Remote Key Loading Spread security. Unlock efficiency Cut costs increase security A smarter way to do business The hacker community is growing increasingly sophisticated – which means the financial community needs to do the same. But the key to a smart automatic teller operation lies in more than high security. Today’s business-minded financial institutions also demand efficiency. That’s why they depend on Remote Key Loading (RKL) from Cryptera. By replacing traditional dual-control splitknowledge – a manual approach to key installation and maintenance – with Cryptera RKL – a secure, on-line solution – key management becomes more cost-effective. More secure. More efficient. More simple. In other words: more intelligent. Cut costs Sending two-person teams to each ATM and administering key material has traditionally been an expensive, time-consuming task. And as card-issuing companies are demanding larger, more complex key sizes, the complexity of manual key entry and key handling is continuing to increase – along with the cost. Cryptera RKL allows banks to save on the generation, storage, distribution and manual handling of paper-based key information, as these procedures are either unnecessary with Cryptera RKL or controlled by the host system. Increase security The human factor involved in manual key handling increases the security risk of key exposure or misuse. With Cryptera RKL, human handling of key information is unnecessary. All information is safely transmitted online using secure cryptographic methods to protect and distribute keys. This enables secure installation and frequent periodic key updating, which increases overall system security. Streamline operations By definition, secure remote control is far more efficient than traditional dual split control. Eliminating the human factor also eliminates constraints regarding operational hours and distance – in addition to avoiding the risk of misuse of key information. Prevent headaches Because Cryptera RKL is based on open international standards, it is easy to implement at the host end. No proprietary standards; only the freedom to take a smarter approach to key management. 3 Remote Key Loading Key exchange host Host validates signature using public CA key of ATM certificates Host sends certificate with own public key Host requests a nonce from ATM Host generates and encrypts Terminal Master Key using ATM public key and generates signature and encryption result using own secret key atm ATM sends certificates with own public key ATM validates signature using public CA key of host certificate ATM generates a nonce and starts key exchange ATM validates signature and nonce using public key and obtains key by decrypting with secret key ATM sends receipt that information is correct A typical interaction for the exchange of the initial symmetric master key takes less than 60 seconds. A safer form of technology Cryptera RKL is based upon sophisticated, standardised and professionally accepted methods of cryptography. A variety of builtin authentication measures ensures that both the host and the ATM operate under fully secure conditions. central Certification Authority. In addition, the protocol uses dynamic messages, including “nonces” (nonce = number used only once) to protect against replay attacks. The “nonces” are digitally signed to provide mutual authentication. The protocol terminates with authentic confirmation of key reception. Two keys – maximum security The secure operation of Cryptera RKL depends upon cryptography using 2048 bit RSA keys, generated internally in the Cryptera encrypting PIN pad. Both the host and the ATM own a pair of keys – one secret key and one public key. The public key is used to encrypt data; the secret key to decrypt data. With RSA-based technology, the only party able to decrypt a given message is the owner of the related secret key. State-of-the-art cryptographic protocol The key exchange protocol uses X.509 certificates to verify that the public keys belong to valid encrypting PIN pads (EPPs)/hosts. This prevents “man-in-the-middle” types of attacks. The certificates are issued by a Cryptera SECURITY Cryptera’s standard RKL solution includes the following features: • 2048 bit RSA keys (generated internally in the encrypting PIN pad) • One RSA key pair for key encryption/decryption • One RSA key pair for data verification/signing • Public keys contained in X.509 certificates • Certificate-based protocol according to international ISO 11770-3 standard • EPP firmware programming interface compatible with XFS 3.03 API • Loading of externally generated X.509 certificates (if customer desires) OPTION • Establishment of secure communication channel to external Certification Authority and loading of externally generated X.509 certificates 5 Remote Key Loading Open standards flexible solutions A better way to serve customers With Cryptera, security is more than the technical measures that ensure safe transactions. “Cryptera security” also means people – more than 100 highly committed, highly skilled professionals who are dedicated to making your experience with Cryptera check out successfully on all counts. We’ve been providing high-security payment solutions worldwide since the 1980s. Cryptera is a world leading supplier of encrypting PIN pads and has several years of experience supplying EPPs and RKL solutions on an OEM basis. We’re here to support you too – so that not only you, but also your customers benefit from better service. Open standards = flexible solutions We don’t think banks should be locked into using one particular ATM supplier. So unlike our competitors, Cryptera supports open rather than proprietary standards to give financial institutions as much freedom of choice as possible. We also support a flexible approach to implementing RKL. Banks do not need to switch to the technology all at once – a gradual approach is an option for financial institutions that want to implement Cryptera RKL now and start using it later. By purchasing an encrypting PIN pad from Cryptera, it is possible to operate ATMs in a traditional mode until the host software vendor is ready to support the new key loading system. Prepared customers = satisfied customers When planning for the implementation of an RKL system, one of the major factors to consider is the support of RKL in the host system. Often the host relies on a dedicated, standalone Host Secure Module (HSM) provided by a third-party vendor. This means that the HSM module chosen or currently in use has to be able to support RSA-based RKL operations. How to proceed Please contact Cryptera for a detailed checklist and guidelines for RKL implementation in your system. Cryptera is happy to support the ATM supplier as well as the HSM supplier during the implementation phase. 7 Remote Key Loading Welcome to a place where we live and breathe payment security Headquartered in Copenhagen, Denmark, Cryptera has more than 25 years experience in providing high-security payment solutions worldwide. With more than 1,000,000 payment solutions in use across the globe, Cryptera has proven and tested international experience within the global payment industry. Cryptera is a world-leading provider of secure payment solutions and supplies some of the largest global manufacturers of ATM’s and petrol pumps. Our main products are encrypting PIN pads for ATM’s and Unattended Payment terminals for self service payment solutions. Cryptera employs a staff of approximately 100 and has its own hardware and software development departments as well as production, sales and servicing of its proprietary products and solutions. The R&D department has a staff of highly educated engineers and computer scientists with expertise in the fields of encryption, certification and integrated payment solutions. Cryptera A/S Fabriksparken 20 DK-2600 Glostrup Phone: + 45 4343 4395 Fax: + 45 4343 5354 [email protected] www.cryptera.com
© Copyright 2024 ExpyDoc
