The Racal Transaction Key Scheme (RTKS) is a key management technique that is closely coupled with message authentication. The functions provided by the HSM include key management in addition to MAC generation and verification.
In the Racal Transaction Key Scheme the TPK and the TAK are updated after each EFT transaction using an algorithm that depends on the current key and the details of the transaction (which are known to both communicating parties, but which does not form part of the transmitted message, and so would not be known to a third party).
This affords a very high degree of protection for the cryptographic keys. Even if a third party were able to discover the value of the cryptographic key in use at a particular time, this would not facilitate discovery of the keys used on previous transactions (i.e., the scheme has good break-backward protection). Also, if some card data were not transmitted, the third party would not be able to discover the new value of the keys for the subsequent transaction (break-forward protection).
The key update algorithm used in the Racal Transaction Key Scheme is based on a One-Way Function (OWF) involving the current key value and the Message Authentication Code (MAC) residues from the request and response messages from the transaction. The use of the MAC residues is important, as they are not part of the transmitted data.
In this scheme, the MACs are calculated using a key derived from the transaction key, and not the transaction key itself. This also applies to the PIN encrypting key.
For more details of the Racal Transaction Key Scheme see Racal-Transcom Publication RRL4 Secure Key Management for Pin Encryption and Message Authentication.