Manuals / Ingenico / Computer Equipment / Credit Card Machine

Ingenico 6500 manual Key Architecture, Overview

Models: 6500

1 126

Download 126 pages 28.49 Kb

Page 100

Chapter 9

Key Architecture

9.1Overview

This chapter is extracted from the document NAR System & Security Application (SSA) Software Architecture, Key Architecture section, revision 1.19.

Figure 4 on page 75 provides an overview of the Ingenico 6500’s key architecture. A default key is used for the highest level, Sponsor Key KTK (Key Transfer Key). Customers can change the sponsor key. Figure 4 shows the sponsor key under the terminal ID because the sponsor key is unique per terminal.

All keys indicated are loaded by the financial institution or authorized injection facility. The cryptographic keys must be injected into the i6500 terminal in a Key Secure Room. The KTK is the only key that can be transported in the clear between the Key Injection Utility and the device. The rest of the keys may be generated randomly, entered in the system as cryptograms, or entered by key parts using principles of both split knowledge and dual control.

Use a key injection utility, such as Ingenico’s WinKeyFac software program, to perform these functions and to set security options (see Security Options on page 77).

Financial keys (Master/Session and DUKPT) can be based on an application or a terminal. By default, all financial keys are based on an application, as shown in Figure 4. By changing the value of the Financial Key security option (see section 9.5.9 Financial Key Option on page 99), you can make all financial keys based on a terminal; however, this will erase all previously injected financial keys.

Some keys are segregated by application. The application number is part of the application name. Once the keys are injected, the application number is used as the application reference. When the application calls a cryptographic function, it passes the application reference as the application name. The SSA will check that the caller passes the application name, and from the name, it will determine the number that defines the injected key set.

Single-length DES keys have a length of 8 bytes. Double-length triple DES keys have a length of 16 bytes. The level of the specific key set indicates the position of the key set in the internal key hierarchy. For example, keys at Level 1 (sponsor keys) are loaded in clear text and sit at the top of the key hierarchy. Keys at Level 2 are loaded encrypted under the keys at Level 1. Keys at Level 3 are loaded encrypted under the keys at Level 2. Loading a key at a higher level will cause the erasure of all the related lower level keys. The following sections describe each key.

92	Chapter 9 Key Architecture
	Section 9.1 Overview

Image 100

Ingenico 6500 manual Key Architecture, Overview

Contents

Ingenico Page Table of Contents Chapter Supervisor Menu Diagnostic Menu Chapter Secure Certificate 100 Revision History Page Payment Types IntroductionTwo Terminal Models Connectivity About this ManualConventions Used in this Manual KitsJavaPOS Software Development Kit Unicapt 32 Software Development KitAccessing the Extended Menu Extended Menu OverviewOverview Navigating the Extended MenuFinding the Current Setting Finding Options in the Extended MenuIbmeft Ncreft COM2Gems COM2 COM3 DhcpCOM1 COM2 COM3 USB SAMExtended Menu Overview System Configuration Menu System ConfigChanging the Date and Time YYYY/MM/DDEnable/Disable Beep Tones Changing the Display ContrastChanging the Beep Tones Display ContrastBeep Tone Status Changing the Beep LengthBeep Length Tone Changing the Beep TonesMidtone Setting Backlight to Off When Idle System Configuration Updating BacklightTurning the Backlight On or Off Turning the Backlight On or OffIdle Timeouts Idle TimeoutBacklight System Info Menu Finding Version NumbersSystem Info VersionsChecking the Security Information Security InfoSecurity Info XxxxxxxxxRAM Info RAM InfoViewing All Parameter Values DisplayActionView Parameter IngnarIbmeft OFFNone ETH Dhcp NONE/AUTO Auto Ingenico 6500 User’s Guide Changing the Supervisor Menu Password Supervisor Menu PasswordSupervisor Menu Reading the Application File Application File in TerminalSupervisor Menu Erasing the Application File File MenuRead EraseSetting the Key Injection Port SecurityInjecting Keys Setting the Key IndexInject Keys Setting the Application Number Index SelectXApp SelectAAAA Finding the Key Check Value Terminal KeysApp Select Finding the Key Check Value Application Keys Application Keys Application KeysAPP1 APP2 Erasing Application Keys Erase App KeysErase App Keys Erase App Keys?System Parameters Injecting a Serial NumberSetting the Download Method System Parameters MenuSys Parameters Download MethodSelecting the Download Port Download PortDownload Port Port1Selecting the Download Interface Type Setting Up the PortPortX Setting the Baud Rate Setup PortPort Baud RateData Bits Setting the Data BitsData Bits Setting the Stop Bits Set PortStop Bits Stop BitsParity Setting the ParityParity LAN Address Defining the LAN AddressLAN Address Retry Count Setting the Retry CountRetry Count Response TMO Setting the Response TimeoutResponse TMO Poll TMO Setting the Poll TimeoutPoll TMO Turnaround TMO Setting the Turnaround TimeoutTurnaround TMO Port3 Defining the Dhcp AddressPort3 Local IP Defining the Local IP AddressLocal IP Local IP Port Setting the Local IP Port NumberLocal IP Port Defining the Server IP Address Server IPSetting the Server IP Port Number Server IP PortIP Add Mask Masking Your IP AddressXXX.XXX.XXX.XXX Setting the Gateway GatewayGateway Updating…Primary DNS Setting the Primary DNSPrimary DNS Secondary DNS Setting the Secondary DNSSecondary DNS Setting the Domain Name Setting Up the Phone Number to DialDial Dial Phone NumSetting Up the Modem Speed Modem SpeedChanging the Position of the Host Port or Aux Port Host Port Aux PortConfiguring the Host Port Auto Detect Feature Disabling or Enabling the Auto Detect FeatureAuto Detect AD On/OffAD Timeout Setting the Auto Detect TimeoutAD Timeout AD Retry Times Setting the Auto Detect Retry TimesAD Retry Times Editing Parameters Parameter EditorParameter Name Description Value Data ParlcdcontrastPareftllevelnum Rescommrecerror Parameter NameResbdlcfsdwnerror PARCOM1BAUDRATE PARCOM1INTERFACET PARCOM2PARITY PARCOM3BAUDRATE Parethgateway Parapplcomment Diagnostic Menu Testing the Display ContrastDiagnostic Menu Diagnostic MenuTesting the Keypad Testing the BeeperKeypad KeypadTesting the RS232 Connection BeeperRS232 RS232Testing the RS485 Tailgate Connection TailgateTesting the USB Port USB DiagnosticTesting the Magnetic Stripe Reader Mag Stripe ReaderTesting the Smart Card Reader Smart Card ReaderTesting the SAMs Testing the Touch Screen Touch ScreenTesting Signature Capture Extended Menu Press , Enter to select Diagnostic MenuDiagnostic Menu Press , Enter to select Signature Capture Signature CaptureTesting Pen Calibration Pen CalibrationTesting Finger Calibration Finger CalibrationSCV Verification Architecture System ArchitectureHost Connections Terminal ArchitectureOperating System Maintenance Application System and Security ApplicationTransmitting Data DigitizerUser Application Download File Architecture Key Architecture Sponsor Key KTK Terminal Based KeysKey Name Index Length Description of KeyApplication Based Keys Special KeysMaster Keys Key Name Description of KeySecurity Options Session KeysDukpt Keys WtpkPrompts Authentication Key Options Change Terminal ID OptionPrompt MACing Possible Values DescriptionDouble-Length Key MAC Calculation Code MACingPossible Encryption Description Values Atalla Key Block Protection Option Visa PED Mode OptionTerminal Startup Verify MAC Option Financial Key Option Secure Certificate Secure CertificateSecuring Process Ingenico 6500 User’s Guide 101 Secure Certificate Descriptor Sections Secure Certificate MAC Descriptor SectionVisa PED Mode Descriptor Section Possible Description ValuesApplication Descriptor Section SHA1+MACSecure File Descriptor Section 106 Non-Secure File Descriptor Section Applname filename.ext class existenceDelete Data File Descriptor Section Delete Application Code File Descriptor SectionDelete Whole Application Descriptor Section Ibmeft Download PrerequisitesPreparation TimingOutline of Download Process Steps FeedbackIngenico 6500 User’s Guide 111 112 Download Errors Error Opening PortHardware settings in the Ingenico 6500 have been changed Communications port is not workingReceived 3 NAKs or Timeout SendVISAPacket Default Setup Configuration Error Bad ProgCRC Error Configuration Default ValueComm Receive Error Not Enough DFS SpaceCard Read Error1 IBM EFT TroubleshootingEFT Device Not Available EFT Device Not Available During Check Authorization