ATM Remote Key Loading has become a common practice in the industry. Yet managing the top-level keys to establish trust between the Host and the ATM units remains a challenge. This article describes how Cryptomathic CKMS addresses the challenges of key generation and distribution for ATM Remote Key Loading.
ATMs always feature an Encrypting Pin Pad, a so-called EPP device, which has to comply against with security requirements, namely the PCI PIN Security Requirements and Testing Procedures. This EPP unit is used to protect the PIN code entered by the cardholder from the ATM unit to the ATM Host. Symmetric keys referred to as Terminal Master Keys (TMK) are used in the ATM to protect the PIN block during the transaction.
The ATM Remote Key Loading (ATM RKL) process consists of transporting securely these Terminal Master Keys from the Host/ATM Manager to the ATMs. Mutual-authentication of the host/ATM Manager and ATMs as well as the encryption of the Terminal Master Keys are based on asymmetric encryption, i.e. a key pair (a so called EPP Key). The encrypting pin pad (EPP) key is signed by a key entrusted by the ATM manufacturer which operates the certificate authority. Note here that some ATM manufacturers use certificates for this purpose (e.g., Diebold) while others use signatures (e.g., Wincor, NCR).
For compliance reasons, the Terminal Master Keys must be updated regularly. Most ATM vendors support Remote Key Loading protocols for this purpose, allowing to remotely update and distribute TMK keys over a proprietary protocol and ensure delivery of the payload to the ATM over a secure channel.
But how do we solve the problem of managing and updating the asymmetric EPP keys on the Host/ATM Manager side? This can be a complex operation since most acquirers have different ATM brands (e.g. Diebold, NCR, Wincor) each handling the certificate management workflow and signatures format in a slightly different fashion.
This operation is also highly sensitive since this establishes the trust between the Host/ATM Manager and all ATMs managed for a specific brand.
The CKMS value proposition
The Crypto Key Management System (CKMS) can help with both:
- Terminal Master Key generation and
- EPP key pairs and signatures/certificates management and distribution
The solution offers advanced key life-cycle management for both symmetric and asymmetric keys, including certificates, and features a secure key distribution interface which allows for key material to be securely distributed to the Host or ATM Management depending of the architecture of the acquirer – which is sometimes merged into one single system (e.g., IBM mainframe).
In short, CKMS helps secure the crypto payload required for ATM RKL – the delivery of such payload being based on mechanisms in the ATM management system which implement ATM vendor specific transport protocol to push the generated keys to the ATM EPP.
In the case of the IBM Mainframe, CKMS will generate the public key data set (PKDS) files for RSA key pairs and cryptographic key data set (CKDS) files for Terminal Master Keys.
CKMS implements certificate workflow management for the main ATM vendor CAs. Key Custodians can therefore generate a key pair from CKMS and request certificates to Wincor, Diebold or NCR in the appropriate formats and receive certificates in return. Also, an ATM Vendor’s CA certificates can be imported into CKMS for validation of the received certificates.
Figure 1: Integration between CKMS and the ATM Manager
The procedure for this is depicted in Figure 1:
- The CKMS key custodians create an asymmetric key pair within the CKMS HSM.
- The CKMS key custodians export a certificate request bound to a specific vendor CA. This certificate request is sent to the ATM vendor CA (offline in an email or similar)
- After the CA has created a certificate from the certificate request the CKMS key custodians receive the certificate/signature and import it into the CKMS.
- The private key and the certificate are pushed securely to the Host / ATM Manager in the appropriate format. The private key is stored within the Host HSM and the certificate is kept.
- For every authentication process between the Host and any ATM, the Host or ATM signs some data with the private key and sends these together with the certificate or signature depending on the supported method to the other party.
Usability and Auditability
When designing CKMS, we have paid particular attention to usability, automation and audit compliance.
To this extent, CKMS implements a state model and allows for key life-cycle management, from pre-defined templates to key generation, key push and key update. This allows for key ceremonies and life-cycle management to be made seamlessly using the same procedures for the different ATM vendors.
CKMS administrators log in using PIN and smart cards and the configurable role management allows for separation of duties and dual control for sensitive operations. All actions are logged in a tamper evident database and it is therefore easy to demonstrate compliance during an audit.
Conclusion
Cryptomathic CKMS offers a compelling solution for handling the top-level EPP keys and certificates/signatures required for ATM Remote key loading as well as Terminal Master Key generation. Our solution is ATM vendor agnostic (Diebold, NCR, Wincor, etc.) and can integrate with any Host or ATM Manager.
Beyond this use case, CKMS may naturally be used to manage virtually any other keys in your environment such as authorization keys, PIN transport keys, encryption keys and so on.
References and further reading
- PCI PIN Security Requirements and Testing Procedures https://www.pcisecuritystandards.org/documents/PCI_PIN_Security_Requirements_Testing_v3_Aug2018.pdf?agreement=true&time=1586958922049
-
NIST SP800-57 Part 1 Revision 4: A Recommendation for Key Management (2016) by Elaine Barker
- NIST SP800-130: A Framework for Designing Cryptographic Key Management Systems (2013) by Elaine Barker, Miles Smid, Dennis Branstad, and Santosh Chokhani
- Selected articles on Key Management (2012-today) by Ashiq JA, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Martin Eriksen, Peter Landrock, Peter Smirnoff, Stefan Hansen and more
- Selected articles on HSMs (2013-today), by Ashiq JA, Peter Landrock, Peter Smirnoff, Steve Marshall, Torben Pedersen and more