A98 ATM Key Management System – A98-R - Remote Key Module

With the introduction of its new "Remote Re-Key Module," A98-R automates both the generation and distribution of cryptographic keys for ATMs. The A98-R is compatible with ATMs that use RSA-enabled encrypting pin pads (EPPs). The A98-R implements Diebold and Triton's Certificate Based Protocol (CBP) and NCR, Wincor-Nixdorf, and Hyosung’s Signature Based Protocol (SBP) that are based on standards as defined in the ANS X9.24-2 Standard on Retail Cryptographic Key Management. The A98-R also is programmed to work with Wincor-Nixdorf’s Signature Based Protocol which TSS refers to as WSBP, and unit testing has been successfully completed, but has yet to be field tested.

The Diebold approach uses X.509 certificates and PKCS message formats to transport key data. NCR's method relies on digital signatures to ensure data integrity. Triton's remote key protocol uses a Triton developed form of CBP integrated with a unique host identification which TSS refers to as TCBP. All remote key protocols require the ATM's EPP to be loaded at the factory with signed public keys or certificates. In addition, as part of the initialization process, at least one A98 key pair must be generated and the public key signed by a Certificate Authority (i.e. Diebold, NCR, or Triton) and imported back into the A98 before the A98 can successfully communicate with the public key ATM. A separate signed key pair or set of signed certificates are required for each ATM manufacturer.

Remote key loading of ATMs is considered by most networks and standards groups as being more secure than traditional methods that use paper key components and the concepts of dual control, split knowledge to maintain compliance.

With the A98-R Remote Key Module:
Key Check Values and the ATM EPP serial number is automatically logged for later retrieval and reporting. Rekeying events can be initiated from authorized users using their desktops or a web portal New remote key protocols can and will be added in the form of field upgrades as they become commercially available.

