This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||
|
Can someone add the URL to the ANSI standard ? Many thanks Rmartelloni ( talk) 14:09, 22 September 2014 (UTC)
Can Derved unique key per transaction hacked. as this BDK needs to be shared with all the terminal vendors who collect to a host or network
Only solace might be that if different bdks are used with different vendors. then there needs to be an additional identification to identify the terminal model too..
I have no idea how to work Wikipedia. Whoever commented above is simply wrong, the BDK does not need to be shared. The BDK is used to compute a device-specific Initially Injected Key which is given to a 'terminal vendor,' or more commonly, one BDK is given to each terminal vendor; if the terminal gets moved to a new vendor it either gets new keys or the IIK is given to the new vendor, NOT THE BDK.
In addition, Wikipedia should note DUKPT is described in (too much?) detail in ANSI X9.24-1:2009, I have a copy and would ontribute to the article if I had time to learn how to use WIki properly. Perhaps someone would like to take a writeup from me and format it for Wiki? —Preceding unsigned comment added by 99.35.164.204 ( talk) 17:41, 23 November 2010 (UTC)
If anyone is still tracking this entry, I would like to know more about how the Future Keys are derived. It is stated that the IPEK is discarded once the initial Future Keys are created, and I've read there are a maximum of 21 FK at any given time. I've also read that FKs are discarded once used and a new FK generated for future use, and this would imply that Future Keys can be created from other Future Keys (since the IPEK was long discarded).
Either way, doesn't the central HSM with the BDK need to know an additional something (some input) into the FK generation process in order to derive the Session Key (given the KSN) which is ultimately the symmetric key used to decrypt the PIN? Am I missing something obvious?
(I know it's in the ANSI spec -- I don't have access. Thanks) — Preceding unsigned comment added by 56.0.165.248 ( talk) 19:00, 4 September 2013 (UTC)
This article probably should specify that it's about 3DES DUKPT. AES DUKPT is a slightly different standard with different sized counters and logic (unless operating in a particular mode). All the people talking about ANSI X9.24-3 are talking about AES DUKPT, while the text of the article is 3DES DUKPT. I'm unsure if 3DES DUKPT is standardised outside of AS2805.6.7
References
This article has not yet been rated on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||
|
Can someone add the URL to the ANSI standard ? Many thanks Rmartelloni ( talk) 14:09, 22 September 2014 (UTC)
Can Derved unique key per transaction hacked. as this BDK needs to be shared with all the terminal vendors who collect to a host or network
Only solace might be that if different bdks are used with different vendors. then there needs to be an additional identification to identify the terminal model too..
I have no idea how to work Wikipedia. Whoever commented above is simply wrong, the BDK does not need to be shared. The BDK is used to compute a device-specific Initially Injected Key which is given to a 'terminal vendor,' or more commonly, one BDK is given to each terminal vendor; if the terminal gets moved to a new vendor it either gets new keys or the IIK is given to the new vendor, NOT THE BDK.
In addition, Wikipedia should note DUKPT is described in (too much?) detail in ANSI X9.24-1:2009, I have a copy and would ontribute to the article if I had time to learn how to use WIki properly. Perhaps someone would like to take a writeup from me and format it for Wiki? —Preceding unsigned comment added by 99.35.164.204 ( talk) 17:41, 23 November 2010 (UTC)
If anyone is still tracking this entry, I would like to know more about how the Future Keys are derived. It is stated that the IPEK is discarded once the initial Future Keys are created, and I've read there are a maximum of 21 FK at any given time. I've also read that FKs are discarded once used and a new FK generated for future use, and this would imply that Future Keys can be created from other Future Keys (since the IPEK was long discarded).
Either way, doesn't the central HSM with the BDK need to know an additional something (some input) into the FK generation process in order to derive the Session Key (given the KSN) which is ultimately the symmetric key used to decrypt the PIN? Am I missing something obvious?
(I know it's in the ANSI spec -- I don't have access. Thanks) — Preceding unsigned comment added by 56.0.165.248 ( talk) 19:00, 4 September 2013 (UTC)
This article probably should specify that it's about 3DES DUKPT. AES DUKPT is a slightly different standard with different sized counters and logic (unless operating in a particular mode). All the people talking about ANSI X9.24-3 are talking about AES DUKPT, while the text of the article is 3DES DUKPT. I'm unsure if 3DES DUKPT is standardised outside of AS2805.6.7
References