User's Manual
PIN Pad 791 Programmer’s Manual (PCI POS-A) UDN PM0103-U Rev. 06
Appendix A – Key management 2015-04-20
Page319
Uniform Industrial Corp. Proprietary and Confidential Total 342 pages
Appendix A Key management
This PIN pad is designed to encrypt Personal Identification Numbers (PIN) as they are entered from the
keypad, store the encrypted data in its memory and then transmit it to the HOST as requested.
Because the data-encryption standard (DES) and RSA algorithm are in the public domain, the security of
the functions of the PP791 depend on the security of the key that is used in processing the algorithm.
Therefore, after you load cryptographic keys into the PP791, the keys cannot be read. They are placed
AES encrypted by a randomly generated AES key, resident in a battery-powered register. Once security
is breached, the AES key will be erased, and all encrypted DES master keys become unusable.
You can design a secure method for handling your keys when you are isolated from the PIN keypad,
using the provisions for loading the keys. Randomly generate your keys, and store and distribute your
keys in a secure, controlled manner that you can audit.
An independent Tamper Resistant Security Module (TRSM) is required for secure key injection process.
UIC provides a software key injection utility (UICKIT for Windows) as demo for safely and manageable
key injection procedure. Please refer to UICKIT programming manual for detail.
PP791 supports following management schemes:
1. Master/session key (MK/SK):
PP791 can store 32 (16 keys for future use) master keys, key ID 0 to 9 are for MK/SK PIN entry
(They can be PIN master key or PIN key), key ID B to E is for generate or verify MAC, depend on
its usage and mode settings. (They can be MAC master key or MAC key), F for master key
transportation (It can be only key loading key) and G (It can be MSR master key or MSR data key)
for MSR data transportation. These master keys cannot be used in other ways (e.g. designer
cannot use PIN entry keys for MAC generation.) Session keys (working keys) are transmitted from
the HOST, encrypted by the master key for every transaction. Customer’s PIN is encrypted using
the decrypted working key or by selected master key (If the selected one is with key usage “P0”).
Thus the master keys must exist before any transaction can take place. PP791 can use 8 bytes
DES key format or 16 / 24 bytes Triple DES key format, the working key can also be 16 bytes
TDES key.
When doing transactions using MK/SK scheme, firmware of PP791 applies a DES calculation
count limiter (only 100 transactions are allowed in 5 minutes period.) to comply with PCI PED
security requirement (average one transaction per 30 seconds.) This constraint is set to deter
attacker using huge saturation DES transaction to detect master key in PP791.
2. ANSI TR31 Specified Key Bundle
Key Attribute:
When loading master keys into PP791 in encrypted format, the key data is wrapped by a key
bundle specified in ANSI TR-31 2010 specification.
1. Key usage: indicate what usage of a key.
“K0”, indicates that this key is used for key transportation;