|
2
The component values in each comvelope are encrypted and loaded
into the A98 database, referenced by the comvelope control
number.
3
To establish a new or replacement key in the ATM, any combination
of two employees or servicers each select a random comvelope
and enter the component value into the ATM according to the
manufacturer's instructions. The ATM combines the two components
to form an initial key that is both unique and secret.
4
Each servicer dials the voice response unit of the A98, enters
their user id and passcode, then reports the comvelope control
number along with the ATM ID.
5
The A98 unit now has the reference numbers for the components
that have been entered into the ATM. A98 retrieves and decrypts
the component values and combines them to form a key identical
to the one now in the ATM.
6
A98 encrypts this new key using a KEK, key encrypting key,
that has been established with the host ATM software application.
7
The A98 system sends this cryptogram of the newly created,
unique ATM key to the host application using an ISO-8583 message.
The host application parses the message, decrypts the key,
and updates its ATM database.
8
When the ATM is turned on and connects to the host, it is
sent a new PIN encryption key, which is encrypted by the newly-created,
unique initial key.
Related documents:
A98 System Description
(PDF 486 KB)
A98 Users Guide
(PDF 2,337 KB)
A98 Servicer Guide (PDF
195 KB)
A98 VRU Guide (PDF 37 KB)
|
