User's Manual
PIN Pad 791 Programmer’s Manual (PCI POS-A) UDN PM0103-U Rev. 06
Appendix A – Key management 2015-04-20
Page320
Uniform Industrial Corp. Proprietary and Confidential Total 342 pages
“P0”, indicates that this key is used for PIN entry directly;
“D0”, indicates that this key is used for data transportation;
“M1” indicates that this key is used for MAC calculation directly by ISO 9797-1 method 1.
“M3” indicates that this key is used for MAC calculation directly by ISO 9797-1 method 3.
“B1”, indicates that this key is used for DUKPT initial key (ANSI TR-31 2010).
2. Algorithm: indicate what algorithm will be used with the key.
“D” : DES algorithm
“T”: TDES algorithm (double or triple length key)
“A”: AES algorithm (RFU)
3. Mode: indicate what cryptograph operation will be applied with the key
“D”: Decryption
“E”: Encryption
“G”: MAC generation
“V”: MAC verification
“X”: Key derivation (DUKPT)
4. Version (RFU): It should be 00.
5. Export (RFU): It should be “N”.
If the key usage is “K0”, the length of key must be 16 bytes or 24 bytes (algorithm must be “T”).
Key Architecture and limitation
Group Key ID
Length
Usage Algorithm
Mode
Encrypt under
PIN 0~9 8~24 P0 D or T E KLK
16~24
K0 T D KLK
Data A RFU RFU RFU RFU RFU
MAC B~E
8 M1 D G KLK
16 M3 T G / V
KLK
16~24
K0 T D KLK
KLK F 16~24
K0 T D KLK
MSR Data
G 8~24 D0 D or T E KLK
16~24
K0 T D KLK
RFU H~V
RFU RFU RFU RFU RFU
Key attribute and limitation for IPEK
IPEK Length
Usage Algorithm
Mode
Encrypt under
IPEK0
or
IPEK1
8 or 16
B1 D or T X KLK
1. All the keys injected in cipher-text must be encrypted by key derived from KLK and calculate a