How to Understand DUKPT: Difference between revisions

From wizarPOS
m (Jeff moved page DUKPT key to What is DUKPT)
No edit summary
Line 18: Line 18:
Please refer to [[How to inject test key(master key or DUKPT key) remotly]] or use [ftp://sdkuser:wizsdkar@ftp.wizarpos.com/TMKDeliverSystemUsage_v1.0.pdf TMK Deliver System Usage -KeyLoader Tool in POS1 Usage]
Please refer to [[How to inject test key(master key or DUKPT key) remotly]] or use [ftp://sdkuser:wizsdkar@ftp.wizarpos.com/TMKDeliverSystemUsage_v1.0.pdf TMK Deliver System Usage -KeyLoader Tool in POS1 Usage]
== Usage ==
== Usage ==
Please refer to our SDK, the description of the pinpad.
Please refer to our SDK, the description of the pinpad. Please download the [ftp://sdkuser:wizsdkar@ftp.wizarpos.com/advanceSDK/DukptDemo.zip dukpt demo app].

Revision as of 03:11, 1 July 2020

Description

Derived Unique Key per Transaction - a key management method which uses a unique key for each transaction, and prevents the disclosure of any past key used by the transaction-originating TRSM. The unique Transaction Keys are derived from a base derivation key using only non-secret data transmitted as part of each transaction.

DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices. DUKPT is not itself an encryption standard; rather it is a key management technique. The features of the DUKPT scheme are:

  • Enable both originating and receiving parties to be in agreement as to the key being used for a given transaction,
  • Each transaction will have a distinct key from all other transactions, except by coincidence,
  • If a present derived key is compromised, past and future keys (and thus the transactional data encrypted under them) remain uncompromised,
  • Each device generates a different key sequence,
  • Originators and receivers of encrypted messages do not have to perform an interactive key-agreement protocol beforehand.

Our internal PINPad support 3 DUKPT keys. They are PIN key, MAC key and data key. Different key only can be used to encrypt different data.

Inject

Please refer to How to inject test key(master key or DUKPT key) remotly or use TMK Deliver System Usage -KeyLoader Tool in POS1 Usage

Usage

Please refer to our SDK, the description of the pinpad. Please download the dukpt demo app.