How to Understand Master Key and Session Key in WizarPOS Systems: Difference between revisions

Revision as of 21:21, 13 January 2024

In a hierarchy of Key Encrypting Keys (KEKs) and Transaction Keys, the Master Key represents the highest level of KEK.
Distribution Method: Master Keys are typically distributed using physical methods, such as device keypads, magnetic cards, or key loading devices.
Replacement: They are replaced using the same methods whenever compromise is suspected or confirmed.

A Transaction Key, often referred to as a Session Key, Data Key, communications key, or working key, is used to cryptographically process transactions.
In scenarios where different cryptographic functions are used, each function might employ a variant of the Transaction Key.

Two-Layer Hierarchy:
- In WizarPOS devices, the highest-level KEK is known as the Master Key.
- The Master Key encrypts Transaction Keys (Session Keys) directly.
- Session Keys in WizarPOS: These include PIN keys (for encrypting PIN blocks), MAC keys (for MAC calculations), and data keys (for encrypting other data).
- WizarPOS supports three slots for Session Keys internally, but some external PINPads might only support two slots.
Three-Layer Hierarchy:
- Highest Level: Referred to as a Transfer/Transport Key.
- Middle Level: Known as a Master Key.
- Lowest Level: Called a Session Key, which is encrypted by the Master Key.
- This hierarchy offers an additional layer of security by separating the Transfer/Transport Key from the Master and Session Keys.

Master Key (Two-Layer) & Transfer/Transport Key (Three-Layer): For injecting these keys, refer to How to Remotely Inject Test Keys (Master Key or DUKPT Key) into a Terminal or How to Use TMK Delivery System for KeyLoader POS and Master POS.
Session Key & Master Key (Three-Layer): These can be injected using our SDK. Refer to the PINPad section of our SDK for detailed instructions.

For information on how to utilize these keys, please refer to the PINPad description in our SDK.