Symphony RKM (Remote Key Management) is a solution that helps banks automatically deliver Master Key from managed center to each ATM in the network in a secured environment. The core of the solution is base on RSA and Signature Verification methods to expand the security between ATMs and the server at the managed centre.
The RKM server will request ATMs to have one more connection to the central server, which helps to serve certifying and trusting EPP by ATM vendor’s Public key and Bank public key initially installed.
RKM server will sit in-between ATMs and the Bank switch. It will perform certifying ATM EPP based on entered ATM vendor public key and signature, after that it receives EPP Public key and delivery Bank HSM public key as well. Finally, RKM server will communicate to Switch to request HSM generate Unique Master key then encrypted by EPP public key and deliver back to ATM.
After receiving the Master Key, ATM will decrypt with the EPP secret key and store into the ATM EPP. After that, ATM use this master key to exchange new working key with the Bank Switch as normal.
Security: Symphony RKM only stores Public key and signature for RSA encrypting, decrypting method, so it is of no use if the information is breached. This solution will be installed in Bank premise and managed by bank staff.
Management: Symphony RKM is based on a client/server model. The RKM solution supports control of up to thousands of ATM in a network. It supports creation of bank users with different levels such as Admin who only creates users and then assigns a manage or view role.
By managing user roles, a user can access the RKM server to update key, schedule or on-demand synchronisation of Master key to each ATM. The View role only let a user access and view which ATM changes EPP, which ATM could not update a new Master key by schedule or after run on-demand key synchronization.
Through the RKM solution, a bank can cut cost on resource to be sent to the ATM side for loading of Master Key. This makes the Master Key delivery more secured, compared to a manual process. A bank can be confident that it fully complies with VISA on the Master Key management procedure required to implement to terminals in an ATM network