1. Home
  2. Turkmenistan standards
  3. TDS
  4. St AS 2805.6.7-2011

AS 2805.6.7-2011 PDF

St AS 2805.6.7-2011

Name in English:
St AS 2805.6.7-2011

Name in Russian:
Ст AS 2805.6.7-2011

Description in English:

Original standard AS 2805.6.7-2011 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт AS 2805.6.7-2011 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
250 business days
SKU:
Stasnzs01925
Choose Document Language:
€35

Full title and description

AS 2805.6.7-2011 — Electronic funds transfer – Requirements for interfaces, Part 6.7: Key management – Transaction keys – Derived unique key per transaction (DUKPT). This part of the AS 2805 series specifies a DUKPT-based method of key management for transaction keys used in authentication, encipherment and decipherment of electronic messages relating to financial transactions.

Abstract

This standard describes the data elements, key identification techniques and key-management processes needed to implement the Derived Unique Key Per Transaction (DUKPT) method for transaction keys in electronic funds transfer (EFT) interfaces. It sets out requirements for generation, distribution and use of transaction keys to support secure retail and banking payment messages.

General information

  • Status: Current (reconfirmed 2023).
  • Publication date: 23 December 2011.
  • Publisher: Standards Australia (Standards Development Body).
  • ICS / categories: Electronic funds transfer, payment systems, key management and cryptographic techniques; banking/electronic payments interfaces.
  • Edition / version: 1st edition (AS 2805.6.7-2011).
  • Number of pages: 37 pages (PDF).

Scope

The standard applies to key management for transaction keys in EFT interfaces and specifies the use of the Derived Unique Key Per Transaction (DUKPT) scheme for generating per-transaction keys, the associated key-identification data elements, and the transfer of key-management information between devices and hosts. It is intended for retail and banking payment environments where per-transaction keys are required to limit exposure from key compromise.

Key topics and requirements

  • Definition and use of DUKPT (Derived Unique Key Per Transaction) for transaction key generation and lifecycle.
  • Key identification formats and data elements required in message interfaces.
  • Procedures for key generation, initialization, activation and retirement of transaction keys.
  • Requirements for secure transfer of key-management information between terminals, host systems and key custodians.
  • Interoperability guidance within the AS 2805 series and with secure cryptographic device requirements for retail payment systems.

Typical use and users

Used by banks, payment processors, acquirers, ATM and POS terminal vendors, payment solution integrators and security architects who implement or evaluate EFT interfaces and terminal key management. It is referenced when implementing DUKPT-based transaction key systems to achieve per-transaction key uniqueness and minimize the impact of key compromise.

Related standards

Part of the AS 2805 series (Electronic funds transfer – Requirements for interfaces). Related parts include AS 2805.6.1.x (key management principles and symmetric/asymmetric key lifecycle), AS 2805.6.5.x (TCU initialization) and AS 2805.14.x (secure cryptographic devices and evaluation methods). Implementers often cross-reference ISO/IEC or ANSI standards on key management and retail device security when designing EFT solutions.

Keywords

AS 2805, EFT, electronic funds transfer, key management, transaction key, DUKPT, Derived Unique Key Per Transaction, payment terminals, POS, ATM, cryptographic devices, payment interfaces.

FAQ

Q: What is this standard?

A: AS 2805.6.7-2011 is the Standards Australia publication that specifies key-management requirements for transaction keys using the DUKPT scheme within electronic funds transfer interfaces.

Q: What does it cover?

A: It covers DUKPT key derivation and lifecycle (generation, initialization, identification, use and retirement), the data elements to carry key information in EFT messages, and requirements for secure transfer of key-management data between terminals and hosts.

Q: Who typically uses it?

A: Banks, acquirers, payment processors, terminal and POS/ATM vendors, security architects and auditors involved in payment system implementation and evaluation.

Q: Is it current or superseded?

A: The publication date is 23 December 2011; the document is listed as current and was reconfirmed in 2023 (reconfirmation means Standards Australia reviewed and retained the document as current). For formal status and any future revisions, consult Standards Australia or your national standards supplier.

Q: Is it part of a series?

A: Yes — it is Part 6.7 of the AS 2805 series, which addresses electronic funds transfer interface requirements; other parts cover message structures, key-management principles, device security and related topics.

Q: What are the key keywords?

A: DUKPT, transaction key, key management, EFT, payment terminal, POS, ATM, cryptographic device, AS 2805.