神马是DUKPT?
简单来说,DUKPT(Derived Unique Key Per Transaction)是被ANSI定义的一套密钥管理体系和算法,用于解决金融支付领域的信息安全传输中的密钥管理问题。
以下内容引用自ANSI X9.24规范文档(Retail Financial Services Symmetric Key Management)
This standard establishes requirements and guidelines for the secure management and application-level
interoperability of keying operations. Such keys could be used for authenticating messages (see Reference 5), for
encrypting Personal Identification Numbers (PIN) (see Reference 4), for encrypting other data, and for encrypting
other keys.
DUKPT应用场景举例
Jacky到Wal-Mart购买了一双鞋,结帐时使用VISA信用卡刷卡,刷卡后POS需要与后台系统进行数据交互,将此交易的信息告知发卡行,交易信息的传递路径大概描述如下:
从信息传递的安全性上考虑:
1. 上图的交易信息传递过程中,