Professional Documents
Culture Documents
Understanding Remote
By Gary Wollenhaupt
Contributing writer,
ATMmarketplace.com
Nenyedi
As the concept has spread, differing tech-
nologies have developed, making it difficult
Most RKL solutions are platform independent, because
to adapt the solutions to other countries. the capability for RKL is embedded within the encrypt-
A more global approach, based on the card ing PIN pad and the host, not with the ATM.
brand and ANSI standards, will drive more
widespread adoption.
and Wincor Nixdorf International, rely on
Fortunately, RKL capability resides in the the signature-based method. Diebold uses
encrypted PIN pad and the network’s a certificate-based protocol.
host security module. That means ATM
deployers may have more options than The signature-based protocol has a digital
they thought to implement the enhanced signature attached to it, such as a public
security and lower costs from RKL. key. With public-key encryption, a code
key is used to encrypt the digital key,
For instance, off-premise ATM leader Triton which is sent to the ATM’s encrypted PIN
deployed RKL in the United Kingdom, and pad. A suitably equipped PIN pad contains
will roll it out in other locations, including a secret key that decodes the encrypted
Canada, the United States, Australia and information, and uses security checks to
South Africa. block fraud attempts.
Essentially, most RKL solutions are platform The certificate-based protocol has a much
independent. The capability for RKL is
more complex data structure. The certi-
embedded within the encrypting PIN pad
ficates contain more information than the
and the host, not with the ATM.
signature-based protocol, so the amount
of data being transmitted is much larger,
Differing protocols making this solution difficult to use via
dial-up connections.
Remote key loading can be handled in one
of two ways: either through a signature- Various solutions are on the market to im-
based protocol or a certificate-based pro- plement the different protocols. Glostrup,
tocol. Many manufacturers, including NCR Denmark-based Cryptera, a manufacturer of
“The EPP has to be modern enough to To ensure security for upgrading EPPs,
handle the RKL process, because you have Cryptera generates the initial encryption
to have key handling and key generation key while the EPP is inside its secure pro-
within the EPP,” said Torben Ellgaard, duction facility. That way, the EPP is pre-
product manager for Cryptera. pared for remote key loading in a secure
environment.
The RKL-capable EPPs can be used in a
standard or manual mode until the system Cryptera’s method of preparing its RKL-
is ready to support the RKL protocols. The capable EPPs while they’re still secure gives
host security module and host software the ATM owner flexibility for the future.
must be RKL-capable as well. An ATM Deployers can decide whether to continue
owner can begin implementing RKL capa- to use the traditional manual key loading
bility with replacement EPPs, and when method, preparing the host system and
the host security module is capable, the only then switching into full RKL usage.
system can transition to using RKL.
About the sponsor: Cryptera is one of the world’s
“An ATM owner could have several brands leading providers of high-security payment solu-
in a network and they could provide some tions. The company specializes in encrypting PIN
kind of subset they could control using the pads for ATMs and kiosks, unattended payment
manufacturer’s RKL system,” Ellgaard said. solutions for self-service applications and EMV
compliant POS terminals.