![]() If the terminal key load is unsuccessful, an appropriate error message will be returned to the Host. If the dialogue has been successfully completed, the EPP sends a notification back to the Host that it has loaded the new terminal master key including a Key Check Value (KCV) of the new key. The EPP verifies the signature, decrypts the new terminal master key, and stores the key. The Host receives the key request and generates a random terminal master key and encrypts it with the public key of the EPP and “signs” the new TMK message. With mutual authentication successfully completed, the Host receives a request to deliver a new terminal master key to the EPP. The Host verifies the message and sends a message back to the EPP encrypted by its public key or certificate. The ATM sends the EPP serial number to Host encrypted by its public key or certificate. With public and private key pairs now present in the Host and in the ATM’s EPP, mutual authentication can be initiated with message exchanges from the Host to the EPP. The EPPs obtain their signed public keys or certificates during the manufacturing process before being installed in ATMs. Once signed, the public key or certificate signatures are returned and imported into the Host system. The General Process InitializationĪ prerequisite for using Remote Keys is for a customer to generate a set of keys or certificates that will be “signed” by a Certificate Authority or Trust Authority. Both these methods are supported in and XFS compliant manner and this document describes the process of doing so as well as the pitfalls and benefits of using both methods. ![]() Both processes require the loading of the ATM EPP with a public key or certificate at the factory. NCR, Wincor and Hyosung methods rely on digital signatures to ensure data integrity. The Diebold and Triton approaches use X.509 certificates and PKCS message formats to transport key data. Remote key loading infrastructures generally implement Diebold’s and Triton’s Certificate Based Protocols (CBP), and NCR, Wincor and Hyosung Signature based Protocols.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |