Cryptosec RKL

Executive Summary

Cryptosec RKL | NDEX 2

NDEX

INTRODUCTION ........................................................................................................................................ 3

Payment Media Security ........................................................................................................................... 4

INDUSTRY STANDARDS AND SPECIFICATIONS .......................................................................................... 6

RKL Migration Impact ............................................................................................................................... 8

The Realsec Solution ................................................................................................................................. 9

RKL Server Operating Model ................................................................................................................ 10

Cryptosec RKL Overview ...................................................................................................................... 11

Opportunities And Benefits .................................................................................................................... 13

Cryptosec RKL | / INTRODUCTION 3

INTRODUCTION

In this document, we present the bid of Cryptosec-RKL Server from Realsec, a

multivendor system for remote loading of the ATMs Initial Keys, using techniques of

certificates and electronic signatures with asymmetric key.

In the following chapters we explain the features of Cryptosec-RKL and describe its

technical architecture, and define the system requirements.

Cryptosec RKL | Payment Media Security 4

Payment Media Security

With the aim of achieving confidentiality, integrity and non-repudiation of electronic

transactions, it is necessary to protect by cryptographic coding processes, certain

sensitive information, such as the PIN - the customers secret personal number.

The security of a cryptographic system is based on the secrecy of the keys that are

used to encrypt the transmission of sensitive data between a Point of Sale terminal,

which initiates a transaction and a Host remains secret.

For this purpose, the keys used in cryptographic procedures must be stored in a

physically secure device, i.e. in a cryptographic module, which in the case of POS is

called Pinpad and in self-services terminals - EPP.

Brand names(VISA and MasterCard) and financial networks define a set of security

requirements which specify not only the physical security requirements to be met by the

devices used for keying the PIN and handling sensitive information but also the

techniques for managing the secret keys and cryptographic algorithms to be used.

Physical security requirements:

Brands define the Pinpad and the EPP as physically secure devices, that should prevent

(Tamper resistant) and also detect (tamper-evident) fraudulent attacks, in a way that it is non-viable to penetrate the device without causing serious damages and

going unnoticed subsequently, in addition to requiring the frustration of any attacks as

soon as they are detected.

Logical security requirements:

Some of the logical security requirements demand that the PIN entry devices are

designed in such away that:

o It is unfeasible to reveal the entered or contained secret information, neither

through some determined function nor through a particular combination of

functions.

o The PIN encryption key is not to be used for any other cryptographic purpose

except for encryption of PIN blocks.

o The PIN encryption key shall be unique for each device.

o The PINs shall be encrypted inside the Pinpad.

o The device should implement protection against exhaustive PIN search attempts.

Key Management requirements:

The rules also define the key management techniques to be used during the entire life

cycle of the keys, from the moment of its generation until its destruction.

In their Rules and Security Standards, Visa and MasterCard pay also special attention to

the techniques to be used to transfer the keys into the EPP security module in order to

preserve their integrity.

Cryptosec RKL | Payment Media Security 5

Therefore, it is required that they are always transmitted encrypted with other keys that

are already installed in the EPP. However, the problem arises when it is needed to be

entered the very first key (the Initial or Master Key) of the defined key hierarchy into the

EPP, since there is no any other key at this moment in the security module.

The traditional method for loading the initial key that resolves this problem is the

separation of the key into at least two key components and shipping them to the

custodians by using different channels of communication, thereby fulfilling the principle

of partial knowledge and dual control.

However, the complicated logistics and inefficiency (proper of all manual processes)

makes the manual loading procedure for a relatively large number of ATMs, if done in

compliance with all the requirements of VISA (T&L expenses, staff hours, etc. registering

every process involved for later VISA auditing) will translate into a tedious administrative

burden and increased cost for Financial Institutions.

Cryptosec RKL | Industry Standards and Specifications 6

Industry Standards and Specifications

In the mid-90s, important standards and specifications that govern the policies on logical security with regard to the management of PIN and passwords were created.

ANSI X9

The X9 series, published and reviewed by the X9 committee, formed the basis for many

posterior specifications

Recently there have been three major changes in two of the standards ANSI X9.8 Y

ANSI X9.24 which

state that:

The PIN must be encrypted with a double key (16 bytes or 32 characters) hence

therequirement to use TDES for the encryption of the PIN.

Any key that encrypts another key must be a double length key. From this

requirement stems the fact that the Initial Key is 16 bytes, because the other

keys of the key hierarchy depend on this Initial Key.

Use of unique keys for each EPP device.

Coinciding in time, the concerns of the industry regarding traditional techniques for

loading keys, with the available technology of asymmetric cryptography, the VISA and

Master Card also initiated a review of the ANSI X9.24 standard:

Symmetric Key Management using asymmetric cryptographic techniques ANSI

X9.24-2

in order to include the functionality of remote key loading of the initial symmetric key

using public cryptography techniques, thus defining a new framework for security and

global acceptance.

The remote key loading allows for the elimination of a lot of costs that would have been

incurred by using the manual process, as it eliminates the need to move staff to transfer

the keys in the EPP, its handling as well as management.

Besides, based on the technology of asymmetric cryptography and digital

certificates/signatures, the RKL enables Bilateral Authentication and establishment of a

secure session with the Host before the downloading of the Initial Key.

Financial Organizations, however, did not have all their needs satisfied by the standard

X9.24 as they also required interoperability and widespread functionality. The

fundamental problem is that the X9.24 does not define the interface, neither the

implementation details of the Remote Key Loading scheme and it does not allow for an

approximation towards a unique interface for the different ATM manufacturers.

The main consequence of this lack of specificity has been that each manufacturer has

implemented a

different Remote Key Loadings scheme using signatures(NCR and Wincor),

certificates(Diebold), or legacy systems (Fujitsu).

XFS SPECIFICATIONS

Cryptosec RKL | Industry Standards and Specifications 7

The XFS standard consists basically of a set of specifications for access to financial

devises (pinpads, receipt printers, card readers, dispensers, etc.) defined around

Microsoft Windows programming, with the aim of ensuring that the financial

applications become independent of the underlying device hardware which they

access.

At the same time that the revision 2 of the X9.24 standard was published, a parallel

revision of the XFS standard was initiated to include the functionality of the remote

loading keys. However, each of the manufacturers had already implemented a

different interface of the functionality of the remote loading keys.

Currently, in the last revision of the XFS 3.3 standard, the Diebold (based on certificates)

and NCR (based on signatures) Remote Key Loading schemes have been included

making these two standards de facto.

This scenario raises the issue of Financial Institutions need to implement a remote loading key solution for each of their suppliers, while at the same time taking into

account upgrading developments in accordance with standards evolution and

emerging technologies.

Cryptosec RKL | RKL Migration Impact 8

RKL Migration Impact

Host

Upgrading the HSM (Host Security Module) firmware with new cryptographic

algorithms and functions (RSA)

Host Processes integration and developments.

ATM

Self-service processes integration and developments

Changes in the financial protocols POS/ATM/ networks.

Migration to XFS 3.3 Standard.

PinPAD

PCI Certification

Unique RSA key pair

Mechanism for authenticating the Host public RSA key component by means of

signatures or certificates.

Thus, to carry out migration to the remote loading keys, Financial institutions are bound

o undertake changes at hardware level (including new HSM, EPP or firmware) and at

software level (new developments in the Host and Self-service applications).

In order to minimize the impact of migration, Diebold has designed a solution that

eliminates the need to make changes in the hardware and software in the Host and in

the self-service application.

Cryptosec RKL | The Realsec Solution 9

The Realsec Solution

The solution proposed by Realsec is a Remote Key Distribution Server (hereinafter, server

Cryptosec- RKL or RKL), which implements the RKL schemes of the major ATM

manufacturers (Diebold, NCR,Wincor and Fujitsu) and provides:

An open and multi-vendor solution

Independence of the Host processes

Based on XFS standart

This solution does not require changes in the hardware and software in the Host when it

comes to integrating this project with the Host operations and processes, also, the need

does not arise to make changes in the current self-service application.

It is therefore a solution that possesses complete autonomy and does not require any

integration with the Host systems and ATM

Cryptosec RKL | RKL Server Operating Model 10

RKL Server Operating Model

The Cryptosec-RKL solution consists of different software modules that run on a RACK,

except for an agent that runs on the ATM.

The Cryptosec-RKL uses a security tamperresistant and tamper-responsive module HSM, in which protected memory is generated in random way the Initial key of all the

ATMs and the secret component of the Host RSA key pair.

As mentioned above, a component (Cryptosec Agent) is installed in each ATM, which

during the start-up of the Self-service initiates a RKL request to the RKL Server for the

loading of the Initial Key, if the status of the EPP indicates it has not been initialized with

the key hierarchy yet).

On reception of a RKL request

from an ATM, the Cryptosec-

RKL carries out at first the

process of mutual

authentication between the

ATM and the RKL Server, to

ubsequently establish a

secure session and send the

corresponding Initial Master

key of that ATM.

On completion of the

transmission session of the

Initial key for the ATM in

question, the Cryptosec- RKL

communicates the Initial Key

to the HSM/Host.

The ATM is now prepared to

launch financial operations

against the Host in the

habitual manner without any necessity from now on to communicate with the

Cryptosec-RKL, as long as the equipment being referred to has not had its

software reinstalled or its EPP decommissioned.

In the latter two cases just mentioned, the RKL request will be launched again by the

Selfservice application, in a transparent and automatic manner without involvement

neither of the technical staff nor of the bank branchs staff.

Cryptosec RKL | Cryptosec RKL Overview 11

Cryptosec RKL Overview

CRYOTOSEC-RKL SOFTWARE COMPONENTS

Rt-Core

Receives and processes RKL requests from the installed base or group of ATMs. It is

responsible for HSM crypto primitive programming, so as to provide the required

functionality according to RKL specific scheme of each of the self-service

manufacturers. Among its main characteristics we can enumerate the support

provided for the establishment of the secure session (Bilateral Authentication) and the

transport of the initial key to the installed base or group of ATMs.

Rt-Interfaces

The Cryptosec-RKL solution communicates with the RKL agents that resides in each

Self-service via interfaces. The interfaces carry out communications between the

Cryptosec RKL Server Server system and the outside world. They are responsible for

executing the specific RKL protocol for each and every manufacturer, by first carrying

out Bilateral Authentication, and later by using the secure channel established to

transmit the initial key of the Self-service. All messages sent between RtCore and

RtInterfaces, are formatted according to a specific protocol of each manufacturer. The

communication between the RtInterfaces and the agents in the Self-services will be

realized using the

TCP/IP standard as the communications protocol.

Rt-Office

The Component responsible for data base management processes and handling of

necessary data for the correct functioning of the system and reports generation.

Cryptosec RKL | Cryptosec RKL Overview 12

Rt-Admin

This GUI admin module permits the configuration of the RKL Server solution and its

management for optimal functioning.

Rt-Agent

A component residing in the ATM that determines during start-up the need to initiate

the process of requesting the initial key from Cryptosec RKL Server.

HSMConsole

HSM Management console, through this console, users of the HSM and their rights of

access can be defined, as well as the importation of the Zone Transport Keys

generated by the HSM of the Host, according to the principles of dual control and split

knowledge.

Cryptosec RKL | Opportunities And Benefits 13

Opportunities And Benefits

With the solution provided by Diebold there is a minimization of the impact posed by

migration to RKL for financial institutions thus freeing them of the technical complexity

involved in the realization of new developments.

The automation of the process ensures compliance with safety standards.

Elimination of the manual key entry process that requires personnel and transport of the

same.

The interoperability at a global level is beneficial for the financial institution and

provides flexibility in their choice of ATMs to buy.

Nevertheless, the greatest benefit of the adaptation to RKL, is the drastic reduction in

the total cost of operations, but by no means should we despise or underestimate the

opportunity that the financial institutions would have in terms of gaining in image and

being prepared to confront new challenges in the future in the payment media

industry.

Cryptosec RKL | Opportunities And Benefits 14