6.5.2.3.3 DDTK: DecoderDefaultTransferKey
DDTK values are used to support payment meters allocated to a default SupplyGroup. A payment meter that has not been allocated to a Common SupplyGroup or a Unique SupplyGroup at the time of manufacture or repair cannot be loaded with its corresponding DCTK or DUTK value. Instead it is allocated to a Default group unique to each manufacturer and loaded with its corresponding DDTK value. Each MeterManufacturer receives a unique VDDK, from which he generates all DDTK values for installation into payment meters during manufacture.
DDTK值用于支持分配给默认供应组的付费计量表。在制造或维修时未分配给通用供应组或唯一供应组的付费仪表不能加载其相应的DCTK或DUTK值。相反,它被分配给每个制造商唯一的默认组,并加载相应的DDTK值。每个仪表制造商收到一个唯一的VDDK,从它生成所有DDTK值安装到付费仪表在制造过程中。
Subsequently, at the time of installation or operation, a payment meter that has now been re-
allocated to another specific SupplyGroup can be loaded with the corresponding DUTK or DCTK value, encrypted under its parent DDTK. DDTK values are the property of the respective MeterManufacturer or Utility and are managed within the KeyManagementSystem.
随后,在安装或运行的时候,一个付费表计已经重新进行了分配给另一个特定的SupplyGroup可以加载相应的DUTK或DCTK值,该值在其父DDTK下加密。DDTK值是各自的仪表制造商或公用事业的属性,并在KeyManagementSystem中管理。
A DDTK is a secret value, and shall not be accepted by a payment meter as a plaintext value. A payment meter shall only load a DDTK if it is encrypted under the parent DecoderKey present in the DecoderKeyRegister.
DDTK是一个秘密值,它不能作为明文值被付费仪表接受。如果DDTK是DecoderKeyRegister中存在的父解码密钥下加密的,付费仪表才会加载它。
A DDTK shall only be used for the following key management functions:
• as the parent key for another DDTK; in other words, to encrypt another DDTK for the purpose of introducing it into the DecoderKeyRegister;
• as the parent key for a DUTK, and
• as the parent key for a DCTK, but only in a payment meter using an erasable magnetic card as a token carrier (for TCT value = 01 ).
DDTK只能用于以下关键管理功能:
- 作为另一个DDTK的父键;换句话说,加密另一个DDTK,以便将它引DecoderKeyRegister;
- 作为DUTK的父键
- 作为DCTK的父键,但仅在使用可擦磁卡作为令牌载体的付费仪表中(为TCT值= 01)。
The above functions may be performed via the key change token set, or via a manufacturer’s proprietary loading mechanism that utilizes the key change token set. A DDTK shall not be used to decrypt a DITK for the purpose of introducing it into the DecoderKeyRegister.
上述功能可以通过密钥更改令牌集执行,也可以通过使用密钥更改令牌集的制造商专有加载机制执行。不得使用DDTK来解密将其引入DecoderKeyRegister的DITK。
A DDTK can also be used to decrypt other meter-specific management functions. It shall not be used to decrypt and accept an STS credit transfer function; in other words, a valid TransferCredit token shall not be accepted by a payment meter that contains a DDTK in its DKR, even if the TransferCredit token has been encrypted with the same DDTK value.
DDTK还可以用于解密其他特定于仪表的管理功能。不得用于解密和接受STS信用转移功能;换句话说,有效的TransferCredit令牌不应被DKR中包含DDTK的付费仪表接受,即TransferCredit令牌已使用相同的DDTK值进行加密。
NOTE The emphasis is on the acceptance and not on the decryption of the TransferCredit token.
这里的重点是接受,而不是TransferCredit令牌的解密。
Similarly a POS device used for encrypting tokens shall not encrypt TransferCredit tokens using DDTK values (see also 6.5.2.4).
类似地,用于加密令牌的POS设备不得使用DDTK值加密TransferCredit令牌(参见6.5.2.4)。