How exactly are you going to get the diversified IPEK to generate the necessary keys to create the HMAC for the transaction that will be authorized by your merchant acquirer?
The BDK for your merchant acquirer is held by them in an HSM or equivalent. The IPEK is device specific, derived from the BDK based on the terminal ID.
The individual keys for the HMAC are generated for each transaction and are cryptographically linked to a transaction ID and the IPEK, so that the acquirer can determine whether there are missing messages.
Card readers that comply with the latest EMV chip/contactless standards require a secure element that maintains the crypto information and only allows specific requests from the non-secure element and only provides encrypted blobs for transmission between the acquirer backend and the secure element.
The BDK for your merchant acquirer is held by them in an HSM or equivalent. The IPEK is device specific, derived from the BDK based on the terminal ID.
The individual keys for the HMAC are generated for each transaction and are cryptographically linked to a transaction ID and the IPEK, so that the acquirer can determine whether there are missing messages.
Card readers that comply with the latest EMV chip/contactless standards require a secure element that maintains the crypto information and only allows specific requests from the non-secure element and only provides encrypted blobs for transmission between the acquirer backend and the secure element.
https://en.wikipedia.org/wiki/Derived_unique_key_per_transac...