generateMacEmvPinChange method
- required DerivationMethodAttributes derivationMethodAttributes,
- required String messageData,
- required String newEncryptedPinBlock,
- required String newPinPekIdentifier,
- required PinBlockFormatForEmvPinChange pinBlockFormat,
- required String secureMessagingConfidentialityKeyIdentifier,
- required String secureMessagingIntegrityKeyIdentifier,
Generates an issuer script mac for EMV payment cards that use offline PINs as the cardholder verification method (CVM).
This operation generates an authenticated issuer script response by appending the incoming message data (APDU command) with the target encrypted PIN block in ISO2 format. The command structure and method to send the issuer script update to the card is not defined by this operation and is typically determined by the applicable payment card scheme.
The primary inputs to this operation include the incoming new encrypted pinblock, PIN encryption key (PEK), issuer master key (IMK), primary account number (PAN), and the payment card derivation method.
The operation uses two issuer master keys - secure messaging for confidentiality (IMK-SMC) and secure messaging for integrity (IMK-SMI). The SMC key is used to internally derive a key to secure the pin, while SMI key is used to internally derive a key to authenticate the script reponse as per the EMV 4.4
- Book 2 - Security and Key Management specification.
This operation supports Amex, EMV2000, EMVCommon, Mastercard and Visa derivation methods, each requiring specific input parameters. Users must follow the specific derivation method and input parameters defined by the respective payment card scheme. Cross-account use: This operation supports cross-account use when the key has a resource-based policy that grants access. For more information, see Resource-based policies.
Related operations:
May throw AccessDeniedException.
May throw InternalServerException.
May throw ResourceNotFoundException.
May throw ThrottlingException.
May throw ValidationException.
Parameter derivationMethodAttributes :
The attributes and data values to derive payment card specific
confidentiality and integrity keys.
Parameter messageData :
The message data is the APDU command from the card reader or terminal. The
target encrypted PIN block, after translation to ISO2 format, is appended
to this message data to generate an issuer script response.
Parameter newEncryptedPinBlock :
The incoming new encrypted PIN block data for offline pin change on an EMV
card.
Parameter newPinPekIdentifier :
The keyARN of the PEK protecting the incoming new encrypted
PIN block.
Parameter pinBlockFormat :
The PIN encoding format of the incoming new encrypted PIN block as
specified in ISO 9564.
Parameter secureMessagingConfidentialityKeyIdentifier :
The keyARN of the issuer master key (IMK-SMC) used to protect
the PIN block data in the issuer script response.
Parameter secureMessagingIntegrityKeyIdentifier :
The keyARN of the issuer master key (IMK-SMI) used to
authenticate the issuer script response.
Implementation
Future<GenerateMacEmvPinChangeOutput> generateMacEmvPinChange({
required DerivationMethodAttributes derivationMethodAttributes,
required String messageData,
required String newEncryptedPinBlock,
required String newPinPekIdentifier,
required PinBlockFormatForEmvPinChange pinBlockFormat,
required String secureMessagingConfidentialityKeyIdentifier,
required String secureMessagingIntegrityKeyIdentifier,
}) async {
final $payload = <String, dynamic>{
'DerivationMethodAttributes': derivationMethodAttributes,
'MessageData': messageData,
'NewEncryptedPinBlock': newEncryptedPinBlock,
'NewPinPekIdentifier': newPinPekIdentifier,
'PinBlockFormat': pinBlockFormat.value,
'SecureMessagingConfidentialityKeyIdentifier':
secureMessagingConfidentialityKeyIdentifier,
'SecureMessagingIntegrityKeyIdentifier':
secureMessagingIntegrityKeyIdentifier,
};
final response = await _protocol.send(
payload: $payload,
method: 'POST',
requestUri: '/macemvpinchange/generate',
exceptionFnMap: _exceptionFns,
);
return GenerateMacEmvPinChangeOutput.fromJson(response);
}