CCA Release 2.54
UKPT Calculation Methods
This section describes the calculation methods for deriving the
unique-key-per-transaction (UKPT) key according to ANSI X9.24 and performing
the special encryption and special decryption processes.1
Deriving an ANSI X9.24 Unique-Key-Per-Transaction Key
To determine the current-transaction encrypting key used by a terminal which is
encrypting PIN-blocks under the ANSI X9.24 standard, the ANSI X9.24 algorithm
uses a derivation key and the Current Key Serial Number (CKSN) as inputs.
The derivation key must be a double-length KEYGENKY key-type with the
UKPT control vector bit set on. The right half of the derivation key cannot be
the same as the left half of the derivation key.
The initial key serial number is a 59-bit value that contains terminal
identification information that is unique amoung the set of terminals initialized
under a given derivation key.
The encryption counter is a 21-bit counter value. The value in the counter is
set to 0 when the terminal is initialized. The counter increments each time the
terminal performs a PIN-block encryption. The counter increments such that a
maximum of 10 bits can be set on; the counter can record 1000 000
encryptions. When the maximum counter value is reached, the terminal is
The current key serial number (CKSN) is the concatenation of the initial key
serial number and the encryption counter. This concatenation is an 80-bit
(10-byte) value.
The calculation method consists of the following steps:
1. Calculate the initial encrypting key. To calculate the initial encrypting key, do
the following:
a. Move the leftmost 8 bytes of the current key serial number to a work area
b. Perform an AND operation with the last byte of Ca and X'EO'. This
operation clears the high-order bits of the encryption counter. The value
that Ca now contains is the initial serial number that was loaded when the
PIN keypad was initialized.
c. Encrypt Ca, using the left half of the derivation key; name the result Cb.
d. Decrypt Cb, using the right half of the derivation key; name the result Cc.
e. Encrypt Cc, using the left half of the derivation key; name the result Cd.C
is the initial PIN encrypting key that was loaded when the terminal was
f. Rename Cd to be Ka, the initial PIN encrypting key.
2. Calculate the current encrypting key. To calculate the current encrypting key,
do the following:
1This material is adapted from the VISA Point-of-Sale Equipment Requirements: PIN Processing and Data Authentication
Appendix E. Financial System Verbs Calculation Methods and Data Formats E-13