Host Connection
User Interface


The A98 method provides an innovative and patented approach for establishing a unique initial key in ATMs. Instead of generating a key and then splitting it into components or generating components and assigning these components to a specific ATM, the A98 process does not create or assign the new key until the point at which two random numbers are actually loaded into the ATM and phone calls by two key custodians (field servicers) are made to the A98 Interactive Voice Response unit. This process eliminates the logistical problems and costs associated with traditional means of compliant key component creation and management.

1. A quantity of randomly-generated 32 character hex values are printed on tamper evident Comvelopes© which are similar to laser pin mailers. These Comvelopes are distributed to the ATM sites or given to service personnel.

2. The random numbers in each Comvelope are encrypted and loaded into the A98 database, referenced by the Comvelope control number.

3. To establish a new or replacement key in the ATM, any combination of two employees or servicers each select a random Comvelope and enter the random number value into the ATM according to the manufacturer's instructions. The ATM combines the two random numbers to form an initial key that is both unique and secret. Servicers are then advised to destroy the part of the Comvelope with the random number.

4. Each servicer dials the voice response unit of the A98, enters their user id and passcode, then reports the Comvelope control number along with the ATM ID.

5. The A98 unit now has the reference numbers for the components that have been entered into the ATM. A98 retrieves and decrypts the component values and combines them to form a key identical to the one now in the ATM.

6. A98 encrypts this new key using a double length KEK, key encrypting key, that has been established with the host ATM software application.

7. The A98 system sends this cryptogram of the newly created, unique ATM key to the host application using an XML or ISO-8583 message. The host application parses the message, decrypts the key, and updates its ATM database.

8. When the ATM is turned on and connects to the host, it is sent a new PIN encryption key, which is encrypted by the newly-created, unique initial key.

Related documents:
A98 For Triple-DES (PDF 756kb)
A98 For Triple-DES En Español (PDF 580kb)


Trusted Security Solutions, Inc. | 704.849.0036 |

© Trusted Security Solutions, Inc. All Rights reserved in all media.