User's Manual
PIN Pad 791 Programmer’s Manual (PCI POS-A) UDN PM0103-U Rev. 06
Section 10 – Online transaction messages with DUKPT 2015-04-20
Page238
Uniform Industrial Corp. Proprietary and Confidential Total 342 pages
Section 10 Online transaction messages with Derived Unique
Key per Transaction (DUKPT)
The following messages are designed for Derived Unique Key Per Transaction (DUKPT) key
management scheme described in ANSI X9.24-1992 and 2002 (Triple-DES DUKPT).
Note that some of the messages have the same IDs as those in MK/SK scheme, but with different
message format.
[TDES Capability]
If PP791 receives double length key in message 90/94 (Load Initial Key), the following DUKPT operation
will be done in TDES mode. PIN block will be TDES encrypted by derived key in EDE order.
[Secondary DUKPT Key Set]
PP791 provides 2
nd
key set of DUKPT operation for scalability. For example, customer can inject a DES
initial key into key set 0 and a TDES initial key into key set 1, using key set 0 to process traditional DES
transactions at first. When host systems ready to shift to TDES transaction, simply issue key set
selection command (96) to make PP791 switch to key set 1 without recall all PP791 to inject new initial
keys.
The following messages fall into this category:
60 Pre-Authorization PIN Entry Request
62 Pre-Authorization Amount Authorization Request
63 Pre-Authorization Amount Authorization Response
70 PIN entry request
71 Encrypted PIN block response
72 PIN entry cancel
Z60 PIN entry request with external prompt (DUKPT)
Z62 PIN entry request with customized prompt
76 PIN Entry Test Request
90 Load First Initial Key Request
91 Load Initial Key Response
94 Load Second Initial Key Request
96 Select Active Key Set