本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# Mastercard 特定函數
**Topics**
+ [DCVC3](#use-cases-issuers.networkfunctions.mastercard.dcvc)
+ [ARQC - CVN14/CVN15](#use-cases-issuers.networkfunctions.mastercard.cvn14)
+ [ARQC - CVN12/CVN13](#use-cases-issuers.networkfunctions.mastercard.cvn12)
+ [3DS SPA2 AAV](#use-cases-issuers.networkfunctions.mastercard.spa2aav)
## DCVC3
DCVC3 會早於 EMV CSK 和 Mastercard CVN12 結構描述,並代表使用動態金鑰的另一種方法。它有時也會重新用於其他使用案例。在此配置中,輸入為 PAN、PSN、Track1/Track2 資料、無法預測的數字和交易計數器 (ATC)。
### 建立金鑰
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"DCVC3"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
回應會回傳請求參數,包括後續呼叫的 ARN 以及金鑰檢查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/hrh6qgbi3sk4y3wq",
"KeyAttributes": {
"KeyUsage": "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": false,
"Sign": false,
"Verify": false,
"DeriveKey": true,
"NoRestrictions": false
}
},
"KeyCheckValue": "08D7B4",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
請記下代表金鑰`KeyArn`的 ,例如 *arn:aws:payment-cryptography:us-east-2:111122223333:key/hrh6qgbi3sk4y3wq*。在下一個步驟中,您需要用到。
### 產生 DCVC3
**Example**
雖然 DCVC3 通常是由晶片卡產生,但也可以手動產生,例如在此範例中
```
$ aws payment-cryptography-data generate-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --generation-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=0000,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000000}''
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4",
"ValidationData": "865"
}
```
### 驗證 DCVC3
**Example**
在此範例中,我們將驗證 DCVC3。請注意,ATC 應做為十六進位號碼提供,例如,計數器 11 應表示為 000B。服務需要 3 位數 DCVC3,因此如果您已儲存 4 (或 5) 位數的值,只需截斷左側字元,直到您有 3 位數為止 (例如 15321 應該導致驗證資料值為 321)。
如果 AWS 付款密碼編譯能夠驗證,則會傳回 http/200。如果未驗證值,則會傳回 http/400 回應。
```
$ aws payment-cryptography-data verify-card-validation-data --key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk --primary-account-number=5413123456784808 --verification-attributes DynamicCardVerificationCode='{ApplicationTransactionCounter=000B,TrackData=5241060000000069D13052020000000000003F,PanSequenceNumber=00,UnpredictableNumber=00000001}' --validation-data 398
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4"
}
```
## ARQC - CVN14/CVN15
CVN14 和 CVN15 使用金鑰衍生的 [EMV CSK 方法](use-cases-issuers.generalfunctions.arqc.md)。確切的交易資料在這兩種方法之間有所不同 - 如需建構交易資料欄位的詳細資訊,請參閱方案文件。
## ARQC - CVN12/CVN13
CVN12 和 CVN13 是適用於 EMV 交易的較舊 Mastercard 特定方法,可將無法預測的數字納入每個交易衍生,也使用不同的承載。如需承載內容的相關資訊,請聯絡 機制。
### 建立金鑰
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=TDES_2KEY,KeyUsage=TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{DeriveKey=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"CVN12"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
回應會回傳請求參數,包括後續呼叫的 ARN 以及金鑰檢查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyAttributes": {
"KeyUsage": "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "TDES_2KEY",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": false,
"Sign": false,
"Verify": false,
"DeriveKey": true,
"NoRestrictions": false
}
},
"KeyCheckValue": "08D7B4",
"KeyCheckValueAlgorithm": "ANSI_X9_24",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
請記下代表金鑰`KeyArn`的 ,例如 *arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk*。在下一個步驟中,您需要用到。
### 驗證 ARQC
**Example**
在此範例中,我們將驗證使用 Mastercard CVN12 產生的 ARQC。
如果 AWS 付款密碼編譯能夠驗證 ARQC,則會傳回 http/200。如果未驗證 arqc,則會傳回 http/400 回應。
```
$ aws payment-cryptography-data verify-auth-request-cryptogram --auth-request-cryptogram 31BE5D49F14A5F01 \
--key-identifier arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk \
--major-key-derivation-mode EMV_OPTION_A \
--transaction-data 00000000170000000000000008400080008000084016051700000000093800000B1F2201030000000000000000000000000000000000000000000000000000008000000000000000 \
--session-key-derivation-attributes='{"MastercardSessionKey":{"ApplicationTransactionCounter":"000B","PanSequenceNumber":"01","PrimaryAccountNumber":"5413123456784808","UnpredictableNumber":"00000001"}}'
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-east-2:111122223333:key/pw3s6nl62t5ushfk",
"KeyCheckValue": "08D7B4"
}
```
## 3DS SPA2 AAV
SPA2 AAV (帳戶身分驗證值) 用於 Mastercard 3DS 交易 (也稱為 Mastercard 密度檢查)。它為使用 HMAC 型 MAC 產生的電子商務交易提供密碼編譯身分驗證。使用交易特定資料和共用私密金鑰產生 AAV。
### 建立金鑰
```
$ aws payment-cryptography create-key --exportable --key-attributes KeyAlgorithm=HMAC_SHA256,KeyUsage=TR31_M7_HMAC_KEY,KeyClass=SYMMETRIC_KEY,KeyModesOfUse='{Generate=true,Verify=true}' --tags='[{"Key":"KEY_PURPOSE","Value":"SPA2_AAV"},{"Key":"CARD_BIN","Value":"12345678"}]'
```
回應會回傳請求參數,包括後續呼叫的 ARN 以及金鑰檢查值 (KCV)。
```
{
"Key": {
"KeyArn": "arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn",
"KeyAttributes": {
"KeyUsage": "TR31_M7_HMAC_KEY",
"KeyClass": "SYMMETRIC_KEY",
"KeyAlgorithm": "HMAC_SHA256",
"KeyModesOfUse": {
"Encrypt": false,
"Decrypt": false,
"Wrap": false,
"Unwrap": false,
"Generate": true,
"Sign": false,
"Verify": true,
"DeriveKey": false,
"NoRestrictions": false
}
},
"KeyCheckValue": "C661F9",
"KeyCheckValueAlgorithm": "HMAC",
"Enabled": true,
"Exportable": true,
"KeyState": "CREATE_COMPLETE",
"KeyOrigin": "AWS_PAYMENT_CRYPTOGRAPHY",
"CreateTimestamp": "2024-03-07T06:41:46.648000-07:00",
"UsageStartTimestamp": "2024-03-07T06:41:46.626000-07:00"
}
}
```
請記下代表金鑰`KeyArn`的 ,例如 *arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn*。在下一個步驟中,您需要用到。
### 產生 SPA2 AAV
**Example**
在此範例中,我們將使用 HMAC MAC 產生來產生 SPA2 AAV 的發行者身分驗證值 (IAV) 元件。訊息資料包含要驗證的交易特定資訊。訊息資料的格式應遵循 Mastercard 的 SPA2 規格,此範例未涵蓋此內容。
請檢閱 Mastercard 規格的格式,以將 IAV 插入 AAV 值。
```
$ aws payment-cryptography-data generate-mac --key-identifier arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn --message-data "2226400099919520FFFFd8b448be65694fe7b42f836bad396e9d" --generation-attributes Algorithm=HMAC --region us-west-2
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn",
"KeyCheckValue": "C661F9",
"Mac": "6FB2405E9D8A4C1F7B173F73ADD1A6DC358531CAB0E9994FC5B62012ADDE91FC"
}
```
### 驗證 SPA2 AAV
**Example**
在此範例中,我們將驗證 SPA2 AAV。提供相同的訊息資料和 MAC 值以供驗證。
如果 AWS 付款密碼編譯能夠驗證 MAC,則會傳回 http/200。如果未驗證 MAC,則會傳回 http/400 回應。
```
$ aws payment-cryptography-data verify-mac --key-identifier arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn --message-data "2226400099919520FFFFd8b448be65694fe7b42f836bad396e9d" --mac "6FB2405E9D8A4C1F7B173F73ADD1A6DC358531CAB0E9994FC5B62012ADDE91FC" --verification-attributes Algorithm=HMAC --region us-west-2
```
```
{
"KeyArn": "arn:aws:payment-cryptography:us-west-2:111122223333:key/q5vjtshsg67cz5gn",
"KeyCheckValue": "C661F9"
}
```