Most recent
ANSI X9.24-3-2017
Retail Financial Services Symmetric Key Management - Part 3: Derived Unique Key Per Transaction
This part of the standard describes the AES DUKPT algorithm (Derived Unique Key Per Transaction), which uses a Base Derivation Key (BDK) to derive unique per device initial keys for transaction originating SCDs, and derive unique per transaction working keys from the initial keys based on the transaction number. Working keys can be used for a variety of functions, such as encryption of PINs, data or other keys, for derivation of other keys, for message authentication, etc. AES DUKPT supports the derivation of AES-128, AES-192, AES-256, and double and triple length TDEA keys from AES-128, AES-192, and AES-256 BDKs
Accredited Standards Committee, Inc. - Financial Industry Standards [ascx9]