EasyManua.ls Logo

VeriFone MX800 Series - Page 282

VeriFone MX800 Series
344 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
IPP MS AND DUKPT COMMUNICATIONS PACKETS
IPP7
282 M
X
800 SERIES PROGRAMMERS GUIDE
Table 26 Key Management Switching Rules
Rules To 1DES (VISA)
To 1DES (SPAIN)
a
To Mixed Mode To 3DES
To SM
a
From 1DES
b
(VISA)
NC E NC 2/3K E
From 1DES
a
(SPAIN)
E NC E E E
From Mixed mode
c
1K E NC 2/3K E
From 3DES
d
E E E NC E
From SM
a
E E E E NC
Key Mode
1DES and 3DES Key Usage Rules
e
1DES only
b
Load and use of 1DES MS keys allowed
f
Load KLK allowed
Load 3DES master keys allowed
Use of 3DES master keys not allowed
Load 3DES session keys not allowed
Use of 3DES session keys not allowed
Key attributes verified
g
, except key usage = ‘AN’ – ANY is allowed
GISKE key block verified
h
Mixed mode
c
Load and use 1DES or 3DES MS keys allowed
Load KLK allowed
1DES master keys used for 1DES session keys
3DES master keys used for 1DES and 3DES keys
Key attributes verified, except: key usage = ‘AN’ – ANY is allowed
GISKE key block verified
3DES only
d
Load and use 3DES MS keys allowed
Load KLK allowed
Load 1DES master keys not allowed
Use of 1DES master keys not allowed
Load 1DES session keys not allowed
Use of 1DES session keys not allowed
Key attributes verified; no exceptions allowed
GISKE key block verified
a. Spain and SM modes not supported in Verix V. Keys are erased as specified.
b. Least secure mode.
c. For transition period.
d. Most secure mode.
e. The key management register is set using Packet 17: Set IPP7 Key Management Mode.
f. All DUKPT related keys, counters, and registers are erased when the IPP KM switches between 1DES DUKPT and 3DES
DUKPT. Other MS related information remains untouched.
g. Key attributes verified means that when a key stored in the IPP is used, the IPP must validate the content of all key
attributes. The attributes of the key are validated against the GISKE specification acceptable for that command.
h. GISKE key block verified means that when receiving a key block, the IPP must validate both the key block binding method
of the key block and the content of the header. The header of the key is validated against a list of headers acceptable for
that command.

Table of Contents

Other manuals for VeriFone MX800 Series

Preview: Installation
Installation17 pages
Preview: Installation Guide
Installation Guide40 pages
Preview: Ethernet Installation
Ethernet Installation12 pages
Preview: Brochure
Brochure6 pages

Related product manuals