Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Google Pay personalization

The TSH is fully capable of personalizing an EMV application for Google Pay solution. Here is the set of data required from the TSP in the 'submitTokenData' operation.

Note1:

The data element name is case insensitive. For example, DEK_KCV and dek_kcv are equivalent

Note2:

Some data elements may be added or removed upon project configuration

PURE and DISCOVER common data elements

Name
Format
Length
Description
Example

kek_label

ASCII string

max 64

Label of the key used for Payment keys encryption. The value is defined during the key ceremony.

"G062C.TEST.SGKEK.TKSUK.01"

kek_kcv

Hexa string

6

KCV of the key used for Payment keys encryption. KCV of the KEK key is calculated by encrypting 8 bytes of 00h (for 3DES) using ECB mode or using CMAC over 16 bytes of 00h (for AES).

"E95500"

dek_label

ASCII string

max 64

Label of the key used for Track2 Data ("track2_data") encryption. The value is defined during the key ceremony.

"G062C.TEST.SGDEK.MKDATA.01"

dek_kcv

Hexa string

6

KCV of the key used for track2 data encryption. KCV is calculated by encrypting 8 bytes of 00h (for 3DES) or 16 bytes of 01h (for AES) with the DEK key using ECB mode.

"50FE57"

track2_data

Hexa string

max 64

Track 2 Equivalent Data (max length is 19 bytes) Format in clear is:

  • Token PAN up to 19 digits: 'ppppppppppppppppppp'

  • 'D'

  • Expiry date: 'yymm'

  • Service code: 'sss'

  • (optional) Discretionary data (depending on PAN length)

  • 'F' (if needed to ensure whole byte) track2_data is padded with 80h + 00h..00h in order to reach encryption algorithm block size (ISO7816-4 padding) track2_data is ciphered under the DEK key using CBC mode. Encryption algorithm is defined during project setup.

"FAB7FF4EFE1989AC25EBBEC2ED72378BDA79D244B89F7F25"

payment_keys

String

-

See format below.

-

psn

Hexa string

2

PAN Sequence Number to personalize in the application.

"01"

par

ASCII bytes

58

Payment account reference.

"323352305041594D454E544143434F554E545245464552454E43455858" which represents "23R0PAYMENTACCOUNTREFERENCEXX"

app_preferred_name

ASCII bytes

max 16

Application preferred name

"4465626974" which represents "Debit"

PURE additional data elements

Name
Format
Length
Description
Example

cmk_ac_dki

Hexa string

2

DKI of the Application Cryptogram key.

"01"

cmk_rp_dki

Hexa string

2

DKI of the Remote Payment key.

"02"

DISCOVER additional data elements

Name
Format
Length
Description
Example

track1_data

Hexa string

max 64

Track 1 Data Once decrypted, format is ASCII bytes. Once decoded format is:

  • 'B'

  • Token PAN up to 19 digits: 'ppppppppppppppppppp'

  • '^'

  • Name, 2 to 26 characters (including separators, where appropriate, between surname, first name etc.)

  • '^'

  • Expiry date: 'yymm' or '^'

  • Service code: 'sss' or '^'

  • (optional) Discretionary data (depending on PAN length)

track1_data is padded with 80h + 00h..00h in order to reach encryption algorithm block size (ISO7816-4 padding) track1_data is ciphered under the DEK key using CBC mode. Encryption algorithm is defined during project setup.

"FAB7FF4EFE1989AC25EBBEC2ED72378BDA79D244B89F7F25"

cmk_emv_dki

Hexa string

2

DKI of the EMV key.

"01"

cmk_cavv_dki

Hexa string

2

DKI of the CAVV key.

"02"

payment_keys format

payment_keys is the string representation of JSON array as defined below:

Note3: The maximum number of SUKs set (i.e. referred as object above) is 40.

Note4: For AES SUKs, encryption algorithm shall be AES-KW according to RFC 3394 and KCV algorithm shall be CMAC over 16 bytes of 00h according to RFC4493. For 3DES SUKs, encryption algorithm shall be 3DES-ECB and KCV algorithm shall be calculated according to EMV-CPS, i.e. encrypting 8 bytes of 00h by the related key in ECB mode. In both cases, the 3 high-order bytes shall be used as KCV.

PURE payment_keys format

Each object from the array defined above, is a JSON object as defined below:

JSON parameter name
M/O/C
description

acKey

M

Application cryptogram SUK encrypted with KEK key

acKeyKcv

M

Application cryptogram SUK KCV

rpKey

O

Remote payment SUK encrypted with KEK key

rpKeyKcv

C

Remote payment SUK KCV Shall be provided if rpKey is present

lcKey

M

Local CDCVM stamp generation SUK encrypted with KEK key

lcKeyKcv

M

Local CDCVM stamp generation SUK KCV

atc

M

Application transaction counter

Example:

DISCOVER payment_keys format

Each object from the array defined above, is a JSON object as defined below:

JSON parameter name
M/O/C
description

emvKey

M

EMV Application cryptogram SUK encrypted with KEK key

emvKeyKcv

M

EMV Application cryptogram SUK KCV

cavvKey

O

Customer Authentication Verification Value (CAVV) SUK encrypted with KEK key

cavvKeyKcv

C

CAVV SUK KCV Shall be provided if cavvKey is present

msKey

O

Magstripe SUK encrypted with KEK key

msKeyKcv

C

Magstripe SUK KCV Shall be provided if msKey is present

atc

M

Application transaction counter

Example:

CPACE Girocard data elements

Name
Format
Length
Description
Example

type

String

max 64

CPACE personalization type. Value shall be "Girocard".

"Girocard"

profile

Base64 string

-

Token profile as per Perso FF specification

"ANcB1wLXAA8AhAEBAHFl+OnQaqq2...Fwkf6n"

diversifier

Hexa string

32

16 bytes diversifier value used as derivation data for session keys generation

"F5CFEA0C7C17EE5275566A33DAA1DFA9"

PreviousApple Pay personalizationNextSamsung Pay personalization

Last updated

Was this helpful?