Basically, the single-use key (SUK) - also called the limited-use key (LUK) - is the password that joins the token with the actual card number, and, without it, the token can not be validated by the token service provider and matched to the actual card number to successfully complete a purchase. No other master key data is stored on the device. If the device is rebooted and has no network connection, it cannot decrypt LUKs / SUKs and, therefore, cannot be used for in-store transactions.