User's Manual
PIN Pad 791 Programmer’s Manual (PCI POS-A) UDN PM0103-U Rev. 06
Appendix A – Key management 2015-04-20
Page323
Uniform Industrial Corp. Proprietary and Confidential Total 342 pages
<SI>021A0072K0TD00N0000D078A2657E5B57972CD3D308E05E1FE519B316309AA6354A66
8071B5<SO>[LRC]
3. Derived Unique Key Per Transaction (DUKPT):
PP791 Implements ANSI X9.24-2002 and ANSI TR31 key management scheme for DUKPT.
Authorized personnel can load 8bytes/16bytes Initial keys (also known as IPEK) and Key serial
number (also known as ‘Security Management Information Data-SMID’ in ANSI X9.24). Every time
when PP791 finished a PIN entry transaction, a new key will be calculated. Every single
transaction will use different key in order to prevent attacker to detect specific keys in any
transactions.
The symmetric keys (MKSK/DUKPT) structure is shown as following:
Master Key 0
(PIN entry master keys / PIN keys)
Master Key 1
(PIN entry master keys / PIN keys)
…
Master Key 9
(PIN entry master keys / PIN keys)
...
Master Key B~E
(MAC master keys)
(MAC master keys / MAC keys)
Master Key F
(Key Loading Key)
Master Key G
(MSR master key / MSR data key)
Master Key H
(RFU)
Master Key I
(RFU)
…
Master Key V
4. RSA public key:
PP791 supports RSA encryption when processing EMV level 2 offline transactions with smart
cards.
DUKPT Set 0
DUKPT Set 1