Key (MCK)
Master Atalla Key This key is used to XOR a value for PIN entry, MAC, or
encrypt/decrypt to form master variant keys to decrypt for PIN
entry, MAC, and COM session keys.
9.4.3 Session Keys
These keys are loaded encrypted under the corresponding master keys. This means that
the type and index of the working (session) key have to match the type and index of the
corresponding master key that was used to encrypt it. For application based financial keys,
the SSA will have a key structure matrix indexed by application ID.
The device can accommodate up to ten working (session) keys per application, or up to 64
working (session) keys per terminal. Available indexes for the working (session) keys are 0
– 9 per application or 0 – 64 per terminal. These keys can be both single-length DES keys
and double-length triple DES keys. Similar to the master keys, the device supports four
types of working (session) keys.
Key Name Description of Key
Working (session)
Terminal PIN Key
(WTPK)
This key is loaded encrypted under the corresponding Master
Terminal PIN Key. It is used to encrypt the customer PIN for
transmission to the host.
Working (session)
Message
Authentication
Code Key
(WMACK)
This key is loaded encrypted under the corresponding Master
Message Authentication Code Key. It is used to authenticate the
customer transaction.
Working (session)
Communication
Key (WCK)
This key is loaded encrypted under the corresponding Master
Communication Key. It is used to encrypt customer transaction
data between the debit terminal and the host.
Working (session)
Atalla Key
This key is decrypted by the Master Atalla Variant Key, which is
created from the Master Atalla Key according to the type of
operation to be performed.
9.4.4 DUKPT Keys
The Initial PIN Pad Keys (IPPKs) are loaded encrypted under the KTK. The device can
accommodate up to ten separate DUKPT engines. Each engine is initialized with an IPPK.
Available indexes for the DUKPT engines are 0 – 9. The IPPKs can be both single-length
DES keys and double-length triple DES keys.
9.5 Security Options
This section provides a synopsis of each security option. All the security options can be
loaded during key injection. The user application can request the security options setting
from an SSA API.
Ingenico 6780 User’s Guide 89
To Next Page
Loading...
