User's Manual

PIN Pad 791 Programmer’s Manual (PCI POS-A) UDN PM0103-U Rev. 06

Section 10 – Online transaction messages with DUKPT 2015-04-20

Page254

Uniform Industrial Corp. Proprietary and Confidential Total 342 pages

Message 90 Load First Initial Key Request

Format: <STX>90[IPEK][KSN]<ETX>[LRC] (Clear Text)

<STX>90[TR-31 Key Block]<ETX>[LRC] (Encrypted)

Message length: Fixed 41 or 57 bytes for clear text format, 93 or 109 bytes for TR-31 format.

Usage: Load first set of DUKPT initial key and serial number key to PP791. Consequent keys

will be generated using provided data.

If 32-characters (double length) initial key being loaded, PP791 will do key generation,

PIN entry, and other DUKPT operations in TDES manner.

PP791 implements multiple security measures to conform Payment Card Industry (PCI)

security requirement. In order to load clear text IPEK key, two authorized people with

their password are required. Otherwise the user must issue message 90 with

encrypted key value (ANSI TR31 format). See “Symmetric Keys Loading

Authentication” for detailed information.

Note: VISA required key serial number format are as follows:

4’F’ characters, a 6-digit keyset identifier, 5-digit device ID, followed by a ‘0’,

i.e. “FF FF kk kk kk dd dd d0 00 00”

Message element:

(Clear text format)

Field Length

Value and description

90 2 Message ID

[IPEK] 16 or

Initial PIN encryption key.

32-characters Initial key will make

PP791 act in TDES DUKPT mode.

Format: hexadecimal string.

[KSN] 20 Key serial number used in generating

consequent keys.

Format: hexadecimal string.

[LRC] 1 Checksum