Can someone explain the usage for the following EMV keys: - MDK Encryption Key - MDK MAC - MDK AC
And what is the relation between these keys and MAK-AC, MK-SMI and MK-SMC
I can't find any reference to MDK in EMV Book 2 – Security and Key Management
EMV was implemented to make the transaction most secure and these keys do their part in Integrity, Confidentiality and Security aspect of it. As it sounds
- Integrity is to make sure the data is not altered on transit
- Confidentiality to make sure only the right person can access it
- Security to ensure that it came from whom you think it is.
The heirarchy is Issuer Master Key -> Card Master Key -> Session Key.
AC is for cryptogram(ARQC), SMI for MAC(pin unblock issuer script) , and SMC(pin change issuer script) to encrypt for confidentiality.
You may derive all the keys from same IMK or different, so that makes it them related or different. You can find more information in Book 2. Look closer. At times it will be boring, but it is worth it.
EMV card uses different keys for different purpose. Keys - AC, SMI and SMC are basic keys that must be personalize in the card where AC key are more frequently used than other key SMI and SMC.
Why AC key is mostly used?
In case transaction goes online, AC key used to compute cryptogram and this cryptogram passed to HOST, host calculate the cryptogram and will match with the received one i.e. Host should have the same AC key.
what about SMI and SMC keys?
In simple term - what if user entered wrong pin multiple time,here card will be blocked, here issuer will send a script and that script will be execute to un-block the pin, we can say SMI and SMC is used for Issuer Scripting.
Secure messaging for confidentiality is used when the command data sent to the card must
be encrypted to protect sensitive data.[ sensitive data = new pin]
来源:https://stackoverflow.com/questions/51361097/explain-emv-mdk-keys-enc-mac-ac