AS 2805.6.7:2011 pdf free download – Electronic funds transfer—Requirements for interfacesPart 6.7: Key management— Transaction keys-Derived unique keyper transaction (DUKPT).
4.3 Authentication
The act of determining that a message comes from a source authorized to originate messages of that type and that the message is as authorized.
4.4 Base derisation key (BI)k)
A key that is typically common to a population of terminals and is used to derive the unique-per-terminal 1K. sshich is injected into the TCU.
4.5 Cipher lest
Enciphered information.
4.6 Data encipherment algorithm (DEAl
An encipherment algorithm designed to encipher and dcciphcr blocks of data.
NOTE: A I)1A is specified in AS 2K05,S.4 (symmclrw),
4.7 Data key (KD)
Generic reference to a key used to encipherdecipher message data.
N( )T[S:
I The data key is used for messages from thc terminal and the data response key is used lot messages from the hosi
2 The enciphered PIN block may be included as pan of the plain text message data to be enciphered.
4.K l)eeipherrncnt
The transformation of cipher text into plain text.
NOTE: i)eciphermeni’ is sometimes referred to as dccrypiion’.
4.9 Encipherment
The transformation of plain text into cipher text for the purpose of security, authentication or privacy.
NOTE: F.ncipherment is sometimes referred to as eneryplion’.
4.10 Encipherment algorithm
A set of mathematically expressed rules for rendering information unintelligible by effecting a series of transformations to the normal representation of the information through the use of variable elements controlled by the application of a key.
4.11 Identification
The process whereby the identity of an individual is conlirmed through the use of data or tokens previously known to be associaled with that individual.
4.12 InItial kes (1k)
The value that is initially loaded into the terminal, and that is used to derive, directly or indirectly, all transaction keys that will be used by the terminal. It is derived from the I3DK and the unique terminal identitier and so is unique per terminal.
4.13 key
A bit siring quantity hich is used for transformations between plain text and cipher text.
4.14 Key set identifier (KSI)
A value used to idcntit the Hl)K.
NOTE: The KSI is explained in Appendix B.
This Appendix describes the various PIN Entry I)cvice storage areas and then spccWics the PIN Entry Device functions that are used for the triple DEA method of derived unique key per transaction of processing PINs. Either the methodology as described below or its functional equivalent is performed to ensure that the key name and enciphered PIN block arc generated correctly.
AZ STORAGE .4REAS
A2.l General
Thc PIN Entry l)cvicc maintains certain storage areas only during the PIN processing operation. Other storage areas are permanently maintained.
A2.2 PIN Processln
The contents of the following storage area relating to PIN processing are maintained only during a given PIN encipherment operation:
Account number regd..ter 112 decimal digits) I-folds the 12 right.most digits, excluding the check digit, of the primary account number received from the terminal in the ‘Request PIN Entry’ command.
.42.3 Ke .nanacment
The following storage areas relating to key management are maintained from the time of the ‘Load Initial Key’ command for the life of the PIN Entry Device:
(a) Initial A’et Serial Nun,her Register (59 hIts) Holds the left-most 59 bits of the Key Serial Number initially injected into the PIN Entry Device along with the initial PIN Encipherment Key during the ‘Load Initial Key’ command, The contents of ihis register remain fixed for the service-life of the PIN Entry Device or until another ‘Load Initial Key’ command.
(b) Encipherment Counter (21 hItc A counter of the number of PIN encipherment operations that have occurred since the PIN Entry Device was first initiali,ed. Certain counter values are skipped (as explained below), so that about I million PIN encipherment operations are possible.
NorE: The concalenaison tlefl to right) of the Initial Key Serial Number Register and the
Encipherment Counter form the X0-bit (20 hexadecimal digitsi Key Serial Number Register.
