> For the complete documentation index, see [llms.txt](https://docs.payments.thalescloud.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.payments.thalescloud.io/xpay-enablement/data-preparation/google-pay-personalization.md).
# Google Pay personalization
The TSH is fully capable of personalizing an EMV application for Google Pay solution. Here is the set of data required from the TSP in the 'submitTokenData' operation.
{% hint style="info" %}
**Note1**:
The data element name is case insensitive.\
For example, DEK\_KCV and dek\_kcv are equivalent
{% endhint %}
{% hint style="info" %}
**Note2**:
Some data elements may be added or removed upon project configuration
{% endhint %}
### PURE and DISCOVER common data elements
| Name | Format | Length | Description | Example |
| -------------------- | ------------ | ------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- |
| kek\_label | ASCII string | max 64 | Label of the key used for Payment keys encryption. The value is defined during the key ceremony. | "G062C.TEST.SGKEK.TKSUK.01" |
| kek\_kcv | Hexa string | 6 | KCV of the key used for Payment keys encryption.
KCV of the KEK key is calculated by encrypting 8 bytes of 00h (for 3DES) using ECB mode or using CMAC over 16 bytes of 00h (for AES).
| "E95500" |
| dek\_label | ASCII string | max 64 | Label of the key used for Track2 Data ("track2\_data") encryption. The value is defined during the key ceremony. | "G062C.TEST.SGDEK.MKDATA.01" |
| dek\_kcv | Hexa string | 6 | KCV of the key used for track2 data encryption.
KCV is calculated by encrypting 8 bytes of 00h (for 3DES) or 16 bytes of 01h (for AES) with the DEK key using ECB mode.
| "50FE57" |
| track2\_data | Hexa string | max 64 | Track 2 Equivalent Data (max length is 19 bytes)
Format in clear is:
- Token PAN up to 19 digits: 'ppppppppppppppppppp'
- 'D'
- Expiry date: 'yymm'
- Service code: 'sss'
- (optional) Discretionary data (depending on PAN length)
- 'F' (if needed to ensure whole byte)
track2\_data is padded with 80h + 00h..00h in order to reach encryption algorithm block size (ISO7816-4 padding)
track2\_data is ciphered under the DEK key using CBC mode.
Encryption algorithm is defined during project setup.
| "FAB7FF4EFE1989AC25EBBEC2ED72378BDA79D244B89F7F25" |
| payment\_keys | String | - | See format below. | - |
| psn | Hexa string | 2 | PAN Sequence Number to personalize in the application. | "01" |
| par | ASCII bytes | 58 | Payment account reference. | "323352305041594D454E544143434F554E545245464552454E43455858"
which represents "23R0PAYMENTACCOUNTREFERENCEXX"
|
| app\_preferred\_name | ASCII bytes | max 16 | Application preferred name | "4465626974"
which represents "Debit"
|
### PURE additional data elements
| Name | Format | Length | Description | Example |
| ------------ | ----------- | ------ | -------------------------------------- | ------- |
| cmk\_ac\_dki | Hexa string | 2 | DKI of the Application Cryptogram key. | "01" |
| cmk\_rp\_dki | Hexa string | 2 | DKI of the Remote Payment key. | "02" |
### DISCOVER additional data elements
| Name | Format | Length | Description | Example |
| -------------- | ----------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
| track1\_data | Hexa string | max 64 | Track 1 Data
Once decrypted, format is ASCII bytes. Once decoded format is:
- 'B'
- Token PAN up to 19 digits: 'ppppppppppppppppppp'
- '^'
- Name, 2 to 26 characters (including separators, where appropriate, between surname, first name etc.)
- '^'
- Expiry date: 'yymm' or '^'
- Service code: 'sss' or '^'
- (optional) Discretionary data (depending on PAN length)
track1\_data is padded with 80h + 00h..00h in order to reach encryption algorithm block size (ISO7816-4 padding)
track1\_data is ciphered under the DEK key using CBC mode.
Encryption algorithm is defined during project setup.
| "FAB7FF4EFE1989AC25EBBEC2ED72378BDA79D244B89F7F25" |
| cmk\_emv\_dki | Hexa string | 2 | DKI of the EMV key. | "01" |
| cmk\_cavv\_dki | Hexa string | 2 | DKI of the CAVV key. | "02" |
### payment\_keys format
payment\_keys is the string representation of JSON array as defined below:
```json
[
object1,
object2,
...
]
```
{% hint style="info" %}
**Note3**:\
The maximum number of SUKs set (i.e. referred as object above) is 40.
{% endhint %}
{% hint style="info" %}
**Note4**:\
For AES SUKs, encryption algorithm shall be AES-KW according to RFC 3394 and KCV algorithm shall be CMAC over 16 bytes of 00h according to RFC4493.\
For 3DES SUKs, encryption algorithm shall be 3DES-ECB and KCV algorithm shall be calculated according to EMV-CPS, i.e. encrypting 8 bytes of 00h by the related key in ECB mode.\
In both cases, the 3 high-order bytes shall be used as KCV.
{% endhint %}
#### PURE payment\_keys format
Each object from the array defined above, is a JSON object as defined below:
| JSON parameter name | M/O/C | description |
| ------------------- | ----- | ---------------------------------------------------------------------- |
| acKey | M | Application cryptogram SUK encrypted with KEK key |
| acKeyKcv | M | Application cryptogram SUK KCV |
| rpKey | O | Remote payment SUK encrypted with KEK key |
| rpKeyKcv | C | Remote payment SUK KCV
Shall be provided if rpKey is present
|
| lcKey | M | Local CDCVM stamp generation SUK encrypted with KEK key |
| lcKeyKcv | M | Local CDCVM stamp generation SUK KCV |
| atc | M | Application transaction counter |
Example:
```json
{
"acKey": "2C2ECFF7A1578049B2A40EA861966CFC",
"acKeyKcv": "AB33DF",
"rpKey": "765D07ABCA8B2F1A90E69D6B82CE8786",
"rpKeyKcv": "24AA55",
"lcKey": "EBFCD0659B5109FA0316B44BF12E78C1",
"lcKeyKcv": "E1BCA2",
"atc": "0001"
}
```
#### DISCOVER payment\_keys format
Each object from the array defined above, is a JSON object as defined below:
| JSON parameter name | M/O/C | description |
| ------------------- | ----- | ---------------------------------------------------------------------------- |
| emvKey | M | EMV Application cryptogram SUK encrypted with KEK key |
| emvKeyKcv | M | EMV Application cryptogram SUK KCV |
| cavvKey | O | Customer Authentication Verification Value (CAVV) SUK encrypted with KEK key |
| cavvKeyKcv | C | CAVV SUK KCV
Shall be provided if cavvKey is present
|
| msKey | O | Magstripe SUK encrypted with KEK key |
| msKeyKcv | C | Magstripe SUK KCV
Shall be provided if msKey is present
|
| atc | M | Application transaction counter |
Example:
```json
{
"emvKey": "2C2ECFF7A1578049B2A40EA861966CFC",
"emvKeyKcv": "AB33DF",
"cavvKey": "765D07ABCA8B2F1A90E69D6B82CE8786",
"cavvKeyKcv": "24AA55",
"msKey": "EBFCD0659B5109FA0316B44BF12E78C1",
"msKeyKcv": "E1BCA2",
"atc": "0001"
}
```
### CPACE Girocard data elements
| Name | Format | Length | Description | Example |
| ----------- | ------------- | ------ | ------------------------------------------------------------------------------ | --------------------------------------- |
| type | String | max 64 | CPACE personalization type.
Value shall be "Girocard".
| "Girocard" |
| profile | Base64 string | - | Token profile as per Perso FF specification | "ANcB1wLXAA8AhAEBAHFl+OnQaqq2...Fwkf6n" |
| diversifier | Hexa string | 32 | 16 bytes diversifier value used as derivation data for session keys generation | "F5CFEA0C7C17EE5275566A33DAA1DFA9" |
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.payments.thalescloud.io/xpay-enablement/data-preparation/google-pay-personalization.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.