A98-P™

EFT/POS Unique Key Establishment System

A98-P™ System Description

The A98-P™ System consists of a 4U (7") high rack mountable system unit that is network connected to the Host system.

The Host and the system unit need not be in close proximity. A WAN or a A LAN connection (Token Ring or Ethernet) is supported using either TCP/IP or CICS/Sockets protocols.

A 15" color LCD display and keyboard with an integrated trackball are housed in a 1U (1.75") high rack mountable drawer to provide the human interface functions. The keyboard and display are used mainly for the management of the MFK and any Key Encrypting Keys (KEK) that are shared with the Host and the Key Injection Units (KIU).

 

Multiple Key Injection Units (KIU) are attached to the system unit via a shared RS-232 connection.

Each KIU shares a unique KEK with the system unit. Keys generated in the A98-P™ System Unit are sent to the KIU encrypted by the KEK.

The KIU decrypts the key and injects it into the Target PIN pad that is attached to the KIU.

The injected keys and device IDs are stored on the A98-P™ System Unit until they are deployed. The system unit also shares a KEK with the Host system.

At the time of deployment of a MKSK device, generated keys are encrypted by the KEK shared with the Host and sent to the Host in an ISO8583 message.

For a newly deployed DUKPT device, the Key Serial Number and the Identification for the Physical device are sent to the Host. The Host receives the encrypted generated Key or KSN along with the device ID and places the information into the host database device record.
 

Key injection jobs are created and input to the A98-P™System Unit by an authorized individual in response to some trigger event such as a sale or work order causing PIN Pads to be injected.

Created jobs remain on the A98-P™ System Unit until they are executed. The jobs to be run are assigned to key loading technicians.

The KIU serves as the technician's terminal to interface with the A98-P™. All keys, both MKSK and DUKPT are created in the Cryptographic unit of the A98-P™ System Unit and sent to the KIU encrypted by the KEK shared with the System Unit.

Full logging of all operations at every step is accomplished by the A98-P™.

 

A single key custodian using a KIU can key both MKSK and DUKPT devices in the field at a remote site.

Remote re-keying of MKSK eft/pos devices utilize a Persistent Key Component that was loaded at the central site and a Comvelope to supply the second component.

For DUKPT devices, a large number of KSN's and corresponding initial keys are generated in the A98-P™ and stored in the KIU. A KSN and initial key are injected into the device at the remote location.

In both cases, the identification of the device and either the Comvelope ID for a MKSK device or the Key Serial Number are supplied to the A98-P™ System Unit via a Voice Response Unit.

No key or key components are ever supplied via the VRU or other means; only the identification information is supplied.

 Return

 © CubeIQ Ltd.