Luna EFT 2

Basic Functionality

Assaf Cohen
Training Manager
Agenda
• Key types
• Key distribution
• Key management
Card Payments – Crypto & Key
Management
General

 There are many key types in card payment processing

 Most commonly used keys are double-length 3DES
 AES is gradually being introduced
 RSA is only used for specific scenarios
 Chip  Terminal authentication
 Remote Key Loading into ATMs / POS

 Key types are unique

 Unlike with general purpose HSM’s – each key type has it’s own purpose
and one key cannot be used for anything else than what it was designed for
 Generic Key Types
 Master Key (MK) – Used to encrypt all host-stored keys
 Key Encryption Key (KEK) – Used to encrypt keys before distribution
 Transport Key (TK) – Shared between 2 parties for further encryption
 Master Derivation Key (MDK) – Top level key that can create unique
card derivation keys
 Derivation Key (DK)
 Working Key (WK) – General keys that are used constantly by various
crypto processes
 Operational Key (OK)
 Session Key (SK) – a one time transaction/session based key
Major Key Groups
 Key Management Keys
 between Interchanges/Parties
 KI/KIS/KIR (=ZMK or ZCMK)
 between Acquirer and Terminal
 KTM, KB-A/B (legacy), RSA keys, TK for DUKPT IPEK

 Main Working/Operational Keys (for protecting transactions

throughout payments network)
 PPK (Pin Protection Key)
 MPK (Message Protection Key)
 DPK (Data Protection Key)
 Issuer Specific Keys
 PVK (mag-stripe and EMV)
 CVK (mag-stripe)
 IMK (EMV) – Issuer master key
Magnetic Stripe – Key Distribution
Card Terminal Acquirer Switch Issuer
Key
KI
Encryption KTM KI KI
KTM
Key
PPK Master Key
Terminal PPK– This keyPPKis PPK
Working
MPK intoInterchange – a bidirectional
Key MPK
Keys loaded theMPK
terminal by the MPK
keyDPK
DPKand can used to encrypt
DPKinformationDPK
Aquirer be used for PIN
Issuer between 2 parties PVK
encryption
Keys CVK
Keys that are used to encrypt
PINs, Data and Massage (MAC)

Verifiction keys, only used by the

issuer
Magnetic Stripe – Key Flow

Card Terminal Acquirer Switch Issuer

Key
Encryption KTM KI KI
Key

Working PPK PPK PPK

DPK DPK DPK
Keys MPK MPK MPK

Issuer PVK
Keys CVK

 Key types (i.e. – KI/PPK/MPK) are not the same between different
parties
 Keys are constantly decrypted and encrypted (translation) to increase
security
EMV – Key Distribution
Card Terminal Acquirer Switch Issuer
Key
KI
Encryption KTM KI KI
KTM
Key
PPK PPK PPK PPK
Working
MPK MPK MPK MPK
Keys
DPK DPK DPK DPK
PVK
CVK
Issuer Master Key, in combination with
Issuer IMKAC
the cardholder’s data is used to derive
Keys IMKSMI
unique card keys
IMKSMC
IMKIDN
ICCAC
ICCSMI Keys on the EMV chip, created by the
Card Keys
ICCSMC issuer
ICCIDN
EMV – Key Flow
Card Terminal Acquirer Switch Issuer
Key
Encryption KTM KI KI
Key
Working PPK PPK PPK
DPK DPK DPK
Keys MPK MPK MPK

PVK
CVK
Issuer IMKAC
Keys IMKSMI
IMKSMC
IMKIDN
ICCAC
ICCSMI
Card Keys
ICCSMC
ICCIDN
What kind of keys does the HSM manage?
 Network keys - Session key management
 ATM keys
 EFTPOS terminal keys
 Interchange keys
 Payment Scheme network keys (e.g. Visa, MasterCard)
 Issuer keys
 PIN verification keys
 IBM 3624 offset method
 Visa PVV method
 Card verification keys
 Visa CVV / MasterCard CVC / AMEX CSC method
 CVC3/dCVV (for contactless)
 EMV Keys
 Application Cryptograms
 Issuer Scripting
Key Management Techniques
 Key storage
 HSM internal secure memory
 Keys can be stored unencrypted – HSM encrypts keys using MMK
(erased on tamper detection)
 Host database
 Keys are encrypted by HSM-stored key
(protected by KM)

 Key separation
 HSM internal secure memory
 Separate tables for each key type
 Host database
 Variant Method: Separate encryption key for each key type
 TR-31 Method – used for secure key exchange
Encrypting Host-Stored Keys
 Keys can be saved in an external database
 We use the Domain Master Key (KM) to encrypt those keys
 Are all host-stored keys encrypted the same way?
 KM characteristics:
 Host-stored keys are encrypted using a variant of the KM, so each key
is encrypted differently
 The KM can be AES or 3DES (Double/Triple length)
 The EFT supports up to 16 KM’s
 Built-in support for “old”, “current” and “new” KM’s allows for easy
migration between KM’s
KM Variants
 Keys are randomly
generated, but we need a
way to differentiate what each
key is used for so we could
encrypt it under the KM
 We use variants to XOR the
generated key with a specific
value
 A 16 byte PPK key will be
XORd with 16 times X’28, for
example
Key Processing – Key entry
 Dual Custody
 At least two custodians are needed for all stored keys.
 Each has their own secret key component so neither custodian knows the
whole key
 Clear Key Components
 A clear key component is a secret value known only to one custodian.
 Depending on the algorithm and length of the key to which it belongs, it is
an n-hexadecimal digit number (e.g. 16, 32 or 48 for DES/DES3).
 Each clear key component has a component number associated with it.
 Encrypted Key Components
 An encrypted key component is similar to a clear key component, but it is
treated differently by the key entry mechanism. It also has a component
number associated with it.
Key Verification Codes (KVC)
 Key Verification Codes (KVC)
 Are used to verify, without compromising secrecy, that a key or a key
component has been entered correctly, or to confirm that the value of a
stored key is as expected.
 During key entry at the Luna EFT console, a KVC is automatically
calculated and displayed for each key component and for the resultant key.
 There are various methods used to calculate KVCs, consult the Console
User’s Guide for more info.

 Most popular, standardized KVC Algorithm (KL6):

Use the key (or key component) to encrypt a plain text made up of 8 zero value bytes. The left most 3 octets (bytes)
of the ciphertext is taken as the result. The value is displayed as 6 hexadecimal characters.

Example:
Key: 01 23 45 67 89 AB CD EF FE DC BA 98 76 54 32 10
Plaintext: 00 00 00 00 00 00 00 00
Ciphertext: 08 D7 B4 FB 62 9D 08 85
KVC: 08 D7 B4
Thank you!