Hi tozzi21
my understanding is that the BDK should be used to generate an IPEK on the HSM based on the KSN. the IPEK is then loaded on the terminal
the IKEY can be exported under a previously agreed transport key
on the terminal, a new key is generated based on the IPEK and KSN to encrypt a PIN block. the original, encrypted BDK, the KSN and encrypted PIN block can then be supplied to an HSM to translate
NB: in production, you'd never have access to a clear BDK
my understanding is that the BDK should be used to generate an IPEK on the HSM based on the KSN. the IPEK is then loaded on the terminal
the IKEY can be exported under a previously agreed transport key
on the terminal, a new key is generated based on the IPEK and KSN to encrypt a PIN block. the original, encrypted BDK, the KSN and encrypted PIN block can then be supplied to an HSM to translate
NB: in production, you'd never have access to a clear BDK