The A98 implements Remote Re-Key (public key) technology using the same “non-intrusive” philosophy as was used for conventional single and triple DES symmetric key technology. When a new key is needed for a Remote Re-Key enabled ATM, the host system passes the re-key request to the A98 and all of the cryptography is handled within the A98 system. This approach confines modifications in host platforms to the ATM device driver and eliminates any need to change the host security module or terminal driving application software to accommodate this new means of automated key loading.

The A98 currently supports NCR's Signature Based Protocol (SBP) and Diebold's Certificate Based Protocol (CBP). Trusted Security Solutions will support other Remote Re-Key protocols as they become commercially viable.

Initialization Phase

1 A prerequisite for using Remote Re-Key is for each customer to generate a set of keys and to have them “signed” from the Certificate Authority for the protocol required. In the case of Diebold, the Certificate Authority is Identrus . For NCR the Certificate Authority is NCR itself. The A98-R instructs and leads the A98 Administrator in how to obtain signatures from these two sources. Once signed public keys are received by the A98 user, they are entered into the A98. The ATM manufacturer as well must have completed a similar initialization phase securing root keys, and unique EPP encryption and signature keys for the EPP at the ATM.

2 To establish a new or replacement key in a Remote Re-Key enabled ATM, depending on the ATM and the host software platform, re-key requests can originate from the terminal, the A98, or an application within the host software. A re-key request stimulates the host to initiate a remote re-key dialog with the ATM and the A98-R.

Mutual Authentication

3 With public and private key pairs now present in the A98 and in the ATM's EPP, mutual authentication begins with the host sending its verification public key to the EPP.

4 The EPP verifies signature on the host verification key and then sends its encryption public key and is verification public key back to the host. The host receives this information and “verifies” the signature on the EPP encryption public key and the EPP verification public key.

Key Delivery

5 With mutual authentication successfully completed, the host receives a request to deliver a new terminal master key to the EPP.

6 The host (A98-R) generates a new terminal master key and encrypts it with the encryption public key of the EPP and “signs” the new TMK message. This message is sent to the EPP. The EPP verifies the signature and decrypts the new terminal master key.

7 If the dialogue has been successfully completed, the EPP sends a notification back to the host that it has loaded the new terminal master key. If the terminal key load is unsuccessful, an appropriate error message will be returned to the host.

8 Upon receiving a “successful” terminal master key load message from the EPP, the host will establish the new TMK in the key database.

* In this general description of the A98 Remote Re-Key Loading process, we use the term “host” as a target for dialogue to and from the EPP. Essentially, the host receives messages or statuses from the EPP and sends them to the A98-R for processing. The A98-R processes the messages and returns them back to the host to forward to the EPP. We use the term host throughout this description in order to minimize confusion.

Related documents:
Remote Re-Key Brochure (185kb)