AS 2805.6.5.3:2020 pdf – Electronic funds transfer – Requirements for interfaces Part 6.5.3: Key management一TCU initialization – Asymmetric.
6.2 Contributing entities
This key management scheme shall deline the following four separate entities:
a) TCU manufacturer (or their agent).
(b) TCU.
(c) Sponsor.
(d) Acquirer(s).
NOTE The sponsor and acquirer roles may be assigned to a single organization.
6.3 Initial cryptographic data
The TCU manufacturer (or their agent), the TCU and the sponsor shall each generate their respective
LEA 2 key pairs as follows:
(a) Manufacturer’s key pair (PKman, SKman).
(b) Terminal cryptographic unit’s key pair (PKtcu, SKtcu). c) Sponsor’s key pair (PKsp, SKsp).
A statistically unique random number (RNsp). where used, shall be generated by the sponsor and used in the initialization sequence to provide additional protection against replay when authenticating the TCU.
In addition to the above, the manufacturer shall install a unique terminal cryptographic unit identifying number (TCUID). also referred to as a PIN pad Identifying number (PPID), In the TCU for use during initialization.
The sponsor may also request the TCU to provide other data, for example
(I) the date/time of its manufacture; and
(ii) the current date/time.
6.4 Manufacturers keys
In order to allow the sponsor to authenticate that the TCU Is associated with the manufacturer, the SKman shall be used to sign either the PKtcu, or to sign a hash of data which includes at a minimum the PKtcu, see 4.7. The PKman shall be used by the sponsor to verify the authenticity of the PKtcu. The manufacturer’s public key shall be provided to the sponsor before the TCLJs are distributed.
6.5 Terminal cryptographic unit keys and data
Alter the TCU is manufactured, and prior to distribution to the working location, a TCU shall contain a DEA 2 key pair, which can either be installed into the TCU within the manufacturer’s secure area, (refer to AS 2805.14.2 Annex H) or generated internally by the TCIJ. Where the key pairs are installed into the TCU, all copies of the TCIJ DEA 2 private key values external to the device shall be destroyed after lnlectlon into the TCU so that the only copy of this private key exists In the TCLJs secure area.
The TCU’S PK or its hash, shall be signed using the manufacturer’s private key. One of the following signatures shall be entered into the TCIJ:
(a) sSKman (PKtcu).
(b) ssKman (l-I(Pktcu)).
Where the TCU self.generates the Initialization symmetric key (KI). the TCIJ shall have the ability to
generate a statistically unique value for the KI and optionally a timestamp. Where the TO) generates a
random number, it shall be in accordance with ISO/IEC 18031.
NOTE The PKsp may also be inlected by the manufacturer and stored In line with the TCIJ’s other cryptographic keys in the TCU’s secure area.
The TCUID or PPID shall also be provided to the TCU. The TCIJID shall be sent to the sponsor along with the manufacturer’s PK.
6.6 Sponsor’s keys and data
The secure initializing equipment at the sponsors site shall have the ability to generate its own sponsor key pair (PKsp. SKsp) and statistically unique random numbers (RNsp) and symmetric keys.
6.7 Preinitialization sequences
Pre-initialization sequences shall he performed prior to the online remote key loading. These sequences shall be performed In a secure manner. Key generation shall be in accordance with AS 2805.6.1. Random numbers and pseudo-random numbers shall be generated in accordance with ISO/IEC 18031. Transmission of PKsp, PKman and PKtcu and/or signed PKsp and PKtcu. shall be made by secure and authenticated messages to preserve the integrity of the keys.
NOTE See Appendix B for a worked example.
6.7.1 Sponsor
The sponsor shall generate a PKsp and SKsp. The sponsor shall send the Pl(sp to the manufacturer with optional user data. The sponsor shall receive a signature from the manufacturer of one of the following:
(a) sSKman(PKsp).
(b) sSKman(l-l(PKsp,user data)).
The sponsor shall receive a PKman when it receives the TCUID from the manufacturer.
NOTE Alternatively, the sponsor may generate a list of TCLJIDs which may be sent to the manufacturer.
6.7.2 Manufacturer
The manufacturer shall generate a PKman and SKman. The manufacturer shall send a PKman to the sponsor. The manufacturer shall receive the PKsp. sign it, or its hash, with SKrnan and return the signature as a cryptogram to the sponsor.