ARQC and ARPC

One of the primary benefits of EMV is that it significantly reduces counterfeit fraud. This is accomplished by the use of an application cryptogram. By validating the application cryptogram that is generated by the chip card, the issuer or the terminal can be confident that the card has not been cloned or counterfeited. There are several types of application cryptograms, we will review the ARQC and the ARPC which are the two online cryptograms used within EMV. In an EMV transaction flow when a chip card is used at a chip enabled ATM or POS device and the transaction is sent online to the host for authorization the chip card will generate an application cryptogram called the authorization request cryptogram or ARQC. The issuer may then generate an application response cryptogram or ARPC.

Let's take a very high-level look at how the ARQC and the ARPC are generated and verified. This discussion focuses on the primary steps and data involved in the generation and verification of these two cryptograms.

Generating the ARQC:

To generate an ARQC, the chip requires three pieces of information.

• A specific set of EMV tags
• Card master key (key for authentication)
• Hash function (hash algorithm) or MAC

Let's look at each of these components individually. A chip that contains a financial application from MasterCard, Visa, American Express and so forth must comply with EMV Co specifications. Each financial application on the chip will contain many fields called EMV tags. These tags house the data necessary to support the exchange of information between the card and the terminal. Tags also contain the information necessary to generate and verify the various application cryptograms.

One of the EMV tags in the card is tag 8C. The card risk management data object list 1 also known as CDOL1. This tag contains a list of specific tags that the chip is to use when generating the ARQC. In the EMV specification referenced below you will see the list of 10 EMV tags that are the recommended minimum set of data elements that are to be used when generating any application cryptogram.

EMV specifications from the various payment systems such as MasterCard, Visa, American Express and so forth can mandate additional tags for this list. For example, the cardholder verification results is usually included, no one usually requires fewer tags than those shown here. Note that some of the tags in this list contain data provided by the chip enabled terminal instead of the chip card.

Check with the EMV specification for the particular payment system or network you are interested in to find out exactly what EMV tags that system or network requires for ARQC generation.

The second piece of information that is required in order to generate an ARQC is a key. When the chip is personalized by the issuer, that is, when information specific to the individual cardholder is injected into the chip one or more keys are included depending on the functions the card will support. A specific symmetric key is required in order to generate an ARQC. This key can go by many names such as:

• The card master key
• The key for authentication
• The cryptographic key
• The application cryptogram master key

We will refer to it as the card master key. The card master key is derived from an issuer master key. The card master key is unique for each chip card and can even be unique for each application on a chip card. This is because information specific to the cardholder such as the PAN and PAN sequence number is part of the data that is used to generate the card master key. Since there can be more than one card master key stored in the chip, there's an index associated with each key that identifies each key as key number one, key number two and so forth.

The third piece of information that is required in order to generate an ARQC is a hashing algorithm also known as a hash function. The hash function is used to reduce a large string of data to a more manageable size. Some specifications may use a MAC'ing operation to reduce the data. Now let's walk through an example to see how all of these pieces fit together.

The actual algorithm that is used to generate a cryptogram is proprietary for each icc specification so be sure to check with the relevant ICC specification for your situation this is just an example. The chip looks at the CDOL1 to find the list of EMV tags it needs. Then it retrieves the data from each of those tags. This example uses the list of EMV tags that are recommended by EMV CO with sample values in each field as you can see in the table below:

All of the field values in the above table are concatenated. Resulting in a very long string of data. The hash function or MAC operation is then applied to the long string of data, to reduce it to a more manageable size. The result is then encrypted using the card master key. The result of this step is a 16 character hexadecimal ARQC. The chip saves the ARQC internally in EMV tag 9F26. This tag is then passed to the issuer, and the authorization request, along with the index of the card master key that was used to generate the ARQC. The EMV tags that are specified in the CDOL1 are often sent to the issuer in their transaction requests. However check with the individual network specifications for your situation to see exactly which EMV tags any particular specification supports. For this discussion we will assume that the card issuer is the entity that will receive the transaction requests, perform the EMV validation and authorize the transaction.

Another party such as a network could perform these functions on behalf of the issuer. In that case the network would need to have the appropriate keys and the other components required to perform these functions for the issuer. But in our example the issuer receives the transaction request that includes the ARQC and the issuer will attempt to validate the ARQC. This validation is performed within a hardware security module(HSM). Issuers must make sure that their HSM supports the necessary commands and that the message sent to the HSM, to request ARQC verification contains all the required information and that the values sent to the HSM are appropriate for the card that was used in the transaction.

The HSM will not attempt to break down the ARQC that was generated by the chip card. Instead it will use the card master key and a hash function or Mac algorithm plus key index sent from the chip card to generate its own ARQC.

The result will be compared with the ARQC that was generated by the chip card. If the two match then the ARQC generated by the chip card is valid. If the two do not match, the problem is usually the result of mismatched keys, the wrong key index or incorrect data passed to the HSM by the issuers application software.

In our example the issuer will send an authorization response cryptogram or ARPC to the chip card as part of the authorization response. In this case the command that is sent to the HSM to verify the ARQC may indicate that the HSM is to generate in the ARPC if the ARQC can be successfully validated.

To generate the ARPC, the HSM will use a specific set of EMV tags, the card master key and either a Triple DES or AES algorithm. In our example only the ARQC from the request and the authorization response code generated by the issuer will be used when generating the ARPC. Check the individual payment scheme specifications to verify what EMV tags are required for your situation.

There are several accepted methods that can be used to generate an ARPC. In our example the HSM will compute a value by XOR'ing the issuer response code against the ARQC. The result will then be encrypted using the card master key and either a Triple DES or AES algorithm. The result of this encryption is a 16 character hexadecimal ARPC. Since the data elements, keys and algorithms used to generate the ARPC can vary, check with the individual payment system or network specifications for further details.

The ARPC is used by the chip card to validate that the transaction response was sent by the genuine issuer. The chip card will not attempt to break down the ARPC that was generated by the issuer, instead it will generate its own ARPC. In our example we'll assume that the issuer sent an ARPC and the transaction response and the terminal passes the ARPC to the chip card. In order to validate the ARPC the chip card will XOR the ARQC against the issuers response code and encrypt the result just as the issuer's HSM did in our example. The resulting ARPC will be compared with the ARPC that was generated by the issuer. If the two match then the ARPC generated by the issuer is valid. If the two do not match but the transaction was approved by the issuer the chip card will typically tell the terminal to generate a reversal, since this situation could be indicative of fraud or at the very least it may indicate a problem with the keys or some other data element in the card or the issuers application software or the HSM.