I'm currently looking to implement DUKPT (Derived unique key for each transaction), and I lost it, how to successfully implement it. Does anyone know a step-by-step guide / existing implementation or additional information about the actual implementation of the solution in a client-server application?
Introduction to DUKPT:
In cryptography, a derivative unique key For a Transaction (DUKPT) is a key control scheme in which for each transaction, a unique key is used that is obtained from a fixed key. Therefore, if the derivative key is compromised, the future and past transaction data is still protected since the next or previous key cannot be easily determined. Indicated by DUKPT in ANSI X9.24, Part 1.
DUKPT allows you to handle encryption must be removed from devices that keep a shared secret. Encryption is performed using a derivative key that is not reused after the transaction. DUKPT is used to encrypt e-commerce transactions. Although it can be used to protect information between two companies or banks, it is usually used to encrypt the PIN information obtained by Point-Of-Sale (POS). DUKPT is not the encryption standard itself; rather, it is a key management technique. Features DUKPT scheme:
- Include both parties, accepting and accepting parties with respect to the key used for this transaction,
- Each transaction will have a separate key from all other transactions, except by coincidence,
- , (, , , ) ,
- ,
- .