A98 ATM Key Management System – A98-C – Card Services

The A98-C is designed for those Card Issuers that prepare their own Magnetic stripe cards and PINs. The current version of the A98-C connects directly to the serial port of a Datacard® Embosser Unit to create cards for "Instant Issue" or custom batch processing. Additionally, the A98-C attaches to a laser or similar printer to securely print PIN Mailers. Both the Embosser and the PIN Mailer Printer are driven directly from a serial port on the A98-C integrated cryptographic unit. The calculation of CVV1, CVV2, IBM3624 PIN, VISAPVV PIN and Offsets for bridging from one PAN to another for the same PIN are performed entirely within the Cryptographic Unit and transferred DIRECTLY to the Embosser or PIN Mailer Printer. Additionally, the PIN verification function (PINVER) of the A98-C is made available to A98 users. For example, the A98-C PIN verification function permits moving PIN verification from the ATM to the host without the need for additional Host Security Module(s).
Overview of Operation
A Customer Supplied Application (CSA) running on a host computer, utilizes an XML interface to access the desired functionality of the TCP/IP attached A98-C Module. The CSA establishes a client socket with the A98-C server and specifies certain parameters to the A98-C as defined for each of the supported functions. The A98-C parses the XML message, performs the desired functions and returns the appropriate output data along with a completion code indicating the success of the operation or the reason why the operation could not be completed. All cryptographic operations are executed within the internal cryptographic unit of the host A98. All keys are double length and are held only in encrypted form either under the Master Key of the A98 or under a key encrypting key (KEK) shared between the hosting A98 and a customer Host Security Module (HSM). The A98-C uses ANSI X.9 and major network PIN security approved procedures in establishing the A98-C Master File Key and subsequent communication keys.
The CSA provides the Embosser input in the form of a text string. The position of the CVV1, CVV2 and OFFSET (for PIN bridging) are indicated by TOKENS that are inserted by the CSA. The A98-C replaces each TOKEN with the appropriate quantity and sends the completed Emboss String to the Embosser. PIN Mailers are handled in the same mannerwith the CSA supplying TOKENIZED PIN Mailer strings.
  Products and Services