A brief comparison of AS2805 and (TR-31) Key Blocks

Recently PCI-SSC released PCI industry standards and clarifying.FAQ’s mandating that encryption keys should be managed in structures called Key Blocks. Key Blocks are defined in the ANSI TR-31 Technical Report and ISO 20038 Standard. Similarly, there are concerns about the use of key variants in some regions. Late in 2019 PCI-SSC also published a processContinue reading “A brief comparison of AS2805 and (TR-31) Key Blocks”

From Bi-Linear Maps to Searchable Encryption

Pairings-Based Cryptography Introduction Theoretical research into pairings-based cryptography has been a well-researched area over the last few years, this cryptography scheme is based on the mapping of two cryptographical groups which allows for a new cryptographical scheme based on a trapdoor permutation between the groups with some interesting complexity properties. These two groups are calledContinue reading “From Bi-Linear Maps to Searchable Encryption”

Mutual Authentication using Certificates

Mutual SSL authentication or certificate based mutual authentication refers to two parties authenticating each other through verifying the provided digital certificate so that both parties are assured of the others’ identity. In technology terms, it refers to a client (ATM) authenticating themselves to a server (Switch) and that server also authenticating itself to the clientContinue reading “Mutual Authentication using Certificates”

Importing ZPK and ZMK into Thales Payshield 9000 HSM

ZMK Zone Master Key (ZMK) also known as an Interchange key (IK), is a key-encrypting key which is distributed manually between two communicating sites, within a shared network, in order that further keys can be exchanged automatically. The ZMK is used to encrypt keys of a lower level (e.g. ZPK) for transmission. The ZMK isContinue reading “Importing ZPK and ZMK into Thales Payshield 9000 HSM”

Signature and Certificate based key injection for ATM

Overview Remote key loading infrastructures generally implement Diebold’s and Triton’s Certificate Based Protocols (CBP), and NCR, Wincor and Hyosung Signature based Protocols. The Diebold and Triton approaches use X.509 certificates and PKCS message formats to transport key data. NCR, Wincor and Hyosung methods rely on digital signatures to ensure data integrity. Both processes require theContinue reading “Signature and Certificate based key injection for ATM”