Dynamic Key Exchange

NPCI’s
Dynamic Key Exchange

[Type of Document: Confidential] Page 1 of 4

Dynamic Key Exchange

Confidentiality and Copyright Notice

© 2016 by National Payments Corporation of India.
This document is of restricted use. No part of this document may be reproduced in any form
by any means without prior written authorization of National Payment Corporation of India
(NPCI).

[Type of Document: Confidential] Page 2 of 4

Dynamic Key Exchange

1 PIN Encryption - Key Security and Management

As a security feature, NPCI switch ensures that cardholder PIN (second factor of
authentication) is transmitted across in encrypted form in ISO messages. PIN is encrypted
under ZPK (Zone PIN Key) to form PINBLOCK. Thus it is the encrypted PINBLOCK that is
transmitted across. NPCI shares ZPK with Acquirers and Issuers separately but again not in
clear form. ZPK is further encrypted under another key called ZMK (Zone Master Key).
Acquirer switch uses the ZPK provided by NPCI, to encrypt the PINBLOCK while sending the
transaction request to NPCI switch. On receipt of the transaction from the Acquirer switch,
NPCI switch will decrypt and again encrypt using the ZPK given to the Issuer when it sends
the transaction request to the issuer switch.

2 Current Process and Implementation

Currently NPCI is using static key exchange process for ZPK between member banks and
NPCI for encryption/ decryption of PIN. i.e. the key exchange of ZPK happens only once when
the member is on-boarded on NPCI network. The Zonal PIN key is encrypted under Zonal
Master Key and is sent to bank nominated custodians and the bank is expected to enter those
keys manually into their system. These keys remain constant throughout the period for which
the member bank is connected to NPCI on static key mode.

3 Requirement and Proposed Implementation

In our endeavour to constantly improve and enhance the system security measures, NPCI
proposes to migrate to Dynamic Key Exchange (DKE) from the existing Static Key Exchange
implementation. DKE is the mechanism that enables members and NPCI switch to
conveniently exchange ZPKs, using online network management messages periodically.
In case of dynamic keys the ZPK shall be changed at fixed intervals through a message
exchange between Bank’s switch and NPCI switch automatically.
Two methods of Dynamic Key Exchange will be supported:
1. NPCI Automated – NPCI switch as master (NPCI) sends the key update request (with
new encrypted ZPK) automatically at a predefined time.
2. On Member Request – Member switch requests for a new key which NPCI switch
(master) acknowledges and then initiates a key update request (with new encrypted
ZPK).

[Type of Document: Confidential] Page 3 of 4

Dynamic Key Exchange

The types of key exchanges are also demonstrated diagrammatically below:

New Key
1 Sent

Master key Slave key

processor processor

New Key
2
Accept

Figure 1: NPCI Automated DKE

Key change request

from 1
slave

Key change respone

2 from
master

Master key Slave key

processor processor

New key
3 request

New key 4
response

Figure 2: On Member Request DKE

4 Advantages of Implementing Dynamic Key Exchange:

1. DKE enhances the security of the payment system by making it feasible for NPCI and
its members to frequently exchange PIN encryption keys.
2. DKE mitigates the risk of key compromise. DKE allows members to request for a key
exchange as per their requirement, at any given point of time.
3. DKE reduces the manual intervention to be negligible hence minimizes errors.
4. DKE is cost effective as it eliminates the manual ZPK generation and key mailers.
5. Always a new key (ZPK) is shared with every DKE, even for repeated attempts/ trials.
6. Pre-configured time interval: NPCI switch will automatically exchange new ZPK key
once in every 24 hours (from last successful key change). NPCI would configure time
(during non-peak hours) for key change for each member bank in NPCI switch.
7. Will meet industry standards.
8. Bank can request (‘On member Request’) a key exchange any time during the day as
per its requirement.

[Type of Document: Confidential] Page 4 of 4