Comvelope Key Loading

A98 Initial Key Establishment System for ATMs for Other Devices and Applications

  • Symmetric Key Loading using Comvelopes™
  • Custom Application Keys

Traveling by horse and buggy in the early 1900s represents a good metaphor to describe legacy key loading techniques for ATMs.  Both processes are old fashion, outdated and slow.

The A98 ATM Initial Key Establishment System turned legacy key loading on its head.  Why build keys one at a time, break them into components and send them to individual ATMs when you can use TSS’s patented “Comvelope™ process” where key custodians choose and open two random numbers to create a key inside the ATM?  By using the A98 Interactive Voice Response (IVR) or a web portal, key custodians report their identifier of the random numbers used. The A98 System takes care of the rest by combining the same values inside the A98 HSM, placing the same key into the host, then documenting the event.   Manual key loading is now compliantly accomplished in a fraction of the time and expense it would take using legacy methods.

Since 1998, the Comvelope™ process represented a game changing solution for many large switches and FIs.  Since this time, TSS customers have used over four million Comvelopes™ to key ATMs.  If you’re still using legacy key loading techniques, consider investing in an A98 System or using the A98 ServiceBureau.  It is more efficient, lowers your costs and will reduce stress when your next audit comes around.

Custom Application Keys:  Dual Currency Conversion (DCC) and other third party applications may require Custom Application Keys” (CAK).  CAKs allow sensitive information to be sent to a host other than the primary transaction host encrypted in similar fashion to PIN data.  By using remote key loading or Comvelopes,™ custom keys are generated and stored compliantly in the EPP’s memory for use as needed.  A cryptogram of the same key is also transmitted to the Application host, translated and then stored.  This key is the used to authenticate data received by the application.

For more information on Comvelopes™ or best practices for symmetric key loading or your custom application keys, contact TSS at