本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 特定于网络的功能
**Topics**
+ [签证特定功能](use-cases-issuers.networkfunctions.visa.md)
+ [万事达卡的特定功能](use-cases-issuers.networkfunctions.mastercard.md)
+ [美国运通的特定功能](use-cases-issuers.networkfunctions.amex.md)
+ [JCB 特定函数](use-cases-issuers.networkfunctions.jcb.md)
# 签证特定功能
**Topics**
+ [ARQC-/ CVN18CVN22](#use-cases-issuers.networkfunctions.visa.cvn18)
+ [ARQC- CVN10](#use-cases-issuers.networkfunctions.visa.cvn10)
+ [3DS CAVV V7](#use-cases-issuers.networkfunctions.visa.cavv-v7)
+ [DCvV(动态卡验证值)- CVN17](#use-cases-issuers.networkfunctions.visa.dcvv)
## ARQC-/ CVN18CVN22
CVN18 并 CVN22 使用 [CSK 密钥派生方法](use-cases-issuers.generalfunctions.arqc.md)。这两种方法的确切交易数据会有所不同,有关构造交易数据字段的详细信息,请参阅方案文档。
## ARQC- CVN10
CVN10 是用于EMV交易的较旧Visa方法,它使用每卡密钥派生而不是会话(每笔交易)派生,并且还使用不同的有效负载。有关有效载荷内容的信息,请联系该计划了解详情。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CVN10"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyAttributes": {
"KeyUsage": "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": false,
"Sign": false,
"Verify": false,
"DeriveKey": true,
"NoRestrictions": false
}
},
"KeyCheckValue": "08D7B4",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/pw3s6nl62* t5ushfk。您需要在下一步中执行该操作。
### 验证 ARQC
**Example**
在此示例中,我们将验证使用Visa生成的ARQC。 CVN10
如果 AWS 支付密码学能够验证 ARQC,则会返回 http/200。如果 arqc 未经过验证,将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-auth-request-cryptogram --auth-request-cryptogram D791093C8A921769 \
--key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk \
--major-key-derivation-mode EMV_OPTION_A \
--transaction-data 00000000170000000000000008400080008000084016051700000000093800000B03011203000000 \
--session-key-derivation-attributes='{"Visa":{"PanSequenceNumber":"01" \
,"PrimaryAccountNumber":"9137631040001422"}}'
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4"
}
```
## 3DS CAVV V7
对于 Visa Secure (3DS) 交易,CAVV(持卡人身份验证值)由发卡机构访问控制服务器 (ACS) 生成。CAVV 是进行持卡人身份验证的证据,对于每笔身份验证交易都是唯一的,由收单方在授权消息中提供。CAVV v7 将有关交易的其他数据与批准绑定,包括商家名称、购买金额和购买日期等元素。这样,它实际上就是交易有效载荷的加密哈希值。
从密码学上讲,CAVV V7使用了CVV算法,但是输入都是关于如何生成输入以生成CAVV V7有效载荷的changed/repurposed. Please consult appropriate third party/Visa文档。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CAVV-V7"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/dnaeyrjgdjjtw6dk",
"KeyAttributes": {
"KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": true,
"Sign": false,
"Verify": true,
"DeriveKey": false,
"NoRestrictions": false
}
},
"KeyCheckValue": "F3FB13",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2023-06-05T06:41:46.648000-07:00",
"UsageStartTimestamp": "2023-06-05T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/dnaeyrjgdjjtw6* dk。您需要在下一步中执行该操作。
### 生成 CAVV V7
**Example**
在此示例中,我们将为给定交易生成 CAVV V7,其输入如规范中所述。请注意,对于此算法,字段可以重复使用/重新利用,因此不应假设字段标签与输入相匹配。
有关所有可用参数,请参阅 API 参考指南中的 [CardVerificationValue1](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_CardVerificationValue1.html)。
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/dnaeyrjgdjjtw6dk --primary-account-number=171234567890123 --generation-attributes CardVerificationValue1='{CardExpiryDate=9431,ServiceCode=431}'
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/dnaeyrjgdjjtw6dk",
"KeyCheckValue": "F3FB13",
"ValidationData": "491"
}
```
### 验证 CAVV V7
**Example**
为了进行验证,输入是 CVK、计算的输入值和交易期间提供的待验证的 CAVV。
有关所有可用参数,请参阅 API 参考指南中的 [CardVerificationValue1](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_CardVerificationValue1.html)。
CAVV 不是用户输入的值(比如 CVV2),而是由发行机构 ACS 计算的。应考虑在提供时是否应始终进行验证。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/dnaeyrjgdjjtw6dk --primary-account-number=171234567890123 --verification-attributes CardVerificationValue1='{CardExpiryDate=9431,ServiceCode=431} --validation-data 491
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/dnaeyrjgdjjtw6dk",
"KeyCheckValue": "F3FB13",
"ValidationData": "491"
}
```
## DCvV(动态卡验证值)- CVN17
DCvV(动态卡验证值)是一种专用于非接触式EMV交易的Visa专用动态密码。它被称为早期EMV,它通过为每笔交易生成唯一的验证值来增强安全性。DCvV 使用的输入包括主账号 (PAN)、PAN 序列号 (PSN)、应用程序交易计数器 (ATC)、不可预测的号码和轨道数据。它仍在某些地方使用,但大部分已被其他算法所取代,例如 CVN18。
有关所有可用参数,请参阅 [DynamicCardVerificationValue](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_DynamicCardVerificationValue.html)API 参考指南。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"DCVV"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/mw7dn3qxvkfh8ztc",
"KeyAttributes": {
"KeyUsage": "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": true,
"Sign": false,
"Verify": true,
"DeriveKey": false,
"NoRestrictions": false
}
},
"KeyCheckValue": "A8E4D2",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2025-02-02T11:45:30.648000-08:00",
"UsageStartTimestamp": "2025-02-02T11:45:30.626000-08:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/mw7dn3qxv* kfh8ztc。您需要在下一步中执行该操作。
### 生成 dcvV
**Example**
在此示例中,我们将为非接触式 EMV 交易生成 DCvV。输入包括 PAN、PAN 序列号、应用程序事务计数器、不可预测的数字和轨道数据。
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/mw7dn3qxvkfh8ztc \
--primary-account-number=5111112627662122 \
--generation-attributes DynamicCardVerificationValue='{ApplicationTransactionCounter=01,PanSequenceNumber=00,TrackData=12345,UnpredictableNumber=123}' \
--validation-data-length 5
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/mw7dn3qxvkfh8ztc",
"KeyCheckValue": "A8E4D2",
"ValidationData": "36667"
}
```
### 验证 dcvV
**Example**
在此示例中,我们将验证交易期间提供的 DCvV。必须提供用于生成的相同输入以进行验证。
如果 AWS 支付密码学能够验证,则会返回 http/200。如果该值未经过验证,它将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/mw7dn3qxvkfh8ztc \
--primary-account-number=5111112627662122 \
--validation-data=36667 \
--verification-attributes DynamicCardVerificationValue='{ApplicationTransactionCounter=01,PanSequenceNumber=00,TrackData=12345,UnpredictableNumber=123}'
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/mw7dn3qxvkfh8ztc",
"KeyCheckValue": "A8E4D2"
}
```
# 万事达卡的特定功能
**Topics**
+ [DCVC3](#use-cases-issuers.networkfunctions.mastercard.dcvc)
+ [ARQC-/ CVN14CVN15](#use-cases-issuers.networkfunctions.mastercard.cvn14)
+ [ARQC-/ CVN12CVN13](#use-cases-issuers.networkfunctions.mastercard.cvn12)
+ [3DS AAV SPA2](#use-cases-issuers.networkfunctions.mastercard.spa2aav)
## DCVC3
DCVC3 早于 EMV CSK 和万事达卡 CVN12 计划,代表了另一种使用动态密钥的方法。它有时还会被重新用于其他用例。在该方案中,输入是 PAN、PSN、Track1/Track2 数据、不可预测的数字和交易计数器 (ATC)。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"DCVC3"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/hrh6qgbi3sk4y3wq",
"KeyAttributes": {
"KeyUsage": "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": false,
"Sign": false,
"Verify": false,
"DeriveKey": true,
"NoRestrictions": false
}
},
"KeyCheckValue": "08D7B4",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/hrh6qgbi3sk4y3wq*。您需要在下一步中执行该操作。
### 生成一个 DCVC3
**Example**
尽管 DCVC3 通常由芯片卡生成,但也可以手动生成,如本例所示
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --generation-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=0000,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000000}''
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4",
"ValidationData": "865"
}
```
### 验证 DCVC3
**Example**
在此示例中,我们将验证 DCVC3。请注意,ATC 应以十六进制数字提供,例如,计数器 11 应表示为 000B。该服务需要一个 3 位数字 DCVC3,因此,如果您存储了 4(或 5)位数的值,只需截断左边的字符直到有 3 位数字(例如,15321 的验证数据值应为 321)。
如果 AWS 支付密码学能够验证,则会返回 http/200。如果该值未经过验证,它将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --verification-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=000B,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000001}' --validation-data 398
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4"
}
```
## ARQC-/ CVN14CVN15
CVN14 并 CVN15 使用 [EMV CSK 方法](use-cases-issuers.generalfunctions.arqc.md)进行密钥推导。这两种方法的确切交易数据会有所不同,有关构造交易数据字段的详细信息,请参阅方案文档。
## ARQC-/ CVN12CVN13
CVN12 并且 CVN13 是针对EMV交易的较旧万事达卡专用方法,它在每笔交易的推导中加入了不可预测的数字,并且还使用了不同的有效载荷。有关有效载荷内容的信息,请联系该计划。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CVN12"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyAttributes": {
"KeyUsage": "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": false,
"Sign": false,
"Verify": false,
"DeriveKey": true,
"NoRestrictions": false
}
},
"KeyCheckValue": "08D7B4",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/pw3s6nl62* t5ushfk。您需要在下一步中执行该操作。
### 验证 ARQC
**Example**
在此示例中,我们将验证使用万事达卡生成的 ARQC。 CVN12
如果 AWS 支付密码学能够验证 ARQC,则会返回 http/200。如果 arqc 未经过验证,将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-auth-request-cryptogram --auth-request-cryptogram 31BE5D49F14A5F01 \
--key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk \
--major-key-derivation-mode EMV_OPTION_A \
--transaction-data 00000000170000000000000008400080008000084016051700000000093800000B1F2201030000000000000000000000000000000000000000000000000000008000000000000000 \
--session-key-derivation-attributes='{"MastercardSessionKey":{"ApplicationTransactionCounter":"000B","PanSequenceNumber":"01","PrimaryAccountNumber":"5413123456784808","UnpredictableNumber":"00000001"}}'
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4"
}
```
## 3DS AAV SPA2
SPA2(安全支付应用程序)AAV(账户验证值)用于万事达卡 3DS 交易(也称为万事达卡身份检查)。它使用基于 HMAC 的 MAC 生成为电子商务交易提供加密身份验证。AAV 是使用特定于交易的数据和共享密钥生成的。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=HMAC_SHA256,KeyUsage=TR31_M7_HMAC_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"SPA2_AAV"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn",
"KeyAttributes": {
"KeyUsage": "TR31_M7_HMAC_KEY",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "HMAC_SHA256",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": true,
"Sign": false,
"Verify": true,
"DeriveKey": false,
"NoRestrictions": false
}
},
"KeyCheckValue": "C661F9",
"KeyCheckValueAlgorithm": "HMAC",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-west-2:* 111122223333: key/q5vjtshsg67cz5gn。您需要在下一步中执行该操作。
### 生成 SPA2 AAV
**Example**
在此示例中,我们将使用 HMAC MAC 生成生成 AAV 的颁发者身份验证值 (I SPA2 AV) 组件。消息数据包含要进行身份验证的特定于交易的信息。报文数据的格式应遵循万事达卡的 SPA2 规范,本示例中不涉及该格式。
请查看您的万事达卡规格,了解将 IAV 插入 AAV 值的格式。
```
$ aws payment-cryptography-data generate-mac --key-identifier arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn --message-data "2226400099919520FFFFd8b448be65694fe7b42f836bad396e9d" --generation-attributes Algorithm=HMAC --region us-west-2
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn",
"KeyCheckValue": "C661F9",
"Mac": "6FB2405E9D8A4C1F7B173F73ADD1A6DC358531CAB0E9994FC5B62012ADDE91FC"
}
```
### 验证 SPA2 AAV
**Example**
在此示例中,我们将验证 SPA2 AAV。为验证提供了相同的消息数据和 MAC 值。
如果 AWS 支付密码学能够验证 MAC,则会返回 http/200。如果 MAC 未经过验证,它将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-mac --key-identifier arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn --message-data "2226400099919520FFFFd8b448be65694fe7b42f836bad396e9d" --mac "6FB2405E9D8A4C1F7B173F73ADD1A6DC358531CAB0E9994FC5B62012ADDE91FC" --verification-attributes Algorithm=HMAC --region us-west-2
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn",
"KeyCheckValue": "C661F9"
}
```
# 美国运通的特定功能
**Topics**
+ [CSC1](#use-cases-issuers.networkfunctions.amex.csc)
+ [CSC2](#use-cases-issuers.networkfunctions.amex.csc2)
+ [ICSC](#use-cases-issuers.networkfunctions.amex.csc3)
+ [3DS AEVV](#use-cases-issuers.networkfunctions.amex.3dsaevv)
## CSC1
CSC 版本 1 也被称为经典 CSC 算法。该服务可以以 3,4 或 5 位数字的形式提供。
有关所有可用参数,请参阅 API 参考指南中的 [AmexCardSecurityCodeVersion1](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_AmexCardSecurityCodeVersion1.html)。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CSC1"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq",
"KeyAttributes": {
"KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": true,
"Sign": false,
"Verify": true,
"DeriveKey": false,
"NoRestrictions": false
}
},
"KeyCheckValue": "8B5077",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2023-06-05T06:41:46.648000-07:00",
"UsageStartTimestamp": "2023-06-05T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/esh6hn7pxd* tttzgq。您需要在下一步中执行该操作。
### 生成一个 CSC1
**Example**
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion1='{CardExpiryDate=1224}' --validation-data-length 4
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq",
"KeyCheckValue": "8B5077",
"ValidationData": "3938"
}
```
### 验证 CSC1
**Example**
在此示例中,我们将验证 a CSC1。
如果 AWS 支付密码学能够验证,则会返回 http/200。如果该值未经过验证,它将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion1='{CardExpiryDate=1224}'' --validation-data 3938
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/esh6hn7pxdtttzgq",
"KeyCheckValue": "8B5077"
}
```
## CSC2
CSC 版本 2 也被称为增强型 CSC 算法。该服务可以以 3,4 或 5 位数字的形式提供。的服务代码通常 CSC2 为 000。
有关所有可用参数,请参阅 API 参考指南中的 [AmexCardSecurityCodeVersion2](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_AmexCardSecurityCodeVersion2.html)。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CSC2"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda",
"KeyAttributes": {
"KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": true,
"Sign": false,
"Verify": true,
"DeriveKey": false,
"NoRestrictions": false
}
},
"KeyCheckValue": "BF1077",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2023-06-05T06:41:46.648000-07:00",
"UsageStartTimestamp": "2023-06-05T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:* 111122223333: key/erlm445qvunmvoda。您需要在下一步中执行该操作。
### 生成一个 CSC2
在此示例中,我们将生成长 CSC2 度为 4 的。可以生成长度为 3,4 或 5 的 CSC。对于美国运通, PANs 应为 15 位数字,并以 34 或 37 开头。过期日期的格式通常为 YYMM。服务代码可能有所不同-请查看您的手册,但典型值为 000、201 或 702
**Example**
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=2412,ServiceCode=000}' --validation-data-length 4
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda",
"KeyCheckValue": "BF1077",
"ValidationData": "3982"
}
```
### 验证 CSC2
**Example**
在此示例中,我们将验证 a CSC2。
如果 AWS 支付密码学能够验证,则会返回 http/200。如果该值未经过验证,它将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=2412,ServiceCode=000}' --validation-data 3982
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/erlm445qvunmvoda",
"KeyCheckValue": "BF1077"
}
```
## ICSC
iCSC 也被称为静态 CSC 算法,使用 CSC 版本 2 进行计算。该服务可以以 3,4 或 5 位数字的形式提供。
使用服务代码 999 计算联系人卡片的 icSC。使用服务代码 702 计算非接触式卡的 iSCC。
有关所有可用参数,请参阅 API 参考指南中的 [AmexCardSecurityCodeVersion2](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_AmexCardSecurityCodeVersion2.html)。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CSC1"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv",
"KeyAttributes": {
"KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY"
"KeyAlgorithm": "TDES_2KEY",
"KeyClass": "SYMMETRIC_KEY",
"KeyModesOfUse": {
"Decrypt": false,
"DeriveKey": false,
"Encrypt": false,
"Generate": true,
"NoRestrictions": false,
"Sign": false,
"Unwrap": false,
"Verify": true,
"Wrap": false
},
},
"KeyCheckValue": "7121C7",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"KeyState": "CREATE_COMPLETE",
"CreateTimestamp": "2025-01-29T09:19:21.209000-05:00",
"UsageStartTimestamp": "2025-01-29T09:19:21.192000-05:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-1:111122223333: key/7vrybrbvjcvjcvw* tunv。您需要在下一步中执行该操作。
### 生成一个 iSCC
在此示例中,我们将为使用服务代码 702 的非接触式卡生成长度为 4 的 iCSC。可以生成长度为 3,4 或 5 的 CSC。对于美国运通, PANs 应为 15 位数字,并以 34 或 37 开头。
**Example**
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=702}' --validation-data-length 4
```
```
{
"KeyArn": arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv,
"KeyCheckValue": 7121C7,
"ValidationData": "2365"
}
```
### 验证 iSCC
**Example**
在此示例中,我们将验证 iSCC。
如果 AWS 支付密码学能够验证,则会返回 http/200。如果该值未经过验证,它将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1224,ServiceCode=702}' --validation-data 2365
```
```
{
"KeyArn": arn:aws:payment-cryptography:us-east-1:111122223333:key/7vrybrbvjcvwtunv,
"KeyCheckValue": 7121C7
}
```
## 3DS AEVV
3DS AEVV(三维安全账户验证值)用于美国运通三维安全认证。它使用与之相同的算法 CSC2 ,但输入参数不同。到期日期字段应填入不可预测的(随机)数字,服务代码由 AEVV 身份验证结果代码(1 位)加上第二因素身份验证码(2 位数)组成。输出长度应为 3 位数。
有关所有可用参数,请参阅 API 参考指南中的 [AmexCardSecurityCodeVersion2](https://docs.aws.amazon.com/payment-cryptography/latest/DataAPIReference/API_AmexCardSecurityCodeVersion2.html)。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_C0_CARD_VERIFICATION_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"3DS_AEVV"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/kw8djn5qxvfh3ztm",
"KeyAttributes": {
"KeyUsage": "TR31_C0_CARD_VERIFICATION_KEY"
"KeyAlgorithm": "TDES_2KEY",
"KeyClass": "SYMMETRIC_KEY",
"KeyModesOfUse": {
"Decrypt": false,
"DeriveKey": false,
"Encrypt": false,
"Generate": true,
"NoRestrictions": false,
"Sign": false,
"Unwrap": false,
"Verify": true,
"Wrap": false
},
},
"KeyCheckValue": "8F3A21",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"KeyState": "CREATE_COMPLETE",
"CreateTimestamp": "2025-02-02T10:30:15.209000-05:00",
"UsageStartTimestamp": "2025-02-02T10:30:15.192000-05:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/kw8djn5qxvfh3z* tm。您需要在下一步中执行该操作。
### 生成 3DS AEVV
在此示例中,我们将生成一个长度为 3 的 3DS AEVV。到期日期字段包含不可预测的(随机)数字(例如 1234),服务代码由 AEVV 身份验证结果代码(1 位数)加上第二因素身份验证码(2 位数)组成,例如 543,其中 5 是身份验证结果代码,43 是第二因素身份验证码。对于美国运通, PANs 应为 15 位数字,并以 34 或 37 开头。
**Example**
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/kw8djn5qxvfh3ztm --primary-account-number=344131234567848 --generation-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1234,ServiceCode=543}' --validation-data-length 3
```
```
{
"KeyArn": arn:aws:payment-cryptography:us-east-2:111122223333:key/kw8djn5qxvfh3ztm,
"KeyCheckValue": 8F3A21,
"ValidationData": "921"
}
```
### 验证 3DS AEVV
**Example**
在本示例中,我们将验证 3DS AEVV。
如果 AWS 支付密码学能够验证,则会返回 http/200。如果该值未经过验证,它将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/kw8djn5qxvfh3ztm --primary-account-number=344131234567848 --verification-attributes AmexCardSecurityCodeVersion2='{CardExpiryDate=1234,ServiceCode=543}' --validation-data 921
```
```
{
"KeyArn": arn:aws:payment-cryptography:us-east-2:111122223333:key/kw8djn5qxvfh3ztm,
"KeyCheckValue": 8F3A21
}
```
# JCB 特定函数
**Topics**
+ [ARQC- CVN04](#use-cases-issuers.networkfunctions.jcb.cvn04)
+ [ARQC- CVN01](#use-cases-issuers.networkfunctions.jcb.cvn01)
## ARQC- CVN04
JCB CVN04 使用 [CSK 方法进行密钥派生](use-cases-issuers.generalfunctions.arqc.md)。有关构造交易数据字段的详细信息,请参阅方案文档。
## ARQC- CVN01
CVN01 是 EMV 交易的较旧 JCB 方法,它使用每卡密钥派生而不是会话(每笔交易)派生,并且还使用不同的有效负载。Visa也使用此消息,因此元素名称具有该名称,尽管它也用于JCB。有关有效载荷内容的信息,请联系计划文档。
### 创建密钥
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CVN10"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
响应会回显请求参数,包括后续调用的 ARN 以及密钥检查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyAttributes": {
"KeyUsage": "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": false,
"Sign": false,
"Verify": false,
"DeriveKey": true,
"NoRestrictions": false
}
},
"KeyCheckValue": "08D7B4",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
注意代表密钥的那个`KeyArn`,例如 *arn: aws: payment-cryptography: us-east-2:111122223333: key/pw3s6nl62* t5ushfk。您需要在下一步中执行该操作。
### 验证 ARQC
**Example**
在此示例中,我们将验证使用 JCB 生成的 ARQC。 CVN01它使用与 Visa 方法相同的选项,因此是参数的名称。
如果 AWS 支付密码学能够验证 ARQC,则会返回 http/200。如果 arqc 未经过验证,将返回 http/400 响应。
```
$ aws payment-cryptography-data verify-auth-request-cryptogram --auth-request-cryptogram D791093C8A921769 \
--key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk \
--major-key-derivation-mode EMV_OPTION_A \
--transaction-data 00000000170000000000000008400080008000084016051700000000093800000B03011203000000 \
--session-key-derivation-attributes='{"Visa":{"PanSequenceNumber":"01" \
,"PrimaryAccountNumber":"9137631040001422"}}'
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4"
}
```