805.3 PIN block formats

AS2805 Format 1 PIN block
The AS2805 Format 1 PIN block is used in situations where the account number is
not available. The PIN block is formed by concatenation of the PIN and other data.
The AS2805 Format 1 PIN block has the format;

C N P P P P P/ P/ P/ P/ P/ P/ P/ P/ T T
T T T T T T T T

Where;
C = Control field = binary 0001
N = PIN length = binary 0100 to 1100
P = PIN digit = binary 0000 to 1001
P/T = PIN/other = determined by PIN length
T = Other data = binary 0000 to 1111
This format is accommodated by using the standard Format 05 for the PIN block and
entering all “zero’s” in place of the account number in PIN functions.

AS2805.3 Format 8 PIN block (format 46)

Support for “zero” length PIN block

The zero length PIN block format is identical to format 01 with the following
exceptions.
If the Control Field is 0, then the PIN block is processed as a standard format 01 PIN
block. If the Control Field is not 0 then the following rules apply.
If the second character is 0 then the PIN block is a Zero PIN block. No checking of
the PIN block is required in this case.
If the second character is not 0 or in the range 4 to C (hex), inclusive, then return
error code 24 and terminate processing.
If the input command is a verify PIN command and the second character is 0 then
return error code 88 and terminate processing.
If the input command is a translate PIN command and the second character is 0,
form a new PIN block as follows:
The new PIN block has the format 80RRRRRRRRRRRRFF (hex), where R denotes a
random hexadecimal character.
When a Zero PIN block is encountered in a standard PIN verify or PIN translate
command, error code 88 will be returned as notification only. Processing will
continue.
The individual standard commands affected by this PIN Block format are:
CA, CC, DA, DC, EA and EC

Thales e-Security 163

 Appendix L – Error messages

Appendix L – Error messages

Most error messages are standard across all commands. Each command lists
those errors specifically for it, but some standard checking functions may produce
other errors that are only shown in this table. Some codes have more than one
description where the error condition is more specific in a particular command; this
is detailed in the command response.

Code : Description

00 : No errors 16 : Console or printer not ready / not

01 : Verification failure. CAM connected
validation error. Data Length 17 : HSM not in authorized state
error. 18 : Document definition format not
02 : Key inappropriate length for loaded
algorithm. Hash validation 19 : Specified Diebold table is invalid
failure. Invalid MK length.
20 : PIN block error.
03 : Invalid message type. Invalid
21 : Invalid index value, or index /
secret key type. Data Length
block count would cause overflow
error. Zero PINblock received.
condition
04 : Invalid key type code. Invalid
22 : Invalid account number
secret key flag. Public key does
not conform to encoding rules. 23 : Invalid PIN block format code
Key Length invalid 24 : PIN is fewer than 4 or more than
05 : Invalid key length flag. Invalid 12 digits long. PIN is not 4 digits.
message block number. Invalid 25 : Decimalization table error
hash identifier. Invalid number of 26 : Invalid key scheme
Input pairs or not even.
27 : Incompatible key length
06 : Invalid signature identifier.
28 : Invalid key type
Invalid public key Algorithm
Identifier 29 : Key function not permitted
07 : Public exponent length error. 30 : Invalid reference number
MAC mode, key length 31 : Insufficient solicitation entries for
mismatch. batch
08 : Invalid public exponent 33 : LMK key change storage is
09 : Secret key error, report to corrupt
supervisor 40 : Invalid firmware checksum
10 : Source key parity error. Or 41 : Internal hardware / software
other input key parity error. error: bad RAM, invalid error
11 : Destination key parity error. Key codes, etc.
all 0s. 42 : DES failure
12 : Contents of user storage not 47 : DSP error; report to supervisor
available. Reset, power down or (RG7000 series only)
overwrite.
49 : Corrupt SK
13 : LMK error - report to
Supervisor 50 : Key comprises all zeros
14 : PIN encrypted under LMK pair 51 : KV parity error
02-03 is invalid 76 : Signature/KEK length <> modulus
15 : Invalid input data – unable to length
identify the individual fields in the 77 : Decrypted Signature/KEK blocks
input corrupt

164 Thales e-Security

Appendix L – Error messages

78 : SK length error 90 : Data parity error in the request

80 : Data length error. The MAC message received by the HSM
or other data amount is not as 91 : Longitudinal Redundancy Check
expected (LRC) failure on input date
81 : Signature length error (transparent async only)
82 : Invalid trailer 92 : Count value is incorrect or outside
limits (transparent async only)
83 : Invalid certificate format
84 : Invalid subject ID 97 : RSA key generation error
88 : Zero PIN block encountered;
advice only.

Thales e-Security 165

 Appendix M – Australian Key Schemes

Appendix M – Australian Key Schemes

Three new key schemes (G, H and I) are specified for this firmware. They are used
for the import and export of keys under Zone Master keys, Terminal Master Keys
and Key Encrypting Keys.
The Key scheme G applies to single length keys. The Key scheme H applies to
double length keys. The key scheme I applies to triple length keys.
The mechanism for the key scheme is to apply an appropriate variant (see Appendix
D) to the encrypting key then to encrypt the working key using the CBC method.
NOTE: The variant used is determined by the length of the key being encrypted,
NOT the length of the key performing the encryption

Examples:

G Scheme. (Single Length Data/Session Key)

With the 'G' scheme regardless of the length of the key encrypting the
Data/Session key the variant applied from Appendix D is the single length variant.
e.g.
ZMK – 0404 0404 0404 0404 0808 0808 0808 0808
ZAK– 2020 2020 2020 2020
ZAK Variant - 2424 2424 2424 2424 2424 2424 2424 2424 (from Appendix
D)
Encrypting Key (ZMK with variant applied) – 2020 2020 2020 2020 2C2C 2C2C
2C2C 2C2C
ZAK Encrypted under ZMK ( ZAK CBC encrypted using ZMK with variant applied)
G 7B19 0BFF 522D E15D

H Scheme. (Double Length Data/Session Key)

With the 'H' scheme regardless of the length of the key encrypting the
Data/Session key the variant applied from Appendix D is the double length variant.
e.g.
ZMK – 0404 0404 0404 0404 0808 0808 0808 0808
ZAK– 2020 2020 2020 2020 4040 4040 4040 4040
ZAK Variant - 24C0 24C0 24C0 24C0 24C0 24C0 24C0 24C0 (from Appendix D)
Encrypting Key (ZMK with variant applied) – 20C4 20C4 20C4 20C4 2CC8 2CC8
2CC8 2CC8
ZAK Encrypted under ZMK ( ZAK CBC encrypted using ZMK with variant applied)
H 27C9 B3BA C267 FEA7 1BF6 8BC1 5837 5F8C

166 Thales e-Security

Appendix M – Australian Key Schemes

I Scheme. (Triple Length Data/Session Key)

With the 'I' scheme regardless of the length of the key encrypting the Data/Session
key the variant applied from Appendix D is the triple length variant.
e.g.
ZMK – 0404 0404 0404 0404 0808 0808 0808 0808
ZAK– 2020 2020 2020 2020 4040 4040 4040 4040 0D0D 0D0D 0D0D
0D0D 0D0D
ZAK Variant - 2430 2430 2430 2430 2430 2430 2430 2430 (Appendix D)
Encrypting Key (ZMK with variant applied) – 2034 2034 2034 2034 2C38 2C38
2C38 2C38
ZAK Encrypted under ZMK ( ZAK CBC encrypted using ZMK with variant applied)
I E2D5 D40F 9433 DBCB 77AB 8654 D404 1AAF 4F53 4FE0 C7C0 E103

Commands that support Australian key schemes

Standard console commands

KG, IK, KE

Standard host commands

A0, A6, A8, BW; EA; EC; CC; BU

Custom host commands

OI, OK, OO, OQ, CO, OY, PI, D6, E0, E2, E8,

Thales e-Security 167

 Appendix N – AS 2805.6.2 Support Appendices

Appendix N – AS 2805.6.2 Support Appendices

Appendix N-A: One-way Function
The One-way Function (OWF) used in the commands specified in this document is
defined in the AS2805.5.4 standard (Ref.8). It is described below.
Let K be a DES key and let D be a data block, of arbitrary length, n bits.
If n is not a multiple of 64 then append a single binary “1” followed by as many
binary zeros as necessary to make the data a multiple of 64 bits (possibly none).
Let D* denote the padded data. Two distinct cases exist:

Case 1 – D* has length 64 (and so n  64)

1. Decrypt D* with K.
2. Combine the result of step 1 with D*, using the exclusive-or operation.
3. Discard the rightmost (64-n) bits of the result of step 2 and denote the
result by X, so that X has length n bits.
4. Then:
X = OWF(K, D).

Case 2 – D* has length greater than 64 (and so n > 64)

1. Let V denote the final 64-bit block of CBC encryption of D* with K, with a
zero initial value.
2. Encrypt D* with K, using CBC encryption and an initial vector = V.
3. Combine the result of step 2 with D*, using the exclusive-or operation.
4. Discard the number of padding bits originally appended to D from the result
of step 3 and denote the result by Y, so that Y has length n bits.
5. Then:
Y = OWF(K, D).

168 Thales e-Security

Appendix N – AS 2805.6.2 Support Appendices

Appendix N-B: Derivation of Data Values

A number of 128-bit Data Values (DV1, DV2, DV4, DV5 and DV6) are derived from
data fields on track 2 of the card. These fields are each 32 bits in length and are
known as fields A, B, C and D. They are defined as follows, where “” denotes
concatenation:
“A  B” denotes the 16 character PAN, including the check digit, immediately
preceding the Field Separator.
“C  D” denotes the 16 character “Other Card Data”, immediately following the
YYMM field.
From fields A, B, C and D, five Card Values (CV1 – CV5) are formed:
CV1 = A  B
CV2 = B  A
CV3 = A  C
CV4 = B  D
CV5 = C  D
Then,
DV1 = CV1  CV1
DV2 = CV2  CV2
DV4 = CV3  CV4
DV5 = CV4  CV3
DV6 = CV5  CV5
Finally, two other Data Values DV3 (128 bits) and DV7 (64 bits) are defined as
follows.
Define the 64-bit values (left justified and zero padded, if necessary):
STAN = Systems Trace Audit Number
CATID = Card Acceptor Terminal Identification
AT = Transaction Amount

Then,
DV3 = STAN  CATID
DV7 = (STAN  CATID  AT),
where “” denotes the exclusive-or operation.

Thales e-Security 169

 Appendix N – AS 2805.6.2 Support Appendices

Appendix N-C: MAC Key Derivation

The transaction MAC Key is derived from the Data Value DV1 (see Appendix N-B)
and a variant of the Terminal Key, via:
MAC Key = OWF((Terminal Key)  (Variant 1), DV1),
where  denotes the exclusive-or operation and Variant 1 is defined as
Variant 1 = X’24C024C024C024C024C024C024C024C0.
In diagrammatic form:

170 Thales e-Security

Appendix N – AS 2805.6.2 Support Appendices

Appendix N-D: PIN Encipherment Key Derivation

The transaction PIN Encipherment Key is derived from the Data Value DV2 (see
Appendix N-B) and a variant of the Terminal Key, via:
PIN Encipherment Key = OWF((Terminal Key)  (Variant 2), DV2),
where  denotes the exclusive-or operation and Variant 2 is defined as
Variant 2 = X’28C028C028C028C028C028C028C028C0.
In diagrammatic form:

Thales e-Security 171

 Appendix N – AS 2805.6.2 Support Appendices

Appendix N-E: Privacy Key Derivation

The Privacy Key derivation used with the QM & QO commands specified at Section
10.15 and 10.16 respectively.
The transaction Privacy Key is derived from the Data Value DV3 (see Appendix N-B)
and a variant of the Terminal Key, via:
Privacy Key = OWF((Terminal Key)  (Variant 3), DV3),
where  denotes the exclusive-or operation and Variant 3 is defined as
Variant 3 = X’22C022C022C022C022C022C022C022C0.
In diagrammatic form:

172 Thales e-Security

Appendix N – AS 2805.6.2 Support Appendices

Appendix N-F: Terminal Key Update (AS2805.6.2)

A Terminal Key is updated as follows:
Concatenate the 64-bit MAC Residue (X) from the Request Message and the 64-bit
MAC Residue (Y) from the Response Message, to form a 128-bit value, Data.
Then,
New Terminal Key = OWF(Current Terminal Key, Data).

Thales e-Security 173

 Appendix N – AS 2805.6.2 Support Appendices

Appendix N-G: MAC and MAC Residue Calculation

A Message Authentication Code (MAC) is calculated over a data block D, using a
double length key K. A MAC may be 32, 48 or 64 bits in length, as required.
1. Append as many binary zeros to D as necessary to produce a data block D*
with length a multiple of 64 bits.
2. Let C denote the last ciphertext block obtained by encrypting D* with K, using
the CBC mode of encryption with a zero initial value.
3. Then
C = MAB(K, D)
and
MAC(K, D) = leftmost 32, 48 or 64 bits of MAB(K, D), as required.
4. Encrypt C with K, using the ECB mode of encryption to produce the MAB
Extension.
5. Concatenate MAB(K, D) and the MAB Extension to form the Extended MAB.
6. Then the MAC Residue, MAR(K, D), is defined as the next 64 bits of the
Extended MAB after MAC(K, D).
Three cases are possible:

MAC Length MAR(K, D)

32 bits Bits 33 – 96 of the Extended MAB, where the leftmost bit is bit 1
48 bits Bits 49 – 112 of the Extended MAB, where the leftmost bit is bit 1
64 bits Bits 65 – 128 of the Extended MAB, where the leftmost bit is bit 1

174 Thales e-Security

Appendix N – AS 2805.6.2 Support Appendices

Appendix N-H: Authentication Parameter

The Authentication Parameter (AP or Auth Para) is a 64-bit value constructed by
the Card Issuer, or his agent, to confirm the approval of a transaction and,
specifically, the amount of the transaction. AP is calculated using the One-way
Function (OWF), defined in Appendix N-A and various Data Values, defined in
Appendix N - B, as follows:
Let
Card Key = OWF(DV4, DV5),
then
Decoupling Key = OWF(Card Key, DV6)
and
AP = OWF(Decoupling Key, DV7).

Thales e-Security 175

 Appendix O – AS 2805.6.2 (Single DES) Support Appendices

Appendix O – AS 2805.6.2 (Single DES) Support

Appendices
Appendix O-A: One-way Function
The One-way Function (OWF) used in the commands specified in this document is
described below.
Let K be a single length DES key and let D be a 64-bit data block.

1. Decrypt D with K.

2. Combine the result of step 1 with D, using the exclusive-or operation, and
denote the result by X.

3. Then:
X = OWF(K, D).
In diagrammatic form:

176 Thales e-Security

Appendix O – AS 2805.6.2 (Single DES) Support Appendices

Appendix O-B: Derivation of Card and Data Values

A number of Card Values (CV1, CV2, CV3, CV4 and CV5) are derived from data
fields on track 2 of the card. These fields are each 32 bits in length and are known
as fields A, B, C and D. They are defined as follows, where “” denotes
concatenation:
“A  B” denotes the 16 character PAN, including the check digit, immediately
preceding the Field Separator.
“C  D” denotes the 16 character “Other Card Data”, immediately following the
YYMM field.
From fields A, B, C and D, the five Card Values (CV1 – CV5) are formed:
CV1 = A  B
CV2 = B  A
CV3 = A  C
CV4 = B  D
CV5 = C  D
One further Data Value DV6 (64 bits) is defined as follows.
Define the 64-bit values:
STAN = Systems Trace Audit Number (6 digits (24 bits), left shifted one bit and
right filled with binary zeros);
CATID = Card Acceptor Terminal Identification (8 characters (64 bits), left shifted
one bit and right filled with binary zeros);
AT = Transaction Amount (12 digits (48 bits), right justified and left filled with binary
zeros).
Then,
DV6 = (STAN  CATID  AT),
where “” denotes the exclusive-or operation.

Thales e-Security 177

 Appendix O – AS 2805.6.2 (Single DES) Support Appendices

Appendix O-C: MAC Key Derivation

The transaction MAC Key is derived from the Card Value CV1 (see Appendix O-B)
and a variant of the Terminal Key, via:
MAC Key = OWF(CV1, (Terminal Key)  (Variant 1)),
where  denotes the exclusive-or operation and Variant 1 is defined as
Variant 1 = X’2424242424242424.
In diagrammatic form:

Important Note:
In the MAC Key derivation, above, CV1 is used as the key input to the OWF and
((Terminal Key)  (Variant 1)) is used as the data input to the OWF.

178 Thales e-Security

Appendix O – AS 2805.6.2 (Single DES) Support Appendices

Appendix O-D: PIN Encipherment Key Derivation

The transaction PIN Encipherment Key is derived from the Card Value CV2 (see
Appendix O-B) and a variant of the Terminal Key, via:
PIN Encipherment Key = OWF(CV2, (Terminal Key)  (Variant 2)),
where  denotes the exclusive-or operation and Variant 2 is defined as
Variant 2 = X’2828282828282828.
In diagrammatic form:

Important Note:
In the PIN Encipherment Key derivation, above, CV2 is used as the key input to the
OWF and ((Terminal Key)  (Variant 2)) is used as the data input to the OWF.

Thales e-Security 179

 Appendix O – AS 2805.6.2 (Single DES) Support Appendices

Appendix O-E: Terminal Key Update

A Terminal Key is updated as follows:
Concatenate the 32-bit MAC Residue (MARX) from the Request Message and the
32-bit MAC Residue (MARY) from the Response Message, to form a 64-bit value,
Data. Then,
New Terminal Key = OWF(Current Terminal Key, Data).
Important Note:
The New Terminal Key must not be adjusted for parity.
Important Note:
In the New Terminal Key derivation, above, the Current Terminal Key is used as the
key input to the OWF and the concatenation of the MARX and MARY is used as the
data input to the OWF.

180 Thales e-Security

Appendix O – AS 2805.6.2 (Single DES) Support Appendices

Appendix O-F: MAC and MAC Residue Calculation

A 32-bit Message Authentication Code (MAC) is calculated over a data block D,
using a single length key K. This process also produces a 32-bit MAC Residue
(MAR).

1. Append as many binary zeros to D as necessary to produce a data block D*

with length a multiple of 64 bits.

2. Let C denote the last ciphertext block obtained by encrypting D* with K, using
the Cipher Block Chaining (CBC) mode of encryption with a zero initial value.

3. Then
MAC(K, D) = leftmost 32 bits of C and MAR(K, D) = rightmost 32 bits of C.

Thales e-Security 181

 Appendix O – AS 2805.6.2 (Single DES) Support Appendices

Appendix O-G: Card Key and Authentication Parameter

The Authentication Parameter (AP or Auth Para) is a 64-bit value constructed by
the Card Issuer, or his agent, to confirm the approval of a transaction and,
specifically, the amount of the transaction. AP is calculated using the One-way
Function (OWF), defined in Appendix O-A and various Card and Data Values, defined
in Appendix O-B, as follows:
Let
Card Key = OWF(CV3, CV4),
then
Decoupling Key = OWF(CV5, Card Key)
and
AP = OWF(Decoupling Key, DV6).
Important Note:
In the above calculations, CV3, CV5 and Decoupling Key are used as the key inputs
to the OWF and CV4, Card Key and DV6 used as the data inputs to the OWF,
respectively.

182 Thales e-Security

Appendix S – APCA Functional Specification Comparison Guide

Appendix S – APCA Functional Specification

Comparison Guide

APCA Thales Command Code

APCA SCM Function Command
Base HSM This
Code F/W Specification

General
1.1.1 Echo Test 0000 B2
1.1.2 SCM Status Extended 0002 NO
1.1.2 Function Status 0005 None None
1.1.4 KM Status 0006 NC
1.1.5 Format Status 0007 None None
1.1.6 Set Clock 0015 Console: None
SETTIME
1.1.7 Get Clock 0016 Console: None
GETTIME
1.1.8 MD5Gen 0020 GM
1.1.9 SHAGen 0021 GM
Interchange
1.2.1 Encipher 2500 PU
1.2.2 Decipher 2600 PW
1.2.3 KEKGEN – 6.3 D501 F6
1.2.4 KEKREC – 6.3 D502 F8
1.2.5 NodeKeyGen - 6.3 3A00 OI
1.2.6 RTMK (Key Translation - Receive) 4500 OK
1.2.7 VISA REC 4501 A6
1.2.8 KEKGEN –VISA 4502 A0
1.2.9 VISA-REC-IWK 4503 A6
1.2.10 VISA-REC-AWK 4504 A6
1.2.11 Kmmigrate (KM Translation) 4600 BW
1.2.12 MACGen - 6.3 and 6.4 5500 C2
1.2.13 MACVerify - 6.3 and 6.4 5600 C4
1.2.14 NodeProof E520 E0
1.2.15 NodeResp E530 E2
1.2.16 KVC request 7510 BU
1.2.17 ENCIPHER – OFB 2700 PU
1.2.18 DECIPHER – OFB 2800 PW

Thales e-Security 183

 Appendix S – APCA Functional Specification Comparison Guide

Terminal to node AS 2805.6.4

2.1 TermKeyGen1-2000 3500 PI & OU
2.2 TermKeyGen2-2000 3510 PI & OW
2.3 TermKeyInit - 6.4-2000 3630 C0
2.4 PINVerify - 6.4-2000 6510 F0
2.5 PINVerify VISA 6.4-2000 6511 F2
2.6 KACalc-2000 B520 C8
2.7 KAExport-2000 B530 FE
2.8 KAImport-2000 B540 FC
2.9 VerifyPPID-2000 E540 D2
2.10 TermProof-2000 – 6.4 2000 E500 E4
2.11 HostProof-2000 – 6.4 2000 E510 E6
2.12 KIA Send B550 A8
2.13 KIA Receive B560 A6
2.14 TKEYGEN 3144 None None

Terminal to node AS 2805.6.2

3.1 PINKEYCHANGE 46A0 None

3.2 ENCIPHER CBC 2511 PU
3.3 DECIPHER CBC 2611 PW
3.4 ENCIPHER ECB 2501 PU
3.5 DECIPHER ECB 2601 PW
3.6 PINBLOCKTRANS 6.2 -> 6.3 6640 None None
3.7 TERMKEYUPDATE 3710 None None
3.8 ENCIPHER OFB 25A0 PU
3.9 DECIPHER OFB 26A0 PW
3.10 MAC GENERATE 5510 None None
3.11 MAC VERIFY 5610 RE
3.12 MAC VERIFY (Completion Confirmation 5620 RQ
Message)
3.13 TERMKEYINIT 3640 RW
3.14 APGEN E600 RU
3.15 MAC GENERATE NDC+ 5530 None None
3.16 MAC VERIFY NDC+ 5630 None None
ATM
4.1 ABKeyGen-2000 3B00 HC
4.2 CkeyGen-2000 3B10 HC
4.3 MkeyGen-2000 3B20 HC

184 Thales e-Security

Appendix S – APCA Functional Specification Comparison Guide

4.4 ATMKEYGEN 3B30 A0

Public Key
5.5 KMMigrate DEA2 4610 EM
5.6 GetPublic-2000 C500 None None
5.7 NodeKEKSend-2000 C600 H4
5.8 NodeKEKRec-2000 C610 H6
5.9 GetDEA2Pair C620 EO & EI
5.10 NodeKEKSend-2000-Export C700 H4
5.11 NodeKEKRec-2000-Export C710 H6
5.12 Load Public C6A0 None None
5.13 Load Public-NDC+ C6B0 None None
5.14 SignPublic NDC+ C6C0 None None
5.15 Verify EPP NDC+ C6D0 None None
5.16 NodeKEKsend-NDC+ C720 A0, GK & EW
5.17 Verify Certificate C800 ES
5.18 SignPublic PKCS#10 C810
5.19 Construct Key Token B1 C850 None None
5.20 Verify Key Token A2 C860 None None
Retained
6.1 CHESSKEKGEN – 6.3 D001 F6 F6
6.2 CHESSKEKREC – 6.3 D002 F8 F8
6.3 APGEN (old replaced by 3.14)
PIN and CARD Functions
7.1 PINTrans - IBM3624 to 6.3 6680 CA
7.2 PINTrans - 6.3 to 6.3 6600 CC
7.4 PVVGen - using given PIN 65B4 DG
7.5 PINVerify VISA 6.3 6501 DC
7.6 PINVerify 6.3 6500 EC
7.7 PPASNVerify F013 E4
7.8 PPIDEncrypt F014 D0
7.9 PINTrans - 6.4 to 6.3 6610 PO
7.10 CVVGEN 8500 CW
7.11 CVVKEYGEN 8600 AS
7.12 CVVKEYIMPORT 8510 AW
7.13 CVVVERIFY 8520 CY
Terminal Remote Initialisation
8.1 SponsorKeyGen B510 A0

Thales e-Security 185

 Appendix S – APCA Functional Specification Comparison Guide

8.2 InitialKeyRec B580 I0

8.3 LoadKCA B590 A8
8.4 GetPublicPair -TCU C630 EI
8.5 TCUPublicRec C640 H0
8.6 TermKeyInit - remote 3633 PI & PK &
F4
8.7 TermKeyReinit - remote 3634 PI & D0
8.8 RandGen B570 C6
8.9 TermKeyInit Remote – 6.2 3643 RW & PK &
F4
Approved Extensions
9.1 KTKALC B510 None

Notes:
Other commands available in this specification which have no equivalent in the APCA
specification but which are required for Thales customers include:
C0, C2, C4, D4, D6, D8, E8, OO, OQ, OU, OY, PM, H8

186 Thales e-Security

Appendix T – Key Notation comparison table

Appendix T – Key Notation comparison table

Australian Standards Thales
Code Meaning Code Meaning
A ATM A Key TMK1 Terminal Master Key
B ATM B Key TMK2 Terminal Master Key
C Communications Key C Communications Key
Card Acceptor terminal Card Acceptor terminal
CATID Identification CATID Identification
CVV Card Verification Value CVV Card Verification Value
Cross Acquirer Key encrypting
KCA Cross Acquirer Key KCA Key
KCVV Card Verification Value Keys CVK Card Verification Key
KD Data Key KD Privacy Key (Denoted KD)
KEK Key Encrypting Key KEK Key Encrypting Key
TMK/TE Terminal Master/Encryption
KIA Acquirer Initialization Key K Key
KM Domain Master Key LMK Local Master Key
TAK/ZA Terminal/Zone Authentication
KMAC MAC Key K Key
KMACH HouseKeeping MAC Key TAK Terminal Authentication Key
KMACI Initial MAC Key TAK Terminal Authentication Key
KPE Pin Encryption Key TPK Terminal Pin Key
TPK /
KPP Pin Protect Key ZPK Terminal / Zone Pin Key
KPV Pin Verification Key PVK Pin Verification Key
KPVVA Visa Pin Verification Key A PVK Pin Verification Key
KPVVB Visa Pin Verification Key B PVK Pin Verification Key
KT Terminal Key KT Transaction Key
KTK Key Transport Key ZMK Zone Master Key
KVC Key Verification Code KCV Key Check Value
M ATM M Key (Master) TMK Terminal Master Key
PK Public Keys PK Public Key
Pin Pad Acquirer Secret
PPASN Pin Pad Security Number PPASN Number
PPID Pinpad Identification Number PPID Pin Pad Identification Number
Verification Code of Public
PVC Key PVC Public Key Verification Code
PVV Pin Verification Value PVV Pin Verification Value
SK Secret Key SK Secret Key

Thales e-Security 187

 Appendix T – Key Notation comparison table

Australian Standards Thales

Code Meaning Code Meaning
STAN System Trace Audit Number STAN System Trace Audit Number
Acquirer Master Key Acquirer Master Key Encrypting
KMA Encrypting Key KMA Key
ZEK Zone Encryption Key

Note: 1= Variant1, 2=Variant2 e.g TMK1 or TMK2

Note: s=Send r=Receive e.g KEKs or KEKr

188 Thales e-Security

Appendix U1 – DEA 2 Text Block - DFormat 1

Appendix U1 – DEA 2 Text Block - DFormat 1

The RSA datablock format conforms to the APCA Dformat1 specifications
(described in APCA2000 Specification Version 3 , section 5.4.4.1), Reference 10.
The clear datablock has the following format:

Byte Bits Description

0 7-6 00 = Always less than modulus.

5-1 00001 = block format 1.

0 0 = no padding used, 1 = padding used.

1 Normally zero unless an identity transform (concealing) would have

occurred.

2 Number n of 8 byte blocks in the modulus of the key enciphering

this data.

3-4 Checksum of bytes 5through 8n-1.

Var (5 to Up to 8n-5 bytes of data, left justified. If data is less than (8n-5)
8n-1) bytes, append random pad bytes and pad byte count in byte 8n-1.
The pad count includes byte 8n-1.

Notes:
1. 8n represents the size of the modulus of the DEA 2 key that enciphers the
DFormat 1 textblock.
2. The leftmost byte of a block (byte 0) is the most significant byte and the
rightmost byte (e.g. byte 63) is the least significant byte.
3. A short data sequence will be padded to the right with random bits, and a pad
count.
4. The checksum is calculated as the 16-bit sum of bytes 4 to 8n-1 with a rotate
left of 1 bit to the working total before each byte is added in.
5. The maximum amount of data that can be enciphered is 8n-6 bytes. The actual
data block size is 8n-6-[8n-1] (where [x] means “contents of byte x”).

Thales e-Security 189

 Appendix U1 – DEA 2 Text Block - DFormat 1

Validation of this block includes the following steps:

The length of the data to be validated is equal to the length (in bytes) of the modulus
of the key to be used for the validation - if not, return error code 76.
1. Byte 0 of the clear data block is 0x02 or 0x03 - if not, return error code 77.
2. Byte 1 of the clear data block is 0x00 - if not, return error code 77.
3. Byte 2 of the clear data block must be equal to the modulus length in bytes -
if not return error code 77.
4. Compute a checksum on the clear data; if not equal to bytes 3-4 of the clear
data block return error code 77.

190 Thales e-Security

Appendix U2 – Public Key Encoding

Appendix U2 – Public Key Encoding

The HSM supports the following public key encoding types:
Type = 01 (DER encoding for an ASN.1 public key)
An ASN.1 RSAPublicKey has the following definition (see Ref.6):
RSAPublicKey : : = SEQUENCE {
modulus INTEGER, - - n
publicExponent INTEGER - - e }

Thales e-Security 191

V V V
Americas Asia Pacific Europe, Middle East, Africa

THALES e-SECURITY THALES e-SECURITY THALES e-SECURITY

900 South Pine Island Road Unit 4101, 41/F Meadow View House
Suite 710 248 Queen's Road East Long Crendon
Plantation Wanchai Aylesbury
Florida Hong Kong, Buckinghamshire
33324. USA PRC HP18 9EQ. UK

T: +1 888 744 4976 T: +852 2815 8633 T: +44 (0)1844 201800

or +1 954 888 6200
F: +1 954 888 6211 F: +852 2815 8141 F: +44 (0)1844 208550
E: [email protected] E: [email protected] E: [email protected]

© Copyright 1987 - 2014 THALES UK LTD

This document is issued by Thales UK Limited (hereinafter referred to as Thales) in confidence and is not to be reproduced in whole
or in part without the prior written approval of Thales. The information contained herein is the property of Thales and is t o be used
only for the purpose for which it is submitted and is not to be released in whole or in part without the prior written permis sion of
Thales.