aws-sdk-paymentcryptographydata 1.51.0 → 1.53.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9b5ca3b60e7009e66b9fdb8fa4eb4d6cc16d310eeb2f751d5c1294085f1e2e20
-  data.tar.gz: d031aaae33a5c63de7d587477bf7cc05399ac50ee7d38035eeb1830f6a0ed6ce
+  metadata.gz: abe3024c0a261843a6fdbcadd12370dc1634b3f4a9a25ca172f6a3a75c74b95a
+  data.tar.gz: db9a70f4da38a743203dcf64eea693ea81985caca057daf7d33aa09c7f158608
 SHA512:
-  metadata.gz: 83fda313d8421f1e0804310bb52be95edf4c7c5d815f3320cfdbc18baee75ba7b64c68f836b9fef6325cf825b04bf3f13b805f444bc5739fd6732b9028d8a15e
-  data.tar.gz: 6ef23734a0072ddbcf6f28e419b50e87022817c72ea7775e26763a52335878e47bec7ffc1d90685b34d6e43f3f22ba2199f25047690bd71ca87c66081602a899
+  metadata.gz: e891414054ddad446d2e5dbbba889ea9cf9034901112f922d21278c1f18ba2804e4883c891574fd6c24f080ad0e31b87b15deac9f26f389389ed807fdc620bb2
+  data.tar.gz: 935e36d316810e2c28cba9c405864793d9609961e9338ecbbfd2df11997be1b0b6c44a0622d2909cbd2b6836b8ba671b46a1990f26dafd720b078c4d6e02beb2

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.53.0 (2026-05-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.52.0 (2026-05-20)
+------------------
+
+* Feature - GenerateAuthRequestCryptogram API launch.
+
 1.51.0 (2026-05-19)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.51.0
+1.53.0

data/lib/aws-sdk-paymentcryptographydata/client.rb

@@ -199,7 +199,7 @@ module Aws::PaymentCryptographyData
     #     the required types.
     #
     #   @option options [Boolean] :correct_clock_skew (true)
-    #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
+    #     Used only in `standard` and `adaptive` retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
     #   @option options [String] :defaults_mode ("legacy")
@@ -323,17 +323,15 @@ module Aws::PaymentCryptographyData
     #   @option options [String] :retry_mode ("legacy")
     #     Specifies which retry algorithm to use. Values are:
     #
-    #     * `legacy` - The pre-existing retry behavior.  This is default value if
-    #       no retry mode is provided.
+    #     * `legacy` - The pre-existing retry behavior. This is the default
+    #       value if no retry mode is provided.
     #
     #     * `standard` - A standardized set of retry rules across the AWS SDKs.
     #       This includes support for retry quotas, which limit the number of
     #       unsuccessful retries a client can make.
     #
-    #     * `adaptive` - An experimental retry mode that includes all the
-    #       functionality of `standard` mode along with automatic client side
-    #       throttling.  This is a provisional mode that may change behavior
-    #       in the future.
+    #     * `adaptive` - A retry mode that includes all the functionality of
+    #       `standard` mode along with automatic client side throttling.
     #
     #   @option options [String] :sdk_ua_app_id
     #     A unique and opaque application ID that is appended to the
@@ -518,8 +516,9 @@ module Aws::PaymentCryptographyData
     # operations][6] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][7].
     #
     # **Related operations:**
     #
@@ -537,6 +536,7 @@ module Aws::PaymentCryptographyData
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html
     # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of the encryption key that Amazon Web Services Payment
@@ -671,14 +671,15 @@ module Aws::PaymentCryptographyData
     # operations][6] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][7].
     #
     # **Related operations:**
     #
     # * DecryptData
     #
-    # * [GetPublicCertificate][7]
+    # * [GetPublicCertificate][8]
     #
     # * [ImportKey][3]
     #
@@ -692,7 +693,8 @@ module Aws::PaymentCryptographyData
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html
     # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
-    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
+    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
+    # [8]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of the encryption key that Amazon Web Services Payment
@@ -791,9 +793,9 @@ module Aws::PaymentCryptographyData
       req.send_request(options)
     end
 
-    # Establishes node-to-node initialization between payment processing
-    # nodes such as an acquirer, issuer or payment network using Australian
-    # Standard 2805 (AS2805).
+    # Generates a `KekValidationRequest` or a `KekValidationResponse` for
+    # node-to-node initialization between payment processing nodes using
+    # [Australian Standard 2805 (AS2805)][1].
     #
     # During node-to-node initialization, both communicating nodes must
     # validate that they possess the correct Key Encrypting Keys (KEKs)
@@ -802,38 +804,50 @@ module Aws::PaymentCryptographyData
     # partner node. Each node uses its KEK to encrypt and decrypt session
     # keys exchanged between the nodes. A KEK can be created or imported
     # into Amazon Web Services Payment Cryptography using either the
-    # [CreateKey][1] or [ImportKey][2] operations.
-    #
-    # The node initiating communication can use
-    # `GenerateAS2805KekValidation` to generate a combined KEK validation
-    # request and KEK validation response to send to the partnering node for
-    # validation. When invoked, the API internally generates a random
-    # sending key encrypted under KEKs and provides a receiving key
-    # encrypted under KEKr as response. The initiating node sends the
-    # response returned by this API to its partner for validation.
+    # [CreateKey][2] or [ImportKey][3] operations.
+    #
+    # To use `GenerateAs2805KekValidation` to generate a KEK validation
+    # request, set `KekValidationType` to `KekValidationRequest`. This
+    # operation returns both `RandomKeySend` (KRs) and `RandomKeyReceive`
+    # (KRr) as response values. The partnering node receives the KRs, uses
+    # its KEKr to decrypt it, and generates a KRr which is an inverted value
+    # of KRs. The node receiving the KRr validates it against its own KRr
+    # generated during KEK validation request outside of Amazon Web Services
+    # Payment Cryptography.
+    #
+    # You can also use this operation to generate a KEK validation response,
+    # by setting `KekValidationType` to `KekValidationResponse` and
+    # providing the incoming KRs. This operation then calculates a KRr. To
+    # learn more about more about node-to-node initialization, see
+    # [Validation of KEK][4] in the *Amazon Web Services Payment
+    # Cryptography User Guide*.
     #
     # For information about valid keys for this operation, see
-    # [Understanding key attributes][3] and [Key types for specific data
-    # operations][4] in the *Amazon Web Services Payment Cryptography User
+    # [Understanding key attributes][5] and [Key types for specific data
+    # operations][6] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][7].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
-    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
-    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
-    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/as2805.html
+    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
+    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
+    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/as2805.kekvalidation.html
+    # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of sending KEK that Amazon Web Services Payment
     #   Cryptography uses for node-to-node initialization
     #
     # @option params [required, Types::As2805KekValidationType] :kek_validation_type
-    #   Parameter information for generating a random key for KEK validation
-    #   to perform node-to-node initialization.
+    #   Defines whether to generate a KEK validation request or KEK validation
+    #   response for node-to-node initialization.
     #
     # @option params [required, String] :random_key_send_variant_mask
     #   The key variant to use for generating a random key for KEK validation
@@ -853,6 +867,7 @@ module Aws::PaymentCryptographyData
     #     kek_validation_type: { # required
     #       kek_validation_request: {
     #         derive_key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, HMAC_SHA224
+    #         random_key_max_length: "BYTES_8", # accepts BYTES_8, BYTES_16, BYTES_24
     #       },
     #       kek_validation_response: {
     #         random_key_send: "As2805RandomKeyMaterial", # required
@@ -877,6 +892,120 @@ module Aws::PaymentCryptographyData
       req.send_request(options)
     end
 
+    # Generates an Authorization Request Cryptogram (ARQC) for an EMV chip
+    # payment card authorization. For more information, see [Generate auth
+    # request cryptogram][1] in the *Amazon Web Services Payment
+    # Cryptography User Guide*.
+    #
+    # ARQC generation uses an Issuer Master Key (IMK) for application
+    # cryptograms (TR31\_E0\_EMV\_MKEY\_APP\_CRYPTOGRAMS) to derive a
+    # session key, which is then used to generate the cryptogram from the
+    # provided transaction data (when applicable). To use this operation,
+    # you must first create or import an IMK-AC key by calling
+    # [CreateKey][2] or [ImportKey][3]. The `KeyModesOfUse` should be set to
+    # `DeriveKey` for the IMK-AC encryption key.
+    #
+    # This operation is intended for development and testing scenarios only.
+    # It is not recommended to use this operation as a substitute for
+    # card-based cryptogram generation in production payment flows.
+    #
+    # For information about valid keys for this operation, see
+    # [Understanding key attributes][4] and [Key types for specific data
+    # operations][5] in the *Amazon Web Services Payment Cryptography User
+    # Guide*.
+    #
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][6].
+    #
+    # **Related operations:**
+    #
+    # * VerifyAuthRequestCryptogram
+    #
+    # ^
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/data-operations.generateauthrequestcryptogram.html
+    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
+    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
+    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
+    # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
+    #
+    # @option params [required, String] :key_identifier
+    #   The `keyARN` of the IMK-AC (TR31\_E0\_EMV\_MKEY\_APP\_CRYPTOGRAMS)
+    #   that Amazon Web Services Payment Cryptography uses to generate the
+    #   ARQC.
+    #
+    # @option params [required, String] :transaction_data
+    #   The transaction data that Amazon Web Services Payment Cryptography
+    #   uses for ARQC generation. The same transaction data is used for ARQC
+    #   verification by the issuer using VerifyAuthRequestCryptogram.
+    #
+    # @option params [required, String] :major_key_derivation_mode
+    #   The method to use when deriving the major encryption key for ARQC
+    #   generation within Amazon Web Services Payment Cryptography.
+    #
+    # @option params [required, Types::SessionKeyDerivation] :session_key_derivation_attributes
+    #   The attributes and values to use for deriving a session key for ARQC
+    #   generation within Amazon Web Services Payment Cryptography.
+    #
+    # @return [Types::GenerateAuthRequestCryptogramOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GenerateAuthRequestCryptogramOutput#key_arn #key_arn} => String
+    #   * {Types::GenerateAuthRequestCryptogramOutput#key_check_value #key_check_value} => String
+    #   * {Types::GenerateAuthRequestCryptogramOutput#auth_request_cryptogram #auth_request_cryptogram} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.generate_auth_request_cryptogram({
+    #     key_identifier: "KeyArnOrKeyAliasType", # required
+    #     transaction_data: "TransactionDataType", # required
+    #     major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
+    #     session_key_derivation_attributes: { # required
+    #       emv_common: {
+    #         primary_account_number: "PrimaryAccountNumberType", # required
+    #         pan_sequence_number: "NumberLengthEquals2", # required
+    #         application_transaction_counter: "HexLengthEquals4", # required
+    #       },
+    #       mastercard: {
+    #         primary_account_number: "PrimaryAccountNumberType", # required
+    #         pan_sequence_number: "NumberLengthEquals2", # required
+    #         application_transaction_counter: "HexLengthEquals4", # required
+    #         unpredictable_number: "HexLengthEquals8", # required
+    #       },
+    #       emv_2000: {
+    #         primary_account_number: "PrimaryAccountNumberType", # required
+    #         pan_sequence_number: "NumberLengthEquals2", # required
+    #         application_transaction_counter: "HexLengthEquals4", # required
+    #       },
+    #       amex: {
+    #         primary_account_number: "PrimaryAccountNumberType", # required
+    #         pan_sequence_number: "NumberLengthEquals2", # required
+    #       },
+    #       visa: {
+    #         primary_account_number: "PrimaryAccountNumberType", # required
+    #         pan_sequence_number: "NumberLengthEquals2", # required
+    #       },
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_arn #=> String
+    #   resp.key_check_value #=> String
+    #   resp.auth_request_cryptogram #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateAuthRequestCryptogram AWS API Documentation
+    #
+    # @overload generate_auth_request_cryptogram(params = {})
+    # @param [Hash] params ({})
+    def generate_auth_request_cryptogram(params = {}, options = {})
+      req = build_request(:generate_auth_request_cryptogram, params)
+      req.send_request(options)
+    end
+
     # Generates card-related validation data using algorithms such as Card
     # Verification Values (CVV/CVV2), Dynamic Card Verification Values
     # (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see
@@ -898,8 +1027,9 @@ module Aws::PaymentCryptographyData
     # operations][5] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][6].
     #
     # **Related operations:**
     #
@@ -914,6 +1044,7 @@ module Aws::PaymentCryptographyData
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of the CVK encryption key that Amazon Web Services
@@ -1015,8 +1146,9 @@ module Aws::PaymentCryptographyData
     # operations][2] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][3].
     #
     # **Related operations:**
     #
@@ -1028,6 +1160,7 @@ module Aws::PaymentCryptographyData
     #
     # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of the MAC generation encryption key.
@@ -1133,8 +1266,9 @@ module Aws::PaymentCryptographyData
     #
     #  </note>
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][2].
     #
     # **Related operations:**
     #
@@ -1145,6 +1279,7 @@ module Aws::PaymentCryptographyData
     #
     #
     # [1]: https://www.emvco.com/specifications/
+    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :new_pin_pek_identifier
     #   The `keyARN` of the PEK protecting the incoming new encrypted PIN
@@ -1293,8 +1428,9 @@ module Aws::PaymentCryptographyData
     # operations][4] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][5].
     #
     # **Related operations:**
     #
@@ -1310,6 +1446,7 @@ module Aws::PaymentCryptographyData
     # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/create-keys.html
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :generation_key_identifier
     #   The `keyARN` of the PEK that Amazon Web Services Payment Cryptography
@@ -1464,8 +1601,9 @@ module Aws::PaymentCryptographyData
     # operations][5] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][6].
     #
     # **Related operations:**
     #
@@ -1473,7 +1611,7 @@ module Aws::PaymentCryptographyData
     #
     # * EncryptData
     #
-    # * [GetPublicCertificate][6]
+    # * [GetPublicCertificate][7]
     #
     # * [ImportKey][2]
     #
@@ -1484,7 +1622,8 @@ module Aws::PaymentCryptographyData
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/use-cases-acquirers-dynamickeys.html
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
-    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
+    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
     #
     # @option params [required, String] :incoming_key_identifier
     #   The `keyARN` of the encryption key of incoming ciphertext data.
@@ -1628,16 +1767,17 @@ module Aws::PaymentCryptographyData
     # operations][5] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][6].
     #
     # **Related operations:**
     #
-    # * [CreateKey][6]
+    # * [CreateKey][7]
     #
-    # * [GetPublicCertificate][7]
+    # * [GetPublicCertificate][8]
     #
-    # * [ImportKey][8]
+    # * [ImportKey][9]
     #
     #
     #
@@ -1646,9 +1786,10 @@ module Aws::PaymentCryptographyData
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.kek
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
-    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
-    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
-    # [8]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
+    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
+    # [8]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
+    # [9]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
     #
     # @option params [required, Types::IncomingKeyMaterial] :incoming_key_material
     #   Parameter information of the TR31WrappedKeyBlock containing the
@@ -1759,8 +1900,9 @@ module Aws::PaymentCryptographyData
     #
     #  </note>
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][6].
     #
     # **Related operations:**
     #
@@ -1775,6 +1917,7 @@ module Aws::PaymentCryptographyData
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/create-keys.html
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :incoming_key_identifier
     #   The `keyARN` of the encryption key under which incoming PIN block data
@@ -1946,8 +2089,9 @@ module Aws::PaymentCryptographyData
     # operations][5] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][6].
     #
     # **Related operations:**
     #
@@ -1962,6 +2106,7 @@ module Aws::PaymentCryptographyData
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
     # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of the major encryption key that Amazon Web Services
@@ -2017,7 +2162,7 @@ module Aws::PaymentCryptographyData
     #         primary_account_number: "PrimaryAccountNumberType", # required
     #         pan_sequence_number: "NumberLengthEquals2", # required
     #         application_transaction_counter: "HexLengthEquals4", # required
-    #         unpredictable_number: "HexLengthBetween2And8", # required
+    #         unpredictable_number: "HexLengthEquals8", # required
     #       },
     #       emv_2000: {
     #         primary_account_number: "PrimaryAccountNumberType", # required
@@ -2080,8 +2225,9 @@ module Aws::PaymentCryptographyData
     # operations][3] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][4].
     #
     # **Related operations:**
     #
@@ -2096,6 +2242,7 @@ module Aws::PaymentCryptographyData
     # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-card-data.html
     # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of the CVK encryption key that Amazon Web Services
@@ -2193,8 +2340,9 @@ module Aws::PaymentCryptographyData
     # operations][2] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][3].
     #
     # **Related operations:**
     #
@@ -2206,6 +2354,7 @@ module Aws::PaymentCryptographyData
     #
     # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :key_identifier
     #   The `keyARN` of the encryption key that Amazon Web Services Payment
@@ -2297,8 +2446,9 @@ module Aws::PaymentCryptographyData
     # operations][3] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
-    # **Cross-account use**: This operation can't be used across different
-    # Amazon Web Services accounts.
+    # **Cross-account use**: This operation supports cross-account use when
+    # the key has a resource-based policy that grants access. For more
+    # information, see [Resource-based policies][4].
     #
     # **Related operations:**
     #
@@ -2311,6 +2461,7 @@ module Aws::PaymentCryptographyData
     # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/verify-pin-data.html
     # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
     # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/security_iam_resource-based-policies.html
     #
     # @option params [required, String] :verification_key_identifier
     #   The `keyARN` of the PIN verification key.
@@ -2435,7 +2586,7 @@ module Aws::PaymentCryptographyData
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-paymentcryptographydata'
-      context[:gem_version] = '1.51.0'
+      context[:gem_version] = '1.53.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-paymentcryptographydata/client_api.rb

@@ -65,6 +65,8 @@ module Aws::PaymentCryptographyData
     EncryptionMode = Shapes::StringShape.new(name: 'EncryptionMode')
     GenerateAs2805KekValidationInput = Shapes::StructureShape.new(name: 'GenerateAs2805KekValidationInput')
     GenerateAs2805KekValidationOutput = Shapes::StructureShape.new(name: 'GenerateAs2805KekValidationOutput')
+    GenerateAuthRequestCryptogramInput = Shapes::StructureShape.new(name: 'GenerateAuthRequestCryptogramInput')
+    GenerateAuthRequestCryptogramOutput = Shapes::StructureShape.new(name: 'GenerateAuthRequestCryptogramOutput')
     GenerateCardValidationDataInput = Shapes::StructureShape.new(name: 'GenerateCardValidationDataInput')
     GenerateCardValidationDataOutput = Shapes::StructureShape.new(name: 'GenerateCardValidationDataOutput')
     GenerateMacEmvPinChangeInput = Shapes::StructureShape.new(name: 'GenerateMacEmvPinChangeInput')
@@ -91,7 +93,7 @@ module Aws::PaymentCryptographyData
     IntegerRangeBetween0And6 = Shapes::IntegerShape.new(name: 'IntegerRangeBetween0And6')
     IntegerRangeBetween3And5Type = Shapes::IntegerShape.new(name: 'IntegerRangeBetween3And5Type')
     IntegerRangeBetween4And12 = Shapes::IntegerShape.new(name: 'IntegerRangeBetween4And12')
-    IntegerRangeBetween4And16 = Shapes::IntegerShape.new(name: 'IntegerRangeBetween4And16')
+    IntegerRangeBetween4And32 = Shapes::IntegerShape.new(name: 'IntegerRangeBetween4And32')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
     KekValidationRequest = Shapes::StructureShape.new(name: 'KekValidationRequest')
     KekValidationResponse = Shapes::StructureShape.new(name: 'KekValidationResponse')
@@ -130,6 +132,7 @@ module Aws::PaymentCryptographyData
     PlainTextType = Shapes::StringShape.new(name: 'PlainTextType')
     PrimaryAccountNumberType = Shapes::StringShape.new(name: 'PrimaryAccountNumberType')
     ProprietaryAuthenticationDataType = Shapes::StringShape.new(name: 'ProprietaryAuthenticationDataType')
+    RandomKeyMaxLength = Shapes::StringShape.new(name: 'RandomKeyMaxLength')
     RandomKeySendVariantMask = Shapes::StringShape.new(name: 'RandomKeySendVariantMask')
     ReEncryptDataInput = Shapes::StructureShape.new(name: 'ReEncryptDataInput')
     ReEncryptDataOutput = Shapes::StructureShape.new(name: 'ReEncryptDataOutput')
@@ -419,6 +422,17 @@ module Aws::PaymentCryptographyData
     GenerateAs2805KekValidationOutput.add_member(:random_key_receive, Shapes::ShapeRef.new(shape: As2805RandomKeyMaterial, required: true, location_name: "RandomKeyReceive"))
     GenerateAs2805KekValidationOutput.struct_class = Types::GenerateAs2805KekValidationOutput
 
+    GenerateAuthRequestCryptogramInput.add_member(:key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "KeyIdentifier"))
+    GenerateAuthRequestCryptogramInput.add_member(:transaction_data, Shapes::ShapeRef.new(shape: TransactionDataType, required: true, location_name: "TransactionData"))
+    GenerateAuthRequestCryptogramInput.add_member(:major_key_derivation_mode, Shapes::ShapeRef.new(shape: MajorKeyDerivationMode, required: true, location_name: "MajorKeyDerivationMode"))
+    GenerateAuthRequestCryptogramInput.add_member(:session_key_derivation_attributes, Shapes::ShapeRef.new(shape: SessionKeyDerivation, required: true, location_name: "SessionKeyDerivationAttributes"))
+    GenerateAuthRequestCryptogramInput.struct_class = Types::GenerateAuthRequestCryptogramInput
+
+    GenerateAuthRequestCryptogramOutput.add_member(:key_arn, Shapes::ShapeRef.new(shape: KeyArn, required: true, location_name: "KeyArn"))
+    GenerateAuthRequestCryptogramOutput.add_member(:key_check_value, Shapes::ShapeRef.new(shape: KeyCheckValue, required: true, location_name: "KeyCheckValue"))
+    GenerateAuthRequestCryptogramOutput.add_member(:auth_request_cryptogram, Shapes::ShapeRef.new(shape: AuthRequestCryptogramType, required: true, location_name: "AuthRequestCryptogram"))
+    GenerateAuthRequestCryptogramOutput.struct_class = Types::GenerateAuthRequestCryptogramOutput
+
     GenerateCardValidationDataInput.add_member(:key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "KeyIdentifier"))
     GenerateCardValidationDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
     GenerateCardValidationDataInput.add_member(:generation_attributes, Shapes::ShapeRef.new(shape: CardGenerationAttributes, required: true, location_name: "GenerationAttributes"))
@@ -453,7 +467,7 @@ module Aws::PaymentCryptographyData
     GenerateMacInput.add_member(:key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "KeyIdentifier"))
     GenerateMacInput.add_member(:message_data, Shapes::ShapeRef.new(shape: MessageDataType, required: true, location_name: "MessageData"))
     GenerateMacInput.add_member(:generation_attributes, Shapes::ShapeRef.new(shape: MacAttributes, required: true, location_name: "GenerationAttributes"))
-    GenerateMacInput.add_member(:mac_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And16, location_name: "MacLength"))
+    GenerateMacInput.add_member(:mac_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And32, location_name: "MacLength"))
     GenerateMacInput.struct_class = Types::GenerateMacInput
 
     GenerateMacOutput.add_member(:key_arn, Shapes::ShapeRef.new(shape: KeyArn, required: true, location_name: "KeyArn"))
@@ -526,6 +540,7 @@ module Aws::PaymentCryptographyData
     InternalServerException.struct_class = Types::InternalServerException
 
     KekValidationRequest.add_member(:derive_key_algorithm, Shapes::ShapeRef.new(shape: SymmetricKeyAlgorithm, required: true, location_name: "DeriveKeyAlgorithm"))
+    KekValidationRequest.add_member(:random_key_max_length, Shapes::ShapeRef.new(shape: RandomKeyMaxLength, location_name: "RandomKeyMaxLength"))
     KekValidationRequest.struct_class = Types::KekValidationRequest
 
     KekValidationResponse.add_member(:random_key_send, Shapes::ShapeRef.new(shape: As2805RandomKeyMaterial, required: true, location_name: "RandomKeySend"))
@@ -668,7 +683,7 @@ module Aws::PaymentCryptographyData
     SessionKeyMastercard.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
     SessionKeyMastercard.add_member(:pan_sequence_number, Shapes::ShapeRef.new(shape: NumberLengthEquals2, required: true, location_name: "PanSequenceNumber"))
     SessionKeyMastercard.add_member(:application_transaction_counter, Shapes::ShapeRef.new(shape: HexLengthEquals4, required: true, location_name: "ApplicationTransactionCounter"))
-    SessionKeyMastercard.add_member(:unpredictable_number, Shapes::ShapeRef.new(shape: HexLengthBetween2And8, required: true, location_name: "UnpredictableNumber"))
+    SessionKeyMastercard.add_member(:unpredictable_number, Shapes::ShapeRef.new(shape: HexLengthEquals8, required: true, location_name: "UnpredictableNumber"))
     SessionKeyMastercard.struct_class = Types::SessionKeyMastercard
 
     SessionKeyVisa.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
@@ -771,7 +786,7 @@ module Aws::PaymentCryptographyData
     VerifyMacInput.add_member(:message_data, Shapes::ShapeRef.new(shape: MessageDataType, required: true, location_name: "MessageData"))
     VerifyMacInput.add_member(:mac, Shapes::ShapeRef.new(shape: MacType, required: true, location_name: "Mac"))
     VerifyMacInput.add_member(:verification_attributes, Shapes::ShapeRef.new(shape: MacAttributes, required: true, location_name: "VerificationAttributes"))
-    VerifyMacInput.add_member(:mac_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And16, location_name: "MacLength"))
+    VerifyMacInput.add_member(:mac_length, Shapes::ShapeRef.new(shape: IntegerRangeBetween4And32, location_name: "MacLength"))
     VerifyMacInput.struct_class = Types::VerifyMacInput
 
     VerifyMacOutput.add_member(:key_arn, Shapes::ShapeRef.new(shape: KeyArn, required: true, location_name: "KeyArn"))
@@ -895,6 +910,19 @@ module Aws::PaymentCryptographyData
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
       end)
 
+      api.add_operation(:generate_auth_request_cryptogram, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GenerateAuthRequestCryptogram"
+        o.http_method = "POST"
+        o.http_request_uri = "/cryptogram/generate"
+        o.input = Shapes::ShapeRef.new(shape: GenerateAuthRequestCryptogramInput)
+        o.output = Shapes::ShapeRef.new(shape: GenerateAuthRequestCryptogramOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+      end)
+
       api.add_operation(:generate_card_validation_data, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GenerateCardValidationData"
         o.http_method = "POST"

data/lib/aws-sdk-paymentcryptographydata/types.rb

@@ -1097,8 +1097,8 @@ module Aws::PaymentCryptographyData
     #   @return [String]
     #
     # @!attribute [rw] kek_validation_type
-    #   Parameter information for generating a random key for KEK validation
-    #   to perform node-to-node initialization.
+    #   Defines whether to generate a KEK validation request or KEK
+    #   validation response for node-to-node initialization.
     #   @return [Types::As2805KekValidationType]
     #
     # @!attribute [rw] random_key_send_variant_mask
@@ -1147,6 +1147,69 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # @!attribute [rw] key_identifier
+    #   The `keyARN` of the IMK-AC (TR31\_E0\_EMV\_MKEY\_APP\_CRYPTOGRAMS)
+    #   that Amazon Web Services Payment Cryptography uses to generate the
+    #   ARQC.
+    #   @return [String]
+    #
+    # @!attribute [rw] transaction_data
+    #   The transaction data that Amazon Web Services Payment Cryptography
+    #   uses for ARQC generation. The same transaction data is used for ARQC
+    #   verification by the issuer using VerifyAuthRequestCryptogram.
+    #   @return [String]
+    #
+    # @!attribute [rw] major_key_derivation_mode
+    #   The method to use when deriving the major encryption key for ARQC
+    #   generation within Amazon Web Services Payment Cryptography.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_key_derivation_attributes
+    #   The attributes and values to use for deriving a session key for ARQC
+    #   generation within Amazon Web Services Payment Cryptography.
+    #   @return [Types::SessionKeyDerivation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateAuthRequestCryptogramInput AWS API Documentation
+    #
+    class GenerateAuthRequestCryptogramInput < Struct.new(
+      :key_identifier,
+      :transaction_data,
+      :major_key_derivation_mode,
+      :session_key_derivation_attributes)
+      SENSITIVE = [:transaction_data]
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] key_arn
+    #   The `keyARN` of the IMK-AC that Amazon Web Services Payment
+    #   Cryptography uses for ARQC generation.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_check_value
+    #   The key check value (KCV) of the encryption key. The KCV is used to
+    #   check if all parties holding a given key have the same key or to
+    #   detect that a key has changed.
+    #
+    #   Amazon Web Services Payment Cryptography computes the KCV according
+    #   to the CMAC specification.
+    #   @return [String]
+    #
+    # @!attribute [rw] auth_request_cryptogram
+    #   The Authorization Request Cryptogram (ARQC) generated by Amazon Web
+    #   Services Payment Cryptography using the specified key and
+    #   transaction data.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateAuthRequestCryptogramOutput AWS API Documentation
+    #
+    class GenerateAuthRequestCryptogramOutput < Struct.new(
+      :key_arn,
+      :key_check_value,
+      :auth_request_cryptogram)
+      SENSITIVE = [:auth_request_cryptogram]
+      include Aws::Structure
+    end
+
     # @!attribute [rw] key_identifier
     #   The `keyARN` of the CVK encryption key that Amazon Web Services
     #   Payment Cryptography uses to generate card data.
@@ -1739,10 +1802,16 @@ module Aws::PaymentCryptographyData
     #   request.
     #   @return [String]
     #
+    # @!attribute [rw] random_key_max_length
+    #   The maximum length of the random key to generate for a KEK
+    #   validation request.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/KekValidationRequest AWS API Documentation
     #
     class KekValidationRequest < Struct.new(
-      :derive_key_algorithm)
+      :derive_key_algorithm,
+      :random_key_max_length)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1751,7 +1820,8 @@ module Aws::PaymentCryptographyData
     # node-to-node initialization.
     #
     # @!attribute [rw] random_key_send
-    #   The random key for generating a KEK validation response.
+    #   The random key send value received from the initiating node to
+    #   generate a KEK validation response.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/KekValidationResponse AWS API Documentation

data/lib/aws-sdk-paymentcryptographydata.rb

@@ -55,7 +55,7 @@ module Aws::PaymentCryptographyData
   autoload :EndpointProvider, 'aws-sdk-paymentcryptographydata/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-paymentcryptographydata/endpoints'
 
-  GEM_VERSION = '1.51.0'
+  GEM_VERSION = '1.53.0'
 
 end
 

data/sig/client.rbs

@@ -120,7 +120,8 @@ module Aws
                                              key_identifier: ::String,
                                              kek_validation_type: {
                                                kek_validation_request: {
-                                                 derive_key_algorithm: ("TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224")
+                                                 derive_key_algorithm: ("TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224"),
+                                                 random_key_max_length: ("BYTES_8" | "BYTES_16" | "BYTES_24")?
                                                }?,
                                                kek_validation_response: {
                                                  random_key_send: ::String
@@ -130,6 +131,21 @@ module Aws
                                            ) -> _GenerateAs2805KekValidationResponseSuccess
                                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GenerateAs2805KekValidationResponseSuccess
 
+      interface _GenerateAuthRequestCryptogramResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GenerateAuthRequestCryptogramOutput]
+        def key_arn: () -> ::String
+        def key_check_value: () -> ::String
+        def auth_request_cryptogram: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/PaymentCryptographyData/Client.html#generate_auth_request_cryptogram-instance_method
+      def generate_auth_request_cryptogram: (
+                                              key_identifier: ::String,
+                                              transaction_data: ::String,
+                                              major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B"),
+                                              session_key_derivation_attributes: Params::session_key_derivation
+                                            ) -> _GenerateAuthRequestCryptogramResponseSuccess
+                                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GenerateAuthRequestCryptogramResponseSuccess
+
       interface _GenerateCardValidationDataResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GenerateCardValidationDataOutput]
         def key_arn: () -> ::String
@@ -402,32 +418,7 @@ module Aws
                                             transaction_data: ::String,
                                             auth_request_cryptogram: ::String,
                                             major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B"),
-                                            session_key_derivation_attributes: {
-                                              emv_common: {
-                                                primary_account_number: ::String,
-                                                pan_sequence_number: ::String,
-                                                application_transaction_counter: ::String
-                                              }?,
-                                              mastercard: {
-                                                primary_account_number: ::String,
-                                                pan_sequence_number: ::String,
-                                                application_transaction_counter: ::String,
-                                                unpredictable_number: ::String
-                                              }?,
-                                              emv_2000: {
-                                                primary_account_number: ::String,
-                                                pan_sequence_number: ::String,
-                                                application_transaction_counter: ::String
-                                              }?,
-                                              amex: {
-                                                primary_account_number: ::String,
-                                                pan_sequence_number: ::String
-                                              }?,
-                                              visa: {
-                                                primary_account_number: ::String,
-                                                pan_sequence_number: ::String
-                                              }?
-                                            },
+                                            session_key_derivation_attributes: Params::session_key_derivation,
                                             ?auth_response_attributes: {
                                               arpc_method_1: {
                                                 auth_response_code: ::String

data/sig/params.rbs

@@ -55,6 +55,33 @@ module Aws
       key_check_value_algorithm: ("CMAC" | "ANSI_X9_24" | "HMAC" | "SHA_1")?
     }
 
+      type session_key_derivation = {
+      emv_common: {
+        primary_account_number: ::String,
+        pan_sequence_number: ::String,
+        application_transaction_counter: ::String
+      }?,
+      mastercard: {
+        primary_account_number: ::String,
+        pan_sequence_number: ::String,
+        application_transaction_counter: ::String,
+        unpredictable_number: ::String
+      }?,
+      emv_2000: {
+        primary_account_number: ::String,
+        pan_sequence_number: ::String,
+        application_transaction_counter: ::String
+      }?,
+      amex: {
+        primary_account_number: ::String,
+        pan_sequence_number: ::String
+      }?,
+      visa: {
+        primary_account_number: ::String,
+        pan_sequence_number: ::String
+      }?
+    }
+
       type mac_algorithm_emv = {
       major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B"),
       primary_account_number: ::String,

data/sig/types.rbs

@@ -352,6 +352,21 @@ module Aws::PaymentCryptographyData
       SENSITIVE: [:random_key_send, :random_key_receive]
     end
 
+    class GenerateAuthRequestCryptogramInput
+      attr_accessor key_identifier: ::String
+      attr_accessor transaction_data: ::String
+      attr_accessor major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B")
+      attr_accessor session_key_derivation_attributes: Types::SessionKeyDerivation
+      SENSITIVE: [:transaction_data]
+    end
+
+    class GenerateAuthRequestCryptogramOutput
+      attr_accessor key_arn: ::String
+      attr_accessor key_check_value: ::String
+      attr_accessor auth_request_cryptogram: ::String
+      SENSITIVE: [:auth_request_cryptogram]
+    end
+
     class GenerateCardValidationDataInput
       attr_accessor key_identifier: ::String
       attr_accessor primary_account_number: ::String
@@ -495,6 +510,7 @@ module Aws::PaymentCryptographyData
 
     class KekValidationRequest
       attr_accessor derive_key_algorithm: ("TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224")
+      attr_accessor random_key_max_length: ("BYTES_8" | "BYTES_16" | "BYTES_24")
       SENSITIVE: []
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-paymentcryptographydata
 version: !ruby/object:Gem::Version
-  version: 1.51.0
+  version: 1.53.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.247.0
+        version: 3.248.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.247.0
+        version: 3.248.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement