Remote Key Loading

SWITCHWARE Support for SHA-2 and TR-34 Remote Key Loading Using TSS A98

tss logo

CSFi has answered the question for supporting TR-34 and SHA-2 by combining forces with Trusted Security Solutions (TSS) bringing a comprehensive ATM remote key loading (RKL) solution that seamlessly integrates with new and existing SWITCHWARE systems. Both CSFi and TSS have worked exclusively with banks and financial processing companies around the globe to meet their specific ATM driving needs. The latest version of  SWITCHWARE now integrates with TSS’s A98 ATM key management system to provide a fully compliant TR-34 / SHA-2 RKL solution. Financial institutions and payment processors are now facing the impending requirement to update digital certificates and signatures from SHA-1 to SHA-2. Customers already using CSFi’s SHA-1 RKL functions will be able to continue supporting their current setup. Implementing A98 will offer extended functionality so newer ATMs added to SWITCHWARE will support RKL from the start. The SWITCHWARE-A98 solution includes a proprietary interface and new message handling logic. Contact your sales reprenstative to learn more about implementing A98 with SWITCHWARE today.

Unlocking Efficiencies with Your Remote Key Enabled ATMs

ATMs rely on network protection and encryption keys to keep customer data and ATM funds safe. To reduce the risks of key compromise, individual countries, major networks and card associations enforce strict guidelines for key management including assignment of unique and random master keys for each ATM. These encryption keys must be changed on a regular basis in order to meet compliance mandates and maintain security.

Solution Summary

Reducing the Cost of Global Compliance. While these fraud mitigation measures have proven invaluable, past compliance with evolving key management protocols has proven difficult and expensive to implement, involving a physical visit by a minimum of two key custodians to generate and deploy new ATM keys. Now, with SWITCHWARE® Remote Key Loading, the costs of key generation, storage and distribution processes are dramatically reduced. Key custodians no longer need to travel long distances to provide keys, and costs associated with site visits are reduced. New keys are remotely injected into ATMs without the need for a physical visit.

Save Time, Ensure Compliance, Better Allocate Resources. SWITCHWARE’s Integrated Remote Key Loading (RKL) functions with RSA authentication include support for both Diebold’s Certificate Based Protocol and NCR’s Signature Based Protocol. This solution utilizes existing interfaces to the ATM and Hardware Security Module (HSM) to perform authentication between the ATM and SWITCHWARE with no additional hardware components required. Keys can be periodically and randomly regenerated via commands with the HSM, encrypted with the RSA key and then downloaded to the ATM. Staff can now be used for more productive tasks and your financial institution will benefit from increased transaction security.

Remote Key Loading Benefits

  • Centralized initial key management
  • Dynamic key changing
  • Eliminates need to be present at ATM to change keys
  • Better utilization of staff resources
  • No additional hardware required
  • Utilizes existing interface to HSM

Remote Key Loading Functions

  • Remote ATM key management
  • RSA authentication
  • Thales HSM support
  • NCR signature-based protocol support
  • Diebold certificate-based protocol support