A98 Automated Host Interface

The A98 requires a connection to the host ATM-driving application to fully automate the initial key establishment process. The A98 System and the host to which it is attached communicate using an ISO-8583 messaging protocol as shown below. The newly established ATM key is sent from the A98 to the host using 18xx message formats. The message containing the new ATM key also contains additional information to minimize errors, for example key check values.

In addition to the new ATM key being sent from the A98 to the Host, the Host can send certain information to the A98 to provide updates to the information kept by the A98. In particular, the Host can add a new ATM, change parameters for an existing ATM, delete an ATM or query the parameters for a specified ATM by the use of 13xx messages.

   
 


Trusted Security has worked with
its business partners enabling
them to develop and provide this interface between A98 and their respective applications.
Please contact them for details.
 
     
Trusted Security offers a "Host Proxy" module that runs on a PC network-connected to the A98. This application simulates an ATM host. It receives key updates from the A98 unit and displays these cryptograms for testing or for actual non-automated entry into the host application.
 
Host Connection Overview:
• Physical attachment via EtherNet
• Logical attachment via TCP/IP - static address
• Multiple host definitions supported
• Each ATM can have a different host defined for it
• Each Host has a KEK defined for it
• Connection (Socket) established at A98 startup time
• Message format configured as ISO-8583
• Host receives, interprets, and uses the message to make ATM database updates
 

Trusted Security Solution's Host Partnerships

Many Host Software Companies provide a direct interface to the A98 System. Among those companies are Mosaic/S1 Corporation, eFunds, S2 Systems, CV Systems, Euronet, and Interpro Technologies. If you currently use one of these companies, please contact your sales representative in order to get a quote for the direct interface from them to the A98 System. If you use proprietary software (as does a number of our current clients,) we welcome the chance to share the necessary technical knowledge you would need from us to directly interface with the A98. Trusted Security Solutions has taken the initiative to provide an interface to ACI's Base 24™ Release 6.X product. The following is a detailed description of that interface.

 

BASE24™ Host Connectivity

This section describes a software product provided by Trusted Security Solutions, Inc. (“TSS”) which enables an A98 system to communicate with Host Security Modules connected to a HP NonStop (i.e., Tandem) platform for the purpose of translating and storing ATM cryptographic information in a Base24 environment.

Click image to enlarge...
 

A new Tandem-based application, A98toB24, functions is installed on the Tandem. Connectivity between the A98 hardware/system system and the Tandem-based Agent is provided by the Telnet protocol, with the A98 serving as the client-side application and the Tandem providing the server-side functions.

Whenever the A98 system needs to store an ATM working key cryptogram within a Base24 system utilizing ACI's Transaction Security System (Base24/TSS) application, the A98 contacts the Tandem via Telnet and requests a service defined as A98toB24. This service provides the trigger to initiate the new Tandem-based application. The A98toB24 service is defined as DYNAMIC. This allows it to be initiated one-to-many times without pre-configuration of multiple static windows.

The A98toB24 subsystem obtains all information for its processing environment from the service definition within the Tandem Telnet Server definition. This information includes the following:

• EMS Event Log Information for Logging Agent's Status Messages
• Name of the HSM Interface Module to Use for Processing
• The Type of HSM to be Used (Atalla or RACAL)
• A TIMEOUT Period – Indicates the amount of time to wait for a message from the A98
• The location of the Base24/TSS CSECD file (which contains cryptogram information)

This information is passed to the A98toB24 service instance via the standard Tandem TACL startup sequence. As the A98toB24 process (“The Agent”) initializes, it logs all copyright, version and initialization information to the designated EMS log process in fully-tokenized event messages. The process then issues a prompt to the A98 system consisting of the following text:

“A98toB24 > “

The Agent then posts a READ against the socket and waits for a message to be processed. If a message is not received within the time period specified via the timeout startup-parameter, the Agent terminates and the socket is dissolved.

When a message is received by the Agent from the A98, the message will be authenticated, and then processed. The lexicon for communication between these two parties must include at least the following information:

• ATM Terminal ID
• ATM Working Key (encrypted under a key-exchange key)
• A response-code field to allow the Agent to notify A98 of any error conditions

When the Agent receives a valid request message, it will initiate the following steps:

If utilizing an Atalla HSM:

• Format an 11B command to send to the designated HSM.
• Issue the 11B command to the HSM and wait for a response
• Receive and validate the 21B response
• Extract information from the HSM response message
• Perform a READ w/LOCK against the CSECD file for the designated ATM
• UPDATE the CSECD record with the new cryptogram
• Format a response message to the A98 indicating the outcome of all steps

Configuring a Racal or other HSM would be similar to the Atalla model using the HSM specific command set.

If an error or timeout occurs at any stage, an appropriate error condition will be noted in the response message sent to the A98. All error conditions encountered by the Agent will cause the Agent to produce a diagnostic EMS event message. These messages will allow post-diagnosis of the problem should a customer report a problem.

The Agent will be a single-threaded process. It will fully-process each request received from beginning to end before it will attempt to receive another request from the A98. If a multi-thread environment is desired, the A98 may open multiple sockets with the Tandem platform, thus creating multiple paths for simultaneous processing. Once a single Agent thread completes a request and responds to the A98, it will again go into a “listen” mode looking for additional requests. Once a period of time passes (as indicated by the TIMEOUT startup parameter) without receipt of a new request, the Agent will shutdown. Additionally, the A98 may issue a “DISCONNECT” command to indicate to the Agent that it should shutdown without delay.

For more information about this or any other host interface, please contact us at: info@trustedsecurity.com .

Base 24™ is a registered trademark of Transaction Systems Architects, Inc

 


Related documents:
A98 ISO-8583 Message Formats (PDF 110kb)
   
 
 

| Home | About Us | ATM Solutions | Other Products | Training & Consulting | Resources | Contact Us |
| Legal Notice | Site Map | Privacy Statement |
Trusted Security Solutions, Inc.
704.849.0036
info@trustedsecurity.com