Professional Documents
Culture Documents
To load different key in the PINPAD device following methods are used.
Method:
1) Plain WK Key loading
2) Plain MK-SK Key loading
3) MK key Loading through TR-31
4) Plain DUKPT key loading
5) DUKPT key loading using TR-31
Driver installation:
To Install the PINPAD Driver in the window environment.
Step1:Connect the KF311 device to the system (Preferably Windows XP/Windows 7).
NOTE: Install the driver for the 1st time in order to get the COM port detection. After wards it will
detect automatically.
Step 3: Open PCI-Test tool and configure the COM port in 'Setup COM'.
Sample view of the PC Tool used to generate the keys for different purpose.
Method 1:
Direct WK key loading:
In this case there in no requirement of master key. Directly working is loaded in the PINPAD device.
This key will be used for Pin encryption.
To generate working key and save it in the file, need to follow steps mention below.
To load the key in PINPAD device we need to follow below mentioned steps
In this case master key is used to encrypt the session key. Master key is loaded in the plain format but
session key is loaded in encrypted format in PINPAD device.
NOTE: Master key can be loaded as two components. No encryption is required for the master key.
To load the session key first encrypt the session key with master key.
Note : This procedure should follow for any encrypted session key loading.
NOTE: use 3amsystems.com/crypto-toolbox to encrypt the session key using master key.
1. Browse the file WK.key
2. Set Key Type as PIN_WK
3. select '2:ECB DECRYPTION'
4. Select key length it can be 8/16/24 byte
5. Set key index between 0-31.
6. Enter the Main Key Index same as Key Index.
7. Enter Encrypted session key value. (use 3amsystems.com to encrypt the session key)
8. confirm with same encrypted session key value.
9. Click on 'Save' to save the final key encryption.
To load the Master key in the PINPAD follow the below mentioned steps:
1: Goto 'Load key'.
2. Tick the Key file check box.
3. Browse the MK.key file.
4. click of start button to load the key in the pinpad.
To load the working key in pinpad follow the below mentioned step:
1. Goto the 'load Key'
2. check the 'Key file' box
3. Browse the same WK.key file used to save the working key in the previous section.
4. click on 'start' button to load the key in the PINPAD.
Method 3:
MK key Loading through TR-31
In this method MK is transferred using TR-31 protocol to the pinpad. The session key must be
encrypted using Master key. The session key is sent directly to the pinpad device. There is no
requirement of any kind of protocol or alternate method to load session key.
NOTE: The pinpad must be in 'connected' mode before loading the master key in the pinpad device
using TR-31 protocol.
To enter in the 'Connected' Mode. Follow the below steps on the PINPAD
1. press F2
2. Enter admin A password as '111111111111' (12 ones)
3, Enter admin B password as '222222222222' (12 twos)
4. press 'cancel' on device if you want default KBPK ie all 0's. Otherwise set the KBPK in 2
components and final key value will be the XOR of the both components.
5. 'Connected' will be displayed on the screen.
NOTE: for a new device default password will be all zeros (12 zeros) for both admin A and B.
There is a provision to change the admin password also.
To load the Master key using TR-31 follow the below mentioned steps:
NOTE: To load the session key, refer the session key loading in Method 2. Same procedure must be
used in order to load the session key.
Method 4:
Plain DUKPT Loading
NOTE: To load the DUKPT in PinPad, first DUKPT mode must be selected in the PINPAD.
1.Goto Edit key section.
2. Browse the file DUKPT.key
3. Set Key Type as DUPKT
4. Select key length it can be 16 bytes
5. Set key index between 0-31.
6. Set KSN value (generally 10 bytes value is entered)
7. Choose 'PLAIN Text' cipher Mode.
8. Enter Component1 value.
9. Enter Component2 value.
10. Click on 'Save' to save the final key encryption.
NOTE: DUKPT is
sent using TR-31
only. So set the
PINPAD device in
'Connected' Mode
before loading
DUKPT.
To load the DUKPT file in the PINPAD follow the same steps as mentioned in the previous method.
Note :
1: At time you can work in a single mode ie. Either DUKPT or PINK.
2: Changing the mode from DUKPT to PIN or PIN to DUKPT all keys will be erased.
3: KF311 support only one DUKPT key index.
4: It is not possible to remotely load Master keys in KF311 pinpad.
5: There is no magnetic data encryption in KAIFA.
6: If some new requirement comes from any customer we need to inform the same to KAIFA
vendor to do the changes. After the completion of changes the vendor will provide the new APP.
Using the MTK3 tool update the APP.