A system that secures a Base Derivation Key (BDK) in a facility for injecting Derived Unique Key Per Transaction (DUKPT) devices uses software for securing the BDK rather than a Tamper Resistant Security Module (TRSM). The system comprises a symmetrical key generator, a symmetric encryption device, a concatenating device, an asymmetrical key pair generator, and an asymmetrical encryption device. The symmetrical key generator randomly generates an encryption key for a symmetrical encryption method. The symmetrical key is provided to the symmetric encryption device for encrypting a segment of a BDK with a symmetrical key. The asymmetrical encryption device uses the public key of a randomly generated private/public key pair generated by the asymmetrical key pair generator to asymmetrically encrypt the symmetrically encrypted BDK segment and the symmetrical key. The public key is then destroyed and the private key is stored on the computer.