Ingenico 6500 ユーザーズマニュアル
92
Chapter 9 Key Architecture
Section 9.1 Overview
C h a p t e r 9
Key Architecture
9.1
Overview
This chapter is extracted from the document NAR System & Security Application (SSA)
Software Architecture, Key Architecture section, revision 1.19.
Software Architecture, Key Architecture section, revision 1.19.
default key is used for the highest level, Sponsor Key KTK (Key Transfer Key). Customers
can change the sponsor key. Figure 4 shows the sponsor key under the terminal ID
because the sponsor key is unique per terminal.
can change the sponsor key. Figure 4 shows the sponsor key under the terminal ID
because the sponsor key is unique per terminal.
All keys indicated are loaded by the financial institution or authorized injection facility. The
cryptographic keys must be injected into the i6500 terminal in a Key Secure Room. The
KTK is the only key that can be transported in the clear between the Key Injection Utility
and the device. The rest of the keys may be generated randomly, entered in the system as
cryptograms, or entered by key parts using principles of both split knowledge and dual
control.
cryptographic keys must be injected into the i6500 terminal in a Key Secure Room. The
KTK is the only key that can be transported in the clear between the Key Injection Utility
and the device. The rest of the keys may be generated randomly, entered in the system as
cryptograms, or entered by key parts using principles of both split knowledge and dual
control.
Use a key injection utility, such as Ingenico’s WinKeyFac software program, to perform
these functions and to set security options (see
these functions and to set security options (see
Financial keys (Master/Session and DUKPT) can be based on an application or a terminal.
By default, all financial keys are based on an application, as shown in Figure 4. By
changing the value of the Financial Key security option (see section 9.5.9 Financial Key
Option on page 99), you can make all financial keys based on a terminal; however, this will
erase all previously injected financial keys.
By default, all financial keys are based on an application, as shown in Figure 4. By
changing the value of the Financial Key security option (see section 9.5.9 Financial Key
Option on page 99), you can make all financial keys based on a terminal; however, this will
erase all previously injected financial keys.
Some keys are segregated by application. The application number is part of the application
name. Once the keys are injected, the application number is used as the application
reference. When the application calls a cryptographic function, it passes the application
reference as the application name. The SSA will check that the caller passes the
application name, and from the name, it will determine the number that defines the injected
key set.
name. Once the keys are injected, the application number is used as the application
reference. When the application calls a cryptographic function, it passes the application
reference as the application name. The SSA will check that the caller passes the
application name, and from the name, it will determine the number that defines the injected
key set.
Single-length DES keys have a length of 8 bytes. Double-length triple DES keys have a
length of 16 bytes. The level of the specific key set indicates the position of the key set in
the internal key hierarchy. For example, keys at Level 1 (sponsor keys) are loaded in clear
text and sit at the top of the key hierarchy. Keys at Level 2 are loaded encrypted under the
keys at Level 1. Keys at Level 3 are loaded encrypted under the keys at Level 2. Loading a
key at a higher level will cause the erasure of all the related lower level keys. The following
sections describe each key.
length of 16 bytes. The level of the specific key set indicates the position of the key set in
the internal key hierarchy. For example, keys at Level 1 (sponsor keys) are loaded in clear
text and sit at the top of the key hierarchy. Keys at Level 2 are loaded encrypted under the
keys at Level 1. Keys at Level 3 are loaded encrypted under the keys at Level 2. Loading a
key at a higher level will cause the erasure of all the related lower level keys. The following
sections describe each key.