|
CubeIQ
Solutions and Systems |
|
 |
Welcome
to
CubeIQ products and
systems web
pages.
|
|
CubeIQ Products and Systems |
|
Group:
Enterprise Software Applications |
|
|
|
Transaction Security Solutions |
|
ATM & EFT/POS Key
Management System |
|
A98-P™:
eft/pos Unique Initial & Subsequent Key
Establishment |
|
|
|
The A98-P™ eft/pos
initial key establishment System has been
thoroughly researched and undergone extensive
design. It relies on the fundamental operations of
the A98™ ATM Initial Key Establishment System.
However, the A98-P™ system is not a final product.
Since it depends on the functionality supported by
the participating eft/pos terminals, in each
individual installations usually requires some
sort of customization.
|
|
Complexity |
|
Providing a unique key per eft/pos terminal is a
particularly difficult task due to (a) the
complexity of the key management procedures
traditionally employed, (b) the number of the
different eft/pos manufacturers and models and (c)
the different functionality each model supports.
|
|
Vendor specific
key loading equipment often
requires the acquisition and subsequent management
of multiple diverse systems. |
|
Vendor neutral
solutions currently
available to load keys into eft/pos devices
generally lack the functionality required to
facilitate the loading of a unique key per device.
|
|
Using traditional
manual methods of key
management, involves management of large numbers
of key components. Manual management can be a
costly, prone to errors, and difficult to audit.
|
|
|
A98-P™
Solution |
|
The A98-P™ solution avoids all of these problems
and provides an easily implemented method to
establish unique cryptographic keys for Point Of
Sales (eft/pos) devices.
|
|
The A98-P™ can be used to load and manage eft/pos
keys both at a centralized facility,
and at a remote location
where the device is to be deployed. |
|
Two
methods are employed by the A98-P™ in
order to transfer and load eft/pos key. The
local method
requires the eft/pos terminal to be somehow near
the A98-P™ unit.
The
remote
method does not require the eft/pos terminal to
be near the A98-P™ unit. The terminal is
loaded with the new keys remotely using an
advanced remote key load facility of the A98-P™
similar to the one employed by the A98-R™. |
|
This
innovative approach to re-keying in the field is
a primary advantage of the A98-P™ solution. |
|
|
MKSK & DUKPT |
|
A98-P™ system unit supports both
Master Key Session Key (MKSK)
and
Derived Unique Key Per Transaction (DUKPT),
therefore the generated key will be either a
Terminal Master Key (TMK) for a MKSK device or the
initial TMK for a DUKPT device.
|
|
|
A98-P™
Components |
|
The A98-P™ system includes two major components,
the A98-P™ system unit
that is responsible for the generation of all
keying material and the Key Loading Unit - KLU. |
|
|
The A98-P™ system unit
is same as A98-A™ system
unit in terms of architecture, functionality,
interfaces, hardware devices and software modules. |
|
|
The KLU depending on the on the method used
for loading the keys can be either a number of
Key Injection Units - KIUs when using the
local method or
the Remote Key Loading Module - RKLM
hen using the remote
method. |
|
|
|
The KIU
is based on high security, high processing speed PIN Pad such as the Checkmate CM2100 PIN pad to which
special programming has been added.
Multiple KIUs
are connected via a shared multi RS-232 port to
the A98-P™ system unit. The system unit and each KIU share a
Key Encrypting Key - KEK. Multiple keys are created on the A98-P™
system unit and sent
to a KIU encrypted by the KEK. The KIUs are then
disconnected from the A98-P™ system unit.
The loaded KIUs are used to transfer the keys to
eft/pos terminals or PIN Pads connected one by
one though their serial port either at a
centralized facility
or at a remote
location. |
|
|
|
 |
Key Loading
Process Using KIUs |
|
|
|
The
RKLM
is a software module tightly coupled with the A98-P™ system unit.
The module facilitates a variant of the ISO8583
message protocol to transfer new encrypted master
keys to eft/pos terminals remotely. |
|
|
|
|
|
|
|
|
Benefits |
|
|
Compliant
with VISA and Europay / MasterCard regulations. |
|
|
Fully compliant
with ANSI
standards and
financial networks
operating rules. |
|
|
Future proof. |
|
|
Compliant with the ANS X9.24 standard. |
|
|
Scalable, configurable and upgradeable. |
|
|
Interfaces with most of
known and a number of proprietary eft/pos
Host systems. |
|
|
Simplifies the
establishment of unique keys per eft/pos & PIN
Pad device. |
|
|
Supports all Serial attached eft/pos & PIN Pad
devices. |
|
|
Simplifies eft/pos and PIN
Pad devices deployment and inventory control. |
|
|
Multi
institution support. |
|
|
Easy
installation, operation and maintenance. |
|
|
Short Return Of Investment . |
|
|
|
|
Features |
|
 |
Eliminates
manual key loading. |
|
|
Supports both MKSK and
DUKPT Key Management of eft/pos devices. |
|
|
Supports both centralized
and remote key loading. |
|
|
Supports remote key
establishment by a single key custodian and a Key
Injection Unit. |
|
|
Utilizes a Key Injection
Unit with a PIN Pad footprint. |
|
|
Supports remote key
establishment without human intervention using
the RKLM. |
|
|
Full logging for concise
audit trail. |
|
|
Secure, fault tolerant
implementation. |
|
|
Browser-based user
interface. |
|
|
Incorporated into the existing
A98™ platform provides the most efficient and
complete solution for all electronic transaction
originating terminals. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
