ATM Solutions

  Summary  
Process
Host Connection
User Interface
A98-D & MultiVendor Middleware

  

   ATM Solutions > Remote Key > Summary

  • Automatically creates and distributes ATM master keys
  • eliminates manual on-site key loading
  • reduces key management costs
  • conforms to ANSI and TG-39 security standards
  • Implements NCR, Diebold, Wincor-Nixdorf, and Triton protocols
  • Incorporated into the existing A98 platform to provide the most efficient and complete solution for both legacy and remote key ready ATMs

The A98-R automates both the generation and distribution of cryptographic keys for ATMs. The A98-R is compatible with ATMs that use RSA-enabled encrypting pin-pads (EPPs). The A98-R delivers random master keys in full compliance with the latest ANSI standards (X9.24 Part 2), TG-39, and with all known network mandates for Triple-DES and unique keys per ATM.

The A98-R implements Diebold's Certificate Based Protocol (CBP), NCR's Signature Based Protocol (SBP). Wincor’s SBP, and Triton’s CBP protocols. Other remote key protocols will be provided in future releases as they become publicly available and commercially viable. The Diebold and Triton approaches uses X.509 certificates and PKCS message formats to transport key data. NCR and Wincor's methods relies on digital signatures to ensure data integrity. Both processes require the ATM's EPP to be loaded at the factory with signed public keys or certificates. In addition, an A98 public keys or certificates must be signed by the ATM manufacturer’s designated Certificate Authority (CA) or Trust Authority (TA) and imported back into the A98 during system initialization.

The remote key process requires the A98 to be authenticated by the ATM. In this step either the signed A98 public key or its certificate is sent from the A98 to the ATM. Once verified, the ATM will send its EPP public key to the A98. (In the case of Diebold, both an encryption and verification EPP public key is sent.) The A98 stores the EPP data and then generates a new DES key, encrypts it with the EPP's public key, prepares the required message format, and sends this new master key to the ATM. When the EPP responds that it successfully loaded the key, A98 sends a cryptogram of this new key to the host for loading into the terminal data base.

In most cases, the A98 Remote Key module the interfaces a minor modification to the ATM terminal handler or device driver. Trusted Security Solutions has defined an XML data structure that will be used to communicate with the driver over a TCP/IP link. This approach confines modifications to the ATM device driver and eliminates any need to change the host security module or terminal driving application software. All the public key cryptography, message formatting, database access, and user interface programming is provided in the A98 module. The A98-R will also support a direct connection to the ATM and Trusted Security Solutions can also provide an independent interface solution for many hosts. For more information, please contact TSS at info@trustedsecurity.com.

By integrating the remote key module into the conventional A98 platform, Trusted Security Solutions continues to lead the industry by providing the most efficient, compliant, and cost-effective key establishment solution for all ATMs.

Related documents:
Remote Key Brochure (PDF 748kb)
Remote Key Brochure En Español (PDF 704kb)

  

 

| Home | ATM Solutions | Other Products and Solutions | Resources | About Us | Contact Us |

| Legal Notice | Site Map | Privacy Statement |

Trusted Security Solutions, Inc. | 704.849.0036 | info@trustedsecurity.com

© 2011 Trusted Security Solutions, Inc. All Rights reserved in all media.