Summary
Process
Equipment
Comvelopes
  Host Connection  
User Interface
TG-3

 

A98 Automated Host Interface
The A98 requires a connection to the host ATM-driving application to fully automate the initial key establishment process. The A98 System and the host to which it is attached communicate using either an XML or ISO-8583 messaging protocol as shown below. The newly established ATM key is sent from the A98 to the host using one of the message formats. The message containing the new ATM key also contains key check values used to validate the received and stored key.

In addition to using a Host interface to send the new ATM key from the A98 to the Host, the A98 can use the existing or separate Host connection to share ATM and other customer based data.

Trusted Security has worked with its business partners enabling them to develop and provide this interface between A98 and their respective applications. Please contact them for details.

Trusted Security offers a "Host Proxy" module that runs on a PC network-connected to the A98. This application simulates an ATM host. It receives key updates from the A98 unit and displays these cryptograms for testing or for actual non-automated entry into the host application.

Host Connection Overview:

  • Physical attachment via EtherNet
  • Logical attachment via TCP/IP - static address
  • Multiple hosts supported simultaneously
  • Each ATM can have a different host defined for it
  • Each Host has a KEK defined for it
  • Connection (Socket) established at A98 startup time
  • Messaging
  • Host receives, interprets, and uses the message to make ATM database updates

Trusted Security Solution's Host Partnerships
Trusted Security Solutions supplies ACI BASE24™ and Postilion™ customers with a Host interface. Other host software companies have an A98 interface that they can provide to A98 customers. Some of these companies providing A98 Host interfaces are ACI Postilion, eFunds, CR2, Interpro, and CV Systems. If you currently use one of these companies, please contact your sales representative in order to gain information for the A98 interface.

If you use proprietary software (as does a number of Trusted Security Solutions current clients) we welcome the chance to share the necessary technical knowledge you would need from us to directly interface with the A98.

The following is a detailed description of the BASE24™ interface.

BASE24™ Host Connectivity (Comvelope solution)

This section describes a software product provided by Trusted Security Solutions, Inc. (“TSS”) which enables an A98 system to communicate with Host Security Modules connected to a HP NonStop (i.e., Tandem) platform for the purpose of translating and storing ATM cryptographic information in a Base24 environment.

A new Tandem-based application, A98RIF, is installed on the Tandem. Connectivity between the A98 hardware/software system and the Tandem-based Agent is accomplished by XML over TCP/IP with the A98 serving as the client-side application and the Tandem providing the server-side functions.

Whenever the A98 system needs to store an ATM working key cryptogram within a Base24 system utilizing ACI's Transaction Security System (Base24/TSS) application, the A98 initiates a connection with the A98RIF.

The A98RIF subsystem obtains all information for its processing environment from the Agent configuration file specified at process start-up. This information includes the following:

  • EMS Event Log Collector process for Logging Agent's Status Messages
  • Name of the HSM Interface Module to Use for Processing
  • The Type of HSM to be Used (Atalla&trade or Thales&trade)
  • A TIMEOUT Period – Indicates the amount of time to wait for a message from the A98
  • The location of the Base24/TSS CSECD file (which contains cryptogram information)
  • The TCP process name to use to receive connections from the A98 and the IP Port on which it will establish a listener socket.

As the A98RIF process (“The Agent”) initializes, it logs all copyright, version and initialization information to the designated EMS collector process in fully-tokenized event messages. The process then listens for connections on the specified IP address and port. When a connection is received, a new socket is created to connect to the incoming request, then the Agent returns to a listening state for other connections.

When a message is received by the Agent from the A98, the message will be authenticated, and then processed. The lexicon for communication between these two parties must include at least the following information:

  • ATM Terminal ID
  • Key name for the key exchange key
  • ATM Working Key cryptogram (encrypted under a key-exchange key)
  • A response-code field to allow the Agent to notify A98 of any error conditions
  • Key Check Value of the key contained in the cryptogram

When the Agent receives a valid request message, it will initiate the following steps:

If utilizing an Atalla HSM:

  • Format an 11B command to send to the designated HSM.
  • Issue the 11B command to the HSM and wait for a response
  • Receive and validate the 21B response
  • Extract information from the HSM response message
  • Perform a READ w/LOCK against the CSECD file for the designated ATM
  • UPDATE the CSECD record with the new cryptogram
  • Format a response message to the A98 indicating the outcome of all steps

Configuring a Thales or other HSM would be similar to the Atalla model using the HSM specific command set.

If an error or timeout occurs at any stage, an appropriate error condition will be noted in the response message sent to the A98. All error conditions encountered by the Agent will cause the Agent to produce a diagnostic EMS event message. These messages will allow post-diagnosis of the problem should a customer report a problem.

The Agent will be a single-threaded process. It will fully-process each request received from beginning to end before it will attempt to receive another request from the A98. If a multi-thread environment is desired, the A98 may open multiple sockets with the Tandem platform, thus creating multiple paths for simultaneous processing. Once a single Agent thread completes a request and responds to the A98, it will again go into a “listen” mode looking for additional requests.

For more information about this or any other host interface, please contact us at: info@trustedsecurity.com.

Related documents:
A98 For Triple-DES (PDF 756kb)
A98 For Triple-DES En Español (PDF 580kb)

 

Trusted Security Solutions, Inc. | 704.849.0036 | info@trustedsecurity.com

© Trusted Security Solutions, Inc. All Rights reserved in all media.