ARPC is the cryptogram generated in the response message. Just like ARQC, it ensures that the response originated from the issuer, and that it's not tampered with.
The major difference in ARPC is that firstly it's generated by the issuer alone, and secondly it usually takes the ISO response code as part of the input data in step 3.
ARPC Generation
ARPC generation is not much different from ARQC generation. The steps for the two cryptograms are similar to each other:- Card Key Derivation
- Session Key Derivation
- Preparation of Input Data in ARPC Calculation
- ARPC Calculation (the final encryption/ hashing step)
The major difference in ARPC is that firstly it's generated by the issuer alone, and secondly it usually takes the ISO response code as part of the input data in step 3.