IPP MS
DUKPT C
AND
OMMUNICATIONS
Packets
Constraints
NAKs
Time Outs
Key Insertion
NOTE
280
M
X
800 S
P
ERIES
ROGRAMMERS
P
ACKETS
The following illustrates the DUKPT method of encryption.
Master Device
Forwards the account number
1
and PIN to the IPP.
Appends the PIN block and KSN
2
to the request packet.
Forwards the packet to the host.
3
Figure 2
DUKPT Session Encryption Example
The known software constraints for IPP are:
•
All communication must be asynchronous, half-duplex, 1200/2400/4800/9600/
19200 baud, 7 data bits, even parity, and 1 stop bit (7E1).
•
Packet length is limited to 255 characters.
When the IPP receives NAK, it retransmits the last message and increments a
NAK counter for that communication session. If more than three NAKs are
received during any attempt to transmit the same item, the transmitting party send
an EOT, terminating the session.
During a communication session, the IPP or the terminal times out if it does not
receive the expected communication within 15 seconds. The unit sends an EOT
to terminate the communication session.
This section describes MK insertion and DUKPT initial PIN encryption key
insertion.
Master Key Insertion
For each master key injection session, the IPP checks to see if it is the first time
that user tried to load the master key. If it is the first time, the IPP clears all master
keys to zero before loading a new master key.
All master keys must be loaded in the same key injection session, otherwise the
previous master key is erased in the next master key injection session.
A master key injection session is the duration of the power level is maintained in
the IPP.
The master key insertion rule does not apply to the GISKE key loading key (KLK).
G
UIDE
IPP
Creates the PIN block.
1
Encrypts PIN block with the
2
generated PEK.
Sends the PIN block and current
3
KSN (key serial number) to the
master device.