You are on page 1of 3

kea|sec Inc. | 303 1wln uolphln ur., 8edwood ClLy, CA 94063 | hLLp://www.realsec.

com| [realseclnc
offlce: +1 (630) 632 4240 | fax: +1 (630) 403 0409 | sales[realsec.com
key n|gh||ghts
Support for a|| |ead|ng A1M
manufacturers ensures g|oba|
standard|zat|on
L||m|nate the poss|b|||ty of human error
or cr|m|na| act|v|ty from the |n|t|a| key
up|oad
S|gn|f|cant sav|ngs compared to manua|
key up|oad|ng
A||ows more frequent updates, mak|ng
networks |ess prone to attack
kep|ace up to 2S00 A1Ms Mk per
hour and per app||ance
Automates and s|mp||f|es comp||ance
report|ng and aud|t|ng
Cryptosec RKL
Automated Remote Key Loading (RKL) for ATM networks in a secure environment
Cverv|ew
!"#$%&'() +,- server ls an appllance for Lhe auLomaLed remoLe
loadlng of lnlLlal masLer keys and key renewal ln mulLlvendor A1M
neLworks.
Assurlng Lhe lnLegrlLy of Lransferrlng and loadlng lnlLlal
crypLographlc keys Lo an A1M secure ln Au ls cenLral Lo Lhe
securlLy of A1M LransacLlons LhaL uLlllze publlc neLworks.
1radlLlonally, manual procedures have been employed, a cosLly,
rlsk prone and loglsLlcally complex endeavor, especlally for large
neLworks. 1he CrypLosec +,- fully auLomaLes Lhls process by
employlng advanced asymmeLrlc crypLography and kl
cerLlflcaLes. 1he CrypLosec +,- ensures Lhe lnLegrlLy,
confldenLlallLy, and non-repudlaLlon of key loadlng whlle
dramaLlcally lowerlng operaLlng cosLs of Lhe A1M fleeL.
CompaLlble wlLh all ma[ors A1M vendors, Lhls sysLem requlres no
sofLware or hardware changes ln hosL servers or changes ln A1M
appllcaLlon code. 1he sysLem also offers secure remoLe key
loadlng for selecLed polnL-of-sale (CS) Lermlnals.
1he CrypLosec +,- lncorporaLes 8ealsec's lndusLry leadlng
hardware securlLy module (PSM) LhaL provldes opLlmal proLecLlon of LransporLaLlon masLer keys. PSM-based
remoLe key loadlng soluLlons dellver physlcal and loglcal proLecLlon LhaL manual approaches cannoL maLch.
uedlcaLed Lo bulldlng cusLomer LrusL ln secure lssulng and processlng envlronmenLs, 8ealsec ls Lhe flnanclal
lndusLry's ldeal parLner ln advanced crypLographlc soluLlons.
key Ieatures and 8enef|ts
1he !"#$%&'() +,- ls presenLed ln a self-conLalned appllance
LhaL requlres no addlLlonal sofLware. 1hls appllance lmplemenLs
remoLe key loadlng for Lhe wldesL range of A1M manufacLurers,
lncludlng NCk, W|ncor, D|ebo|d, Iu[|tsu, 1r|ton and Itautec,
among oLhers. 1he !"#$%&'() +,- also supporLs remoLe key
loadlng for selecL polnL-of-sales (CS) Lermlnals.
Lach appllance can upload up to 2,S00 A1Ms per hour.
1he remoLe key loadlng appllcaLlon ls fully auLomaLed, ellmlnaLlng Lhe need for manual lnsLallaLlon and
valldaLlon of lnlLlal keys aL each A1M, provldlng slgnlflcanL cosL and manpower savlngs.
Cur PSM. lncluded ln +(/0'() +,- soluLlon, ls fully llS 140-2 Level 3 and Common CrlLerla LAL4+ cerLlfled
(Cl uSS cerLlflcaLlon ls pendlng ) and provldes opLlmal securlLy for Lhe sLorage of masLer keys. lull
compllance wlLh AnSl 8eLall llnanclal Servlces Compllance regulaLlons, vlSA and MasLerCard requlremenLs
as well as LMv.
uoes noL requlre any code modlflcaLlon of Lhe funcLlonal hosL appllcaLlon or Lhe A1M appllcaLlon, greaLly
easlng lnLegraLlon requlremenLs and efforL.
Lasy and rapld demonsLraLlon of requlred lndusLry and regulaLory compllance wlLh Lhe bullL ln reporLlng
capablllLles. As all LransacLlons are securely logged, comprehenslve cusLom reporLs can be deslgned and
generaLed ln mlnuLes, savlng Lhe need Lo manually verlfy LhaL all A1M have been updaLed.

kea|sec Inc. | 303 1wln uolphln ur., 8edwood ClLy, CA 94063 | hLLp://www.realsec.com| [realseclnc
offlce: +1 (630) 632 4240 | fax: +1 (630) 403 0409 | sales[realsec.com
kemote key Load
8equlremenLs from ma[or paymenL card brands
such as vlsa and MasLerCard sLaLed LhaL A1Ms'
MasLer keys musL be renewed perlodlcally, and also
when keys had been compromlsed. 1he LradlLlonal
process of masLer key load ls a manual process
followlng Lhe prlnclples of dual conLrol and spllL
knowledge". 1hls process requlres A1Ms neLworks
operaLors Lo lnvesL a humongous amounL of
resources ln Lerms of Llme, money and quallfled
employees. 1he regulaLlon requlred aL leasL Lwo
securlLy offlcers - known as cusLodlans - Lo Lravel Lo
every A1M locaLlon and manually lnLroduce hls parL
of Lhe masLer key - key componenL -. 1he
cusLodlans were requlred Lo vlslL each locaLlon aL
dlfferenL Llmes, and have no conLacL wlLh each
oLher.

1he manual process ls noL exempL of securlLy flaws,
corrupLed cusLodlans, Lyplng errors, eLc make Lhls
sysLem noL sulLable for Lhe Loday reallLy. ln Lhe lasL
few years, regulaLlons changes have enable Lhe
remoLe key loadlng uslng secure key exchange
followlng Lhe sLrlcLesL securlLy sLandards. ln splLe of
LhaL, Lhe archalc and resource-consumlng manual
process ls sLlll ln use ln a number of A1Ms neLworks
all over Lhe World.
lollowlng lLs commlLmenL Lo ensure flnanclal
lndusLry securlLy, 8ealsec developed Lhe flrsL Lruly
mu|t|-vendor soluLlon avallable ln Lhe markeL for
Lhe 8emoLe key Loadlng of lnlLlal MasLer keys.
CrypLosec 8kL soluLlon sulLs any A1M neLwork
Lopology supporLlng Lhe wldesL varleLy of A1M
manufacLurers, and boLh slgnaLures (ulebold,
Wlncor nlxford) and cerLlflcaLes (nC8). Some of
Lhese A1M manufacLurers offer Lhelr cllenLs cusLom
soluLlons for Lhelr A1Ms, buL Lhls approach does noL
flL Lhe requlremenLs of mosL of Lhelr cusLomers.
A1M neLworks rarely are bullL wlLh A1Ms from a
slngle vendor. CrypLosec 8kL supporL all ma[or
A1Ms global and local vendors such as D|ebo|d,
NCk, Iu[|tsu, W|ncor, 1r|ton or Itautec among
oLhers.

CrypLosec 8kL appllance wlll be place aL Lhe
processors' daLacenLer wlLhouL lnLerferlng wlLh Lhe
normal operaLlon of Lhe currenL core banklng
appllcaLlon, and wlll efflclenLly Lake care of all key
Load requesLs from Lhe A1Ms. Core banklng
appllcaLlon wlll sLlll recelve and process all oLher
LransacLlons comlng from Lhe A1M
CrypLosec 8kL enables A1M neLwork operaLors Lo
updaLe up to 2S00 A1M Master keys per hour wlLh
one slngle appllance, dramaLlcally reduclng
response Llmes ln case of emergency (ma[or
securlLy breach), mlnlmlzlng A1M Llme unavallable,
and maxlmlzlng resource savlngs.
1he flexlblllLy and scalablllLy of CrypLosec 8kL
enable A1M neLworks Lo growLh aL Lhe fasLesL pace.
8y slmply addlng more appllances, A1M operaLors
wlll able Lo handle Lhe blggesL A1M neLworks
wlLhouL Lroubles. CrypLosec 8kL ls currenLly used by
some of Lhe ma[or 8anks ln Lhe World, handllng key
Loadlng processes for over 100.000 A1Ms
worldwlde.


kea|sec Inc. | 303 1wln uolphln ur., 8edwood ClLy, CA 94063 | hLLp://www.realsec.com| [realseclnc
offlce: +1 (630) 632 4240 | fax: +1 (630) 403 0409 | sales[realsec.com
1echn|ca| Spec|f|cat|ons
SysLem ManagemenL luncLlonallLy and lnLerface
SofLware
Appllance lncludes fully lnLegraLed managemenL,
operaLlng sofLware and flrmware
Plgh level command lnLerface Lo slmpllfy and
sLreamllne lnLegraLlon
SofLware funcLlonallLy lncludes:
! ktCore: recelves and processes requesLs from
Lhe A1M for remoLe key load,
! ktIntefaces: communlcaLes wlLh exLernal
devlces lncludlng Lhe A1M. 8esponslble for
lmplemenLlng secure communlcaLlons
proLocols,
! ktCff|ce: managemenL of daLa and daLa bases
lncludlng reporL generaLlon and audlLlng,
! ktAdm|n: conLrol lnLerface / Cul for enLerlng
funcLlonal lnformaLlon by operaLor,
! ktAgent: A1M cllenL sofLware componenL LhaL
deLermlnes wheLher Lhere ls a need Lo lnlLlaLe a
processlng requesL.

key Loadlng luncLlonallLy
AuLomaLed lnlLlal key load Lransfer and valldaLlon
Lhrough publlc neLworks
AuLomaLed communlcaLlon of new key Lransfer and
valldaLlon Lo neLwork managemenL appllcaLlon
AuLomaLed reply Lo A1M-generaLed requesL for key
refresh

CrypLographlc CompaLlblllLles for key 1ransporLaLlon

1#22(%"3) ,(# 405&"3%62'
ALS (128, 192, 236 blL), SAlL8 (64, 128 blL)
uLS & 1rlple uLS (112, 168 blL)
4'#22(%"3) ,(# 78)"#$%3&8
8SA up Lo 4096 blLs
9/'6 :35('% 405&"3%62'
Mu3, 8lLMu (128, 160 blL)
SPA-1, SPA-236, SPA-312
+/8;&2 <=2>(" ?(8("/%&"
8nC ln accordance wlLh llS 186-2


SupporLed SLandards
L xlS 3.0
AnS x9.24-1
llS 140-2 Level 3 and Common CrlLerla LAL4+,
coverlng Lhe Pardware SecurlLy Module
Cl uSS

SysLem CompaLlblllLles
A1Ms uLlllzlng Wlndows x CS and 1C/l
communlcaLlon proLocol
CompaLlble wlLh all ma[or A1M vendors lncludlng:
NCk, W|ncor, D|ebo|d, Iu[|tsu, 1r|ton, Itautec and
more.
All ma[or daLabases LhaL supporL u8MS wlLh
concurrenL processes

Server Pardware
uual Clg-L (100/1000 Mbps) LLherneL connecLlons
SLandard 1C/l proLocol. (lor oLher proLocols such
as x.23, please conLacL 8ealsec.)
uual power supply for reslllence

A1M requlremenLs
Wlndows CperaLlve SysLem
xlS archlLecLure (mln. ver. 3.02)
1C/l connecLlvlLy

CperaLlng requlremenLs
Network|ng: uual Clg-L (100/1000 Mbps)
D|mens|on: 1u 19" rack
We|ght: 6.8 kg (13 lbs)
Cperat|ng 1emperature: 10C Lo 33C
Cperat|ng num|d|ty: 10 Lo 90 non-condenslng
Lnv|ronment 1emperature: -20C Lo 60C
ower: uual ower supply for reslllence
ower kequ|rements: AC 100 Lo 240v (30/60 Pz)
ower Consumpt|on: 100W




@ !"#$%&'() A!B C91DE )("%3F3)/%3&8'G

You might also like