Remote Key Load Simplifies Secure Key Management
Sagem Denmark, an Ingenico Group Company, the world’s leading provider of payment solutions today announces the launch of Remote Key Load (RKL), a fully automatic exchange of 3DES master keys for maintaining the high level of security of ATMs, mitigating the need for human intervention.
The continuous effort of keeping ATMs secure is growing increasingly expensive. The battle to keep ATMs locked down and protected from criminals has become more complicated with the requirement for PINs to boost 3DES encryption using unique keys.
These additional requirements have added to the cost and complexity of key management by necessitating longer keys and more hands‐on interaction. For example, traditional key loading requires two different employees to visit each individual ATM to enter the parts of the master key. In addition to increased personnel costs, this method also doubles the potential for error.
Remote Key Load, or RKL, technology eliminates these concerns. According to Lars Clausen, Vice President of Sagem Denmark, “As long as a system meets some basic requirements, installing the first 3DES master key is a matter of connecting the ATM to the host via regular channels and running the Remote Keyload Protocol. The installation takes place in about 10 seconds — without the need for human involvement.”
According to Sagem Denmark, these basic requirements include: the ATM, host‐ATM protocol, ATM’s EPP and the host’s HSM must all support RKL; the host must have a host key pair and a suitable certificate on the public key; and the EPP must have two key pairs with corresponding certificates. Sagem Denmark will assist and support the customer with a correct and efficient implementation of the RKL solution.
In addition to cutting costs and simplifying key management, RKL also incorporates several security features. One such benefit is Mutual Authentication, which means the host and the EPP can verify each other in the same operation. Other advantages include protection against reinstallation of old key values, encrypted transport of the master key, and a cryptographically signed message after a successful key transfer.