ATM Pin encryption using 3DES

Introduction Most modern ATM’s use a Triple Des algorithm to encrypt the pin and send it to a host server for processing. Once the host system receives the pin, it does a translation of the pin from one encryption key to another, and sends it to a bank. In this post I will attempt toContinue reading “ATM Pin encryption using 3DES”

Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python

Introduction The AS2805.6 Standard specifies communication security between two nodes during a financial transaction. These nodes needs to have a specific set of encryption algorithms, and needs to follow a specific process. The specification is not very clear on what exactly needs to happen, so I intend to clarify the exact steps, with the HSMContinue reading “Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python”

Typical Cryptography in AS2805 Explained

Key Management conforms to AS 2805 part 6.1. KEK Establishment Each interchange node contains an Interchange Send Key Encrypting Key (KEKs) and an Interchange Receive Key Encrypting Key (KEKr). The Interchange Send KEK is the same key as the Interchange Receive KEK in the partnering node, similarly the Interchange Receive KEK is the same as the InterchangeContinue reading “Typical Cryptography in AS2805 Explained”

Thales 9000 with AS2805 Interchange & RSA EFTPOS Commands.

Interchange Cryptographic Keys  Interchange keys are used to protect financial transactions initiated at Acquirer eftpos / ATM Terminals while in transit to the Issuer institution. Interchange keys may be either: (a) PIN encrypting keys – used to protect the customer PIN from the point of origin to the point of authorisation. PIN encrypting keys areContinue reading “Thales 9000 with AS2805 Interchange & RSA EFTPOS Commands.”

Thales Key Exchange Examples and Troubleshooting

Judging from the searches done to locate this blog, it’s clear many of us share the following opinion: although Thales (formerly RACAL) is a market leader with its 7000 and 8000 series of HSM devices, their documentation falls painfully short in two areas: there are NO COMMAND EXAMPLES (!!!) in the manuals (an appalling omission);Continue reading “Thales Key Exchange Examples and Troubleshooting”

Testing DUKPT

As an acquirer, you can validate that your PIN translation command is working correctly even if you haven’t yet established connectivity to your Debit/EBT endpoint (or if you’ve established connectivity but don’t yet have your test key parts). Typically when we’re pressed into this situation, this is what we do if we’re working with theContinue reading “Testing DUKPT”

Parsing AS2505/8583 Messages

Foreword Previously I briefly touched on the AS2805 standards, and now I have an implementation of the parsing of these messages The full code of this post is available here : I have a C# implementation of this as well here: The code is thanks to the following author: He has a brilliantContinue reading “Parsing AS2505/8583 Messages”

Dynamic Key Exchange Models

Dynamic Key Exchange Models I’ve had a number of people ask me recently about how to implement Dynamic Key Exchange models.  Specifically, I’m talking here about ISO8583-based financial payment gateways.  This post pertains to situations where you’re acting either as the Card Issuer (in which case you’re receiving payment transaction requests from the gateway) orContinue reading “Dynamic Key Exchange Models”

Doing PIN Translation with DUKPT

On PIN-enabled Debit/EBT transactions sent in from an acquirer’s point-of-sale location, your payment switch application must perform a PIN translation, typically transforming an incoming DUKPT PIN block from the POS device-initiated request into a outgoing Triple DES-encrypted PIN block that makes use of an established Zone PIN Key (“ZPK”) which would have been previously establishedContinue reading “Doing PIN Translation with DUKPT”