FUNCTIONAL SPECIFICATION

BANK ISLAM

AUTHOR(S) : Wong Hui Ling

DOCUMENT NUMBER : BI/FS/2016/007
VERSION : 1.0
STATUS : Final
SOURCE : Worldline
DOCUMENT DATE : 18 Jan 2016
NUMBER OF PAGES : 16

Role Name Signature Date

Lai Soon Sin 21 Jan 2016

Reviewer 1

Reviewer 2

Quality Assurance Function

18 Jan 2016
Document Owner Wong Hui Ling

Puncharatnam Kannan 18 Jan 2016

Senior Manager Atos

© Copyright 2016, Worldline International (Malaysia) Sdn Bhd All rights reserved. Reproduction in whole or in part is
prohibited without the prior written consent of the copyright owner. For any questions or remarks on this document, please
contact Worldline, +603 2084 5418.
Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

Contents
1 Introduction ............................................................................................... 4
1.1 Scope & Objective ....................................................................................... 4
1.2 Significant Assumptions ............................................................................... 4
1.3 Related Documents ..................................................................................... 4
1.4 Glossary..................................................................................................... 4
2 Statement of Requirements .......................................................................... 5
2.1 HSM Command Set ..................................................................................... 5
2.2 Base Derivation Key .................................................................................... 5
2.3 KSN Descriptor “605” .................................................................................. 5
2.4 Acquirer Processing ..................................................................................... 6
2.5 Issuer Processing ........................................................................................ 6
2.6 Base Derivation Key Exchange ...................................................................... 6
3 Screens ..................................................................................................... 8
3.1 ESA File Maintenance Menu .......................................................................... 8
3.2 System Control ........................................................................................... 8
3.3 Base Derivation Key Profile ........................................................................... 9
3.4 Base Derivation Key Maintenance ................................................................ 11
4 Reports .................................................................................................... 14
5 Controls & Security.................................................................................... 15
6 Special Considerations ............................................................................... 16

Worldline 18 Jan 2016 2 of 16

Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

List of changes

Project Revision:

Version Date Description Author(s)

1.0 18 Jan 2016 Initial Form Wong Hui Ling

Worldline 18 Jan 2016 3 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

1 Introduction
1.1 Scope & Objective
This document describes the enhancement Bank Islam’s ASCCEND system to cater for DUKPT
(Derived Unique key Per Transaction) key management scheme, in line with “Chip and PIN”
implementation mandated by Bank Negara.

The scope of ASCCEND covers the followings:-

► Maintain Base derivation Keys (BDK)
► Translate the PIN from encryption under BDK to encryption under interchange key shared
between the acquirer and the issuer or switch.
► Verify the PIN received from POS terminal using BDK with appropriate verification methods.

1.2 Significant Assumptions

► DUKPT HSM related commands set are supported by Thales Host security module; i.e. no
additional customized commands are required.

1.3 Related Documents

► Thales PayShield 9000 Host Security Module – Host Command Reference Manual.
► ASCCEND Base Derivation Key Generation Procedure Technical Guide.

1.4 Glossary

► DUKPT – Derived Unique Key Per Transaction

► BDK – Base Derivation Key
► KSN – Key Serial Number
► POS – Point of Sale
► HSM – Hardware Security System
► ZMK – Zone Master key
► LMK – Local Master key
► ZPK - Zone PIN Key ( PIN encryption key)

Worldline 18 Jan 2016 4 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

2 Statement of Requirements
The Derived Unique key per Transaction Scheme is used in a point-of-sale (POS) environment. As
its name indicates, Derived Unique Key per Transaction generates a new key for each transaction.
This technique involves the use of Base Derivation Key (BDK) and Key Serial Number (KSN). On
each transaction, the PIN pad generates a new encryption keys that are derived from a secret
BDK and a non-secret KSN. It encrypts the PIN with this key, and then forwards both the
encrypted PIN and the key serial number to the acquirer.

The benefit of DUKPT is that if one of these one-time encryption key is discovered, only one
transaction will be compromised, none of the others transactions from the same POS device would
be able to be decrypted with that key.

[Note that the ANSI X9.24-1:2009 method for DUKPT PIN key derivation is used.]

2.1 HSM Command Set

The following HSM host DUKPT (X9.24-1) commands are supported:-

Host Command Function

BI / BJ Generate a BDK and encrypt it under LMK for Host storage
DW / DX Translate a BDK from encryption under a ZMK to encryption
under LMK
DY / DZ Translate a BDK from encryption under LMK to encryption under
ZMK
G0 / G1 Translate a PIN from encryption under unique DUKPT key to
encryption under an interchange key (ZPK) for transmission to
another node
GQ / GR Verify a PIN using VISA PVV method (3DES DUKPT)
GU / GV Verify a PIN using Encrypted PIN method (3DES DUKPT)
GO / GP Verify a PIN using the IBM method (3DES DUKPT)

2.2 Base Derivation Key

The acquirer host has the responsibility for maintaining the Base Derivation Key. In HSM the one-
time encryption key generated by the PIN-entry is “derived”, using the original Base Derivation
Key and the Key Serial Number supplied by the PIN-entry.

In practical applications, acquirer host would have several BDKs, possibly for different PIN-entry
devices. When processing transactions, it is important for the acquirer to know which BDK was
used to initialize or injected into the originating PIN-entry device. To achieve this, Base derivation
key identifier is embedded in Key Serial Number string. For each transaction, acquirer host will
extract from internal storage the appropriate encrypted base derivation key identified by the BDK
ID of the KSN string. Acquirer host must find a match within BDK cryptogram list (BDK profile
maintained in acquirer host). If a match is not found in the database, the transaction will be
rejected.

2.3 KSN Descriptor “605”

The ‘rules’ for a 16-position KSN construction are as follows (reading from left to right in the
KSN):

► Base Derivation key Identifier, which is a mandatory and five to nine position in length.

Worldline 18 Jan 2016 5 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

► Sub-key Identifier, which is optional but in practice is reserved for future use and therefore
always set to zero.
► Device Identifier, which is a mandatory and two to five position in length.
► Transaction Counter, which is mandatory and the remaining position of KSN.

The industry practice (Thales/RACAL implementation) is to designate KSN descriptor as a series of

three digits, indicating the number of hex digits make-up of the KSN. A common choice is ‘605’,
meaning that the 16-digit KSN consists of a 6-position BDK ID, a 0-position Sub-key, a 5-position
Device ID and the remaining 5-position Transaction counter.

For example, a typical KSN might be 123456000A8001D4 where: 123456 is the BDK ID, 000A8 is
the Device ID and 001D4 is the transaction counter.

The KSN implementation must be in synch between the PIN-entry devices and Acquirer host. All
PIN-entry devices must use the same KSN rules.

2.4 Acquirer Processing

PIN-enabled transactions sent in from an acquirer’s point-of-sales location, acquirer host must
perform a PIN translation, typically transforming an incoming DUKPT PIN block from the POS
device-initiated request into an outgoing Triple DES-encrypted PIN block that makes use of an
established ZONE PIN key shared with Issuer or switch.

The ISO 8583 POS message data field 52 contains encrypted PIN block whereas the data field 53
contains Key Serial Number. The PIN block is in the ANSI X9.8 format 0 i.e. Format 01.

Below is the additional POS data field required to support DUKPT key scheme:

Filed No Attribute Bytes Description

53 Binary 8 DUKPT Key Serial Number, conform to KSN
64 descriptor “605” i.e. 16-digit KSN consists of a 6-
position BDK ID, a 0-position Sub-key, a 5-position
Device ID and the remaining 5-position Transaction
counter.

2.5 Issuer Processing

Issuer host must verify the PINs received from a POS terminal using base derivation keys with
relevant HSM verification method.

The followings Verification methods are supported:

► VISA PVV method
► Encrypted PIN method
► IBM method

2.6 Base Derivation Key Exchange

There are two methods that can use to exchange the BDK between the Acquirer host and PIN-
entry devices. For more details, please refer to BDK key generation procedure technical guide.

Method 1 – Encrypted Key Using a Specified Zone Master Key (BDK under ZMK)

In this method, Acquirer host provide the Base derivation key which has been encrypted using the
Acquirer-specified Zone Master Key (ZMK). The encryption algorithm to use is Triple DES in ECB

Worldline 18 Jan 2016 6 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

(Electronic Code Book) mode. The Zone Master Key is also Known as the Key Encryption key
(KEK).

To detect exchange errors, the Key Check Value (KCV) corresponding to the BDK will be provided.

Example: Test Keys (HSM testing LMK)

Double-length ZMK keys: Acquirer host provide the ZMK as three Clear Text Key Components

Key Type Clear Text Encrypted Key Under LMK Key

Check
Value
ZMK 916126168CB683737379F1921CEA6DFE
Component 1
ZMK FEC75191ECE9C29E9E38ABD3B6FD23DC
Component 2
ZMK ADA80E027AD3C76173688F1F4C2ACD3D
Component 3
ZMK XOR’ed C20E79851A8C868C9E29D55EE63D831F 96E208FD06FFB720C769E87D491E03F7 FFBB6A

Double-length BDK keys: The encrypted key under ZMK will provide to PIN-entry devices

Key Type Encrypted Key Under ZMK Encrypted Key Under LMK Key
Check
Value
BDK 8E5CB1DA1B02B80D1458412D6A2A82E7 5BB90613BBB00E86DD0F29C5FE09646D BFE7E3

Clear text BDK F9A37E8B2E747EB2747E8E7818095A87

Method 2 – Clear Text Key Components

In this method, Acquirer host provide two or three clear text BDK components, which at PIN-entry
devices, when combined by means of exclusive-OR (XOR) operations, result in BDK clear text
value.

Example: Test Keys (HSM testing LMK)

Double-length BDK keys: Acquirer host provide the BDK as two Clear Text Key Components

Key Type Clear Text Encrypted Key Under LMK Key

Check
Value
BDK 8CF204A7732CC4AB6BDCCE326297FD2A
Component 1
BDK 75517A2C5D58BA191FA2404A7A9EA7AD
Component 2
BDK XOR’ed F9A37E8B2E747EB2747E8E7818095A87 5BB90613BBB00E86DD0F29C5FE09646D BFE7E3

Worldline 18 Jan 2016 7 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

3 Screens
3.1 ESA File Maintenance Menu
M851 WORLDLINE INTERNATIONAL 19/01/2015
ESA FILE MAINTENENCE MENU 18:34:08

1. System Control
2. POS Terminal

4. POS Terminal Key Generation

5. Network Access Controller

7. Base Derivation Key Profile

8. Base Derivation Key Management

Option

3.2 System Control

FMSC WORLDLINE INTERNATIONAL 01/19/2015
SYSTEM CONTROL- MODIFY 11:44:26

Txn Supprt
Auth 1 Sales 1 Cash 1 Bal Inq 1

Netw Keys
TAK 0 TPK 0
TMK 0
Cutoff Time Time Date
Next 230000 Last 23:30:28 11272013
Log Member Retention
Curr EL20131127 Prev EL20131126 30
Time-Out
30

Special Handling ISO field DUKPT Scheme

CVV2 N KSN Descriptor 605

Last Maint Date 01/19/2015 User ID AOPGGDES

Worldline 18 Jan 2016 8 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

Field Details
KSN Descriptor [3A] This value is a bit esoteric and refers directly to the make-up of the KSN which
follows. The first digit indicates the length of BKD ID in the KSN string. Valid
values for first position are 5 thru 9. (If not spaces).

3.3 Base Derivation Key Profile

FSDP WORLDLINE INTERNATIONAL 01/19/2015
WORK WITH BASE DERIVATION KEY PROFILE SELECTION 11:44:26
Select: enter * to select all

BDK ID *________

Option 2=Chg 4=Delete 5=Inquiry

Opt BDK ID Description

_ XXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
_ XXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
_ XXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
_ XXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
_ XXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
_ XXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

F06–FADP

Field Details
BDK ID [9A] Enter leading “*” to list all key profile or enter specified BDK ID to retrieve one
particular profile or enter trailing “*” for wildcard search.
Opt [1A] If record selected, the BDK profile details will be displayed with applicable mode
i.e. modify, delete or inquiry.
Press function key F6 to create new key profile.
BDK ID [9A] The Base Derivation Key Identifier which consist of Hex digits values. For
displayed only.
Description [30A] The description of the BDK Identifier. For displayed only.

Worldline 18 Jan 2016 9 of 16

Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

FMDP WORLDLINE INTERNATIONAL 01/19/2015

BASE DERIVATION KEY PROFILE - MODIFY 11:44:26

BDK ID 888888___
Description BDK FOR PIN PAD PAYSIS

DES Key Length ZMK 2 BDK 2

BDK Key Information Check Sum

ZMK 1111111111111111 2222222222222222 0000000000000000 999999
BDK ( LMK ) AAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBB 0000000000000000 999999
BDK ( ZMK ) CCCCCCCCCCCCCCCC DDDDDDDDDDDDDDDD 0000000000000000 999999

BDK Date/Time 01/19/2015 14:20:26

Last Maint Date 01/19/2015 User ID AOPGGDES

F06–FADP F11–FIDP F23-FDDP

Field Details
BDK ID [9A] The Base Derivation Key Identifier which consist of Hex digits values. This is the
name/ID of the BDK injected into PIN-pad devices. The BDK ID is embedded in the
the first (n) positions of the Key Serial Number.
Description [30A] The description of the BDK Identifier.
DES key Length [1N] The length of ZMK and BDK. It must be double or triple length i.e. Valid values are
2 or 3. Single length of BDK not supported by HSM.
ZMK [ 3 x 16A] This is the ZMK key used for import and export BDK between PIN-entry devices and
Acquirer Host. Manual input by user.
BDK LMK Encrypt - This is value of the BDK encrypted under the LMK of the HSM. Only for displayed.
[ 3 x 16A] User can input manually or generate a BDK via ENT/GEN option in BDK key
Management function (FMDK).
BDK ZMK Encrypt - This is value of the BDK encrypted under a ZMK. Only for displayed. BDK generation
[ 3 x 16A] only allowed via EXP option in BDK key Management function (FMDK).
Check Sum [ 3 x 6A] This is the key check value for ZMK and BDK.
BDK Date/Time This is the BDK creation date and time.

Worldline 18 Jan 2016 10 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

3.4 Base Derivation Key Maintenance

Page 01/02

FMDK WORLDLINE INTERNATIONAL 01/02 01/19/2015

BASE DERIVATION KEY MANAGEMENT 18:13:00

Function XXX

GEN GENERATE ENT ENTRY IMP IMPORT EXP EXPORT

BDK ID XXXXXXXXX
Update BDK Profile X (Y/N)

Field Details
Function [ 3A] This is the function to be performed to the Base Derivation key. Valid entries
are:

GEN : Generate a BDK and encrypt under LMK

ENT : Input a BDK encryption under LMK
IMP : Translate a BDK from encryption under ZMK to LMK
EXP : Translate a BDK from encryption under LMK to ZMK

BDK ID [9A] The Base derivation key identifier. The BDK profile record must exist prior to
BDK maintenance function.

Update BDK Profile [1A] This is to indicate whether to update BDK to BDK profile.

‘Y’ = Update BDK Profile

Worldline 18 Jan 2016 11 of 16

Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

Page 02/02 – Generate a BDK

FMDK WORLDLINE INTERNATIONAL 02/02 01/19/2015

BASE DERIVATION KEY MANAGEMENT 18:13:00

Function GENERATE BASE DERIVATOIN KEY

BDK ID XXXXXXXXX

Response
Return Code XX
BDK ( LMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
( ZMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
Key Check XXXXXX

Page 02/02 – Enter a BDK

FMDK WORLDLINE INTERNATIONAL 02/02 01/19/2015

BASE DERIVATION KEY MANAGEMENT 18:13:00

Function ENTER BASE DERIVATION KEY

BDK ID XXXXXXXXX

BDK ( LMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX

Key Check XXXXXX

Response
Return Code XX
BDK ( LMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
( ZMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
Key Check XXXXXX

Worldline 18 Jan 2016 12 of 16

Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

Page 02/02 – Import a BDK

FMDK WORLDLINE INTERNATIONAL 02/02 01/19/2015

BASE DERIVATION KEY MANAGEMENT 18:13:00

Function IMPORT BASE DERIVATION KEY

BDK ID XXXXXXXXX

BDK ( ZMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX

Key Check XXXXXX

Response
Return Code XX
BDK ( LMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
( ZMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
Key Check XXXXXX

Page 02/02 – Export a BDK

FMDK WORLDLINE INTERNATIONAL 02/02 01/19/2015

BASE DERIVATION KEY MANAGEMENT 18:13:00

Function EXPORT BASE DERIVATION KEY

BDK ID XXXXXXXXX

Response
Return Code XX
BDK ( LMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
( ZMK ) XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXX
Key Check XXXXXX

Worldline 18 Jan 2016 13 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

4 Reports
N/A

Worldline 18 Jan 2016 14 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

5 Controls & Security

APT system will control the access of online function and user authority.

Worldline 18 Jan 2016 15 of 16

 Functional Specification Bank Islam

version: 1.0 document number: BI/FS/2016/007

6 Special Considerations

N/A

End Of Document

Worldline 18 Jan 2016 16 of 16