In an online authorization scenario, an ARQC (Authorization ReQuest Cryptogram ) is generated on the card chip, forwarded to the card scheme, and later validated by the Issuer. To perform an adequate validation, the issuer needs to consider:
different cryptogram algorithm (versions)
a different collection of data that might be part of the cryptogram
This PR aims to create a set of components that could simplify the process of validating an ARQC and generating the adequate ARPC (Application Response Cryptogram) in a version-agnostic approach.
Implementation details
We are proposing a set of java components that could be able to:
Validate the cryptogram with a version-agnostic approach.
Automatically detect the cryptogram version (particularly useful for environment where several cryptogram version might coexist).
Give flexibility to the set of data elements used for the cryptogram validation.
These requirements could be better appreciated in this sample code:
To cover these requirements, the following changes are added:
Interfaces are added to generically represent the different cryptogram generation algorithms. Additionally, an interface is created that represents the set of data used by the different algorithms to generate the cryptogram.
Specification of the application cryptogram generation algorithm used by M/Chip and VISA are added.
Support to detect the specifications of the cryptogram generation algorithm is added, It is using the format and CVN information contained in IAD.
Quick summary
In an online authorization scenario, an ARQC (Authorization ReQuest Cryptogram ) is generated on the card chip, forwarded to the card scheme, and later validated by the Issuer. To perform an adequate validation, the issuer needs to consider:
different cryptogram algorithm (versions)
a different collection of data that might be part of the cryptogram
This PR aims to create a set of components that could simplify the process of validating an ARQC and generating the adequate ARPC (Application Response Cryptogram) in a version-agnostic approach.
Implementation details
We are proposing a set of java components that could be able to:
Validate the cryptogram with a version-agnostic approach.
Automatically detect the cryptogram version (particularly useful for environment where several cryptogram version might coexist).
Give flexibility to the set of data elements used for the cryptogram validation.
These requirements could be better appreciated in this sample code:
To cover these requirements, the following changes are added:
Interfaces are added to generically represent the different cryptogram generation algorithms. Additionally, an interface is created that represents the set of data used by the different algorithms to generate the cryptogram.
Specification of the application cryptogram generation algorithm used by M/Chip and VISA are added.
Support to detect the specifications of the cryptogram generation algorithm is added, It is using the format and CVN information contained in IAD.