Security Options, Session Keys, Dukpt Keys, Wtpk | Ingenico 6500

Key (MCK)
Master Atalla Key	This key is used to XOR a value for PIN entry, MAC, or
	encrypt/decrypt to form master variant keys to decrypt for PIN
	entry, MAC, and COM session keys.

9.4.3Session Keys

These keys are loaded encrypted under the corresponding master keys. This means that the type and index of the working (session) key have to match the type and index of the corresponding master key that was used to encrypt it. For application based financial keys, the SSA will have a key structure matrix indexed by application ID.

The device can accommodate up to ten working (session) keys per application, or up to 64 working (session) keys per terminal. Available indexes for the working (session) keys are 0

–9 per application or 0 – 64 per terminal. These keys can be both single-length DES keys and double-length triple DES keys. Similar to the master keys, the device supports four types of working (session) keys.

Key Name	Description of Key
Working (session)	This key is loaded encrypted under the corresponding Master
Terminal PIN Key	Terminal PIN Key. It is used to encrypt the customer PIN for
(WTPK)	transmission to the host.
Working (session)	This key is loaded encrypted under the corresponding Master
Message	Message Authentication Code Key. It is used to authenticate the
Authentication	customer transaction.
Code Key
(WMACK)
Working (session)	This key is loaded encrypted under the corresponding Master
Communication	Communication Key. It is used to encrypt customer transaction
Key (WCK)	data between the debit terminal and the host.

Working (session)	This key is decrypted by the Master Atalla Variant Key, which is
Atalla Key	created from the Master Atalla Key according to the type of
	operation to be performed.

9.4.4DUKPT Keys

The Initial PIN Pad Keys (IPPKs) are loaded encrypted under the KTK. The device can accommodate up to ten separate DUKPT engines. Each engine is initialized with an IPPK. Available indexes for the DUKPT engines are 0 – 9. The IPPKs can be both single-length DES keys and double-length triple DES keys.

9.5Security Options

This section provides a synopsis of each security option. All the security options can be loaded during key injection. The user application can request the security options setting from an SSA API.

Ingenico 6500 User’s Guide

95

Image 103

Ingenico 6500 manual Security Options, Session Keys, Dukpt Keys, Wtpk, Wmack

Contents

Ingenico Page Table of Contents Chapter Supervisor Menu Diagnostic Menu Chapter Secure Certificate 100 Revision History Page Payment Types IntroductionTwo Terminal Models About this Manual Connectivity Kits Conventions Used in this Manual Unicapt 32 Software Development Kit JavaPOS Software Development Kit Navigating the Extended Menu Accessing the Extended MenuExtended Menu Overview Overview Finding Options in the Extended Menu Finding the Current Setting Ibmeft Ncreft COM2Gems COM2 COM3 DhcpCOM1 COM2 COM3 SAM USB Extended Menu Overview YYYY/MM/DD System Configuration MenuSystem Config Changing the Date and Time Display Contrast Enable/Disable Beep TonesChanging the Display Contrast Changing the Beep Tones Beep Tone Status Changing the Beep LengthBeep Length Tone Changing the Beep TonesMidtone Turning the Backlight On or Off Setting Backlight to Off When IdleSystem Configuration Updating Backlight Turning the Backlight On or Off Idle Timeouts Idle TimeoutBacklight Versions System Info MenuFinding Version Numbers System Info Xxxxxxxxx Checking the Security InformationSecurity Info Security Info RAM Info RAM Info Ingnar Viewing All Parameter ValuesDisplayAction View Parameter Ibmeft OFFNone ETH Dhcp NONE/AUTO Auto Ingenico 6500 User’s Guide Changing the Supervisor Menu Password Supervisor Menu PasswordSupervisor Menu Reading the Application File Application File in TerminalSupervisor Menu Erase Erasing the Application FileFile Menu Read Security Setting the Key Injection Port Injecting Keys Setting the Key IndexInject Keys Index SelectX Setting the Application Number App SelectAAAA Finding the Key Check Value Terminal KeysApp Select Finding the Key Check Value Application Keys Application Keys Application KeysAPP1 APP2 Erase App Keys? Erasing Application KeysErase App Keys Erase App Keys Injecting a Serial Number System Parameters Download Method Setting the Download MethodSystem Parameters Menu Sys Parameters Port1 Selecting the Download PortDownload Port Download Port Selecting the Download Interface Type Setting Up the PortPortX Baud Rate Setting the Baud RateSetup Port Port Data Bits Setting the Data BitsData Bits Stop Bits Setting the Stop BitsSet Port Stop Bits Parity Setting the ParityParity LAN Address Defining the LAN AddressLAN Address Retry Count Setting the Retry CountRetry Count Response TMO Setting the Response TimeoutResponse TMO Poll TMO Setting the Poll TimeoutPoll TMO Turnaround TMO Setting the Turnaround TimeoutTurnaround TMO Port3 Defining the Dhcp AddressPort3 Local IP Defining the Local IP AddressLocal IP Local IP Port Setting the Local IP Port NumberLocal IP Port Server IP Defining the Server IP Address Server IP Port Setting the Server IP Port Number IP Add Mask Masking Your IP AddressXXX.XXX.XXX.XXX Updating… Setting the GatewayGateway Gateway Primary DNS Setting the Primary DNSPrimary DNS Secondary DNS Setting the Secondary DNSSecondary DNS Dial Phone Num Setting the Domain NameSetting Up the Phone Number to Dial Dial Modem Speed Setting Up the Modem Speed Host Port Aux Port Changing the Position of the Host Port or Aux Port AD On/Off Configuring the Host Port Auto Detect FeatureDisabling or Enabling the Auto Detect Feature Auto Detect AD Timeout Setting the Auto Detect TimeoutAD Timeout AD Retry Times Setting the Auto Detect Retry TimesAD Retry Times Parameter Editor Editing Parameters Parlcdcontrast Parameter Name Description Value Data Pareftllevelnum Parameter Name Rescommrecerror Resbdlcfsdwnerror PARCOM1BAUDRATE PARCOM1INTERFACET PARCOM2PARITY PARCOM3BAUDRATE Parethgateway Parapplcomment Diagnostic Menu Diagnostic MenuTesting the Display Contrast Diagnostic Menu Keypad Testing the KeypadTesting the Beeper Keypad RS232 Testing the RS232 ConnectionBeeper RS232 Tailgate Testing the RS485 Tailgate Connection USB Diagnostic Testing the USB Port Mag Stripe Reader Testing the Magnetic Stripe Reader Smart Card Reader Testing the Smart Card Reader Testing the SAMs Touch Screen Testing the Touch Screen Signature Capture Testing Signature CaptureExtended Menu Press , Enter to select Diagnostic Menu Diagnostic Menu Press , Enter to select Signature Capture Pen Calibration Testing Pen Calibration Finger Calibration Testing Finger Calibration SCV Verification System Architecture Architecture Terminal Architecture Host Connections Operating System System and Security Application Maintenance Application Transmitting Data DigitizerUser Application Download File Architecture Key Architecture Description of Key Sponsor Key KTKTerminal Based Keys Key Name Index Length Key Name Description of Key Application Based KeysSpecial Keys Master Keys Wtpk Security OptionsSession Keys Dukpt Keys Possible Values Description Prompts Authentication Key OptionsChange Terminal ID Option Prompt MACing Double-Length Key MAC Calculation Code MACingPossible Encryption Description Values Atalla Key Block Protection Option Visa PED Mode OptionTerminal Startup Verify MAC Option Financial Key Option Secure Certificate Secure CertificateSecuring Process Ingenico 6500 User’s Guide 101 Secure Certificate MAC Descriptor Section Secure Certificate Descriptor Sections Possible Description Values Visa PED Mode Descriptor Section SHA1+MAC Application Descriptor Section Secure File Descriptor Section 106 Applname filename.ext class existence Non-Secure File Descriptor Section Delete Data File Descriptor Section Delete Application Code File Descriptor SectionDelete Whole Application Descriptor Section Timing Ibmeft DownloadPrerequisites Preparation Feedback Outline of Download Process Steps Ingenico 6500 User’s Guide 111 112 Communications port is not working Download ErrorsError Opening Port Hardware settings in the Ingenico 6500 have been changed Received 3 NAKs or Timeout SendVISAPacket Configuration Default Value Default Setup ConfigurationError Bad Prog CRC Error Not Enough DFS Space Comm Receive Error Card Read Error1 IBM EFT TroubleshootingEFT Device Not Available EFT Device Not Available During Check Authorization