aws-sdk-paymentcryptographydata 1.15.0 → 1.17.0

data/lib/aws-sdk-paymentcryptographydata/types.rb

@@ -89,11 +89,6 @@ module Aws::PaymentCryptographyData
     #   Code (CSC2) for an AMEX payment card.
     #   @return [Types::AmexCardSecurityCodeVersion2]
     #
-    # @!attribute [rw] card_holder_verification_value
-    #   Card data parameters that are required to generate a cardholder
-    #   verification value for the payment card.
-    #   @return [Types::CardHolderVerificationValue]
-    #
     # @!attribute [rw] card_verification_value_1
     #   Card data parameters that are required to generate Card Verification
     #   Value (CVV) for the payment card.
@@ -104,6 +99,11 @@ module Aws::PaymentCryptographyData
     #   Value (CVV2) for the payment card.
     #   @return [Types::CardVerificationValue2]
     #
+    # @!attribute [rw] card_holder_verification_value
+    #   Card data parameters that are required to generate a cardholder
+    #   verification value for the payment card.
+    #   @return [Types::CardHolderVerificationValue]
+    #
     # @!attribute [rw] dynamic_card_verification_code
     #   Card data parameters that are required to generate CDynamic Card
     #   Verification Code (dCVC) for the payment card.
@@ -119,9 +119,9 @@ module Aws::PaymentCryptographyData
     class CardGenerationAttributes < Struct.new(
       :amex_card_security_code_version_1,
       :amex_card_security_code_version_2,
-      :card_holder_verification_value,
       :card_verification_value_1,
       :card_verification_value_2,
+      :card_holder_verification_value,
       :dynamic_card_verification_code,
       :dynamic_card_verification_value,
       :unknown)
@@ -131,9 +131,9 @@ module Aws::PaymentCryptographyData
 
       class AmexCardSecurityCodeVersion1 < CardGenerationAttributes; end
       class AmexCardSecurityCodeVersion2 < CardGenerationAttributes; end
-      class CardHolderVerificationValue < CardGenerationAttributes; end
       class CardVerificationValue1 < CardGenerationAttributes; end
       class CardVerificationValue2 < CardGenerationAttributes; end
+      class CardHolderVerificationValue < CardGenerationAttributes; end
       class DynamicCardVerificationCode < CardGenerationAttributes; end
       class DynamicCardVerificationValue < CardGenerationAttributes; end
       class Unknown < CardGenerationAttributes; end
@@ -142,9 +142,8 @@ module Aws::PaymentCryptographyData
     # Card data parameters that are required to generate a cardholder
     # verification value for the payment card.
     #
-    # @!attribute [rw] application_transaction_counter
-    #   The transaction counter value that comes from a point of sale
-    #   terminal.
+    # @!attribute [rw] unpredictable_number
+    #   A random number generated by the issuer.
     #   @return [String]
     #
     # @!attribute [rw] pan_sequence_number
@@ -152,16 +151,17 @@ module Aws::PaymentCryptographyData
     #   same Primary Account Number (PAN).
     #   @return [String]
     #
-    # @!attribute [rw] unpredictable_number
-    #   A random number generated by the issuer.
+    # @!attribute [rw] application_transaction_counter
+    #   The transaction counter value that comes from a point of sale
+    #   terminal.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/CardHolderVerificationValue AWS API Documentation
     #
     class CardHolderVerificationValue < Struct.new(
-      :application_transaction_counter,
+      :unpredictable_number,
       :pan_sequence_number,
-      :unpredictable_number)
+      :application_transaction_counter)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -182,11 +182,6 @@ module Aws::PaymentCryptographyData
     #   Code (CSC2) for an AMEX payment card.
     #   @return [Types::AmexCardSecurityCodeVersion2]
     #
-    # @!attribute [rw] card_holder_verification_value
-    #   Card data parameters that are required to verify a cardholder
-    #   verification value for the payment card.
-    #   @return [Types::CardHolderVerificationValue]
-    #
     # @!attribute [rw] card_verification_value_1
     #   Card data parameters that are required to verify Card Verification
     #   Value (CVV) for the payment card.
@@ -197,10 +192,10 @@ module Aws::PaymentCryptographyData
     #   Value (CVV2) for the payment card.
     #   @return [Types::CardVerificationValue2]
     #
-    # @!attribute [rw] discover_dynamic_card_verification_code
-    #   Card data parameters that are required to verify CDynamic Card
-    #   Verification Code (dCVC) for the payment card.
-    #   @return [Types::DiscoverDynamicCardVerificationCode]
+    # @!attribute [rw] card_holder_verification_value
+    #   Card data parameters that are required to verify a cardholder
+    #   verification value for the payment card.
+    #   @return [Types::CardHolderVerificationValue]
     #
     # @!attribute [rw] dynamic_card_verification_code
     #   Card data parameters that are required to verify CDynamic Card
@@ -212,17 +207,22 @@ module Aws::PaymentCryptographyData
     #   Verification Value (dCVV) for the payment card.
     #   @return [Types::DynamicCardVerificationValue]
     #
+    # @!attribute [rw] discover_dynamic_card_verification_code
+    #   Card data parameters that are required to verify CDynamic Card
+    #   Verification Code (dCVC) for the payment card.
+    #   @return [Types::DiscoverDynamicCardVerificationCode]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/CardVerificationAttributes AWS API Documentation
     #
     class CardVerificationAttributes < Struct.new(
       :amex_card_security_code_version_1,
       :amex_card_security_code_version_2,
-      :card_holder_verification_value,
       :card_verification_value_1,
       :card_verification_value_2,
-      :discover_dynamic_card_verification_code,
+      :card_holder_verification_value,
       :dynamic_card_verification_code,
       :dynamic_card_verification_value,
+      :discover_dynamic_card_verification_code,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
@@ -230,12 +230,12 @@ module Aws::PaymentCryptographyData
 
       class AmexCardSecurityCodeVersion1 < CardVerificationAttributes; end
       class AmexCardSecurityCodeVersion2 < CardVerificationAttributes; end
-      class CardHolderVerificationValue < CardVerificationAttributes; end
       class CardVerificationValue1 < CardVerificationAttributes; end
       class CardVerificationValue2 < CardVerificationAttributes; end
-      class DiscoverDynamicCardVerificationCode < CardVerificationAttributes; end
+      class CardHolderVerificationValue < CardVerificationAttributes; end
       class DynamicCardVerificationCode < CardVerificationAttributes; end
       class DynamicCardVerificationValue < CardVerificationAttributes; end
+      class DiscoverDynamicCardVerificationCode < CardVerificationAttributes; end
       class Unknown < CardVerificationAttributes; end
     end
 
@@ -345,6 +345,15 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # @!attribute [rw] key_identifier
+    #   The `keyARN` of the encryption key that Amazon Web Services Payment
+    #   Cryptography uses for ciphertext decryption.
+    #
+    #   When a WrappedKeyBlock is provided, this value will be the
+    #   identifier to the key wrapping key. Otherwise, it is the key
+    #   identifier used to perform the operation.
+    #   @return [String]
+    #
     # @!attribute [rw] cipher_text
     #   The ciphertext to decrypt.
     #   @return [String]
@@ -353,17 +362,18 @@ module Aws::PaymentCryptographyData
     #   The encryption key type and attributes for ciphertext decryption.
     #   @return [Types::EncryptionDecryptionAttributes]
     #
-    # @!attribute [rw] key_identifier
-    #   The `keyARN` of the encryption key that Amazon Web Services Payment
-    #   Cryptography uses for ciphertext decryption.
-    #   @return [String]
+    # @!attribute [rw] wrapped_key
+    #   The WrappedKeyBlock containing the encryption key for ciphertext
+    #   decryption.
+    #   @return [Types::WrappedKey]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DecryptDataInput AWS API Documentation
     #
     class DecryptDataInput < Struct.new(
+      :key_identifier,
       :cipher_text,
       :decryption_attributes,
-      :key_identifier)
+      :wrapped_key)
       SENSITIVE = [:cipher_text]
       include Aws::Structure
     end
@@ -399,10 +409,6 @@ module Aws::PaymentCryptographyData
     # Parameters that are required to generate or verify dCVC (Dynamic Card
     # Verification Code).
     #
-    # @!attribute [rw] application_transaction_counter
-    #   The transaction counter value that comes from the terminal.
-    #   @return [String]
-    #
     # @!attribute [rw] card_expiry_date
     #   The expiry date of a payment card.
     #   @return [String]
@@ -411,12 +417,16 @@ module Aws::PaymentCryptographyData
     #   A random number that is generated by the issuer.
     #   @return [String]
     #
+    # @!attribute [rw] application_transaction_counter
+    #   The transaction counter value that comes from the terminal.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DiscoverDynamicCardVerificationCode AWS API Documentation
     #
     class DiscoverDynamicCardVerificationCode < Struct.new(
-      :application_transaction_counter,
       :card_expiry_date,
-      :unpredictable_number)
+      :unpredictable_number,
+      :application_transaction_counter)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -424,13 +434,6 @@ module Aws::PaymentCryptographyData
     # Parameters that are used for Derived Unique Key Per Transaction
     # (DUKPT) derivation algorithm.
     #
-    # @!attribute [rw] dukpt_derivation_type
-    #   The key type derived using DUKPT from a Base Derivation Key (BDK)
-    #   and Key Serial Number (KSN). This must be less than or equal to the
-    #   strength of the BDK. For example, you can't use `AES_128` as a
-    #   derivation type for a BDK of `AES_128` or `TDES_2KEY`.
-    #   @return [String]
-    #
     # @!attribute [rw] key_serial_number
     #   The unique identifier known as Key Serial Number (KSN) that comes
     #   from an encrypting device using DUKPT encryption method. The KSN is
@@ -438,17 +441,31 @@ module Aws::PaymentCryptographyData
     #   transaction counter.
     #   @return [String]
     #
+    # @!attribute [rw] dukpt_derivation_type
+    #   The key type derived using DUKPT from a Base Derivation Key (BDK)
+    #   and Key Serial Number (KSN). This must be less than or equal to the
+    #   strength of the BDK. For example, you can't use `AES_128` as a
+    #   derivation type for a BDK of `AES_128` or `TDES_2KEY`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DukptAttributes AWS API Documentation
     #
     class DukptAttributes < Struct.new(
-      :dukpt_derivation_type,
-      :key_serial_number)
+      :key_serial_number,
+      :dukpt_derivation_type)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # Parameters required for encryption or decryption of data using DUKPT.
     #
+    # @!attribute [rw] key_serial_number
+    #   The unique identifier known as Key Serial Number (KSN) that comes
+    #   from an encrypting device using DUKPT encryption method. The KSN is
+    #   derived from the encrypting device unique identifier and an internal
+    #   transaction counter.
+    #   @return [String]
+    #
     # @!attribute [rw] dukpt_key_derivation_type
     #   The key type derived using DUKPT from a Base Derivation Key (BDK)
     #   and Key Serial Number (KSN). This must be less than or equal to the
@@ -461,25 +478,31 @@ module Aws::PaymentCryptographyData
     #   outgoing data encryption, or both.
     #   @return [String]
     #
-    # @!attribute [rw] key_serial_number
-    #   The unique identifier known as Key Serial Number (KSN) that comes
-    #   from an encrypting device using DUKPT encryption method. The KSN is
-    #   derived from the encrypting device unique identifier and an internal
-    #   transaction counter.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DukptDerivationAttributes AWS API Documentation
     #
     class DukptDerivationAttributes < Struct.new(
+      :key_serial_number,
       :dukpt_key_derivation_type,
-      :dukpt_key_variant,
-      :key_serial_number)
+      :dukpt_key_variant)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # Parameters that are required to encrypt plaintext data using DUKPT.
     #
+    # @!attribute [rw] key_serial_number
+    #   The unique identifier known as Key Serial Number (KSN) that comes
+    #   from an encrypting device using DUKPT encryption method. The KSN is
+    #   derived from the encrypting device unique identifier and an internal
+    #   transaction counter.
+    #   @return [String]
+    #
+    # @!attribute [rw] mode
+    #   The block cipher method to use for encryption.
+    #
+    #   The default is CBC.
+    #   @return [String]
+    #
     # @!attribute [rw] dukpt_key_derivation_type
     #   The key type encrypted using DUKPT from a Base Derivation Key (BDK)
     #   and Key Serial Number (KSN). This must be less than or equal to the
@@ -497,27 +520,14 @@ module Aws::PaymentCryptographyData
     #   Amazon Web Services Payment Cryptography defaults it to zero.
     #   @return [String]
     #
-    # @!attribute [rw] key_serial_number
-    #   The unique identifier known as Key Serial Number (KSN) that comes
-    #   from an encrypting device using DUKPT encryption method. The KSN is
-    #   derived from the encrypting device unique identifier and an internal
-    #   transaction counter.
-    #   @return [String]
-    #
-    # @!attribute [rw] mode
-    #   The block cipher method to use for encryption.
-    #
-    #   The default is CBC.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DukptEncryptionAttributes AWS API Documentation
     #
     class DukptEncryptionAttributes < Struct.new(
+      :key_serial_number,
+      :mode,
       :dukpt_key_derivation_type,
       :dukpt_key_variant,
-      :initialization_vector,
-      :key_serial_number,
-      :mode)
+      :initialization_vector)
       SENSITIVE = [:initialization_vector]
       include Aws::Structure
     end
@@ -525,8 +535,8 @@ module Aws::PaymentCryptographyData
     # Parameters that are required to generate or verify Dynamic Card
     # Verification Value (dCVV).
     #
-    # @!attribute [rw] application_transaction_counter
-    #   The transaction counter value that comes from the terminal.
+    # @!attribute [rw] unpredictable_number
+    #   A random number generated by the issuer.
     #   @return [String]
     #
     # @!attribute [rw] pan_sequence_number
@@ -534,6 +544,10 @@ module Aws::PaymentCryptographyData
     #   same Primary Account Number (PAN).
     #   @return [String]
     #
+    # @!attribute [rw] application_transaction_counter
+    #   The transaction counter value that comes from the terminal.
+    #   @return [String]
+    #
     # @!attribute [rw] track_data
     #   The data on the two tracks of magnetic cards used for financial
     #   transactions. This includes the cardholder name, PAN, expiration
@@ -541,17 +555,13 @@ module Aws::PaymentCryptographyData
     #   to validate the data received.
     #   @return [String]
     #
-    # @!attribute [rw] unpredictable_number
-    #   A random number generated by the issuer.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DynamicCardVerificationCode AWS API Documentation
     #
     class DynamicCardVerificationCode < Struct.new(
-      :application_transaction_counter,
+      :unpredictable_number,
       :pan_sequence_number,
-      :track_data,
-      :unpredictable_number)
+      :application_transaction_counter,
+      :track_data)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -559,49 +569,46 @@ module Aws::PaymentCryptographyData
     # Parameters that are required to generate or verify Dynamic Card
     # Verification Value (dCVV).
     #
-    # @!attribute [rw] application_transaction_counter
-    #   The transaction counter value that comes from the terminal.
+    # @!attribute [rw] pan_sequence_number
+    #   A number that identifies and differentiates payment cards with the
+    #   same Primary Account Number (PAN).
     #   @return [String]
     #
     # @!attribute [rw] card_expiry_date
     #   The expiry date of a payment card.
     #   @return [String]
     #
-    # @!attribute [rw] pan_sequence_number
-    #   A number that identifies and differentiates payment cards with the
-    #   same Primary Account Number (PAN).
-    #   @return [String]
-    #
     # @!attribute [rw] service_code
     #   The service code of the payment card. This is different from Card
     #   Security Code (CSC).
     #   @return [String]
     #
+    # @!attribute [rw] application_transaction_counter
+    #   The transaction counter value that comes from the terminal.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/DynamicCardVerificationValue AWS API Documentation
     #
     class DynamicCardVerificationValue < Struct.new(
-      :application_transaction_counter,
-      :card_expiry_date,
       :pan_sequence_number,
-      :service_code)
+      :card_expiry_date,
+      :service_code,
+      :application_transaction_counter)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # Parameters for plaintext encryption using EMV keys.
     #
-    # @!attribute [rw] initialization_vector
-    #   An input used to provide the intial state. If no value is provided,
-    #   Amazon Web Services Payment Cryptography defaults it to zero.
-    #   @return [String]
-    #
     # @!attribute [rw] major_key_derivation_mode
     #   The EMV derivation mode to use for ICC master key derivation as per
     #   EMV version 4.3 book 2.
     #   @return [String]
     #
-    # @!attribute [rw] mode
-    #   The block cipher method to use for encryption.
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN), a unique identifier for a payment
+    #   credit or debit card and associates the card to a specific account
+    #   holder.
     #   @return [String]
     #
     # @!attribute [rw] pan_sequence_number
@@ -609,12 +616,6 @@ module Aws::PaymentCryptographyData
     #   same Primary Account Number (PAN).
     #   @return [String]
     #
-    # @!attribute [rw] primary_account_number
-    #   The Primary Account Number (PAN), a unique identifier for a payment
-    #   credit or debit card and associates the card to a specific account
-    #   holder.
-    #   @return [String]
-    #
     # @!attribute [rw] session_derivation_data
     #   The derivation value used to derive the ICC session key. It is
     #   typically the application transaction counter value padded with
@@ -622,26 +623,35 @@ module Aws::PaymentCryptographyData
     #   4.3 book 2.
     #   @return [String]
     #
+    # @!attribute [rw] mode
+    #   The block cipher method to use for encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] initialization_vector
+    #   An input used to provide the intial state. If no value is provided,
+    #   Amazon Web Services Payment Cryptography defaults it to zero.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EmvEncryptionAttributes AWS API Documentation
     #
     class EmvEncryptionAttributes < Struct.new(
-      :initialization_vector,
       :major_key_derivation_mode,
-      :mode,
-      :pan_sequence_number,
       :primary_account_number,
-      :session_derivation_data)
-      SENSITIVE = [:initialization_vector, :primary_account_number]
+      :pan_sequence_number,
+      :session_derivation_data,
+      :mode,
+      :initialization_vector)
+      SENSITIVE = [:primary_account_number, :initialization_vector]
       include Aws::Structure
     end
 
-    # @!attribute [rw] encryption_attributes
-    #   The encryption key type and attributes for plaintext encryption.
-    #   @return [Types::EncryptionDecryptionAttributes]
-    #
     # @!attribute [rw] key_identifier
     #   The `keyARN` of the encryption key that Amazon Web Services Payment
     #   Cryptography uses for plaintext encryption.
+    #
+    #   When a WrappedKeyBlock is provided, this value will be the
+    #   identifier to the key wrapping key. Otherwise, it is the key
+    #   identifier used to perform the operation.
     #   @return [String]
     #
     # @!attribute [rw] plain_text
@@ -661,20 +671,26 @@ module Aws::PaymentCryptographyData
     #   [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/encrypt-data.html
     #   @return [String]
     #
+    # @!attribute [rw] encryption_attributes
+    #   The encryption key type and attributes for plaintext encryption.
+    #   @return [Types::EncryptionDecryptionAttributes]
+    #
+    # @!attribute [rw] wrapped_key
+    #   The WrappedKeyBlock containing the encryption key for plaintext
+    #   encryption.
+    #   @return [Types::WrappedKey]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptDataInput AWS API Documentation
     #
     class EncryptDataInput < Struct.new(
-      :encryption_attributes,
       :key_identifier,
-      :plain_text)
+      :plain_text,
+      :encryption_attributes,
+      :wrapped_key)
       SENSITIVE = [:plain_text]
       include Aws::Structure
     end
 
-    # @!attribute [rw] cipher_text
-    #   The encrypted ciphertext.
-    #   @return [String]
-    #
     # @!attribute [rw] key_arn
     #   The `keyARN` of the encryption key that Amazon Web Services Payment
     #   Cryptography uses for plaintext encryption.
@@ -689,12 +705,16 @@ module Aws::PaymentCryptographyData
     #   to the CMAC specification.
     #   @return [String]
     #
+    # @!attribute [rw] cipher_text
+    #   The encrypted ciphertext.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptDataOutput AWS API Documentation
     #
     class EncryptDataOutput < Struct.new(
-      :cipher_text,
       :key_arn,
-      :key_check_value)
+      :key_check_value,
+      :cipher_text)
       SENSITIVE = [:cipher_text]
       include Aws::Structure
     end
@@ -704,6 +724,11 @@ module Aws::PaymentCryptographyData
     #
     # @note EncryptionDecryptionAttributes is a union - when making an API calls you must set exactly one of the members.
     #
+    # @!attribute [rw] symmetric
+    #   Parameters that are required to perform encryption and decryption
+    #   using symmetric keys.
+    #   @return [Types::SymmetricEncryptionAttributes]
+    #
     # @!attribute [rw] asymmetric
     #   Parameters for plaintext encryption using asymmetric keys.
     #   @return [Types::AsymmetricEncryptionAttributes]
@@ -716,35 +741,25 @@ module Aws::PaymentCryptographyData
     #   Parameters for plaintext encryption using EMV keys.
     #   @return [Types::EmvEncryptionAttributes]
     #
-    # @!attribute [rw] symmetric
-    #   Parameters that are required to perform encryption and decryption
-    #   using symmetric keys.
-    #   @return [Types::SymmetricEncryptionAttributes]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/EncryptionDecryptionAttributes AWS API Documentation
     #
     class EncryptionDecryptionAttributes < Struct.new(
+      :symmetric,
       :asymmetric,
       :dukpt,
       :emv,
-      :symmetric,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
+      class Symmetric < EncryptionDecryptionAttributes; end
       class Asymmetric < EncryptionDecryptionAttributes; end
       class Dukpt < EncryptionDecryptionAttributes; end
       class Emv < EncryptionDecryptionAttributes; end
-      class Symmetric < EncryptionDecryptionAttributes; end
       class Unknown < EncryptionDecryptionAttributes; end
     end
 
-    # @!attribute [rw] generation_attributes
-    #   The algorithm for generating CVV or CSC values for the card within
-    #   Amazon Web Services Payment Cryptography.
-    #   @return [Types::CardGenerationAttributes]
-    #
     # @!attribute [rw] key_identifier
     #   The `keyARN` of the CVK encryption key that Amazon Web Services
     #   Payment Cryptography uses to generate card data.
@@ -756,6 +771,11 @@ module Aws::PaymentCryptographyData
     #   account holder.
     #   @return [String]
     #
+    # @!attribute [rw] generation_attributes
+    #   The algorithm for generating CVV or CSC values for the card within
+    #   Amazon Web Services Payment Cryptography.
+    #   @return [Types::CardGenerationAttributes]
+    #
     # @!attribute [rw] validation_data_length
     #   The length of the CVV or CSC to be generated. The default value is
     #   3.
@@ -764,9 +784,9 @@ module Aws::PaymentCryptographyData
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateCardValidationDataInput AWS API Documentation
     #
     class GenerateCardValidationDataInput < Struct.new(
-      :generation_attributes,
       :key_identifier,
       :primary_account_number,
+      :generation_attributes,
       :validation_data_length)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
@@ -801,31 +821,31 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
-    # @!attribute [rw] generation_attributes
-    #   The attributes and data values to use for MAC generation within
-    #   Amazon Web Services Payment Cryptography.
-    #   @return [Types::MacAttributes]
-    #
     # @!attribute [rw] key_identifier
     #   The `keyARN` of the MAC generation encryption key.
     #   @return [String]
     #
-    # @!attribute [rw] mac_length
-    #   The length of a MAC under generation.
-    #   @return [Integer]
-    #
     # @!attribute [rw] message_data
     #   The data for which a MAC is under generation. This value must be
     #   hexBinary.
     #   @return [String]
     #
+    # @!attribute [rw] generation_attributes
+    #   The attributes and data values to use for MAC generation within
+    #   Amazon Web Services Payment Cryptography.
+    #   @return [Types::MacAttributes]
+    #
+    # @!attribute [rw] mac_length
+    #   The length of a MAC under generation.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateMacInput AWS API Documentation
     #
     class GenerateMacInput < Struct.new(
-      :generation_attributes,
       :key_identifier,
-      :mac_length,
-      :message_data)
+      :message_data,
+      :generation_attributes,
+      :mac_length)
       SENSITIVE = [:message_data]
       include Aws::Structure
     end
@@ -859,6 +879,11 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # @!attribute [rw] generation_key_identifier
+    #   The `keyARN` of the PEK that Amazon Web Services Payment
+    #   Cryptography uses for pin data generation.
+    #   @return [String]
+    #
     # @!attribute [rw] encryption_key_identifier
     #   The `keyARN` of the PEK that Amazon Web Services Payment
     #   Cryptography uses to encrypt the PIN Block.
@@ -869,9 +894,14 @@ module Aws::PaymentCryptographyData
     #   generation.
     #   @return [Types::PinGenerationAttributes]
     #
-    # @!attribute [rw] generation_key_identifier
-    #   The `keyARN` of the PEK that Amazon Web Services Payment
-    #   Cryptography uses for pin data generation.
+    # @!attribute [rw] pin_data_length
+    #   The length of PIN under generation.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN), a unique identifier for a payment
+    #   credit or debit card that associates the card with a specific
+    #   account holder.
     #   @return [String]
     #
     # @!attribute [rw] pin_block_format
@@ -887,42 +917,25 @@ module Aws::PaymentCryptographyData
     #   except that the fill digits are random values from 10 to 15.
     #   @return [String]
     #
-    # @!attribute [rw] pin_data_length
-    #   The length of PIN under generation.
-    #   @return [Integer]
-    #
-    # @!attribute [rw] primary_account_number
-    #   The Primary Account Number (PAN), a unique identifier for a payment
-    #   credit or debit card that associates the card with a specific
-    #   account holder.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GeneratePinDataInput AWS API Documentation
     #
     class GeneratePinDataInput < Struct.new(
+      :generation_key_identifier,
       :encryption_key_identifier,
       :generation_attributes,
-      :generation_key_identifier,
-      :pin_block_format,
       :pin_data_length,
-      :primary_account_number)
+      :primary_account_number,
+      :pin_block_format)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
     end
 
-    # @!attribute [rw] encrypted_pin_block
-    #   The PIN block encrypted under PEK from Amazon Web Services Payment
-    #   Cryptography. The encrypted PIN block is a composite of PAN (Primary
-    #   Account Number) and PIN (Personal Identification Number), generated
-    #   in accordance with ISO 9564 standard.
-    #   @return [String]
-    #
-    # @!attribute [rw] encryption_key_arn
-    #   The `keyARN` of the PEK that Amazon Web Services Payment
-    #   Cryptography uses for encrypted pin block generation.
+    # @!attribute [rw] generation_key_arn
+    #   The `keyARN` of the pin data generation key that Amazon Web Services
+    #   Payment Cryptography uses for PIN, PVV or PIN Offset generation.
     #   @return [String]
     #
-    # @!attribute [rw] encryption_key_check_value
+    # @!attribute [rw] generation_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
     #   detect that a key has changed.
@@ -931,12 +944,12 @@ module Aws::PaymentCryptographyData
     #   to the CMAC specification.
     #   @return [String]
     #
-    # @!attribute [rw] generation_key_arn
-    #   The `keyARN` of the pin data generation key that Amazon Web Services
-    #   Payment Cryptography uses for PIN, PVV or PIN Offset generation.
+    # @!attribute [rw] encryption_key_arn
+    #   The `keyARN` of the PEK that Amazon Web Services Payment
+    #   Cryptography uses for encrypted pin block generation.
     #   @return [String]
     #
-    # @!attribute [rw] generation_key_check_value
+    # @!attribute [rw] encryption_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
     #   detect that a key has changed.
@@ -945,6 +958,13 @@ module Aws::PaymentCryptographyData
     #   to the CMAC specification.
     #   @return [String]
     #
+    # @!attribute [rw] encrypted_pin_block
+    #   The PIN block encrypted under PEK from Amazon Web Services Payment
+    #   Cryptography. The encrypted PIN block is a composite of PAN (Primary
+    #   Account Number) and PIN (Personal Identification Number), generated
+    #   in accordance with ISO 9564 standard.
+    #   @return [String]
+    #
     # @!attribute [rw] pin_data
     #   The attributes and values Amazon Web Services Payment Cryptography
     #   uses for pin data generation.
@@ -953,11 +973,11 @@ module Aws::PaymentCryptographyData
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GeneratePinDataOutput AWS API Documentation
     #
     class GeneratePinDataOutput < Struct.new(
-      :encrypted_pin_block,
-      :encryption_key_arn,
-      :encryption_key_check_value,
       :generation_key_arn,
       :generation_key_check_value,
+      :encryption_key_arn,
+      :encryption_key_check_value,
+      :encrypted_pin_block,
       :pin_data)
       SENSITIVE = []
       include Aws::Structure
@@ -972,20 +992,20 @@ module Aws::PaymentCryptographyData
     #   hexadecimal characters to decimal.
     #   @return [String]
     #
-    # @!attribute [rw] pin_validation_data
-    #   The unique data for cardholder identification.
-    #   @return [String]
-    #
     # @!attribute [rw] pin_validation_data_pad_character
     #   The padding character for validation data.
     #   @return [String]
     #
+    # @!attribute [rw] pin_validation_data
+    #   The unique data for cardholder identification.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/Ibm3624NaturalPin AWS API Documentation
     #
     class Ibm3624NaturalPin < Struct.new(
       :decimalization_table,
-      :pin_validation_data,
-      :pin_validation_data_pad_character)
+      :pin_validation_data_pad_character,
+      :pin_validation_data)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -999,25 +1019,25 @@ module Aws::PaymentCryptographyData
     #   hexadecimal characters to decimal.
     #   @return [String]
     #
-    # @!attribute [rw] pin_offset
-    #   The PIN offset value.
+    # @!attribute [rw] pin_validation_data_pad_character
+    #   The padding character for validation data.
     #   @return [String]
     #
     # @!attribute [rw] pin_validation_data
     #   The unique data for cardholder identification.
     #   @return [String]
     #
-    # @!attribute [rw] pin_validation_data_pad_character
-    #   The padding character for validation data.
+    # @!attribute [rw] pin_offset
+    #   The PIN offset value.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/Ibm3624PinFromOffset AWS API Documentation
     #
     class Ibm3624PinFromOffset < Struct.new(
       :decimalization_table,
-      :pin_offset,
+      :pin_validation_data_pad_character,
       :pin_validation_data,
-      :pin_validation_data_pad_character)
+      :pin_offset)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1025,12 +1045,6 @@ module Aws::PaymentCryptographyData
     # Pparameters that are required to generate or verify Ibm3624 PIN offset
     # PIN.
     #
-    # @!attribute [rw] decimalization_table
-    #   The decimalization table to use for IBM 3624 PIN algorithm. The
-    #   table is used to convert the algorithm intermediate result from
-    #   hexadecimal characters to decimal.
-    #   @return [String]
-    #
     # @!attribute [rw] encrypted_pin_block
     #   The encrypted PIN block data. According to ISO 9564 standard, a PIN
     #   Block is an encoded representation of a payment card Personal
@@ -1038,21 +1052,27 @@ module Aws::PaymentCryptographyData
     #   Number (PIN).
     #   @return [String]
     #
-    # @!attribute [rw] pin_validation_data
-    #   The unique data for cardholder identification.
+    # @!attribute [rw] decimalization_table
+    #   The decimalization table to use for IBM 3624 PIN algorithm. The
+    #   table is used to convert the algorithm intermediate result from
+    #   hexadecimal characters to decimal.
     #   @return [String]
     #
     # @!attribute [rw] pin_validation_data_pad_character
     #   The padding character for validation data.
     #   @return [String]
     #
+    # @!attribute [rw] pin_validation_data
+    #   The unique data for cardholder identification.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/Ibm3624PinOffset AWS API Documentation
     #
     class Ibm3624PinOffset < Struct.new(
-      :decimalization_table,
       :encrypted_pin_block,
-      :pin_validation_data,
-      :pin_validation_data_pad_character)
+      :decimalization_table,
+      :pin_validation_data_pad_character,
+      :pin_validation_data)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1066,25 +1086,25 @@ module Aws::PaymentCryptographyData
     #   hexadecimal characters to decimal.
     #   @return [String]
     #
-    # @!attribute [rw] pin_offset
-    #   The PIN offset value.
+    # @!attribute [rw] pin_validation_data_pad_character
+    #   The padding character for validation data.
     #   @return [String]
     #
     # @!attribute [rw] pin_validation_data
     #   The unique data for cardholder identification.
     #   @return [String]
     #
-    # @!attribute [rw] pin_validation_data_pad_character
-    #   The padding character for validation data.
+    # @!attribute [rw] pin_offset
+    #   The PIN offset value.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/Ibm3624PinVerification AWS API Documentation
     #
     class Ibm3624PinVerification < Struct.new(
       :decimalization_table,
-      :pin_offset,
+      :pin_validation_data_pad_character,
       :pin_validation_data,
-      :pin_validation_data_pad_character)
+      :pin_offset)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1097,20 +1117,20 @@ module Aws::PaymentCryptographyData
     #   hexadecimal characters to decimal.
     #   @return [String]
     #
-    # @!attribute [rw] pin_validation_data
-    #   The unique data for cardholder identification.
-    #   @return [String]
-    #
     # @!attribute [rw] pin_validation_data_pad_character
     #   The padding character for validation data.
     #   @return [String]
     #
+    # @!attribute [rw] pin_validation_data
+    #   The unique data for cardholder identification.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/Ibm3624RandomPin AWS API Documentation
     #
     class Ibm3624RandomPin < Struct.new(
       :decimalization_table,
-      :pin_validation_data,
-      :pin_validation_data_pad_character)
+      :pin_validation_data_pad_character,
+      :pin_validation_data)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1131,11 +1151,11 @@ module Aws::PaymentCryptographyData
 
     # Parameters required for DUKPT MAC generation and verification.
     #
-    # @!attribute [rw] dukpt_derivation_type
-    #   The key type derived using DUKPT from a Base Derivation Key (BDK)
-    #   and Key Serial Number (KSN). This must be less than or equal to the
-    #   strength of the BDK. For example, you can't use `AES_128` as a
-    #   derivation type for a BDK of `AES_128` or `TDES_2KEY`.
+    # @!attribute [rw] key_serial_number
+    #   The unique identifier known as Key Serial Number (KSN) that comes
+    #   from an encrypting device using DUKPT encryption method. The KSN is
+    #   derived from the encrypting device unique identifier and an internal
+    #   transaction counter.
     #   @return [String]
     #
     # @!attribute [rw] dukpt_key_variant
@@ -1143,19 +1163,19 @@ module Aws::PaymentCryptographyData
     #   verification, or both.
     #   @return [String]
     #
-    # @!attribute [rw] key_serial_number
-    #   The unique identifier known as Key Serial Number (KSN) that comes
-    #   from an encrypting device using DUKPT encryption method. The KSN is
-    #   derived from the encrypting device unique identifier and an internal
-    #   transaction counter.
+    # @!attribute [rw] dukpt_derivation_type
+    #   The key type derived using DUKPT from a Base Derivation Key (BDK)
+    #   and Key Serial Number (KSN). This must be less than or equal to the
+    #   strength of the BDK. For example, you can't use `AES_128` as a
+    #   derivation type for a BDK of `AES_128` or `TDES_2KEY`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/MacAlgorithmDukpt AWS API Documentation
     #
     class MacAlgorithmDukpt < Struct.new(
-      :dukpt_derivation_type,
+      :key_serial_number,
       :dukpt_key_variant,
-      :key_serial_number)
+      :dukpt_derivation_type)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1167,17 +1187,17 @@ module Aws::PaymentCryptographyData
     #   generation or verification.
     #   @return [String]
     #
-    # @!attribute [rw] pan_sequence_number
-    #   A number that identifies and differentiates payment cards with the
-    #   same Primary Account Number (PAN).
-    #   @return [String]
-    #
     # @!attribute [rw] primary_account_number
     #   The Primary Account Number (PAN), a unique identifier for a payment
     #   credit or debit card and associates the card to a specific account
     #   holder.
     #   @return [String]
     #
+    # @!attribute [rw] pan_sequence_number
+    #   A number that identifies and differentiates payment cards with the
+    #   same Primary Account Number (PAN).
+    #   @return [String]
+    #
     # @!attribute [rw] session_key_derivation_mode
     #   The method of deriving a session key for EMV MAC generation or
     #   verification.
@@ -1192,8 +1212,8 @@ module Aws::PaymentCryptographyData
     #
     class MacAlgorithmEmv < Struct.new(
       :major_key_derivation_mode,
-      :pan_sequence_number,
       :primary_account_number,
+      :pan_sequence_number,
       :session_key_derivation_mode,
       :session_key_derivation_value)
       SENSITIVE = [:primary_account_number]
@@ -1209,10 +1229,10 @@ module Aws::PaymentCryptographyData
     #   The encryption algorithm for MAC generation or verification.
     #   @return [String]
     #
-    # @!attribute [rw] dukpt_cmac
+    # @!attribute [rw] emv_mac
     #   Parameters that are required for MAC generation or verification
-    #   using DUKPT CMAC algorithm.
-    #   @return [Types::MacAlgorithmDukpt]
+    #   using EMV MAC algorithm.
+    #   @return [Types::MacAlgorithmEmv]
     #
     # @!attribute [rw] dukpt_iso_9797_algorithm_1
     #   Parameters that are required for MAC generation or verification
@@ -1224,29 +1244,29 @@ module Aws::PaymentCryptographyData
     #   using DUKPT ISO 9797 algorithm3.
     #   @return [Types::MacAlgorithmDukpt]
     #
-    # @!attribute [rw] emv_mac
+    # @!attribute [rw] dukpt_cmac
     #   Parameters that are required for MAC generation or verification
-    #   using EMV MAC algorithm.
-    #   @return [Types::MacAlgorithmEmv]
+    #   using DUKPT CMAC algorithm.
+    #   @return [Types::MacAlgorithmDukpt]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/MacAttributes AWS API Documentation
     #
     class MacAttributes < Struct.new(
       :algorithm,
-      :dukpt_cmac,
+      :emv_mac,
       :dukpt_iso_9797_algorithm_1,
       :dukpt_iso_9797_algorithm_3,
-      :emv_mac,
+      :dukpt_cmac,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
       class Algorithm < MacAttributes; end
-      class DukptCmac < MacAttributes; end
+      class EmvMac < MacAttributes; end
       class DukptIso9797Algorithm1 < MacAttributes; end
       class DukptIso9797Algorithm3 < MacAttributes; end
-      class EmvMac < MacAttributes; end
+      class DukptCmac < MacAttributes; end
       class Unknown < MacAttributes; end
     end
 
@@ -1284,55 +1304,55 @@ module Aws::PaymentCryptographyData
     #
     # @note PinGenerationAttributes is a union - when making an API calls you must set exactly one of the members.
     #
-    # @!attribute [rw] ibm_3624_natural_pin
-    #   Parameters that are required to generate or verify Ibm3624 natural
-    #   PIN.
-    #   @return [Types::Ibm3624NaturalPin]
+    # @!attribute [rw] visa_pin
+    #   Parameters that are required to generate or verify Visa PIN.
+    #   @return [Types::VisaPin]
     #
-    # @!attribute [rw] ibm_3624_pin_from_offset
-    #   Parameters that are required to generate or verify Ibm3624 PIN from
-    #   offset PIN.
-    #   @return [Types::Ibm3624PinFromOffset]
+    # @!attribute [rw] visa_pin_verification_value
+    #   Parameters that are required to generate or verify Visa PIN
+    #   Verification Value (PVV).
+    #   @return [Types::VisaPinVerificationValue]
     #
     # @!attribute [rw] ibm_3624_pin_offset
     #   Parameters that are required to generate or verify Ibm3624 PIN
     #   offset PIN.
     #   @return [Types::Ibm3624PinOffset]
     #
+    # @!attribute [rw] ibm_3624_natural_pin
+    #   Parameters that are required to generate or verify Ibm3624 natural
+    #   PIN.
+    #   @return [Types::Ibm3624NaturalPin]
+    #
     # @!attribute [rw] ibm_3624_random_pin
     #   Parameters that are required to generate or verify Ibm3624 random
     #   PIN.
     #   @return [Types::Ibm3624RandomPin]
     #
-    # @!attribute [rw] visa_pin
-    #   Parameters that are required to generate or verify Visa PIN.
-    #   @return [Types::VisaPin]
-    #
-    # @!attribute [rw] visa_pin_verification_value
-    #   Parameters that are required to generate or verify Visa PIN
-    #   Verification Value (PVV).
-    #   @return [Types::VisaPinVerificationValue]
+    # @!attribute [rw] ibm_3624_pin_from_offset
+    #   Parameters that are required to generate or verify Ibm3624 PIN from
+    #   offset PIN.
+    #   @return [Types::Ibm3624PinFromOffset]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/PinGenerationAttributes AWS API Documentation
     #
     class PinGenerationAttributes < Struct.new(
-      :ibm_3624_natural_pin,
-      :ibm_3624_pin_from_offset,
-      :ibm_3624_pin_offset,
-      :ibm_3624_random_pin,
       :visa_pin,
       :visa_pin_verification_value,
+      :ibm_3624_pin_offset,
+      :ibm_3624_natural_pin,
+      :ibm_3624_random_pin,
+      :ibm_3624_pin_from_offset,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
-      class Ibm3624NaturalPin < PinGenerationAttributes; end
-      class Ibm3624PinFromOffset < PinGenerationAttributes; end
-      class Ibm3624PinOffset < PinGenerationAttributes; end
-      class Ibm3624RandomPin < PinGenerationAttributes; end
       class VisaPin < PinGenerationAttributes; end
       class VisaPinVerificationValue < PinGenerationAttributes; end
+      class Ibm3624PinOffset < PinGenerationAttributes; end
+      class Ibm3624NaturalPin < PinGenerationAttributes; end
+      class Ibm3624RandomPin < PinGenerationAttributes; end
+      class Ibm3624PinFromOffset < PinGenerationAttributes; end
       class Unknown < PinGenerationAttributes; end
     end
 
@@ -1340,29 +1360,42 @@ module Aws::PaymentCryptographyData
     #
     # @note PinVerificationAttributes is a union - when making an API calls you must set exactly one of the members.
     #
-    # @!attribute [rw] ibm_3624_pin
-    #   Parameters that are required to generate or verify Ibm3624 PIN.
-    #   @return [Types::Ibm3624PinVerification]
-    #
     # @!attribute [rw] visa_pin
     #   Parameters that are required to generate or verify Visa PIN.
     #   @return [Types::VisaPinVerification]
     #
+    # @!attribute [rw] ibm_3624_pin
+    #   Parameters that are required to generate or verify Ibm3624 PIN.
+    #   @return [Types::Ibm3624PinVerification]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/PinVerificationAttributes AWS API Documentation
     #
     class PinVerificationAttributes < Struct.new(
-      :ibm_3624_pin,
       :visa_pin,
+      :ibm_3624_pin,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
-      class Ibm3624Pin < PinVerificationAttributes; end
       class VisaPin < PinVerificationAttributes; end
+      class Ibm3624Pin < PinVerificationAttributes; end
       class Unknown < PinVerificationAttributes; end
     end
 
+    # @!attribute [rw] incoming_key_identifier
+    #   The `keyARN` of the encryption key of incoming ciphertext data.
+    #
+    #   When a WrappedKeyBlock is provided, this value will be the
+    #   identifier to the key wrapping key. Otherwise, it is the key
+    #   identifier used to perform the operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] outgoing_key_identifier
+    #   The `keyARN` of the encryption key of outgoing ciphertext data after
+    #   encryption by Amazon Web Services Payment Cryptography.
+    #   @return [String]
+    #
     # @!attribute [rw] cipher_text
     #   Ciphertext to be encrypted. The minimum allowed length is 16 bytes
     #   and maximum allowed length is 4096 bytes.
@@ -1372,36 +1405,36 @@ module Aws::PaymentCryptographyData
     #   The attributes and values for incoming ciphertext.
     #   @return [Types::ReEncryptionAttributes]
     #
-    # @!attribute [rw] incoming_key_identifier
-    #   The `keyARN` of the encryption key of incoming ciphertext data.
-    #   @return [String]
-    #
     # @!attribute [rw] outgoing_encryption_attributes
     #   The attributes and values for outgoing ciphertext data after
     #   encryption by Amazon Web Services Payment Cryptography.
     #   @return [Types::ReEncryptionAttributes]
     #
-    # @!attribute [rw] outgoing_key_identifier
-    #   The `keyARN` of the encryption key of outgoing ciphertext data after
-    #   encryption by Amazon Web Services Payment Cryptography.
-    #   @return [String]
+    # @!attribute [rw] incoming_wrapped_key
+    #   The WrappedKeyBlock containing the encryption key of incoming
+    #   ciphertext data.
+    #   @return [Types::WrappedKey]
+    #
+    # @!attribute [rw] outgoing_wrapped_key
+    #   The WrappedKeyBlock containing the encryption key of outgoing
+    #   ciphertext data after encryption by Amazon Web Services Payment
+    #   Cryptography.
+    #   @return [Types::WrappedKey]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptDataInput AWS API Documentation
     #
     class ReEncryptDataInput < Struct.new(
+      :incoming_key_identifier,
+      :outgoing_key_identifier,
       :cipher_text,
       :incoming_encryption_attributes,
-      :incoming_key_identifier,
       :outgoing_encryption_attributes,
-      :outgoing_key_identifier)
+      :incoming_wrapped_key,
+      :outgoing_wrapped_key)
       SENSITIVE = [:cipher_text]
       include Aws::Structure
     end
 
-    # @!attribute [rw] cipher_text
-    #   The encrypted ciphertext.
-    #   @return [String]
-    #
     # @!attribute [rw] key_arn
     #   The keyARN (Amazon Resource Name) of the encryption key that Amazon
     #   Web Services Payment Cryptography uses for plaintext encryption.
@@ -1416,12 +1449,16 @@ module Aws::PaymentCryptographyData
     #   to the CMAC specification.
     #   @return [String]
     #
+    # @!attribute [rw] cipher_text
+    #   The encrypted ciphertext.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptDataOutput AWS API Documentation
     #
     class ReEncryptDataOutput < Struct.new(
-      :cipher_text,
       :key_arn,
-      :key_check_value)
+      :key_check_value,
+      :cipher_text)
       SENSITIVE = [:cipher_text]
       include Aws::Structure
     end
@@ -1430,26 +1467,26 @@ module Aws::PaymentCryptographyData
     #
     # @note ReEncryptionAttributes is a union - when making an API calls you must set exactly one of the members.
     #
-    # @!attribute [rw] dukpt
-    #   Parameters that are required to encrypt plaintext data using DUKPT.
-    #   @return [Types::DukptEncryptionAttributes]
-    #
     # @!attribute [rw] symmetric
     #   Parameters that are required to encrypt data using symmetric keys.
     #   @return [Types::SymmetricEncryptionAttributes]
     #
+    # @!attribute [rw] dukpt
+    #   Parameters that are required to encrypt plaintext data using DUKPT.
+    #   @return [Types::DukptEncryptionAttributes]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ReEncryptionAttributes AWS API Documentation
     #
     class ReEncryptionAttributes < Struct.new(
-      :dukpt,
       :symmetric,
+      :dukpt,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
-      class Dukpt < ReEncryptionAttributes; end
       class Symmetric < ReEncryptionAttributes; end
+      class Dukpt < ReEncryptionAttributes; end
       class Unknown < ReEncryptionAttributes; end
     end
 
@@ -1469,22 +1506,22 @@ module Aws::PaymentCryptographyData
 
     # Parameters to derive session key for an Amex payment card.
     #
-    # @!attribute [rw] pan_sequence_number
-    #   A number that identifies and differentiates payment cards with the
-    #   same Primary Account Number (PAN).
-    #   @return [String]
-    #
     # @!attribute [rw] primary_account_number
     #   The Primary Account Number (PAN) of the cardholder. A PAN is a
     #   unique identifier for a payment credit or debit card and associates
     #   the card to a specific account holder.
     #   @return [String]
     #
+    # @!attribute [rw] pan_sequence_number
+    #   A number that identifies and differentiates payment cards with the
+    #   same Primary Account Number (PAN).
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/SessionKeyAmex AWS API Documentation
     #
     class SessionKeyAmex < Struct.new(
-      :pan_sequence_number,
-      :primary_account_number)
+      :primary_account_number,
+      :pan_sequence_number)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
     end
@@ -1494,16 +1531,6 @@ module Aws::PaymentCryptographyData
     #
     # @note SessionKeyDerivation is a union - when making an API calls you must set exactly one of the members.
     #
-    # @!attribute [rw] amex
-    #   Parameters to derive session key for an Amex payment card for ARQC
-    #   verification.
-    #   @return [Types::SessionKeyAmex]
-    #
-    # @!attribute [rw] emv_2000
-    #   Parameters to derive session key for an Emv2000 payment card for
-    #   ARQC verification.
-    #   @return [Types::SessionKeyEmv2000]
-    #
     # @!attribute [rw] emv_common
     #   Parameters to derive session key for an Emv common payment card for
     #   ARQC verification.
@@ -1514,6 +1541,16 @@ module Aws::PaymentCryptographyData
     #   ARQC verification.
     #   @return [Types::SessionKeyMastercard]
     #
+    # @!attribute [rw] emv_2000
+    #   Parameters to derive session key for an Emv2000 payment card for
+    #   ARQC verification.
+    #   @return [Types::SessionKeyEmv2000]
+    #
+    # @!attribute [rw] amex
+    #   Parameters to derive session key for an Amex payment card for ARQC
+    #   verification.
+    #   @return [Types::SessionKeyAmex]
+    #
     # @!attribute [rw] visa
     #   Parameters to derive session key for a Visa payment cardfor ARQC
     #   verification.
@@ -1522,20 +1559,20 @@ module Aws::PaymentCryptographyData
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/SessionKeyDerivation AWS API Documentation
     #
     class SessionKeyDerivation < Struct.new(
-      :amex,
-      :emv_2000,
       :emv_common,
       :mastercard,
+      :emv_2000,
+      :amex,
       :visa,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
       include Aws::Structure::Union
 
-      class Amex < SessionKeyDerivation; end
-      class Emv2000 < SessionKeyDerivation; end
       class EmvCommon < SessionKeyDerivation; end
       class Mastercard < SessionKeyDerivation; end
+      class Emv2000 < SessionKeyDerivation; end
+      class Amex < SessionKeyDerivation; end
       class Visa < SessionKeyDerivation; end
       class Unknown < SessionKeyDerivation; end
     end
@@ -1572,9 +1609,10 @@ module Aws::PaymentCryptographyData
     # Parameters to derive session key for an Emv2000 payment card for ARQC
     # verification.
     #
-    # @!attribute [rw] application_transaction_counter
-    #   The transaction counter that is provided by the terminal during
-    #   transaction processing.
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN) of the cardholder. A PAN is a
+    #   unique identifier for a payment credit or debit card and associates
+    #   the card to a specific account holder.
     #   @return [String]
     #
     # @!attribute [rw] pan_sequence_number
@@ -1582,18 +1620,17 @@ module Aws::PaymentCryptographyData
     #   same Primary Account Number (PAN).
     #   @return [String]
     #
-    # @!attribute [rw] primary_account_number
-    #   The Primary Account Number (PAN) of the cardholder. A PAN is a
-    #   unique identifier for a payment credit or debit card and associates
-    #   the card to a specific account holder.
+    # @!attribute [rw] application_transaction_counter
+    #   The transaction counter that is provided by the terminal during
+    #   transaction processing.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/SessionKeyEmv2000 AWS API Documentation
     #
     class SessionKeyEmv2000 < Struct.new(
-      :application_transaction_counter,
+      :primary_account_number,
       :pan_sequence_number,
-      :primary_account_number)
+      :application_transaction_counter)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
     end
@@ -1601,9 +1638,10 @@ module Aws::PaymentCryptographyData
     # Parameters to derive session key for an Emv common payment card for
     # ARQC verification.
     #
-    # @!attribute [rw] application_transaction_counter
-    #   The transaction counter that is provided by the terminal during
-    #   transaction processing.
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN) of the cardholder. A PAN is a
+    #   unique identifier for a payment credit or debit card and associates
+    #   the card to a specific account holder.
     #   @return [String]
     #
     # @!attribute [rw] pan_sequence_number
@@ -1611,18 +1649,17 @@ module Aws::PaymentCryptographyData
     #   same Primary Account Number (PAN).
     #   @return [String]
     #
-    # @!attribute [rw] primary_account_number
-    #   The Primary Account Number (PAN) of the cardholder. A PAN is a
-    #   unique identifier for a payment credit or debit card and associates
-    #   the card to a specific account holder.
+    # @!attribute [rw] application_transaction_counter
+    #   The transaction counter that is provided by the terminal during
+    #   transaction processing.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/SessionKeyEmvCommon AWS API Documentation
     #
     class SessionKeyEmvCommon < Struct.new(
-      :application_transaction_counter,
+      :primary_account_number,
       :pan_sequence_number,
-      :primary_account_number)
+      :application_transaction_counter)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
     end
@@ -1630,9 +1667,10 @@ module Aws::PaymentCryptographyData
     # Parameters to derive session key for Mastercard payment card for ARQC
     # verification.
     #
-    # @!attribute [rw] application_transaction_counter
-    #   The transaction counter that is provided by the terminal during
-    #   transaction processing.
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN) of the cardholder. A PAN is a
+    #   unique identifier for a payment credit or debit card and associates
+    #   the card to a specific account holder.
     #   @return [String]
     #
     # @!attribute [rw] pan_sequence_number
@@ -1640,10 +1678,9 @@ module Aws::PaymentCryptographyData
     #   same Primary Account Number (PAN).
     #   @return [String]
     #
-    # @!attribute [rw] primary_account_number
-    #   The Primary Account Number (PAN) of the cardholder. A PAN is a
-    #   unique identifier for a payment credit or debit card and associates
-    #   the card to a specific account holder.
+    # @!attribute [rw] application_transaction_counter
+    #   The transaction counter that is provided by the terminal during
+    #   transaction processing.
     #   @return [String]
     #
     # @!attribute [rw] unpredictable_number
@@ -1653,9 +1690,9 @@ module Aws::PaymentCryptographyData
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/SessionKeyMastercard AWS API Documentation
     #
     class SessionKeyMastercard < Struct.new(
-      :application_transaction_counter,
-      :pan_sequence_number,
       :primary_account_number,
+      :pan_sequence_number,
+      :application_transaction_counter,
       :unpredictable_number)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
@@ -1664,37 +1701,37 @@ module Aws::PaymentCryptographyData
     # Parameters to derive session key for Visa payment card for ARQC
     # verification.
     #
-    # @!attribute [rw] pan_sequence_number
-    #   A number that identifies and differentiates payment cards with the
-    #   same Primary Account Number (PAN).
-    #   @return [String]
-    #
     # @!attribute [rw] primary_account_number
     #   The Primary Account Number (PAN) of the cardholder. A PAN is a
     #   unique identifier for a payment credit or debit card and associates
     #   the card to a specific account holder.
     #   @return [String]
     #
+    # @!attribute [rw] pan_sequence_number
+    #   A number that identifies and differentiates payment cards with the
+    #   same Primary Account Number (PAN).
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/SessionKeyVisa AWS API Documentation
     #
     class SessionKeyVisa < Struct.new(
-      :pan_sequence_number,
-      :primary_account_number)
+      :primary_account_number,
+      :pan_sequence_number)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
     end
 
     # Parameters requried to encrypt plaintext data using symmetric keys.
     #
+    # @!attribute [rw] mode
+    #   The block cipher method to use for encryption.
+    #   @return [String]
+    #
     # @!attribute [rw] initialization_vector
     #   An input used to provide the intial state. If no value is provided,
     #   Amazon Web Services Payment Cryptography defaults it to zero.
     #   @return [String]
     #
-    # @!attribute [rw] mode
-    #   The block cipher method to use for encryption.
-    #   @return [String]
-    #
     # @!attribute [rw] padding_type
     #   The padding to be included with the data.
     #   @return [String]
@@ -1702,8 +1739,8 @@ module Aws::PaymentCryptographyData
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/SymmetricEncryptionAttributes AWS API Documentation
     #
     class SymmetricEncryptionAttributes < Struct.new(
-      :initialization_vector,
       :mode,
+      :initialization_vector,
       :padding_type)
       SENSITIVE = [:initialization_vector]
       include Aws::Structure
@@ -1722,19 +1759,18 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
-    # @!attribute [rw] encrypted_pin_block
-    #   The encrypted PIN block data that Amazon Web Services Payment
-    #   Cryptography translates.
-    #   @return [String]
-    #
-    # @!attribute [rw] incoming_dukpt_attributes
-    #   The attributes and values to use for incoming DUKPT encryption key
-    #   for PIN block translation.
-    #   @return [Types::DukptDerivationAttributes]
-    #
     # @!attribute [rw] incoming_key_identifier
     #   The `keyARN` of the encryption key under which incoming PIN block
     #   data is encrypted. This key type can be PEK or BDK.
+    #
+    #   When a WrappedKeyBlock is provided, this value will be the
+    #   identifier to the key wrapping key for PIN block. Otherwise, it is
+    #   the key identifier used to perform the operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] outgoing_key_identifier
+    #   The `keyARN` of the encryption key for encrypting outgoing PIN block
+    #   data. This key type can be PEK or BDK.
     #   @return [String]
     #
     # @!attribute [rw] incoming_translation_attributes
@@ -1742,35 +1778,56 @@ module Aws::PaymentCryptographyData
     #   Amazon Web Services Payment Cryptography.
     #   @return [Types::TranslationIsoFormats]
     #
+    # @!attribute [rw] outgoing_translation_attributes
+    #   The format of the outgoing PIN block data after translation by
+    #   Amazon Web Services Payment Cryptography.
+    #   @return [Types::TranslationIsoFormats]
+    #
+    # @!attribute [rw] encrypted_pin_block
+    #   The encrypted PIN block data that Amazon Web Services Payment
+    #   Cryptography translates.
+    #   @return [String]
+    #
+    # @!attribute [rw] incoming_dukpt_attributes
+    #   The attributes and values to use for incoming DUKPT encryption key
+    #   for PIN block translation.
+    #   @return [Types::DukptDerivationAttributes]
+    #
     # @!attribute [rw] outgoing_dukpt_attributes
     #   The attributes and values to use for outgoing DUKPT encryption key
     #   after PIN block translation.
     #   @return [Types::DukptDerivationAttributes]
     #
-    # @!attribute [rw] outgoing_key_identifier
-    #   The `keyARN` of the encryption key for encrypting outgoing PIN block
-    #   data. This key type can be PEK or BDK.
-    #   @return [String]
+    # @!attribute [rw] incoming_wrapped_key
+    #   The WrappedKeyBlock containing the encryption key under which
+    #   incoming PIN block data is encrypted.
+    #   @return [Types::WrappedKey]
     #
-    # @!attribute [rw] outgoing_translation_attributes
-    #   The format of the outgoing PIN block data after translation by
-    #   Amazon Web Services Payment Cryptography.
-    #   @return [Types::TranslationIsoFormats]
+    # @!attribute [rw] outgoing_wrapped_key
+    #   The WrappedKeyBlock containing the encryption key for encrypting
+    #   outgoing PIN block data.
+    #   @return [Types::WrappedKey]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinDataInput AWS API Documentation
     #
     class TranslatePinDataInput < Struct.new(
-      :encrypted_pin_block,
-      :incoming_dukpt_attributes,
       :incoming_key_identifier,
+      :outgoing_key_identifier,
       :incoming_translation_attributes,
+      :outgoing_translation_attributes,
+      :encrypted_pin_block,
+      :incoming_dukpt_attributes,
       :outgoing_dukpt_attributes,
-      :outgoing_key_identifier,
-      :outgoing_translation_attributes)
+      :incoming_wrapped_key,
+      :outgoing_wrapped_key)
       SENSITIVE = [:encrypted_pin_block]
       include Aws::Structure
     end
 
+    # @!attribute [rw] pin_block
+    #   The outgoing encrypted PIN block data after translation.
+    #   @return [String]
+    #
     # @!attribute [rw] key_arn
     #   The `keyARN` of the encryption key that Amazon Web Services Payment
     #   Cryptography uses to encrypt outgoing PIN block data after
@@ -1786,16 +1843,12 @@ module Aws::PaymentCryptographyData
     #   to the CMAC specification.
     #   @return [String]
     #
-    # @!attribute [rw] pin_block
-    #   The outgoing encrypted PIN block data after translation.
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinDataOutput AWS API Documentation
     #
     class TranslatePinDataOutput < Struct.new(
+      :pin_block,
       :key_arn,
-      :key_check_value,
-      :pin_block)
+      :key_check_value)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1867,76 +1920,76 @@ module Aws::PaymentCryptographyData
 
     # The request was denied due to an invalid request error.
     #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
     # @!attribute [rw] field_list
     #   The request was denied due to an invalid request error.
     #   @return [Array<Types::ValidationExceptionField>]
     #
-    # @!attribute [rw] message
-    #   @return [String]
-    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ValidationException AWS API Documentation
     #
     class ValidationException < Struct.new(
-      :field_list,
-      :message)
+      :message,
+      :field_list)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # The request was denied due to an invalid request error.
     #
-    # @!attribute [rw] message
+    # @!attribute [rw] path
     #   The request was denied due to an invalid request error.
     #   @return [String]
     #
-    # @!attribute [rw] path
+    # @!attribute [rw] message
     #   The request was denied due to an invalid request error.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/ValidationExceptionField AWS API Documentation
     #
     class ValidationExceptionField < Struct.new(
-      :message,
-      :path)
+      :path,
+      :message)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # This request failed verification.
     #
-    # @!attribute [rw] message
-    #   @return [String]
-    #
     # @!attribute [rw] reason
     #   The reason for the exception.
     #   @return [String]
     #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerificationFailedException AWS API Documentation
     #
     class VerificationFailedException < Struct.new(
-      :message,
-      :reason)
+      :reason,
+      :message)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # @!attribute [rw] key_identifier
+    #   The `keyARN` of the major encryption key that Amazon Web Services
+    #   Payment Cryptography uses for ARQC verification.
+    #   @return [String]
+    #
+    # @!attribute [rw] transaction_data
+    #   The transaction data that Amazon Web Services Payment Cryptography
+    #   uses for ARQC verification. The same transaction is used for ARQC
+    #   generation outside of Amazon Web Services Payment Cryptography.
+    #   @return [String]
+    #
     # @!attribute [rw] auth_request_cryptogram
     #   The auth request cryptogram imported into Amazon Web Services
     #   Payment Cryptography for ARQC verification using a major encryption
     #   key and transaction data.
     #   @return [String]
     #
-    # @!attribute [rw] auth_response_attributes
-    #   The attributes and values for auth request cryptogram verification.
-    #   These parameters are required in case using ARPC Method 1 or Method
-    #   2 for ARQC verification.
-    #   @return [Types::CryptogramAuthResponse]
-    #
-    # @!attribute [rw] key_identifier
-    #   The `keyARN` of the major encryption key that Amazon Web Services
-    #   Payment Cryptography uses for ARQC verification.
-    #   @return [String]
-    #
     # @!attribute [rw] major_key_derivation_mode
     #   The method to use when deriving the major encryption key for ARQC
     #   verification within Amazon Web Services Payment Cryptography. The
@@ -1951,30 +2004,25 @@ module Aws::PaymentCryptographyData
     #   Services Payment Cryptography.
     #   @return [Types::SessionKeyDerivation]
     #
-    # @!attribute [rw] transaction_data
-    #   The transaction data that Amazon Web Services Payment Cryptography
-    #   uses for ARQC verification. The same transaction is used for ARQC
-    #   generation outside of Amazon Web Services Payment Cryptography.
-    #   @return [String]
+    # @!attribute [rw] auth_response_attributes
+    #   The attributes and values for auth request cryptogram verification.
+    #   These parameters are required in case using ARPC Method 1 or Method
+    #   2 for ARQC verification.
+    #   @return [Types::CryptogramAuthResponse]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyAuthRequestCryptogramInput AWS API Documentation
     #
     class VerifyAuthRequestCryptogramInput < Struct.new(
-      :auth_request_cryptogram,
-      :auth_response_attributes,
       :key_identifier,
+      :transaction_data,
+      :auth_request_cryptogram,
       :major_key_derivation_mode,
       :session_key_derivation_attributes,
-      :transaction_data)
+      :auth_response_attributes)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @!attribute [rw] auth_response_value
-    #   The result for ARQC verification or ARPC generation within Amazon
-    #   Web Services Payment Cryptography.
-    #   @return [String]
-    #
     # @!attribute [rw] key_arn
     #   The `keyARN` of the major encryption key that Amazon Web Services
     #   Payment Cryptography uses for ARQC verification.
@@ -1989,12 +2037,17 @@ module Aws::PaymentCryptographyData
     #   to the CMAC specification.
     #   @return [String]
     #
+    # @!attribute [rw] auth_response_value
+    #   The result for ARQC verification or ARPC generation within Amazon
+    #   Web Services Payment Cryptography.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyAuthRequestCryptogramOutput AWS API Documentation
     #
     class VerifyAuthRequestCryptogramOutput < Struct.new(
-      :auth_response_value,
       :key_arn,
-      :key_check_value)
+      :key_check_value,
+      :auth_response_value)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2010,23 +2063,23 @@ module Aws::PaymentCryptographyData
     #   account holder.
     #   @return [String]
     #
-    # @!attribute [rw] validation_data
-    #   The CVV or CSC value for use for card data verification within
-    #   Amazon Web Services Payment Cryptography.
-    #   @return [String]
-    #
     # @!attribute [rw] verification_attributes
     #   The algorithm to use for verification of card data within Amazon Web
     #   Services Payment Cryptography.
     #   @return [Types::CardVerificationAttributes]
     #
+    # @!attribute [rw] validation_data
+    #   The CVV or CSC value for use for card data verification within
+    #   Amazon Web Services Payment Cryptography.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyCardValidationDataInput AWS API Documentation
     #
     class VerifyCardValidationDataInput < Struct.new(
       :key_identifier,
       :primary_account_number,
-      :validation_data,
-      :verification_attributes)
+      :verification_attributes,
+      :validation_data)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
     end
@@ -2059,33 +2112,33 @@ module Aws::PaymentCryptographyData
     #   Cryptography uses to verify MAC data.
     #   @return [String]
     #
-    # @!attribute [rw] mac
-    #   The MAC being verified.
-    #   @return [String]
-    #
-    # @!attribute [rw] mac_length
-    #   The length of the MAC.
-    #   @return [Integer]
-    #
     # @!attribute [rw] message_data
     #   The data on for which MAC is under verification. This value must be
     #   hexBinary.
     #   @return [String]
     #
+    # @!attribute [rw] mac
+    #   The MAC being verified.
+    #   @return [String]
+    #
     # @!attribute [rw] verification_attributes
     #   The attributes and data values to use for MAC verification within
     #   Amazon Web Services Payment Cryptography.
     #   @return [Types::MacAttributes]
     #
+    # @!attribute [rw] mac_length
+    #   The length of the MAC.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyMacInput AWS API Documentation
     #
     class VerifyMacInput < Struct.new(
       :key_identifier,
-      :mac,
-      :mac_length,
       :message_data,
-      :verification_attributes)
-      SENSITIVE = [:mac, :message_data]
+      :mac,
+      :verification_attributes,
+      :mac_length)
+      SENSITIVE = [:message_data, :mac]
       include Aws::Structure
     end
 
@@ -2112,18 +2165,28 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
-    # @!attribute [rw] dukpt_attributes
-    #   The attributes and values for the DUKPT encrypted PIN block data.
-    #   @return [Types::DukptAttributes]
+    # @!attribute [rw] verification_key_identifier
+    #   The `keyARN` of the PIN verification key.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_key_identifier
+    #   The `keyARN` of the encryption key under which the PIN block data is
+    #   encrypted. This key type can be PEK or BDK.
+    #   @return [String]
+    #
+    # @!attribute [rw] verification_attributes
+    #   The attributes and values for PIN data verification.
+    #   @return [Types::PinVerificationAttributes]
     #
     # @!attribute [rw] encrypted_pin_block
     #   The encrypted PIN block data that Amazon Web Services Payment
     #   Cryptography verifies.
     #   @return [String]
     #
-    # @!attribute [rw] encryption_key_identifier
-    #   The `keyARN` of the encryption key under which the PIN block data is
-    #   encrypted. This key type can be PEK or BDK.
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN), a unique identifier for a payment
+    #   credit or debit card that associates the card with a specific
+    #   account holder.
     #   @return [String]
     #
     # @!attribute [rw] pin_block_format
@@ -2143,41 +2206,31 @@ module Aws::PaymentCryptographyData
     #   The length of PIN being verified.
     #   @return [Integer]
     #
-    # @!attribute [rw] primary_account_number
-    #   The Primary Account Number (PAN), a unique identifier for a payment
-    #   credit or debit card that associates the card with a specific
-    #   account holder.
-    #   @return [String]
-    #
-    # @!attribute [rw] verification_attributes
-    #   The attributes and values for PIN data verification.
-    #   @return [Types::PinVerificationAttributes]
-    #
-    # @!attribute [rw] verification_key_identifier
-    #   The `keyARN` of the PIN verification key.
-    #   @return [String]
+    # @!attribute [rw] dukpt_attributes
+    #   The attributes and values for the DUKPT encrypted PIN block data.
+    #   @return [Types::DukptAttributes]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyPinDataInput AWS API Documentation
     #
     class VerifyPinDataInput < Struct.new(
-      :dukpt_attributes,
-      :encrypted_pin_block,
+      :verification_key_identifier,
       :encryption_key_identifier,
+      :verification_attributes,
+      :encrypted_pin_block,
+      :primary_account_number,
       :pin_block_format,
       :pin_data_length,
-      :primary_account_number,
-      :verification_attributes,
-      :verification_key_identifier)
+      :dukpt_attributes)
       SENSITIVE = [:primary_account_number]
       include Aws::Structure
     end
 
-    # @!attribute [rw] encryption_key_arn
-    #   The `keyARN` of the PEK that Amazon Web Services Payment
-    #   Cryptography uses for encrypted pin block generation.
+    # @!attribute [rw] verification_key_arn
+    #   The `keyARN` of the PIN encryption key that Amazon Web Services
+    #   Payment Cryptography uses for PIN or PIN Offset verification.
     #   @return [String]
     #
-    # @!attribute [rw] encryption_key_check_value
+    # @!attribute [rw] verification_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
     #   detect that a key has changed.
@@ -2186,12 +2239,12 @@ module Aws::PaymentCryptographyData
     #   to the CMAC specification.
     #   @return [String]
     #
-    # @!attribute [rw] verification_key_arn
-    #   The `keyARN` of the PIN encryption key that Amazon Web Services
-    #   Payment Cryptography uses for PIN or PIN Offset verification.
+    # @!attribute [rw] encryption_key_arn
+    #   The `keyARN` of the PEK that Amazon Web Services Payment
+    #   Cryptography uses for encrypted pin block generation.
     #   @return [String]
     #
-    # @!attribute [rw] verification_key_check_value
+    # @!attribute [rw] encryption_key_check_value
     #   The key check value (KCV) of the encryption key. The KCV is used to
     #   check if all parties holding a given key have the same key or to
     #   detect that a key has changed.
@@ -2203,10 +2256,10 @@ module Aws::PaymentCryptographyData
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/VerifyPinDataOutput AWS API Documentation
     #
     class VerifyPinDataOutput < Struct.new(
-      :encryption_key_arn,
-      :encryption_key_check_value,
       :verification_key_arn,
-      :verification_key_check_value)
+      :verification_key_check_value,
+      :encryption_key_arn,
+      :encryption_key_check_value)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2268,5 +2321,57 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # Parameter information of a WrappedKeyBlock for encryption key
+    # exchange.
+    #
+    # @!attribute [rw] wrapped_key_material
+    #   Parameter information of a WrappedKeyBlock for encryption key
+    #   exchange.
+    #   @return [Types::WrappedKeyMaterial]
+    #
+    # @!attribute [rw] key_check_value_algorithm
+    #   The algorithm that Amazon Web Services Payment Cryptography uses to
+    #   calculate the key check value (KCV). It is used to validate the key
+    #   integrity.
+    #
+    #   For TDES keys, the KCV is computed by encrypting 8 bytes, each with
+    #   value of zero, with the key to be checked and retaining the 3
+    #   highest order bytes of the encrypted result. For AES keys, the KCV
+    #   is computed using a CMAC algorithm where the input data is 16 bytes
+    #   of zero and retaining the 3 highest order bytes of the encrypted
+    #   result.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/WrappedKey AWS API Documentation
+    #
+    class WrappedKey < Struct.new(
+      :wrapped_key_material,
+      :key_check_value_algorithm)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Parameter information of a WrappedKeyBlock for encryption key
+    # exchange.
+    #
+    # @note WrappedKeyMaterial is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] tr_31_key_block
+    #   The TR-31 wrapped key block.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/WrappedKeyMaterial AWS API Documentation
+    #
+    class WrappedKeyMaterial < Struct.new(
+      :tr_31_key_block,
+      :unknown)
+      SENSITIVE = [:tr_31_key_block]
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class Tr31KeyBlock < WrappedKeyMaterial; end
+      class Unknown < WrappedKeyMaterial; end
+    end
+
   end
 end