Symphony RKM (Remote Key Management) is a solution that helps banks securely and automatically deliver Master Key from a managed center to each of ATM in the network. The core of the solution is base on RSA and Signature Verification method to expand the security between ATM and server at the managed center.
RKM server will be located between an ATM and the bank switch. First, it will help to certify the EPP based on the entering ATM vendor public key and signature. After that, it will receive the EPP Public key and send the Bank HSM Public key to ATM as well. Finally, RKM server will communicate to Switch to request HSM generate unique Master key, which is then encrypted by EPP public key and delivered back to the ATM.
After receiving the Master key, ATM will decrypted with the EPP secret key and save the result in EPP. After all those processes, ATM will exchange the new working key with the Bank switch as normal.
Symphony RKM only stores the Public key and signature for RSA encryption and decryption. Hence there is no concern for any security breach. This solution will be installed in a Bank’s premise and managed by bank staff.
RKM is based on a client server model. The RKM solution is capable of supporting up to thousands of ATMs in a network. It could create users in different levels, that will be easier to manage.
The user with ‘Manage’ role could access RKM server to update key, schedule or on-demand synchronization of Master key to each of ATM. The View role only allows user access and to view: which ATM has changed the EPP successfully, which ATM could not update the new Master key ….
With an RKM solution, a bank can reduce cost on resources to be sent to an ATM for loading of Master Key. This solution is a more secure method of delivering the Master key, compared to a manual way. The bank will also be fully compliant with VISA’s Master Key management procedure required to implement terminals in an ATM network.