Dicuss ATM and CRM Machine Security Mechanism 2022
ATM Machine Security Mechanism
This chapter provides information on the following topics :
Personal Identification Number (PIN) :
1.PIN Verification
2.Encryption Keys
3.Encryption Key Entry Procedures
4.Financial Institution Table (FIT)
Message Authentication:
Basic terms and concepts
1.Algorithm:
An algorithm is a structured mathematical procedure for solving a specific problem. The DES algorithm is designed to encrypt and decrypt blocks of data. The DES algorithm is not confidential and can be obtained by the general public. The keys used as part of the algorithm are what provides the confidentiality.
2. Data Encryption Standard (DES):
The Data Encryption Standard (DES) specifies an algorithm to be used in electronic hardware devices for the purpose of cryptographic protection of computer data. This standard has been established by the federal government to provide some consistency in data security.
3. Encryption Keys:
Encryption keys are numbers that are used as part of the PIN verification process and also for encrypting messages to and from the terminals. It is important that these keys are kept secret. Because the DES algorithm is available to the general public, the keys must be kept secret to ensure the confidentiality of the data being encrypted.
4. Personal Identification Number (PIN):
The Personal Identification Number (PIN) is the consumer's way of verifying his or her identity as established by an activator card. By entering this PIN, the customer is identified and can access the applicable accounts.
5. PIN Verification :
PIN verification is the method of ensuring that the PIN entered on the ATM is the proper PIN for the card inserted in the ATM. Provided that the PIN has been kept a secret by the customer, this should ensure that the person using the card is the cardholder. PIN can be verified by local or by network.
6. Financial Institution Table (FIT):
The Financial Institution Table (FIT) provides the following items to the network:
l Capacity of using multiple card formats and multiple institutions
l The type of PIN verification
l The encryption key to use to encrypt a PIN sent to the network
l Control of the transaction sequence of the terminal
FIT can also be used to allow the institutions to define the exact operation flow of the terminal. This is done by supplying state flow through the FIT.
7. Message Authentication:
Message authentication provides a method of ensuring that messages sent back and forth between the terminal and the network are authentic and have not been tampered with.
8. Network PIN Verification :
Network PIN verification requires that the PIN be padded to 16 digits and encrypted before sending it to the network. The terminal can encrypt the consumer-entered PIN once or twice, then send it to the network with the unencrypted PAN and offset. The PIN may be sent unencrypted, but this is recommended only for system testing. When the encrypted PIN reaches the verification point in the network, a single (or double) decryption restores the consumer-entered PIN. The remaining steps then follow the flow in Figure 2-2. However, the institution may choose to verify the encrypted PIN without performing decryption. This can be done by comparing the encrypted PIN to a table of encrypted PIN values (using the PAN as a table look-up key).
For remote PIN verification with DSM, the PIN sent to the network is usually in two different forms. They are as follows:
l ANSI X9.8 PIN/PAN Block
l Diebold PIN Block / IBM 3624 PIN BLOCK
The terminal encrypts the block and sends it to the network. The network then handles the PIN verification. The FIT field PMXPN tells the terminal which form to use.
ANSI PIN/PAN Block
The ANSI PIN/PAN block is a 16-hex digit block that contains the result of exclusively Oring the ANSI PIN block and the Primary Account Number (PAN) block.
The ANSI PIN block is 16 hex digits and appears as follows:
The PAN block is 16 hex digits and appears as follows:
The pad digits are always hex 0. The PAN digits are the least significant digits of the PAN. The number of digits is determined by the FIT parameters PANLN, PANDX, and PINDX. If the PAN digits are less than 12, hex 0s are used to fill the remaining slots.
The PIN block and PAN block are then exclusively ORed together to create the PIN/PAN block. This block is then encrypted according to the FIT field PINPD and sent to the network.
7. Diebold/IBM 3624 PIN Block:
The Diebold or IBM 3624PIN block is 16 hex digits and appears as follows:
8. DES Key Definitions :
All DES encryption keys have 64 bits (or eight bytes). The actual key data occupies 56 bits. The remaining eight bits are for parity error checking. See Federal Publication FIPS PUB 46, January 1977. The first 56 bits of a DES key govern access to a set of permutation tables (the DES mathematical process or algorithm). The eight parity bits permit the electronic hardware to check for errors (key integrity).
There are five standard designations for the DES keys used:
l Initial Master Key (A KEY)
l Initial Communication Key (B KEY)
l Downloaded Master Key
l Downloaded Communication Key
l Encrypted PIN key (PEKEY)
9. Initial Master Key :
Institution personnel manually enter this key at the terminal's DES entry keyboard. They usually enter the A key after equipment installation or maintenance related to DES entry. The terminal retains the A key as the initial Master key; it may be replaced by a new Master key sent to the terminal in a customization command message. The A key value is lost when a new Master key arrives.
10. Initial Communication Key:
Institution personnel manually enter this key during the same session as the A key. The terminal retains the B key as the initial Communications (COM) key. A customization command message sends a new COM key and the B key becomes the Backup COM key. The B key becomes the COM key again at restart, after a power failure, or at any selected time by sending an appropriate customization command Message to the terminal. The B key is retained during a power failure.
11. Downloaded Master Key :
Institution personnel can down-line load a Master key to the terminal after the A key is entered. The Master Key is decrypted by the A key and then replaces the A key. If the terminal is multi-institutional, the Master Key is common to all member institutions. The Master key may be changed by sending an update in a customization command message. A new Master key sent down line would be decrypted by the previous Master key and then replace the previous Master key. The primary function of the Master key is to decrypt the Encrypted PIN key (PEKEY) so that a consumer-entered PIN may be verified. However, if the PEKEY is not required, the Master key can also be used for this purpose. If a power failure occurs, the terminal retains the most recent Master key after power is restored to the terminal.
12. Downloaded Communications (COM) Key:
Institution personnel may send a COM key to the terminal after entry of the B key. The COM key can be encrypted by either the Master key or the current COM key. The COM key supersedes the B key. The primary function of the COM key is to encrypt PIN information transmitted to or from the terminal. Thus, the same communications key is common to every institution using the terminal. The COM key may be changed by sending an update in a customization command message. If a power failure occurs, the COM key is lost; the B key becomes the COM key after power is restored to the terminal.
13. Encrypted PIN Key (PEKEY):
The Encrypted PIN key is the basis for converting a consumer's account number into a generated PIN for DES terminal PIN verification. In a multi-institutional setting, each institution will probably have a unique PIN key. The only situation that they wouldn't have a unique PEKEY would be if the Master key was used to generate the institution's PINs rather than a PEKEY. Moreover, each PIN key is encrypted using the common Master key, and then placed in the appropriate FIT (becomes PEKEY). (The PIN key can be equal to the Master key.)
13. Key Change Consideration:
There are several reasons an institution (or member institution) may desire a key change. These reasons are as follows:
l To perform a periodic (or randomly) selected schedule of key changes; the COM key is the key most frequently changed
l To ensure security when an employee with knowledge of keys (or half keys) terminates employment
l To ensure security when there is evidence of tampering with terminals, controllers, host computer, or data lines
Once the institution decides to change keys, there are four possible levels for change:
l A key and B key
l COM key
l Master key and Encrypted PIN key
l MAC key
To change the A key and B key, enter the new keys at the DES entry keyboard of each terminal.
To change the COM key, the new key is sent down-line in a customization command message. The choices with this command are as follows:
l Send new COM key encrypted by current Master key
l Send new COM key encrypted by current COM key
l Replace COM key with B key
The COM key change protects transmission of consumer PINs to the network.