Applicability of DUKPT Key Management Scheme to Cloud Wallet and other Mobile Payments
This work provides guidance for wallet product managers and security specialists in mobile payments, but it is incremental as it applies an existing method to new use cases.
The paper analyzes the applicability of the DUKPT key management scheme to cloud wallets and other mobile payment methods, addressing this topic for the first time as per the authors' knowledge.
After discussing the concept of DUKPT based symmetric encryption key management (e.g., for 3DES) and definition of cloud or remote wallet, the paper analyses applicability of DUKPT to different use cases like mobile banking, NFC payment using EMV contactless card and mobile based EMV card emulation, web browser based transaction and cloud or remote wallet. Cloud wallet is an emerging payment method and is gaining momentum very fast. Anticipating that the wallet product managers and security specialists may face these questions from different stakeholders, the authors have addressed applicability of DUKPT to cloud wallet use case quite elaborately. As per knowledge of the authors, this topic has been analysed and discussed for the first time.