« Building the team (part 2) | Main | More PIN Encrpytion/Decryption Resources »

Thursday, September 14, 2006

Creating an IPEK from a given KSN and BDK

One time I asked one of our encryption experts:  "Can you describe to me how to create an Initial PIN Encryption Key ('IPEK') given a specific Base Derivation Key ('BDK') and Key Serial Number ('KSN')?  Since this was a test scenario, I wanted to know how to do it for some commonly used test values, namely:

BDK:    0123456789ABCDEF
KSN:    0123456789A00001

This was the very clear and descriptive answer provided to me:

I have a utility that creates a DUKPT PIN block, and I used that to come up with the IPEK of 78DF-942D-65A2-ECE6 (NOTE: dashes are provided here for clarity only). For DUKPT, the way the Initial PIN Encyption Key is derived is that the KSN is first padded to left with “F” to a length of 20 bytes (10 packed bytes). In the example provided, the Initial KSN ('IKSN') is FFFF0123456789A00001. Then, the right-most 21 bits of the packed IKSN are cleared (set to zero).

Then, the left-most 16 bytes (8 packed) of the IKSN are encrypted by the BDK; so, in this example FFFF0123456789A0 is encrypted with 0123456789ABCDEF as the key, resulting in a derived IPEK of 78DF-942D-65A2-ECE6.

Posted by on Thursday, September 14, 2006 at 13:55 in Security |

| |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

I think that the base derivation key (BDK) must be more longer ( 128 bits)...

Posted by: Ben Njouia Anis | Monday, October 20, 2008 at 02:57

How do you get a iskn and bdk;if not given.

Posted by: tim | Thursday, January 15, 2009 at 14:47

Yes, I think Ben was right, according to Thales BDK generation tools, it produces a 32 digits of BDK value. I wanted to know what kind of utility that you have to creates a DUKPT PIN-Block ?

Posted by: FIkri | Sunday, February 08, 2009 at 12:13

This Wikipedia post explains the relationship between the BDK and IPEK:

http://www.andyorrock.com/2006/09/creating_an_ipe.html

Posted by: Andy Orrock | Tuesday, February 17, 2009 at 07:13

Ben/Flkri - you're both wrong. He has a 16 byte BDK which is 128 bits (16*8 = 128)...

Posted by: Matt | Monday, January 16, 2012 at 09:27

Hi Andy

Could you please explain more on "IKSN are encrypted by the BDK", what method is using to encrypt IKSN here? I though XOR but seem not true

Thanks

Posted by: Hien | Friday, July 27, 2012 at 11:25

The comments to this entry are closed.

Search

AddThis Social Bookmark Button

Resources

  • Alejandro's jPOS Project
    Faced with payment systems challenges? Start here to learn more about Alejandro Revilla's jPOS project.
  • Dave Bergert's Blog
    Insights from my OLS colleague, Dave Bergert, CISSP, CISA, CompTIA Security+, and former Visa-certified QSA.
  • Glenbrook's Blog List
    Glenbrook Partners has compiled "a current summary of the latest content from some of our favorite payments and banking blogs." Dave, Alejandro and I are on the list.
  • soliSYSTEMS
    My friend Roque Solis is our go-to guy for RFID, smart cards, chip cards, integrated circuit cards, HSMs, cryptographic accelerators and public-key cryptography.
  • Specs Online - AMEX
    American Express puts its acquirer specs online for public retrieval.
  • Specs Online - FDMS
    First Data Merchant Services puts its acquirer specs online for public retrieval.
    [NOTE: This repository is accessible only via IE; this link will not work with Firefox or other browsers.]

Documents

  • The PCI Split
    Depicts how we split an implementation into PCI and non-PCI halves.
  • The Virtuous Spiral
    A good payment system unleashes customer creativity. Does yours?
Blog Widget by LinkWithin

  • Your attention to detail is a great asset. Use it wisely.