Guided Website Threat Review

Foregenix Blog

Kirsty Trainer

The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)


,30/11/15 14:17

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix

The encryption key infrastructure usually used in PCI P2PE solutions is based on the DUKPT (pronounced duck-putt) model. This key hierarchy was initially designed by Visa in 1987 and is documented in ANSI x9.24. DUKPT means Derived Unique Key Per Transaction and means that every transaction iprotected using a different encryption key such that compromise of a single encryption key will not compromise the overall solution. In a P2PE solution, this works as follows:

A BDK (Base Derivation Key) is created on the HSM (Hardware Security Module). The BDK is the top level key in the hierarchy. In a P2PE solution, all encryption will take place on the PED (PIN Entry Device) and all decryption will take place on the HSM. The BDK on the HSM must be able to identify which encryption key was used to encrypt the transaction data in order to derive the appropriate key for decryption.

Once the BDK has been created, it is possible to derive an IPEK (Initial PIN Encryption Key) from the BDK by using the inputs of the BDK reference ID and the terminal serial number. We can consider the IPEK to be the second level in the key hierarchy. We have the top level BDK and we have an IPEK per payment terminal. The IPEK is injected to the payment terminal and the future keys which will be used for encryption of transaction data are derived from the IPEK. Typically this derivation will permit circa one million future keys per device.

At this point we have three levels of keys, the BDK, of which there is one, the IPEK, of which there is one per terminal and the future keys, of which there are circa one million per terminal.

Note that while the BDK is created on the HSM, the BDK will often have been transported to Key Injection Facilities in order that the IPEK can be derived from the BDK for each device and the IPEK injected to derive the future keys on the terminal. This process can also be automated for remote key distribution though the mechanisms are the same.

The above describes the general key hierarchy so how does this work in a transaction?

A terminal receives a transaction and encrypts the data with an encryption key. This key has a KSN (Key Serial Number). The message is returned to the decryption environment containing the reference of the device serial number (the input for the BDK) and the KSN. This allows the BDK to generate the appropriate IPEK (using the terminal ID input) and the future keys from that IPEK and to identify the key corresponding to the KSN provided in the transaction message. Once that key has been used, the KSN counter increments such that that key was unique for that transaction and will not be used again.

Note that the key management in a P2PE solution will also feature a number of other keys. For example, there will likely be a separate DUKPT key infrastructure for PIN (note that each key must be for its own purpose so the PAN and PIN BDKs cannot be shared). Similarly, there will likely be a key for exporting keys between devices (for keys encrypting other keys, the encrypting key must be of equivalent strength to the key it is encrypting). Finally, if the above is taking place with asymmetric key distribution, there are requirements for the management of the PKI and the specific uses of that PKI.

If you’d like more information on this topic, you may be interested in checking out this reference: ANSI X9.24-1:2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (available at http://webstore.ansi.org/FindStandards.aspx?SearchString=X9.24-1&SearchOption=0&PageNum=0&SearchTermsArray=null%7cX9.24-1%7cnull

Please contact us if you'd like to chat about P2PE & your business. 

Contact Us


Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More
Kirsty Trainer
The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Alex Constantinou
15/06/17 10:34

Password Manager OneLogin breached.

With the amount of websites and services which require passwords for authentication increasing, it can be difficult at times to remember all our ...

Read More

Ewan Gardner
01/06/17 12:20

General Data Protection Regulation (GDPR) is coming. Don't bury your head in the sand.

What does May 25th 2017 mean to you? The 40th anniversary of Star Wars being released in cinemas? The 78th birthday of celebrated actor Sir Ian ...

Read More

Duncan Slater
26/05/17 14:08

“Mind the Gap” – As a Small eCommerce Business, Who is Responsible for Your Security?

  Major corporations spend hundreds of thousands of pounds and in some cases employ teams of people dedicated to manage and ensure the security of ...

Read More

Kirsty Trainer
23/05/17 10:48

8 Critical Steps to Reduce the Risk of Ransomware Infection

The WannaCry ransomware infestation is a wake-up call for all entities connected to public networks, such as the internet, to recognise ...

Read More

Mike Hinton
16/05/17 17:24

Foregenix announce new partnership with Juno Web Design

We’re delighted to announce a new partnership between ourselves and Nottinghamshire based agency ‘Juno’. With the rapidly increasing threat to ...

Read More