TSS Other Products & Solutions

The A98 POS Initial Key Establishment System has been thoroughly researched and undergone extensive design. It relies on the fundamental operations of the A98 ATM Initial Key Establishment System. However, the A98 POS system is not yet fully developed. Please send all inquiries to Info@trustedsecurity.com.

The Unique Key per Device Problem

American National Standard X9.24 (ANS X9.24) - Retail Key Management - requires each PIN encryption device to contain a unique key. Most Network Operating Rules (NOR) now also require a unique key per device. Many organizations mistakenly assume that downloading a unique key, encrypted by a manually loaded key that is global in scope or is not secret, is compliant with ANS X9.24 and the NORs. However, the initial key must also be unique as well as secret.

Providing a unique key per POS is a particularly difficult task due to the complexity of the key management procedures traditionally employed. Solutions currently available to load keys into POS devices generally lack the functionality required to facilitate the loading of a unique key per device. For example, widely used POS software was not written to support the loading of a unique key per device and requires a restart for every device being loaded. Vendor specific key loading equipment often requires the acquisition and subsequent management of multiple diverse systems. Solutions employing public key cryptography have been proposed, but are not compliant with ANS X9.24. Also, public key solutions have a major impact on the current infrastructure and systems, usually requiring an upgrade to the host software and Host Security Module (HSM). Such changes translate into increased costs.

Using traditional manual methods of key management, involves management of large numbers of key components. Manual management can be a costly, prone to errors, and difficult to audit. The A98-P solution described here avoids all of these problems and provides an easily implemented method of POS key establishment.

The A98 POS Initial Key Establishment System (A98-P) represents Trusted Security Solutions' response for an improved solution to establish unique cryptographic keys for Point Of Sales (POS) devices.

The A98-POS can be used to load and manage POS keys both at a centralized facility, and at a remote location where the device is to be deployed. This innovative approach to re-keying in the field is a primary advantage of the A98-P solution.


	The A98-P solution offers a total system that: Simplifies the establishment of unique keys per POS device Supports both MKSK and DUKPT Key Management of POS devices Supports both centralized and remote key loading Supports remote key establishment by a single key custodian Is fully compliant with all network operating rules and standards Automates all logging functions Supports all RS-232 attached POS vendor devices Automates the establishment of a unique POS key per device at the host Simplifies POS device deployment and inventory control Utilizes a Key Injection Unit with a PIN Pad footprint Includes all necessary components, documentation, installation, training and support

Centralized Operations
The A98-P system includes two major components, the A98-P system unit that is responsible for the generation of all keying material and the Key Injection Units (KIU). The KIU is based on the Checkmate CM2100 PIN pad to which special programming has been added. Multiple KIUs are connected via a shared RS-232 port to the A98-P system unit. The system unit and each KIU share a Key Encrypting Key (KEK). Keys are created on the A98-P system unit and sent to a KIU encrypted by the KEK.

Since the A98-P system unit supports both Master Key Session Key (MKSK) and Derived Unique Key Per Transaction (DUKPT), the generated key will be either a Terminal Master Key (TMK) for a MKSK device or the initial TMK for a DUKPT device. The Target PIN Pad (TPP) to be injected is attached to the KIU. The KIU recovers the encrypted key sent to it from the system unit and injects the recovered key into the TPP. All operations are automatically logged and recorded on the system unit eliminating most of the record keeping associated with the loading of the keys into the TPPs.

The injected TPPs are placed into inventory until needed. Field Service Representatives (FSR) deploys TPPs without regard to assigning any specific device to a specific location. The FSR selects a random device for deployment into any store. The FSR calls the A98's integrated voice response unit (VRU) system unit to report the Serial Number of the TPP being deployed. The FSR enters the store and lane into which the TPP is being deployed. The A98-P assembles a standard ISO-8583 message containing the TPP ID and the cryptogram of the TMK it contains, encrypted by a KEK shared with the host system. The A98-P System Unit provides for either a Token Ring or Ethernet connection to communicate to the host that receives transactions from the POS devices. The host system receives the message and places the received key into the record for that device in the host database. The host sends an acknowledgement message back to the A98, and the VRU speaks the acknowledgement to the FSR. The acknowledgement indicates the key update is complete and requests the FSR to plug in the device. Once connected, the host system sees the device and is now prepared to accept transactions.

Remote On Site Key Establishment
The KIU is also capable of having one person compliantly establish a new key with a PIN pad while at a remote field location. The A98-P supports fully compliant single custodian remote location key establishment for both Master Key Session Key (MKSK) and Derived Unique Key Per Device (DUKPT) POS devices.

Master Key Session Key (MKSK) Support
A key custodian loads one key component into the KIU at the central repair depot, and this key component remains persistent in the KIU. The Persistent Key Component (PKC) remains in the KIU and is used for all subsequent key injections. A second key component is loaded into the KIU at the time a device is to be injected. A Comvelope is used as the source of the second key component. The second component is exclusive OR'd (XOR) with the PKC to form a new key for the target PIN pad. The KIU injects the newly created key into the target PIN pad. The FSR calls the A98 VRU and reports the Comvelope ID, PIN pad ID, the store and lane. The A98-P sends an ISO-8585 message to the host system enabling the update of the PIN pad key on the POS database.

Derived Unique Key Per Transaction (DUKPT) Support
A large number of Initial DUKPT keys are derived by the A98-P system unit and loaded into the KIU along with the corresponding Key Serial Numbers (KSN). At the remote location, the FSR connects the device to the KIU and a KSN and Initial Key are injected into the device. The KSN and the Physical Serial Number of the newly injected device are reported to the A98-P system unit using the VRU. The A98-P System Unit sends an ISO-8583 message to the host system to report the new KSN for the Physical Serial Number device.

System Summary
The A98-P System consists of a 4U (7") high rack mountable system unit that is network connected to the host system. The Host and the system unit need not be in close proximity. Either Token Ring or Ethernet is supported using either TCP/IP or CICS/Sockets protocols. A 15" color LCD display and keyboard with an integrated trackball are housed in a 1U (1.75") high rack mountable drawer to provide the human interface functions. The keyboard and display are used mainly for the management of the MFK and any Key Encrypting Keys that are shared with the host and the Key Injection Units (KIU). Multiple Key Injection Units (KIU) are attached to the system unit via a shared RS-232 connection. Each KIU shares a unique KEK with the system unit. Keys generated in the A98-P are sent to the KIU encrypted by the KEK. The KIU decrypts the key and injects it into the Target PIN pad that is attached to the KIU. The injected keys and device IDs are stored on the A98-P until they are deployed. The system unit also shares a KEK with the host system. At the time of deployment of a MKSK device, generated keys are encrypted by the KEK shared with the host and sent to the host in an ISO-8583 message. For a newly deployed DUKPT device, the Key Serial Number and the Identification for the Physical device are sent to the host. The host receives the encrypted generated Key or KSN along with the device ID and places the information into the host database device record.

Key injection jobs are created and input to the A98-P system unit by an authorized individual in response to some trigger event such as a sale or work order causing PIN Pads to be injected. Created jobs remain on the A98-P System Unit until they are executed. The jobs to be run are assigned to key loading technicians. The KIU serves as the technician's terminal to interface with the A98. All keys, both MKSK and DUKPT are created in the Cryptographic unit of the A98-P System Unit and sent to the KIU encrypted by the KEK shared with the System Unit. Full logging of all operations at every step is accomplished by the A98.

A single key custodian using a KIU can key both MKSK and DUKPT devices in the field at a remote site. Remote re-keying of MKSK POS devices utilize a Persistent Key Component that was loaded at the central site and a Comvelope to supply the second component. For DUKPT devices, a large number of KSN's and corresponding initial keys are generated in the A98-P and stored in the KIU. A KSN and initial key are injected into the device at the remote location. In both cases, the Identification of the device and either the Comvelope ID for a MKSK device or the Key Serial Number are supplied to the A98-P System Unit via a Voice Response Unit. No key or key components are ever supplied via the VRU or other means; only the identification information is supplied.

For more information on this product, please contact us at: info@trustedsecurity.com.

Trusted Security Solutions, Inc.
704.849.0036
info@trustedsecurity.com