DSB n°329: ECC ODE Key Derivation - Comment period ends 30 June 2026

Draft EMV® Specification Bulletin No. 329 First Edition May 2026 - CONFIDENTIAL EMV® ECC ODE Key Derivation This Draft Specification Bulletin describes proposed changes to the EMV Card Key Derivation for ECC ODE. It is posted to allow feedback before final publication. Please submit any comments you may have via the 'Comment' facility on the EMVCo website at www.emvco.com by 30th June 2026 Applicability This Draft Specification Bulletin applies to: • EMV Integrated Circuit Card Specifications for Payment Systems, Book 2 Security and Key Management, v4.4 Related Documents • None Description This Specification Bulletin corrects an omission in the specification of ECC ODE in section 13 of Book 2. Specifically when decrypting encrypted data the card should not re-derive ODE keys if they have already been derived for the transaction. This is to align with the specification for terminal encryption where it is already noted that keys should not be re-derived. Specification Changes Modify the first paragraph of step 3 of sections 13.2 and 13.4 as follows: 3. If Key Derivation has already been performed for the current transaction, then do not perform Key Derivation again and use the previously derived keys K1 and K2 and value Rx. Insert the following note before the first step in sections 13.3 and 13.5: Note that if Key Derivation has already been performed for the current transaction, then do not perform Key Derivation again. Specifically in the steps below, skip the ECC calculation in step 2, skip all of step 3 and in step 4 use the previously derived keys K1 and K2 and C from step 2. © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Page 1 Legal Notice The EMV® Specifications are provided “AS IS” without warranties of any kind, and EMVCo neither assumes nor accepts any liability for any errors or omissions contained in these Specifications. EMVCO DISCLAIMS ALL REPRESENTATIONS AND WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, AS TO THESE SPECIFICATIONS. EMVCo makes no representations or warranties with respect to intellectual property rights of any third parties in or in relation to the Specifications. EMVCo undertakes no responsibility to determine whether any implementation of the EMV® Specifications may violate, infringe, or otherwise exercise the patent, copyright, trademark, trade secret, know-how, or other intellectual property rights of third parties, and thus any person who implements any part of the EMV® Specifications should consult an intellectual property attorney before any such implementation. Without limiting the foregoing, the Specifications may provide for the use of public key encryption and other technology, which may be the subject matter of patents in several countries. Any party seeking to implement these Specifications is solely responsible for determining whether its activities require a license to any such technology, including for patents on public key encryption technology. EMVCo shall not be liable under any theory for any party’s infringement of any intellectual property rights in connection with the EMV® Specifications © 2026 EMVCo, LLC. All rights reserved. Reproduction, distribution and other use of this document is permitted only pursuant to the applicable agreement between the user and EMVCo found at www.emvco.com. EMV® is a registered trademark or trademark of EMVCo, LLC in the United States and other countries. Page 2