Remote Loading of Initial ATM Keys
Typically, a new ATM has none of the fi nancial institution’s keys installed. Remote Key Loading refers to the pro- cess of loading Data Encryption Standard (DES) keys to Automated Teller Machines (ATMs) from a central admin- istrative site without the need for personnel to visit each machine to manually load DES keys. This has been done by manually loading each of the two clear text key parts individually and separately into ATMs. Manual entry of keys is one of the most
Remote Key Loading Benefits
•Provides a mechanism to load initial ATM keys without the need to send technical staff to ATMs
•Reduces downtime due to key entry errors
•Reduces service call and key management costs
•Improves the ability to manage ATM conversions and upgrades
Integrated Cryptographic Service Facility (ICSF), together with Crypto Express2, support the basic mechanisms in Remote Key Loading. The implementation offers a secure bridge between the highly secure Common Cryptographic Architecture (CCA) environment and the various formats and encryption schemes offered by the ATM vendors. The following ICSF services are offered for Remote Key loading:
•Trusted Block Create (CSNDTBC) This callable service is used to create a trusted block containing a public key and some processing rules.
•Remote Key Export (CSNDRKX) This callable service uses the trusted block to generate or export DES keys for local use and for distribution to an ATM or other remote device.
Refer to Application Programmers Guide,
Improved Key Exchange With Non-CCA Cryptographic
Systems
IBM Common Cryptographic Architecture (CCA) employs Control Vectors to control usage of cryptographic keys.
These enhancements are exclusive to System z10, and System z9 and are supported by z/OS and z/VM for z/OS guest exploitation.
38
