In cryptography, Derived Unique Key Per Transaction (DUKPT) is a key management scheme in which for every transaction, a unique key is used which is derived from a fixed key. Therefore, if a derived key is compromised, future and past transaction data are still protected since the next or prior keys cannot be determined easily.
The current (as of May 2024) version of the standard (ANSI X9.24-3-2017[1]) was released in 2017.[2] It is based on the AES encryption algorithm and is recommended for new implementations.
This article is about the original variant of DUKPT that is based on the TDEA encryption algorithm and is described in the Appendix C of ANSI X9.24-3-2017.