Java Web Based HSM Simulator

HarSM ver 0.9 new!!

Now Support CVV and PVV Calculation for VISA, Mastercard and AMEX cards

MENU

• Welcome

 

• Documentation

 

• ISO 8583 Security Premier

 

• Download

 

• FORUM

 

• About Me

 

• HELPTHEKIDS

 

• HTest ISO 8583
  Simulator

• HThalesAdaptor Java Thales Library

 

ISO 8583 Security Premier

 

In the world of financial switching software, you probably have come across terminology such as LMK, ZMK, TAK, ZPK and MAC. This tutorial aims to give you a quick overview of what those things are and how to develop a working application using the HarSM simulator to accomodate those needs.

 

With security enabled ISO 8583 switching connection, either between institutions, between a POS and switching server or between the mainframe and an ATM, if there is a PIN and PAN number involved there would most likely be some security. ISO 8583 generally use simple DES symetrical encryption for most of its transactions..

 

Before you connect to another financial institution, there should be some key component exchanges. the key components is used to generate the ZMK(Zone Master Key). Usually Insitution A gives Component A which it generated to institution B, and in return Institution B gives component B to Institution A. They both together combine the key components to form the ZMK.

INST A --> GEN COMP A ---> INST B

INST B --> GEN COMP B ---> INST A

INST A&B Combine Components --> ZMK

To generate the ZMK using HarSM use the KeyGenerationfrmComponents function

 

After which you will probably try to sign on with the 800 ISO Message, and some key exchanges will take place. Usually on sign on you will be given the TAK(MAC Key) and ZPK(Zone PIN Key) encrypted under the zmk.

You will need to translate this key from under ZMK to under your LMK to be able to use it with HarSM.

Example, suppose you get a TAK under ZMK of of 7E9530057390C805 with KCV of EAF4E5:

To get it under LMK use the following HarSM function

http://localhost:9090/trans?data=7E9530057390C805&key=4767355BDFCD4ED7

&keyType=CRYPT&alg=DES

Which will give you the TAK under LMK

443BB859A146CB8C;EAF4E5

As you can see the key check value match. KCV is calculated from the clear key component and is the same no matter your key is encrypted under ZMK, LMK or some other wrapping keys.

The Next Step you will probably need to generate the MAC, in order to continue with sign on process. MAC is usually generated from concating several ISO fields.

Here is an example.

http://localhost:9090/genMAC?data=03082040172040171&key=443BB859A146CB8C

&keyType=CRYPT&dataType=ASCII&alg=DES

Output

1B4F838C

Repeat the steps above for all the key exchanges you will be doing.

After the sign on process is completed, you are probably ready for your first transaction 200 ISO message. To generate the pinblock use the following example

http://localhost:9090/pinblock?pin=222222&pan=510481309999041

8&key=19DF9AD52A069C4A&keyType=CRYPT&alg=DES

And then we will have the encrypted PINBLOCK

FCB4BC06025448B9

 

Thats it, its relatively simple when you cut trough all the technical idioms, any questions email me at hairi@m-sinergi.com

 

 

Copyright Hairi Abass 2010