In addition, the ATM/Kiosk owner retains more control of the process. The content, approach and key milestones of the study are fully synchronised with, and make use of, the technology that is being developed within the SESAR programme, combined with operational improvements. It supersedes all other versions of the Master Plan. You now enjoy a less expensive solution than traditional alternatives. The 2020 Edition of the European ATM Master Plan was published in December 2019. All other keys (sub-keys) are encrypted by the host’s HSM.Īs FIs take back more functionality of the ATMs and build custom branch Kiosks with PIN pads, there’s a growing need for an independent means to generate and automatically load “PIN Encrypting Keys” (PEKs) and other sub-keys into the EPP. For this application, the TSS A98 System provides the “Terminal Master Key” (TMK) to both the EPP and the transaction host. TSS, as the leader and pioneer in asymmetric key loading, offers solutions to facilitate remote key loading of practically any EPP on the market (including the PCI PTS 3.X and 5.X EPPs that use SHA256 hash algorithms).
Dual control, split knowledge key loading is now replaced with public key cryptography for most EPPs on the market.
Asymmetric Key Management System Solutionīackground– How it works: Encrypting PIN Pads (EPPs), those tamper resistant security modules (TRSMs) at ATM’s, POS devices and Kiosks store a master cryptographic key and sub-keys inside the device. The resulting string is the Key Check Value (or part of the Key Check Value).A98 Remote Key Loading Solutions for ATMs and Self Service Kiosks Once the clear key is obtained, it encrypt string of zeroes with the PIN key and return the result (not all, probably just the first six character). So, when you inject the encrypted key (say PIN key), the ATM perform a decryption operation using TMK. This value is actually a result of encrypting string of zeros with the key (using the chosen algorithm). When injecting an encrypted key or key component, usually the key comes with a Key Check Value (KCV). So, how can you be sure that you have injected the correct key ? Now, if the key or key component comes in clear text, it would be very easy to check whether the you have typed the correct key when it is injected. Even after it is being encryption, usually it is splitted into components. Assuming that the ATM does not support Remote Key Injection (RKI), then you (or someone else) have to go to the ATM site and inject the key.įor security reason, the PIN key to be loaded is encrypted with Terminal Master Key before it is carried to the ATM. For transaction purpose, this ATM require a PIN encryption key (PEK) which is loaded when the ATM is already installed somewhere. You produce an ATM machine, during the production a Terminal Master Key is loaded into the ATM (this key loading/key injection must be performed in a secure site, implementing split knowledge and dual control). Why don’t just inject a clear text key ? Well, if it is in clear text, definitely the person who injected the key has the knowledge of the key that person is not always you. 
When loading a key to the device, it is advisable that the key to be loaded is encrypted with a higher key in the hierarchy to add more security layer.
0 kommentar(er)
