Service Bureau Description

1 - Establish the KEK - A Key Encrypting Key (KEK) is established between TSS and the Customer using manual key management methods. TSS will generate this KEK and send the components to the key custodians designated by the Customer. This KEK is generated as three (3) double length (112 bits) components and is printed directly into tamper evident envelopes. The three components are sent to each of the three key custodians using three separate express couriers. The ATMs will also be registered at this time. The ATM vendor and model, the type of key management - either multiple full length key components or split Left and Right halves - as well as a unique numeric identifier, is established for each ATM. The Servicer IDs and their initial Access Codes will also be established at this time.

2 - Print and Distribute the Comvelopes - TSS will generate and print the Comvelopes. A Single ADMIN role can generate the Comvelopes and the Cipher Key to protect them, but two (2) TSS key custodians are required to enter their passwords to emit the Comvelopes to the printer. The printed Comvelopes exit the printer attached to the TSS A98 face down. None of the contents of any Comvelope are visible. The face down Comvelopes are taken to the pressure sealer under dual custodianship and sealed on the Moore PS-5 pressure sealer. The contents of the Comvelopes are encrypted by the cipher key and copied to a diskette. The Cipher key is encrypted by the KEK established in 1 above and the cryptogram copied to the diskette. The Cipher Key and Comvelope contents are imported into the TSS A98 by a TSS ADMIN role. The physical Comvelopes are packaged together and sent to the Customer. The customer then distributes the Comvelopes to the various ATMs or to the appropriate staging locations.

3 - Load Key into ATM - When it is time to load an initial key into an ATM, two people selected by the Customer each select a Comvelope at random from the population of Comvelopes. The first person inspects the Comvelope for any signs of tampering. If it has not been tampered, the Comvelope is opened and the contents loaded into the ATM following the manufacturer's instructions. If the ATM reports the Key Check Value (KCV), this person then verifies that the KCV corresponds to the one printed in the Comvelope.

4 - Report the Terminal ID and Comvelope ID - The first person calls the TSS A98 and enters their Servicer ID and Access Code. After verification, the Servicer is invited to enter the ATM ID and Comvelope ID. The A98 reports the KCV back via the IVR and the first person verifies the KCV is as expected.

5 - The Second Servicer - A second person selects a Comvelope at random from those available and repeats steps 3 and 4. At this point, a unique key has been established in the ATM. That same key now exists on the A98 encrypted under the KEK shared with the Customer.

6 - Cryptogram of ATM Keys are sent to the Host - The TSS A98 formats an E-mail message containing the ATM ID, the cryptograms of the ATM keys just established and the Key Check Values for the KEK and the newly established ATM Keys. The E-Mail message is sent to the Customer.

7 - The Customer receives the E-Mail message - The E-Mail message is received at the Customer and is processed to parse out the Terminal ID, the Cryptograms of the ATM keys and the KCV's. The ATM keys must be translated from encryption under the KEK to encryption under MFK. For an HSM that implements the Atalla architecture, a CMD 13 - Translate Working Key for Storage - is used.

8 - Enter the information into the Host ATM Software - A manual process can be used to enter the cryptograms and ATM ID information into the Host ATM Software. Alternatively, the process may be automated.

9 - A New PIN Encryption Key is sent to the ATM - After the ATM reconnects, most ATM software packages will send a new PIN encryption key to the ATM encrypted by the ATM key that was just established and normal operations resume.

Related documents:
A98 Service Bureau Guide (PDF 237kb)