The A98 implements Remote Key (public key) technology using the same “non-intrusive” philosophy as was used for conventional single and triple DES symmetric key technology. When a new key is needed for a Remote Key enabled ATM, the host system passes the Remote Key request to the A98 and all of the cryptography is handled within the A98 system. With the A98-D Direct Connect, the A98 can communicate directly with the ATM and remote key the ATM. With modifications made to the host terminal handler, the host passes XML messages to the A98-R so that the A98 can rekey the ATM.
The A98-R implements Diebold's and Triton’s Certificate Based Protocols (CBP), and NCR, Wincor, Nautilus Hyosung, and GRG's Signature Based Protocol (SBP). Other remote key protocols will be provided in future releases as they become publicly available.
2. To establish a new or replacement key in a Remote Key enabled ATM, depending on the ATM and the host software platform, Remote Key requests can originate from the terminal, a telephone, the A98, or an application within the host software.
4. The ATM sends the EPP serial number to the A98-R encrypted by its public key or certificate. The A98 verifies the message and sends a message back to the EPP encrypted by its public key or certificate.
6. The A98-R receives the key request and generates a random terminal master key and encrypts it with the public key of the EPP and “signs” the new TMK message. This message is sent to the EPP. The EPP verifies the signature, decrypts the new terminal master key, and stores the key.
7. If the dialogue has been successfully completed, the EPP sends a notification back to the host that it has loaded the new terminal master key including a Key Check Value (KCV) of the new key. If the terminal key load is unsuccessful, an appropriate error message will be returned to the host.
8. Upon receiving a “successful” terminal master key load message from the EPP with the correct KCV, the host will establish the new TMK in the key database.
* If the A98-D is used, communication to the EPP during the rekey process is directly to the A98. Some other configurations have the host receiving the data from the ATM and acting as a “pass through” to the A98-R. In this general description of the A98 Remote Key Loading process, we use the term “host” or A98-R interchangeably as a target for dialogue to and from the EPP.
Trusted Security Solutions, Inc. | 704.849.0036 | firstname.lastname@example.org
© Trusted Security Solutions, Inc. All Rights reserved in all media.