SlideShare une entreprise Scribd logo

Futurex SKI9000 Secure Key Injection Solution Overview

G
Greg Stone

Futurex provides encryption solutions including the SKI9000 device for direct key injection. The SKI9000 allows loading keys securely into up to sixteen POS terminals or ATM PIN pads at once using a graphical interface. It stores keys as encrypted cryptograms for security and supports DUKPT key standards. Futurex helps customers comply with regulations by providing expertise on secure key injection rooms and key management.

TechnologieBusiness
1  sur  17
Futurex Solutions Overview SKI9000 Direct Key Injection Solution
Agenda • About Futurex • SKI Series Overview • Security Features • Regulatory Compliance • DUKPT Key Injection Overview • Contact Details
Futurex. An Innovative Leader in Encryption Solutions. • For over 30 years, more than 15,000 customers worldwide have trusted Futurex solutions to protect their highly sensitive data • Hardware-based solutions with diverse applications in electronic payments and general-purpose data security • Entrepreneurial culture, fostering agility and innovation in the development of hardware encryption solutions with cross- platform, multidimensional applications • Results-oriented engineering team based entirely out of our U.S. Technology Campus, with significant experience delivering First-to-Market Customer Initiatives
SKI Series – Secure Key Injection Futurex SKI Series ATM PIN Pads Key Comp 2 Point of Sale Terminals Secure Injection Facility Cost Effective •Inject up to sixteen POS terminals or ATM PIN pads at a time •Graphical user interface reduces training and administration costs Versatile •Supports most major terminal manufacturers and most key types, including Master/Session and 3DES DUKPT •Provides detailed audit records and the ability to generate key reports Key Comp 1
Why Did Futurex Develop the SKI Series? • Adoption of ASC X9.24 - Part 1, which mandates the use of hardware-based encryption devices, by the major card brands has made it no longer acceptable to use software-based encryption to protect payment keys. • Existing key injection solutions are limited in capability and are outdated, often lacking support for multiple terminal manufacturers and a graphical user interface. • Storing keys as cryptograms or in a Tamper-Resistant Security Module (TRSM) dramatically reduces the risk of key exposure. • As key usage expands, the complexity of managing and tracking keys increases.
SKI Series Features • Eliminates the costly manual process of loading multiple keys • Supports all major key types • Prints labels with device ID and key serial number for convenient tracking • Scalable to perform up to sixteen injections at once • Easy-to-use GUI significantly reduces training and administration costs • Keys exportable to the Futurex RKMS Series Remote Key Management Server
Security Features Physical Security • Two independent front panel locks protected by individual barrel keys that are highly resistant to picking and/or duplication • CD-ROM drive hidden behind front panel • “Puzzle Box” design with hardened steel casing and interlocking components • TRSM with epoxy barrier and sensor wires to protect processor and system memory • Serial ports connected directly to TRSM Logical Security • Dual logins required to access application • User group permissions control privileges within application • Keys stored as cryptograms under MFK or KEK • Key component entry occurs in separate steps, each with individual check digit display • Complete, authenticated audit log files of all activity and access • Standard reports and customizable queries from audit log files
Additional Features and Benefits Feature Benefit Supports easy, compliant direct key loading into POS terminals - Provides flexibility in key loading operations - Reduces training for key loaders - Reduces errors and re-work Loads keys directly from a FIPS 140-2 Level 3-certified Tamper Resistant Security Module (TRSM) - Meets new industry requirements for secure key injection - Improves the security of your online transactions POS terminal keys to be injected can be stored on the hard drive as cryptograms - It is not necessary to re-enter the key for each injection, dramatically improving total injection speed Detailed audit records and ability to easily generate reports from these records - Ability to easily manage internal and external TR-39 audits Easy to use Graphical User Interface (GUI) - Reduces training requirements for key loaders - Reduces errors and re-work
Regulatory Compliance – Secure Room • Required for any organization that must undergo a TR-39 audit • Secure room requirements: o Mandatory dual access o No connection to outside networks o Auditable use and visitor logs o Access restricted to authorized personnel • How does the secure room apply to Point of Sale terminal manufacturers? o Clear keys must be loaded within a secure room o Certificate authorities must be generated, stored, and managed within a secure room • Futurex’s CTGA-certified Solutions Architects have secure room expertise and can provide training assistance in the design and implementation process
Overview – DUKPT Key Injection
DUKPT Features • DUKPT (Derived Unique Key Per Transaction) ensures that a different key is used for every transaction • A DUKPT key consists of two parts: – BDK (Base Derivation Key), the working key that is used for encryption – KSN (Key Serial Number), the unique serial number that is injected into each device • After every transaction, a new DUKPT key is derived from the incremented KSN which is used to encrypt the PIN SKI Series Point of Sale Terminals Secure Injection Facility BDK KSN
Overview – DUKPT Key Injection SKI Series POS Terminal Secure Room The SKI Series is fully compliant with the Triple-DES DUKPT standard and is capable of automatically deriving unique IDs for each terminal injected. This is designed to maintain high injection throughput and requires an absolute minimum of configuration and input from key officers Key Comp(BDK) 2 Key Comp(BDK) 1 KSN Point of Sale Host/Bank Excrypt™ SSP Series Hardware Security Module (HSM)
Key Serial Number • The Key Serial Number (KSN) is the unique serial number that is injected into each POS terminal • The KSN consists of five parts concatenated together – Issuer Identification Number • Unique per issuer – Customer ID Number – Group Identifier Number – Unique Device ID • Incremented after every device injection – Transaction Counter • Incremented after every transaction • The KSN ensures that all transactions use a unique key which has been derived from the original BDK
Overview – DUKPT Key Injection SKI Series POS Terminal Secure Room From within a secure room or facility, the Base Derivation Key (BDK) and Key Serial Number (KSN) are loaded onto the SKI Series. To ease the process of loading multiple keys on multiple different terminals, the device is designed with a cryptogram export and import feature. Key Comp(BDK) 2 Key Comp(BDK) 1 KSN Once the BDK and the KSN have both been loaded, the POS terminal can be injected via the point-and-click GUI. The KSN will also increment automatically when keys are shared between multiple terminal types. KSN Components Bit Range Byte Range ID Definition 1-24 1-3 IIN Issuer Identifier Number 25-32 4 CID Customer ID Number 32-40 5 GID Group Identifier Number 41-59 6-~8 DID Unique Device ID 60-80 ~8-10 TC Transaction Counter
Overview – DUKPT Key Injection Once injected, the POS terminals can be instantly deployed into a production environment. The KSN will automatically increment after each transaction, ensuring compliance with the ANSI X9.24 regulations requiring the use of DUKPT. Point of Sale Host/Bank Excrypt™ SSP Series Hardware Security Module (HSM) Host Database
Futurex SKI9000 – Key Exchange Process Flow Diagram This procedure outlines the process by which users may export keys from an external host and import them into the SKI9000, encrypted under a mutually-shared Key Exchange Key (KEK). Futurex SKI9000 External Host Generate Key Exchange Key (KEK) Export KEK Components* *If desired, the generation and export of KEK components may also be performed on the SKI9000 and imported into the external host instead. This functionality requires the SKI9000 Key Generation Add-On Module. Insert KEK via Hosts/Networks Menu Translate Base Derivation Keys (BDK) to Encryption Under KEK Export Key Cryptograms Import Key Cryptograms
Contact Us Visit http://www.futurex.com for more information Greg Stone Sr. Product Marketing Engineer, Enterprise Sales and Virtual Markets Direct: +1 830-980-9782 x1316 Mobile: +1 210-287-2729 gstone@futurex.com

Recommandé

Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
HSM (Hardware Security Module)
HSM (Hardware Security Module)HSM (Hardware Security Module)
HSM (Hardware Security Module)Umesh Kolhe
 
Authentication
AuthenticationAuthentication
Authenticationprimeteacher32
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic TrainingMd. Budrul Hasan Bhuiyan
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...Alex Tan
 
Kerberos
KerberosKerberos
KerberosRafatSamreen
 

Recommandé

Key management
Key managementKey management
Key managementBrandon Byungyong Jo
 
Trusted Platform Module (TPM)
Trusted Platform Module (TPM)Trusted Platform Module (TPM)
Trusted Platform Module (TPM)k33a
 
HSM (Hardware Security Module)
HSM (Hardware Security Module)HSM (Hardware Security Module)
HSM (Hardware Security Module)Umesh Kolhe
 
Authentication
AuthenticationAuthentication
Authenticationprimeteacher32
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
HSM Basic Training
HSM Basic TrainingHSM Basic Training
HSM Basic TrainingMd. Budrul Hasan Bhuiyan
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...Alex Tan
 
Kerberos
KerberosKerberos
KerberosRafatSamreen
 
Token-based uthentication
Token-based uthenticationToken-based uthentication
Token-based uthenticationWill Adams
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID AccessMarketingArrowECS_CZ
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 
SIP over TLS
SIP over TLSSIP over TLS
SIP over TLSHossein Yavari
 
Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Digicomp Academy AG
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge Devices
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge DevicesMIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge Devices
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge DevicesMIPI Alliance
 
DIGITAL SIGNATURE
DIGITAL SIGNATUREDIGITAL SIGNATURE
DIGITAL SIGNATUREravijain90
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherGopal Sakarkar
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
 
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APU
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APUHot Chips: AMD Next Gen 7nm Ryzen 4000 APU
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APUAMD
 
HSM Key change flow using thales
HSM Key change flow using thalesHSM Key change flow using thales
HSM Key change flow using thalesGalih Lasahido
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesSimmi Kamra
 
Cours- Sécurité des réseaux
Cours- Sécurité des réseaux Cours- Sécurité des réseaux
Cours- Sécurité des réseaux Yassmina AGHIL
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesBuddhika Karunanayaka
 
Difference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital CertificateDifference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital CertificateAboutSSL
 
OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methodssana mateen
 
RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCCHARGE Anywhere
 
Snort
SnortSnort
SnortMichael Boman
 

Contenu connexe

Tendances

Token-based uthentication
Token-based uthenticationToken-based uthentication
Token-based uthenticationWill Adams
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementationAkash Jadhav
 
Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Digicomp Academy AG
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge Devices
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge DevicesMIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge Devices
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge DevicesMIPI Alliance
 
DIGITAL SIGNATURE
DIGITAL SIGNATUREDIGITAL SIGNATURE
DIGITAL SIGNATUREravijain90
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherGopal Sakarkar
 
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APU
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APUHot Chips: AMD Next Gen 7nm Ryzen 4000 APU
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APUAMD
 
HSM Key change flow using thales
HSM Key change flow using thalesHSM Key change flow using thales
HSM Key change flow using thalesGalih Lasahido
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Digital certificates
Digital certificatesDigital certificates
Digital certificatesSimmi Kamra
 
Cours- Sécurité des réseaux
Cours- Sécurité des réseaux Cours- Sécurité des réseaux
Cours- Sécurité des réseaux Yassmina AGHIL
 
Difference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital CertificateDifference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital CertificateAboutSSL
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methodssana mateen
 

Tendances (20)

Token-based uthentication
Token-based uthenticationToken-based uthentication
Token-based uthentication
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
 
Advanced cryptography and implementation
Advanced cryptography and implementationAdvanced cryptography and implementation
Advanced cryptography and implementation
 
SIP over TLS
SIP over TLSSIP over TLS
SIP over TLS
 
Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6Citrix Day 2014: XenApp / XenDesktop 7.6
Citrix Day 2014: XenApp / XenDesktop 7.6
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge Devices
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge DevicesMIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge Devices
MIPI DevCon 2021: MIPI D-PHY and MIPI CSI-2 for IoT: AI Edge Devices
 
DIGITAL SIGNATURE
DIGITAL SIGNATUREDIGITAL SIGNATURE
DIGITAL SIGNATURE
 
Cryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar CipherCryptography and Encryptions,Network Security,Caesar Cipher
Cryptography and Encryptions,Network Security,Caesar Cipher
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APU
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APUHot Chips: AMD Next Gen 7nm Ryzen 4000 APU
Hot Chips: AMD Next Gen 7nm Ryzen 4000 APU
 
HSM Key change flow using thales
HSM Key change flow using thalesHSM Key change flow using thales
HSM Key change flow using thales
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Cours- Sécurité des réseaux
Cours- Sécurité des réseaux Cours- Sécurité des réseaux
Cours- Sécurité des réseaux
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Difference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital CertificateDifference Between Digital Signature vs Digital Certificate
Difference Between Digital Signature vs Digital Certificate
 
OpenSSL
OpenSSLOpenSSL
OpenSSL
 
Authentication methods
Authentication methodsAuthentication methods
Authentication methods
 

En vedette

RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCCHARGE Anywhere
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemDevil's Cafe
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]SISA Information Security Pvt.Ltd
 
Improving intrusion detection system by honeypot
Improving intrusion detection system by honeypotImproving intrusion detection system by honeypot
Improving intrusion detection system by honeypotmmubashirkhan
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Securityprimeteacher32
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortDisha Bedi
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortDisha Bedi
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)shraddha_b
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemAparna Bhadran
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 

En vedette (20)

RBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWCRBMovil Powered by CHARGE Anywhere: MWC
RBMovil Powered by CHARGE Anywhere: MWC
 
Snort
SnortSnort
Snort
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Snort ppt
Snort pptSnort ppt
Snort ppt
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Database Firewall with Snort
Database Firewall with SnortDatabase Firewall with Snort
Database Firewall with Snort
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]Essential Guide to Protect Your Data [Key Management Techniques]
Essential Guide to Protect Your Data [Key Management Techniques]
 
Hcl
HclHcl
Hcl
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
 
Improving intrusion detection system by honeypot
Improving intrusion detection system by honeypotImproving intrusion detection system by honeypot
Improving intrusion detection system by honeypot
 
Computer and Network Security
Computer and Network SecurityComputer and Network Security
Computer and Network Security
 
Snort IDS/IPS Basics
Snort IDS/IPS BasicsSnort IDS/IPS Basics
Snort IDS/IPS Basics
 
Industrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using SnortIndustrial Training - Network Intrusion Detection System Using Snort
Industrial Training - Network Intrusion Detection System Using Snort
 
Network Intrusion Detection System Using Snort
Network Intrusion Detection System Using SnortNetwork Intrusion Detection System Using Snort
Network Intrusion Detection System Using Snort
 
Wireshark
WiresharkWireshark
Wireshark
 
Intrusion Detection System(IDS)
Intrusion Detection System(IDS)Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 

Similaire à Futurex SKI9000 Secure Key Injection Solution Overview

Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axel de Blok
 
secure-manager-introduction-v1.pdf
secure-manager-introduction-v1.pdfsecure-manager-introduction-v1.pdf
secure-manager-introduction-v1.pdfssuser64a562
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From FuturexGreg Stone
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
Pico-ITX vs. Q7 & SMARC form factors
Pico-ITX vs. Q7 & SMARC form factorsPico-ITX vs. Q7 & SMARC form factors
Pico-ITX vs. Q7 & SMARC form factorsVIA Embedded
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...
Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...
Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...Moschip
 
RTOS based Confidential Area Security System
RTOS based Confidential Area Security SystemRTOS based Confidential Area Security System
RTOS based Confidential Area Security Systemajinky gadewar
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaYashi Italia
 
Keri Training ADI Presentation
Keri Training ADI PresentationKeri Training ADI Presentation
Keri Training ADI Presentationkeriwebmaster
 
Prez ispay 2014_us
Prez ispay 2014_usPrez ispay 2014_us
Prez ispay 2014_usEmma Garnier
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclavewolfSSL
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Vindicator Overview
Vindicator OverviewVindicator Overview
Vindicator Overviewdp3b58
 

Similaire à Futurex SKI9000 Secure Key Injection Solution Overview (20)

Quantum brochure
Quantum brochureQuantum brochure
Quantum brochure
 
System 6000
System 6000System 6000
System 6000
 
Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16Axessor_Brochure_US_04-16
Axessor_Brochure_US_04-16
 
secure-manager-introduction-v1.pdf
secure-manager-introduction-v1.pdfsecure-manager-introduction-v1.pdf
secure-manager-introduction-v1.pdf
 
P2PE Solutions From Futurex
P2PE Solutions From FuturexP2PE Solutions From Futurex
P2PE Solutions From Futurex
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
Pico-ITX vs. Q7 & SMARC form factors
Pico-ITX vs. Q7 & SMARC form factorsPico-ITX vs. Q7 & SMARC form factors
Pico-ITX vs. Q7 & SMARC form factors
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
 
UTM Appliance Fact Sheet
UTM Appliance Fact SheetUTM Appliance Fact Sheet
UTM Appliance Fact Sheet
 
Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...
Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...
Semiconductor Design Services, IoT Solutions, IoT Consulting, IoT Solutions a...
 
RTOS based Confidential Area Security System
RTOS based Confidential Area Security SystemRTOS based Confidential Area Security System
RTOS based Confidential Area Security System
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
 
Keri Training ADI Presentation
Keri Training ADI PresentationKeri Training ADI Presentation
Keri Training ADI Presentation
 
Prez ispay 2014_us
Prez ispay 2014_usPrez ispay 2014_us
Prez ispay 2014_us
 
FIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure EnclaveFIPS 140-2 Validations in a Secure Enclave
FIPS 140-2 Validations in a Secure Enclave
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Atlas brochure
Atlas brochureAtlas brochure
Atlas brochure
 
Vindicator Overview
Vindicator OverviewVindicator Overview
Vindicator Overview
 
PKI-In-A-Box
PKI-In-A-BoxPKI-In-A-Box
PKI-In-A-Box
 
Phytec_Intro_092018
Phytec_Intro_092018Phytec_Intro_092018
Phytec_Intro_092018
 

Dernier

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Dernier (20)

What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

Futurex SKI9000 Secure Key Injection Solution Overview

  • 2. Agenda • About Futurex • SKI Series Overview • Security Features • Regulatory Compliance • DUKPT Key Injection Overview • Contact Details
  • 3. Futurex. An Innovative Leader in Encryption Solutions. • For over 30 years, more than 15,000 customers worldwide have trusted Futurex solutions to protect their highly sensitive data • Hardware-based solutions with diverse applications in electronic payments and general-purpose data security • Entrepreneurial culture, fostering agility and innovation in the development of hardware encryption solutions with cross- platform, multidimensional applications • Results-oriented engineering team based entirely out of our U.S. Technology Campus, with significant experience delivering First-to-Market Customer Initiatives
  • 4. SKI Series – Secure Key Injection Futurex SKI Series ATM PIN Pads Key Comp 2 Point of Sale Terminals Secure Injection Facility Cost Effective •Inject up to sixteen POS terminals or ATM PIN pads at a time •Graphical user interface reduces training and administration costs Versatile •Supports most major terminal manufacturers and most key types, including Master/Session and 3DES DUKPT •Provides detailed audit records and the ability to generate key reports Key Comp 1
  • 5. Why Did Futurex Develop the SKI Series? • Adoption of ASC X9.24 - Part 1, which mandates the use of hardware-based encryption devices, by the major card brands has made it no longer acceptable to use software-based encryption to protect payment keys. • Existing key injection solutions are limited in capability and are outdated, often lacking support for multiple terminal manufacturers and a graphical user interface. • Storing keys as cryptograms or in a Tamper-Resistant Security Module (TRSM) dramatically reduces the risk of key exposure. • As key usage expands, the complexity of managing and tracking keys increases.
  • 6. SKI Series Features • Eliminates the costly manual process of loading multiple keys • Supports all major key types • Prints labels with device ID and key serial number for convenient tracking • Scalable to perform up to sixteen injections at once • Easy-to-use GUI significantly reduces training and administration costs • Keys exportable to the Futurex RKMS Series Remote Key Management Server
  • 7. Security Features Physical Security • Two independent front panel locks protected by individual barrel keys that are highly resistant to picking and/or duplication • CD-ROM drive hidden behind front panel • “Puzzle Box” design with hardened steel casing and interlocking components • TRSM with epoxy barrier and sensor wires to protect processor and system memory • Serial ports connected directly to TRSM Logical Security • Dual logins required to access application • User group permissions control privileges within application • Keys stored as cryptograms under MFK or KEK • Key component entry occurs in separate steps, each with individual check digit display • Complete, authenticated audit log files of all activity and access • Standard reports and customizable queries from audit log files
  • 8. Additional Features and Benefits Feature Benefit Supports easy, compliant direct key loading into POS terminals - Provides flexibility in key loading operations - Reduces training for key loaders - Reduces errors and re-work Loads keys directly from a FIPS 140-2 Level 3-certified Tamper Resistant Security Module (TRSM) - Meets new industry requirements for secure key injection - Improves the security of your online transactions POS terminal keys to be injected can be stored on the hard drive as cryptograms - It is not necessary to re-enter the key for each injection, dramatically improving total injection speed Detailed audit records and ability to easily generate reports from these records - Ability to easily manage internal and external TR-39 audits Easy to use Graphical User Interface (GUI) - Reduces training requirements for key loaders - Reduces errors and re-work
  • 9. Regulatory Compliance – Secure Room • Required for any organization that must undergo a TR-39 audit • Secure room requirements: o Mandatory dual access o No connection to outside networks o Auditable use and visitor logs o Access restricted to authorized personnel • How does the secure room apply to Point of Sale terminal manufacturers? o Clear keys must be loaded within a secure room o Certificate authorities must be generated, stored, and managed within a secure room • Futurex’s CTGA-certified Solutions Architects have secure room expertise and can provide training assistance in the design and implementation process
  • 10. Overview – DUKPT Key Injection
  • 11. DUKPT Features • DUKPT (Derived Unique Key Per Transaction) ensures that a different key is used for every transaction • A DUKPT key consists of two parts: – BDK (Base Derivation Key), the working key that is used for encryption – KSN (Key Serial Number), the unique serial number that is injected into each device • After every transaction, a new DUKPT key is derived from the incremented KSN which is used to encrypt the PIN SKI Series Point of Sale Terminals Secure Injection Facility BDK KSN
  • 12. Overview – DUKPT Key Injection SKI Series POS Terminal Secure Room The SKI Series is fully compliant with the Triple-DES DUKPT standard and is capable of automatically deriving unique IDs for each terminal injected. This is designed to maintain high injection throughput and requires an absolute minimum of configuration and input from key officers Key Comp(BDK) 2 Key Comp(BDK) 1 KSN Point of Sale Host/Bank Excrypt™ SSP Series Hardware Security Module (HSM)
  • 13. Key Serial Number • The Key Serial Number (KSN) is the unique serial number that is injected into each POS terminal • The KSN consists of five parts concatenated together – Issuer Identification Number • Unique per issuer – Customer ID Number – Group Identifier Number – Unique Device ID • Incremented after every device injection – Transaction Counter • Incremented after every transaction • The KSN ensures that all transactions use a unique key which has been derived from the original BDK
  • 14. Overview – DUKPT Key Injection SKI Series POS Terminal Secure Room From within a secure room or facility, the Base Derivation Key (BDK) and Key Serial Number (KSN) are loaded onto the SKI Series. To ease the process of loading multiple keys on multiple different terminals, the device is designed with a cryptogram export and import feature. Key Comp(BDK) 2 Key Comp(BDK) 1 KSN Once the BDK and the KSN have both been loaded, the POS terminal can be injected via the point-and-click GUI. The KSN will also increment automatically when keys are shared between multiple terminal types. KSN Components Bit Range Byte Range ID Definition 1-24 1-3 IIN Issuer Identifier Number 25-32 4 CID Customer ID Number 32-40 5 GID Group Identifier Number 41-59 6-~8 DID Unique Device ID 60-80 ~8-10 TC Transaction Counter
  • 15. Overview – DUKPT Key Injection Once injected, the POS terminals can be instantly deployed into a production environment. The KSN will automatically increment after each transaction, ensuring compliance with the ANSI X9.24 regulations requiring the use of DUKPT. Point of Sale Host/Bank Excrypt™ SSP Series Hardware Security Module (HSM) Host Database
  • 16. Futurex SKI9000 – Key Exchange Process Flow Diagram This procedure outlines the process by which users may export keys from an external host and import them into the SKI9000, encrypted under a mutually-shared Key Exchange Key (KEK). Futurex SKI9000 External Host Generate Key Exchange Key (KEK) Export KEK Components* *If desired, the generation and export of KEK components may also be performed on the SKI9000 and imported into the external host instead. This functionality requires the SKI9000 Key Generation Add-On Module. Insert KEK via Hosts/Networks Menu Translate Base Derivation Keys (BDK) to Encryption Under KEK Export Key Cryptograms Import Key Cryptograms
  • 17. Contact Us Visit http://www.futurex.com for more information Greg Stone Sr. Product Marketing Engineer, Enterprise Sales and Virtual Markets Direct: +1 830-980-9782 x1316 Mobile: +1 210-287-2729 gstone@futurex.com