BA Command

Jun 17, 2010 at 5:48 PM

Do you think you could add the BA command to this simulator (Encrypt a Clear Pin).  This is the only command missing that I use.  I would add it myself, but I'm not sure how the encryption is done using the clear pin and the account number.  Thanks for all the hard work on this, it's a great utility!

Jun 17, 2010 at 6:09 PM
Edited Jun 17, 2010 at 6:12 PM
Both BA and NG can be easily implemented. Regarding on how it would be encrypted, that is a non-issue because on situations which involve the clear PIN, the simulator's behavior is pretty straightforward: we use the same PIN both in encrypted and clear form (i.e, we do not encrypt the clear PIN at all). This convention may seem weird but it works as long as both the encrypt and decrypt functions (in this case BA and NG) work the same way. I've never seen BA/NG in action (they're considered a security risk). Can you post an example of what you would expect the BA/BB exchange to look like?
Jun 18, 2010 at 5:28 PM

I use the BA command in conjunction with the DG command.  Here's the scenario.  I want to set the PIN to 1234, so I use the BA command to get an encrypted PIN and then use that encrypted PIN with the DG command to calculate the PVV.  Then I'll run a PIN transaction using something like the VISA simulator and use the PIN 1234.  In processing this transaction I'll use the EC command to verify the PIN which requires the PVV.  Would this sequence work if the BA command just returns the same clear PIN?  What about if the clear PIN length is 4 and the encrypted PIN length is 5?  Do I just prepend a '0' in the BA command?  Thanks for your help!


Jun 18, 2010 at 6:43 PM

That's exactly how I'd implement it. Just to clarify, the BA request/response might be:

Request: 0123 BA 01234 123456789012

Response: 0123 BB 00 01234

The DG request/response:

Request: 0123 DG 0123456789ABCDEF0123456789ABCDEF 01234 123456789012 1

Response: 0123 DH 00 9898

The simulator would only leave the PIN 1234 unencrypted in the response to the BA command. Note, though, that the DG command already knows that the 01234 "encrypted" value is really the clear PIN 1234 so the resulting PVV is actually calculated correctly. As far as I can tell, this could serve you nicely for testing purposes, meaning that you can use the PIN and PVV to run a PIN verification using the EC command and expect to get valid results back.

You may also use the JC command which is relevant. BTW, does this process relate to instant issuing or a backoffice bulk PIN generation?

Please let me know if this suits your purposes because it's very easy to implement BA this way.

Jun 18, 2010 at 6:50 PM

Yes that would work perfectly.  That would allow me to set a PIN explicitly and use it for testing which is what I'm really after here.


Jun 18, 2010 at 7:31 PM

I've uploaded the implementation of the BA command. You can go to the source code tab and download the 49499 change set which implements the command. BA should work but I'll add some unit tests for it later.

Please let me know if this helps.