Service Bureau  
A98-C Card Services
Training & Consulting

A98's service bureau option offers remote key loading and Comvelope key loading to companies without those companies having to purchase any equipment. If you are interested in the A98 Service Bureau, please contact TSS at As an added benefit, A98 Service Bureau customers can later purchase A98 equipment at a discount. One year of service bureau charges will be applied at a 50% rate toward the cost of an A98 unit! A98 Service Bureau customers get the immediate benefits of compliant key loading, plus an economical path to support operations as the business grows.

Overview of A98's Service Bureau
Trusted Security Solutions (TSS) offers a Service Bureau for the management of initial ATM keys for organizations with a modest number of ATMs.

The Service Bureau Customer registers their ATMs by providing the ATM manufacturer and model along with a unique identification number to TSS. Comvelopes are purchased from TSS in quantities of 100. The Customer's servicers load the contents of the Comvelopes into ATMs as required and place a phone call to the Service Bureau A98 located at TSS's facilities. The servicers report the ATM ID and Comvelope ID. The A98 retrieves the contents of the Comvelopes within the Tamper Resistant Security Module (TRSM) and creates the same key that was just loaded into the ATM. A unique Key Encrypting Key (KEK) shared between each Service Bureau Customer and TSS encrypts the just loaded ATM key under that particular KEK. The A98 sends this cryptogram and the ID of the ATM to the Customer. The information in the message is extracted and entered into the database of the Host ATM Software package. Each time the A98 Service Bureau is used, a new unique key is established in that ATM in a fully compliant manner.

Service Bureau Description
For either remote key loading or Comvelope loading, a Key Encrypting Key (KEK) must be established between the Servicer Bureau A98 and the customer. The KEK is established between TSS and the Customer using manual key management methods. TSS will generate this KEK and send the components to the key custodians designated by the Customer. This KEK is generated as three (3) double length (112 bits) components and is printed directly into tamper evident envelopes. The three components can be sent to each of the three key custodians using three separate express couriers. The ATMs will also be registered at this time. The ATM vendor and model, the type of key management as well as a unique numeric identifier, is established for each ATM. The Servicer IDs and their initial Access Codes will also be established at this time.

Remote Key Loading
The Service Bureau customer and TSS work together to establish a VPN from their ATM communication facilities to the TSS Service Bureau A98. ATMs to be remotely keyed are temporarily diverted from their normal transaction path to the TSS VPN. In a communication session taking approximately 45 seconds, the A98 will automatically and compliantly key the ATMs. The cryptogram of the new key is simultaneously sent either electronically or by email to the customer’s ATM administrator for insertion into the ATM key database. Immediately after establishing an initial key into an ATM by either the Comvelope method or Remote Key Loading, the ATM is ready for normal use.

Service Bureau Description
1. Print and Distribute the Comvelopes - TSS will generate and print the Comvelopes. A Single ADMIN role can generate the Comvelopes and the Cipher Key to protect them, but two (2) TSS key custodians are required to enter their passwords to emit the Comvelopes to the printer. The printed Comvelopes exit the printer attached to the TSS A98 face down. None of the contents of any Comvelope are visible. The face down Comvelopes are taken to the pressure sealer under dual custodianship and sealed. The contents of the Comvelopes are encrypted by the cipher key. The Cipher key is commpliantly transported to the Customer site. The Cipher Key and Comvelope contents are imported into the TSS A98 by a TSS ADMIN role. The physical Comvelopes are packaged together and sent to the Customer. The customer then distributes the Comvelopes to the various ATMs or to the appropriate staging locations.

2. Load Key into ATM - When it is time to load an initial key into an ATM, two people selected by the Customer each select a Comvelope at random from the population of Comvelopes. The first person inspects the Comvelope for any signs of tampering. If it has not been tampered, the Comvelope is opened and the contents loaded into the ATM following the manufacturer's instructions. If the ATM reports the Key Check Value (KCV), this person then verifies that the KCV corresponds to the one printed in the Comvelope.

3. Report the Terminal ID and Comvelope ID - The first person calls the TSS A98 and enters their Servicer ID and Access Code. After verification, the Servicer is invited to enter the ATM ID and Comvelope ID. The A98 reports the KCV back via the IVR and the first person verifies the KCV is as expected.

4. The Second Servicer - A second person selects a Comvelope at random from those available and repeats steps 3 and 4. At this point, a unique key has been established in the ATM. That same key now exists on the A98 encrypted under the KEK shared with the Customer.

5. Cryptogram of ATM Keys are sent to the Host - The TSS A98 formats an E-mail message containing the ATM ID, the cryptogram of the ATM key just established and the Key Check Value for the newly established ATM Key. The E-Mail message is sent to the Customer.

6. The Customer receives the E-Mail message - The E-Mail message is received by the Customer and is processed to parse the Terminal ID, the Cryptogram of the ATM Key and the KCV. The ATM key must be translated from encryption under the KEK to encryption under local system HSM's MFK. For an HSM that implements the Atalla architecture, a CMD 13 - Translate Working Key for Storage - is used. Thales and other HSMs have similar commands for translation.

7. Enter the information into the Host ATM Software - A manual process can be used to enter the cryptograms and ATM ID information into the Host ATM Software. Alternatively, the process may be automated.

8. A New PIN Encryption Key is sent to the ATM - After the ATM resumes online status, most ATM software packages will send a new PIN encryption key to the ATM encrypted by the ATM key that was just established. After this step is complete, normal operations resume. The ATM is ready for transactions.

Related documents:
A98 Service Bureau Guide (PDF 237kb)


Trusted Security Solutions, Inc. | 704.849.0036 |

© Trusted Security Solutions, Inc. All Rights reserved in all media.