Glossary

[ KSN ] PAYMENT CRYPTOGRAPHY

KSN — Key Serial Number

A counter-plus-identifier value transmitted with every DUKPT-encrypted transaction. It tells the receiving HSM exactly which derivation path under the BDK reproduces the matching Transaction Key.

Standard:
ANSI X9.24-1 / X9.24-3
Origin:
Visa / ANSI

What is a Key Serial Number?

The Key Serial Number (KSN) is the public coordinate of DUKPT — it accompanies every encrypted PIN block or message and tells the receiver exactly which transaction-key path under the BDK derivation tree to walk to recompute the matching key. The KSN consists of two parts: a Device Identifier (the upper bits, fixed per terminal and assigned during injection) and a Transaction Counter (the lower bits, incremented on every transaction).

For 3DES DUKPT, the KSN is 10 bytes: 6 bytes of Key Set Identifier + 2.5 bytes of Device Identifier + 1.5 bytes (21 bits) of Transaction Counter. For AES DUKPT, it is 12 bytes with a wider 32-bit transaction counter. The KSN is not secret — it can be transmitted in clear alongside the encrypted PIN block (typically in ISO 8583 field 53 or in a TR-31 key block header).

How the KSN Drives Key Derivation

When a transaction occurs, the terminal increments its KSN counter, derives the next Transaction Key from its IPEK using a key-derivation function that consumes the KSN, encrypts the PIN block under that key, and transmits {encrypted PIN block, KSN} together. The acquirer's HSM receives both, walks the BDK derivation tree using the KSN to recompute the exact same Transaction Key, and decrypts.

A crucial property is that the derivation function is one-way at each step: knowing the KSN and any past Transaction Key reveals nothing about future Transaction Keys. This is what gives DUKPT its forward secrecy.

Frequently Asked Questions

Is the KSN sensitive?
No. The KSN is public — it must be transmitted in clear so the receiving HSM can identify which key path to walk. Its security comes from being meaningless without the BDK.
What is the structure of a KSN?
For 3DES DUKPT: 10 bytes split as Key Set ID (5-6 bytes) + Terminal ID (2-3 bytes) + Transaction Counter (21 bits = ~2M values). For AES DUKPT: 12 bytes with a 32-bit counter supporting ~16M transactions per IPEK.
What is the difference between KSN and KSI?
The KSI (Key Set Identifier) is the upper portion of the KSN that identifies which BDK the terminal's IPEK was derived from. Multiple terminals can share a KSI (because they share the same BDK) but each has a unique Terminal ID below it.

Related Terms

DUKPTBDKIPEK