Trusted Security Solutions - A98

With the introduction of its new "Remote Re-Key Module," A98-R automates both the generation and distribution of cryptographic keys for ATMs. The A98-R is compatible with ATMs that use RSA-enabled encrypting pin pads (EPPs). The A98-R implements Diebold and Triton's Certificate Based Protocol (CBP) and NCR, Wincor-Nixdorf, and Hyosung’s Signature Based Protocol (SBP) that are based on standards as defined in the ANS X9.24-2 Standard on Retail Cryptographic Key Management. The A98-R also is programmed to work with Wincor-Nixdorf’s Signature Based Protocol which TSS refers to as WSBP, and unit testing has been successfully completed, but has yet to be field tested.

The Diebold approach uses X.509 certificates and PKCS message formats to transport key data. NCR's method relies on digital signatures to ensure data integrity. Triton's remote key protocol uses a Triton developed form of CBP integrated with a unique host identification which TSS refers to as TCBP. All remote key protocols require the ATM's EPP to be loaded at the factory with signed public keys or certificates. In addition, as part of the initialization process, at least one A98 key pair must be generated and the public key signed by a Certificate Authority (i.e. Diebold, NCR, or Triton) and imported back into the A98 before the A98 can successfully communicate with the public key ATM. A separate signed key pair or set of signed certificates are required for each ATM manufacturer.

Remote key loading of ATMs is considered by most networks and standards groups as being more secure than traditional methods that use paper key components and the concepts of dual control, split knowledge to maintain compliance.

With the A98-R Remote Key Module:
Key Check Values and the ATM EPP serial number is automatically logged for later retrieval and reporting. Rekeying events can be initiated from authorized users using their desktops or a web portal New remote key protocols can and will be added in the form of field upgrades as they become commercially available.

For more information about the A98-R please contact

Products and Services

A98 ATM Key Management System – A98-A -Comvelope© Solution

The patented A98-A Comvelope© solution revolutionized ATM key loading at a time (August 1998) when it was mandated by VISA that all ATMs must have a unique key. The A98 Comvelope Solution continues today to be the most efficient and compliant solution for ATM key loading for non-remote key capable ATMs. Learn more »

A98 ATM Key Management System – A98-C – Card Services

The A98-C (Card Services Module) allows card issuers to take control of their card and PIN Mailer issuing functions. The calculation of CVV1, CVV2, IBM3624 PIN, VISAPVV PIN and Offsets for bridging from one PAN to another for the same PIN are performed entirely within the A98 Cryptographic Unit and transferred directly to the Embosser or PIN Mailer Printer. Learn more »

A98 ATM Key Management System – A98 eHelpDesk

The A98 eHelpDesk application runs on any desktop browser allowing authorized, authenticated users to view A98 ATM keying activity and perform certain key management functions. Learn more »

YES, I'm interested!

Complete this form to request info from Trusted Security Solutions, Inc.

By clicking the button, you accept our Terms of Service and Privacy Policy.

Contact Info