
9.4Application Based Keys
9.4.1Special Keys
Special keys are loaded encrypted under the KTK. The SSA will have a key structure matrix indexed by application ID. These keys can be both
These two Application Special Keys are only used if the Prompts Authentication Key security option is set to 1 (application based, see section 9.5.1 on page 96). If Prompt MACing is also enabled, the Secure Text and Clear Text prompts will be verified with these two keys. If the Prompts Authentication Key is set to 0 (terminal based), the
Key Name | Index | Length | Description of Key |
Secure Text Entry | 1 | 8/16 | This key is loaded encrypted under the KTK. |
Form Authorization |
|
| All prompts and/or screens used for Secure |
Key |
|
| Text Entry of the application will be |
|
|
| authenticated using this key if the Prompts |
|
|
| Authentication Key security option is set to |
|
|
| application based (1). |
|
|
|
|
Clear Text Entry | 2 | 8/16 | This key is loaded encrypted under the KTK. |
Form Authorization |
|
| All prompts and/or screens used for Clear Text |
Key |
|
| Entry of the application will be authenticated |
|
|
| using this key if the Prompts Authentication |
|
|
| Key security option is set to application based |
|
|
| (1). |
9.4.2Master Keys
Master keys are loaded encrypted under the KTK or current Master Key. For application- based financial keys, the SSA will have a key structure matrix indexed by application ID.
The device can accommodate up to ten master keys per application, or 64 master keys per terminal. Each key is independent and used to transport the corresponding working (session) key. Available indexes for master keys are 0 – 9 per application or 0 – 63 per terminal. These keys can be both
The device supports four types of master keys.
| Key Name | Description of Key |
|
| Master Terminal | This key is used to encrypt the Working (session) Terminal PIN |
|
| PIN Key (MTPK) | Key (WTPK). |
|
| Master Message | This key is used to encrypt the Working (session) Message |
|
| Authentication | Authentication Code Key (WMACK). |
|
| Code Key |
|
|
| (MMACK) |
|
|
|
|
|
|
| Master | This key is used to encrypt the Working (session) Communication |
|
| Communication | Key (WCK). |
|
| K (MCK) |
|
|
|
|
|
|
94 |
| Chapter 9 Key Architecture | |
|
| Section 9.4 Application Based Keys |