How to Understand DUKPT: Difference between revisions

Revision as of 20:10, 13 January 2024

Description

DUKPT is a key management method that generates a unique key for each transaction, ensuring the security of transaction-originating TRSMs (Transaction-Related Security Modules).
It is designed to prevent the disclosure of any past keys used in transactions.
The unique Transaction Keys are derived from a base derivation key, using non-secret data transmitted as part of each transaction.

Key Features of DUKPT

Secure Transaction Processing: Allows the encryption process to be decentralized from devices holding the shared secret.
Derived Keys for Each Transaction: Utilizes derived keys for encryption, which are not reused post-transaction, enhancing security.
Widespread Application: Commonly used in electronic commerce transactions, especially for encrypting PIN information in POS (Point-Of-Sale) devices.
Key Management Technique: DUKPT is not an encryption standard but a technique for managing keys.
Distinct Transaction Keys: Ensures each transaction has a unique key, separate from others.
Security of Past and Future Keys: If a current key is compromised, previously and subsequently used keys remain secure.
No Interactive Key Agreement: Avoids the need for originators and receivers of encrypted messages to perform an interactive key-agreement protocol.

Support in PINPad

Our internal PINPad supports three types of DUKPT keys: PIN key, MAC key, and data key. Each key type is used to encrypt different types of data.

Key Injection and Usage

Key Injection: For information on injecting DUKPT keys, refer to How to Remotely Inject Test Keys (Master Key or DUKPT Key) into a Terminal or How to Use TMK Delivery System for KeyLoader POS and Master POS.
Usage in SDK: Details on using DUKPT keys are available in our SDK, particularly in the description of the PINPad.
Demo App: A dukpt demo application is available for download to demonstrate practical usage.

@@ Line 1: / Line 1: @@
 == Description ==
-Derived Unique Key per Transaction - a key management method which uses a unique key for
+* DUKPT is a key management method that generates a unique key for each transaction, ensuring the security of transaction-originating TRSMs (Transaction-Related Security Modules).
-each transaction, and prevents the disclosure of any past key used by the transaction-originating
+* It is designed to prevent the disclosure of any past keys used in transactions.
-TRSM. The unique Transaction Keys are derived from a base derivation key using only non-secret
+* The unique Transaction Keys are derived from a base derivation key, using non-secret data transmitted as part of each transaction.
-data transmitted as part of each transaction.
+== Key Features of DUKPT ==
+* '''Secure Transaction Processing:''' Allows the encryption process to be decentralized from devices holding the shared secret.
-DUKPT allows the processing of the encryption to be moved away from the devices that hold the shared secret. The encryption is done with a derived key, which is not re-used after the transaction. DUKPT is used to encrypt electronic commerce transactions. While it can be used to protect information between two companies or banks, it is typically used to encrypt PIN information acquired by Point-Of-Sale (POS) devices.
+* '''Derived Keys for Each Transaction:''' Utilizes derived keys for encryption, which are not reused post-transaction, enhancing security.
-DUKPT is not itself an encryption standard; rather it is a key management technique. The features of the DUKPT scheme are:
+* '''Widespread Application:''' Commonly used in electronic commerce transactions, especially for encrypting PIN information in POS (Point-Of-Sale) devices.
-* Enable both originating and receiving parties to be in agreement as to the key being used for a given transaction,
+* '''Key Management Technique:''' DUKPT is not an encryption standard but a technique for managing keys.
-* Each transaction will have a distinct key from all other transactions, except by coincidence,
+* '''Distinct Transaction Keys:''' Ensures each transaction has a unique key, separate from others.
-* If a present derived key is compromised, past and future keys (and thus the transactional data encrypted under them) remain uncompromised,
+* '''Security of Past and Future Keys:''' If a current key is compromised, previously and subsequently used keys remain secure.
-* Each device generates a different key sequence,
+* '''No Interactive Key Agreement:''' Avoids the need for originators and receivers of encrypted messages to perform an interactive key-agreement protocol.
-* Originators and receivers of encrypted messages do not have to perform an interactive key-agreement protocol beforehand.
+== Support in PINPad ==
+* Our internal PINPad supports three types of DUKPT keys: PIN key, MAC key, and data key. Each key type is used to encrypt different types of data.
-Our internal PINPad support 3 DUKPT keys. They are PIN key, MAC key and data key. Different key only can be used to encrypt different data.
+== Key Injection and Usage ==
+* '''Key Injection:''' For information on injecting DUKPT keys, refer to [[How to Remotely Inject Test Keys (Master Key or DUKPT Key) into a Terminal]] or [[How to Use TMK Delivery System for KeyLoader POS and Master POS]].
-== Inject ==
+* '''Usage in SDK:''' Details on using DUKPT keys are available in our SDK, particularly in the description of the PINPad.
-Please refer to [[How to inject test key(master key or DUKPT key) remotly]] or use [[TMK Deliver System Usage（For KeyLoader POS/Master POS）]]
+* '''Demo App:''' A [http://ftp.wizarpos.com/advanceSDK/DukptDemo.zip dukpt demo application] is available for download to demonstrate practical usage.
-== Usage ==
-Please refer to our SDK, the description of the pinpad. Please download the [http://ftp.wizarpos.com/advanceSDK/DukptDemo.zip dukpt demo app].