Foregenix Blog

Kirsty Trainer

"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)


,30/11/15 14:17

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix

The encryption key infrastructure usually used in PCI P2PE solutions is based on the DUKPT (pronounced duck-putt) model. This key hierarchy was initially designed by Visa in 1987 and is documented in ANSI x9.24. DUKPT means Derived Unique Key Per Transaction and means that every transaction iprotected using a different encryption key such that compromise of a single encryption key will not compromise the overall solution. In a P2PE solution, this works as follows:

A BDK (Base Derivation Key) is created on the HSM (Hardware Security Module). The BDK is the top level key in the hierarchy. In a P2PE solution, all encryption will take place on the PED (PIN Entry Device) and all decryption will take place on the HSM. The BDK on the HSM must be able to identify which encryption key was used to encrypt the transaction data in order to derive the appropriate key for decryption.

Once the BDK has been created, it is possible to derive an IPEK (Initial PIN Encryption Key) from the BDK by using the inputs of the BDK reference ID and the terminal serial number. We can consider the IPEK to be the second level in the key hierarchy. We have the top level BDK and we have an IPEK per payment terminal. The IPEK is injected to the payment terminal and the future keys which will be used for encryption of transaction data are derived from the IPEK. Typically this derivation will permit circa one million future keys per device.

At this point we have three levels of keys, the BDK, of which there is one, the IPEK, of which there is one per terminal and the future keys, of which there are circa one million per terminal.

Note that while the BDK is created on the HSM, the BDK will often have been transported to Key Injection Facilities in order that the IPEK can be derived from the BDK for each device and the IPEK injected to derive the future keys on the terminal. This process can also be automated for remote key distribution though the mechanisms are the same.

The above describes the general key hierarchy so how does this work in a transaction?

A terminal receives a transaction and encrypts the data with an encryption key. This key has a KSN (Key Serial Number). The message is returned to the decryption environment containing the reference of the device serial number (the input for the BDK) and the KSN. This allows the BDK to generate the appropriate IPEK (using the terminal ID input) and the future keys from that IPEK and to identify the key corresponding to the KSN provided in the transaction message. Once that key has been used, the KSN counter increments such that that key was unique for that transaction and will not be used again.

Note that the key management in a P2PE solution will also feature a number of other keys. For example, there will likely be a separate DUKPT key infrastructure for PIN (note that each key must be for its own purpose so the PAN and PIN BDKs cannot be shared). Similarly, there will likely be a key for exporting keys between devices (for keys encrypting other keys, the encrypting key must be of equivalent strength to the key it is encrypting). Finally, if the above is taking place with asymmetric key distribution, there are requirements for the management of the PKI and the specific uses of that PKI.

If you’d like more information on this topic, you may be interested in checking out this reference: ANSI X9.24-1:2009 Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (available at http://webstore.ansi.org/FindStandards.aspx?SearchString=X9.24-1&SearchOption=0&PageNum=0&SearchTermsArray=null%7cX9.24-1%7cnull

Please contact us if you'd like to chat about P2PE & your business. 

Guided Website Threat Review

Guided Website Threat Review


Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Richard Jones
14/02/18 11:14

Foregenix Partner With Ground Labs To Strengthen GDPR Services

The clock is ticking and we are swiftly moving toward the GDPR deadline, with organisations of all shapes and sizes preparing themselves for the new ...

Read More

Jake Dennys
12/02/18 15:18

5 Steps To Make Your Travel Agency PCI Compliant

PCI compliance is no easy feat, it can be a challenge to obtain, but results in lasting consumer trust and peace of mind knowing their data is ...

Read More

Kirsty Trainer
07/02/18 12:34

Foregenix expands into Brazil with new São Paulo office

After an exciting growth period in 2017, we were able to officially launch Foregenix in Australia, extending our service delivery into the land down ...

Read More

Jake Dennys
06/02/18 09:30

Foregenix aim to help travel agents meet IATA accreditation deadline

Travel agents are in a  race against time to meet IATA’s deadline for PCI DSS compliance. They've been given the deadline of March 2018 to become PCI ...

Read More

Benjamin Hosack
05/02/18 13:45

Foregenix expands APAC presence with Dan Ball, Territory Manager. 

Foregenix has further expanded their APAC presence with the addition of Dan Ball to the team as a Territory Manager in Australia, with ...

Read More