Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments

TL;DR

This paper explores the potential of applying DUKPT key management to various mobile payment scenarios, especially focusing on the emerging cloud wallet technology, and provides an initial analysis of its suitability.

Contribution

It is the first detailed analysis of DUKPT applicability to cloud wallets and diverse mobile payment use cases, filling a gap in existing security discussions.

Findings

DUKPT can be adapted for cloud wallet security.

Applicability varies across mobile payment methods.

The paper provides guidelines for security implementation.

Abstract

After discussing the concept of DUKPT based symmetric encryption key management (e.g., for 3DES) and definition of cloud or remote wallet, the paper analyses applicability of DUKPT to different use cases like mobile banking, NFC payment using EMV contactless card and mobile based EMV card emulation, web browser based transaction and cloud or remote wallet. Cloud wallet is an emerging payment method and is gaining momentum very fast. Anticipating that the wallet product managers and security specialists may face these questions from different stakeholders, the authors have addressed applicability of DUKPT to cloud wallet use case quite elaborately. As per knowledge of the authors, this topic has been analysed and discussed for the first time.