|
|
| (One intermediate revision by one other user not shown) |
| Line 1: |
Line 1: |
| == Master Key ==
| | {{Migrating|https://smartpossdk.gitbook.io/cloudpossdk/faq/key-injection/understand-master-and-session-keys}} |
| * In a hierarchy of Key Encrypting Keys (KEKs) and Transaction Keys, the Master Key represents the highest level of KEK.
| |
| * Distribution Method: Master Keys are typically distributed using physical methods, such as key loading devices, PSAM card or smart card.
| |
| * Replacement: They are replaced using the same methods whenever compromise is suspected or confirmed.
| |
| == Transaction Key (Session Key) ==
| |
| * A Transaction Key, often referred to as a Session Key, Data Key, communications key, or working key, is used to cryptographically process transactions.
| |
| * In scenarios where different cryptographic functions are used, each function might employ a variant of the Transaction Key.
| |
| == WizarPOS Key Hierarchy ==
| |
| * '''Two-Layer Hierarchy:'''
| |
| ** In WizarPOS devices, the highest-level KEK is known as the Master Key.
| |
| ** The Master Key encrypts Transaction Keys (Session Keys) directly.
| |
| ** Session Keys in WizarPOS: These include PIN keys (for encrypting PIN blocks), MAC keys (for MAC calculations), and data keys (for encrypting other data).
| |
| ** WizarPOS supports three slots for Session Keys internally, but some external PINPads might only support two slots.
| |
| * '''Three-Layer Hierarchy:'''
| |
| ** Highest Level: Referred to as a Transfer/Transport Key.
| |
| ** Middle Level: Known as a Master Key.
| |
| ** Lowest Level: Called a Session Key, which is encrypted by the Master Key.
| |
| ** This hierarchy offers an additional layer of security by separating the Transfer/Transport Key from the Master and Session Keys.
| |
| == Groups of Keys ==
| |
| * WizarPOS systems support 50 groups of Master/Session Keys.
| |
| == Key Injection ==
| |
| * '''Master Key (Two-Layer) & Transfer/Transport Key (Three-Layer):''' For injecting these keys, refer to [[How to Remotely Inject Test Keys (Master Key or DUKPT Key) into a Terminal]] or [[How to Use TMK Delivery System for KeyLoader POS and Master POS]].
| |
| * '''Session Key & Master Key (Three-Layer):''' These can be injected using our SDK. Refer to the PINPad section of our SDK for detailed instructions.
| |
| == Usage ==
| |
| * For information on how to utilize these keys, please refer to the PINPad description in our SDK.
| |
