RKL Remote key loading

The RKL software A RKL agent (software app) installed on ATMs. ATM Network A RKL agent (software app) installed on ATMs. A server app that communicates with the agent. A MS-SQL database. A web app that shows the information from the database. Device integration between the server and HSM. Key Loading Key Loading Key Loading

Benefits Cost effective solution PCI 3.0 compliant EPP Mode 3/ EPP Mode 4 compliant VISA Audit compliant Central management and administration of keys Secure transfer of symmetric keys to remote terminal client devices (ATMs) Uses hybrid RSA2048+AES256 encryption Uses hardware security module (HSM) for secure key storing and public key infrastructure (PKI) for transferring the initial master key Matches ATM’s ID/IP Protocol independent and multi-vendor support Integration with camera agent app and ABB (Anti Black-Box) Multi user web interface

RKL Server capabilities EPP status check EPP initialization EPP all keys deletion TMK injection RSA2048-AES256 encryption algorithm

How it works TMK RSA+AES256 TMK RKL Server KMS/HSM TMK Encrypted financial transaction Host Server

How it works After the initialization of the EPP, keys can be securely transferred. The process of key loading is as follows: 1. The Host requests HSM to generate a pair of TMK (Terminal Master Key) keys 2. The HSM generates and sends the requested TMK keys to the Host and the RKL Server 3. The RKL Server checks the ATM ID, IP and EPP status through the RKL Agent 4. The RKL Agent returns the status from the RKL Server and if the matching has been done, the process of keys exchange can begin 5. The RKL Server sends the TMK keys using RSA2048-AES encryption algorithm 6. The RKL Agent receives and decrypts the TMK keys and injects them into the EPP.

Architecture Host ATM Client 1 RKL Server Database Web interface ATM Client N HSM