![atm master key atm master key](https://i.pinimg.com/originals/37/4b/58/374b58f1fb69375ef231f74a704def7d.png)
#Atm master key manual
In that case Banks should use another KEK called ZMK.Ī Zone Master Key (ZMK) is a key-encrypting key which is distributed manually between two (or more) communicating sites, within a shared network, in order that further keys can be exchanged automatically (without the need for manual intervention). Sometimes, Banks need to transmit keys to other parties, e.g., Visa or MasterCard to exchange some encrypted data like PIN-blocks. LMK pairs are identified by two numbers, for example LMK pair 04-05, LMK pair 14-15, etc. Different LMK pairs are used to encrypt/decrypt different types of security keys. LMKs come in pairs and the Thales HSM contains several LMK pairs. LMKs are used to ensure that even if the data traffic between the HSM and an application is recorded, the clear values of any exchanged keys are not compromised. LMKs are not used for encrypting data, but are instead used to encrypt and decrypt other keys as these enter or leave the HSM. LMKs are the only keys that are stored in the HSM.
![atm master key atm master key](https://img.alicdn.com/bao/uploaded/TB1gF7OdbsTMeJjy1zeXXcOCVXa.jpg)
They are stored securely in the HSM making it very difficult for an attacker to gain access to them. Local Master Keys are a sets of 40 DES keys.
#Atm master key iso
The HSM can use Smart Cards (compatible with ISO 7816) to provide a convenient means of handling LMKs. Security for key management is ensured by the use of an enforced key hierarchy and the use of multiple Local Master Key (LMK) pairs. The three smart cards are kept separately by each of the officers in a safe place (preferably Bank Locker), and taken out for re-entry, should a need arise or an additional HSM is purchased.
![atm master key atm master key](https://venturebeat.com/wp-content/uploads/2018/06/ripplematch.png)
(using smartcards 3 officers enter their components to generate final LMK pairs, which are stored only in HSM) (each officer separately enters his/her clear key component into his/her smartcard and its copy) (format 3 smart cards and 3 fall-back cards) Watch the following 3 videos to know the way LMK is generated. Most typically, the clear components are simply XORed to form the LMK. Each custodian enters their component to the HSM which combines them to form the ZMK. During this operation each creates a smart card copy, as a fall-back. Each of these clear components are kept by a separate custodian that works for that institution and entered into HSM using a smart card and a Key Check Value is created. Three clear key components are generated by 3 officials of the institution concerned. It is the mother of all keys for each institution. That doesn’t mean there are multiple LMKs. As the transaction volume increases, Banks usually deploy multiple HSMs. The Local Master Key (LMK) is the master key for the HSM and is used for protecting all other keys used by the institution concerned. All the keys you are using with HSM are cryptograms. The main idea of HSM is, that you cannot get real LMK key value, respectively, you cannot get the real working key plain value. The LMK is KEK which is securely stored in the secure environment, HSM. HSM never works with plain keys, all the keys it processes are encrypted under other Key Encryption Key (KEK), keys. The use of HSM is a requirement for compliance with American National Standards Institute (ANSI) TG-3 PIN protection and key management guidelines, as well as most card association and network security mandates.
#Atm master key code
The HSM provides an extensive range of functions including support for key management, PIN generation, encryption and verification, and Message Authentication Code (MAC) generation and verification.