How to Understand Master Key and Session Key in WizarPOS Systems: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
== | == Master Key == | ||
* | * In a hierarchy of Key Encrypting Keys (KEKs) and Transaction Keys, the Master Key represents the highest level of KEK. | ||
In a hierarchy of Key Encrypting Keys and Transaction Keys, the | * Distribution Method: Master Keys are typically distributed using physical methods, such as device keypads, magnetic cards, or key loading devices. | ||
* Replacement: They are replaced using the same methods whenever compromise is suspected or confirmed. | |||
== Transaction Key (Session Key) == | |||
* A Transaction Key, often referred to as a Session Key, Data Key, communications key, or working key, is used to cryptographically process transactions. | |||
* In scenarios where different cryptographic functions are used, each function might employ a variant of the Transaction Key. | |||
== WizarPOS Key Hierarchy == | |||
* '''Two-Layer Hierarchy:''' | |||
** In WizarPOS devices, the highest-level KEK is known as the Master Key. | |||
* | ** The Master Key encrypts Transaction Keys (Session Keys) directly. | ||
** Session Keys in WizarPOS: These include PIN keys (for encrypting PIN blocks), MAC keys (for MAC calculations), and data keys (for encrypting other data). | |||
** WizarPOS supports three slots for Session Keys internally, but some external PINPads might only support two slots. | |||
* '''Three-Layer Hierarchy:''' | |||
** Highest Level: Referred to as a Transfer/Transport Key. | |||
** Middle Level: Known as a Master Key. | |||
Transaction | ** Lowest Level: Called a Session Key, which is encrypted by the Master Key. | ||
** This hierarchy offers an additional layer of security by separating the Transfer/Transport Key from the Master and Session Keys. | |||
== Groups of Keys == | |||
* WizarPOS systems support 50 groups of Master/Session Keys. | |||
WizarPOS | == Key Injection == | ||
* '''Master Key (Two-Layer) & Transfer/Transport Key (Three-Layer):''' For injecting these keys, refer to [[How to Remotely Inject Test Keys (Master Key or DUKPT Key) into a Terminal]] or [[How to Use TMK Delivery System for KeyLoader POS and Master POS]]. | |||
* '''Session Key & Master Key (Three-Layer):''' These can be injected using our SDK. Refer to the PINPad section of our SDK for detailed instructions. | |||
== | |||
== Usage == | == Usage == | ||
* For information on how to utilize these keys, please refer to the PINPad description in our SDK. |
Revision as of 21:20, 13 January 2024
Master Key
- In a hierarchy of Key Encrypting Keys (KEKs) and Transaction Keys, the Master Key represents the highest level of KEK.
- Distribution Method: Master Keys are typically distributed using physical methods, such as device keypads, magnetic cards, or key loading devices.
- Replacement: They are replaced using the same methods whenever compromise is suspected or confirmed.
Transaction Key (Session Key)
- A Transaction Key, often referred to as a Session Key, Data Key, communications key, or working key, is used to cryptographically process transactions.
- In scenarios where different cryptographic functions are used, each function might employ a variant of the Transaction Key.
WizarPOS Key Hierarchy
- Two-Layer Hierarchy:
- In WizarPOS devices, the highest-level KEK is known as the Master Key.
- The Master Key encrypts Transaction Keys (Session Keys) directly.
- Session Keys in WizarPOS: These include PIN keys (for encrypting PIN blocks), MAC keys (for MAC calculations), and data keys (for encrypting other data).
- WizarPOS supports three slots for Session Keys internally, but some external PINPads might only support two slots.
- Three-Layer Hierarchy:
- Highest Level: Referred to as a Transfer/Transport Key.
- Middle Level: Known as a Master Key.
- Lowest Level: Called a Session Key, which is encrypted by the Master Key.
- This hierarchy offers an additional layer of security by separating the Transfer/Transport Key from the Master and Session Keys.
Groups of Keys
- WizarPOS systems support 50 groups of Master/Session Keys.
Key Injection
- Master Key (Two-Layer) & Transfer/Transport Key (Three-Layer): For injecting these keys, refer to How to Remotely Inject Test Keys (Master Key or DUKPT Key) into a Terminal or How to Use TMK Delivery System for KeyLoader POS and Master POS.
- Session Key & Master Key (Three-Layer): These can be injected using our SDK. Refer to the PINPad section of our SDK for detailed instructions.
Usage
- For information on how to utilize these keys, please refer to the PINPad description in our SDK.