Sample PIN Key Hierarchy Color Legend As Coordinated With Original Blog Post: MN HSMKey Hierarchy MMM Distribution Key Hierarchy MENNIINI Deviation Key Hierarchy Dread sm Master ey ees i Sea Generated bythe HSN er eererer ey aeons es ‘Created atistalaion Unique perdevice/ CLT Other (describe) Unique tothe HH Zone ke usedto| synchronize keys 2crossHSMs Gererated by the HSN. Enerypted wth MFK Unique the HSH Tosuerworkinghey to encrypt the Pil andexchange data withissurs ‘Acquirer werkinghey to encrypt the Pl andexchange data wth acqurers xs 256 ‘ser xs 256 Acquirer Loaded viarecehed ey components Loaded viarecthed eycomponents Unique to each issuer Unique each acquirer ‘Base derivation kes usedto Gererated bythe HSN. Encrypted with 20K Unique per merchant Key ended into Pol from which DUKPT heys ae crested DUKPTkey which sunique foreach PIN transaction Puble/priate key pair ed tsign and authenticate applicators Generated by the KI ung device ley eral umber and 80K Create the PO! Acquirer Notapplcable: Ephemealkey leadedinto PO! Loaded rt PO! Stored in SCD Unique perdevice Unique perdevice Only presenton CO sed to sign applicationsSample P2PE Key Hierarchy “Theinfomatinentred hetelsintededony providea guideline helporganzationto understand are create the own ey hraches. isnt represertatveofanypartialar stem, Color Legend As Coordinated With Original Blog Post: ll HSMKeyHierarchy INN Distribution Key Hierarchy NNN Deviation Key Hierarchy Key Key ee ert Cee eee i) cc Desciption&Pupose: | HSMMasterkey Creation: eNOV2ORL concn Distrbutin: None Storage: Hsu Destruction Zereize HSM Desciptio &Pupose: | Synchronize keys across HSMS Creation: eNoVzOM rooney weet Distro None Storage Hsu Destruction ‘Secure delete incor within the HSM Ercaypk working keys shared with ssueh and acquTers eNovzoaL ncn = Received componente Hsu ‘Secure delete incor within the HSM Digital signatures None sw ‘Secure delete unctiors within the HSM ‘Authenticate key Blocks fr symmetric keysexchangeduithanotherentiy Novae Local SW) ‘Secare delet incor within the HSM Bare doin ay fornealation of layr on POI 7Novz0a1 Local (HSN) and remote (Ki 3s comporentsndin HSM) HS, Components Forbeal, ecuredeletefuncionswithinthe HSM Forremot, secure detruction fhe components andzeroing ofkeysin HSM Key loaded nto POI fram which DUKPT keys are crested ‘Setly KiFattime of Plinjection if Not stributed unique tothe POlon whichis installed None None, procedures enforce ephemeral nature PEK Unique-pertransaction encyptionofcard data ‘ety KiF atime ofPOlinjection Not stributed, unique tothe POlon whichis installed POL Destucton of PO or zeroized PO! Key loaded nto POl rom which DUKDT hoy ar crested ‘Setly KiFattime of POlinjection coe Not stributed unique tothe POlon whichis installed | None: None, procedures enfere ephemeral nature IFEX ‘Unique-pertransaction encyptionofcard data ‘Set KIEattims of POinjection Not stributed unique tothe POlon whichis installed PO! Destruction of POI or aroized POI Maser hey/Session Key used to provide mutual uthentiction for remte dsribution ofAES 28 bitheys TOV Local (HSM) andremote (PO) Hs SCO Ce Forbeal, ecuredeletefuncionswithinthe HSM Forremot, destruction of PO orzerozed POL “Terminal mastorused?o enayptlays or PO! TNoVzOa Local (HSH) andremote (Ki, as comporents nd in #SM) Rr HS Components Forlcal, ecuredeletefuncions withinthe HSM Forremoty, secure detrtion of ky components andzeroing ofkeysin HSM