AS 2805.6.7:2011 - Electronic funds transfer—Requirements for interfacesPart 6.7: Key management— Transaction keys-Derived unique keyper transaction(DUKPT)

AS 2805.6.7:2011 – Electronic funds transfer—Requirements for interfacesPart 6.7: Key management— Transaction keys-Derived unique keyper transaction(DUKPT).
(iii) If the PIN is not entered, send the enciphered PIN block response message without the PIN-related data elements and go to ‘Exit’.
(iv) If the PIN is entered, use the cardholder-entered PIN and the primary account number to generate the clear text PIN block and store it in Crypto Register-I.
(v) Go to ‘Request PIN Entry 1’.
(i) ‘Request PIN Entry 1’ (Local Label):
(i) Call the subroutine ‘Set Bit’.
(ii) Write into Current Key Pointer the address of that Future Key Register indicated by the position of the ‘one’ bit in the Shift Register.
(iii) Check the LRC on ![Current Key Pointer]. If this byte is correct (valid key), go to ‘Request PIN Entry 2’.
(iv) If the byte is incorrect, add the Shift Register to the Encipherment Counter (to skip over the invalid key).
(v) If the Encipherment Counter contains all zeros, cease operation. (The PIN Entry Device is now inoperative, having enciphered more than I million PINs.)
(vi) Go to ‘Request PIN Entry 1’.
(j) ‘Request PIN Entry 2’ (Local Label):
(i) Copy ![Current Key Pointer] into the Key Register.
(ii) (Optional: Perform this step to generate a key that will be used in a message authentication process; this step does not affect the generation of a PIN encipherment key.) XOR the value in the Key Register with hexadecimal ‘0000 0000 0000 FF00 0000 0000 0000 FF00’ are given in Figure A2 Key calculations for PIN enciphering and MAC keys and save this resultant key in the MAC key register. Where a separate key is required to verify the MAC on a response message, XOR the value in the Key Register with the hexadecimal ‘0000 0000 FF00 0000 0000 0000 FF00 0000’ and save the resultant key in the MAC Response key register.
(iii) (Optional: Perform this step to generate a key that will be used as a Data Key to encipher fields in the message; this step does not affect the generation of the PIN encipherment key.) XOR the value in the Key Register with hexadecimal
‘0000 0000 00FF 0000 0000 0000 00FF 0000’.
The resultant key is then passed through the One Way Function (OWF) by using the resultant key to encipher itself as shown in Figure A2, which shows the key calculation for PIN enciphering and MAC keys. The resultant key from the OWF is saved in the Data Enciphering key register. Where a separate key is used to encipher the transaction response, XOR the value in the Key Register with the hexadecimal ‘0000 00FF 0000 0000 0000 00FF 0000 0000’. The resultant key is then passed through the OWF by using the resultant key to encipher itself as shown in Figure A3. Save the resultant key in the Data Enciphering Response key register. The output values into the OWF are not parity adjusted before they are used in the OWF.
(iv) XOR the Key Register with hexadecimal ‘0000 0000 0000 00FF 0000 0000 0000 00FF’. (This will produce a variant of the value in the Key Register which is the PIN encipherment key.)
(v) Call the subroutine ‘Triple-DEA Encipher’.
(vi) Format and transmit the enciphered PIN block response message, which in ci ude s—
(A) the data in the Key Serial Number Register with leading hexadecimal ‘F’s’ suppressed (includes the 21-bit Encipherment Counter);
(B) the enciphered PIN block in Crypto Register-i; and
(C) go to ‘New Key’.
NOTE: See Table Al which is a summary of the variants that may he used to modify the current key register value to create separate keys for separate functions. The Data encipherment key is the only variant that uses a One Way function to derive that separate key.
(k) ‘Cancel PIN Entry’ (External Command):
(i) Deactivate the PIN Entry Device keyboard.
(ii) Go to ‘Exit’.
The following routine may be used if the PIN Entry Device is implemented using electrically erasable programmable read-only memory (EEPROM). In this case, those storage areas that are most frequently rewritten (e.g. the four or so highest-numbered Future Key Registers and the corresponding bits of the Encipherment Counter) are stored in volatile random access memory (RAM). Even though a power interruption results in the loss of the contents of the registers in volatile RAM, this loss is not significant, (if power to the PIN Entry Device were turned off and on again once a day for 10 years, the number of PINs the device could encipher would be reduced by less than 5% due to ‘lost’ keys).
NOTE: There may be a loss of synchronization if multiple power on reset cycles are executed without performing any transactions.