1270A542-033 Host Programmer v3.1
1270A542-033 Host Programmer v3.1
1270A542-033 Host Programmer v3.1
Contents
CONTENTS .......................................................................................................... 2
END USER LICENSE AGREEMENT ......................................................................... 9
REVISION STATUS ............................................................................................ 13
REFERENCES ..................................................................................................... 14
CHAPTER 1 – INTRODUCTION........................................................................... 15
INTRODUCTION ................................................................................................... 15
PCI HSM CERTIFICATION AND COMPLIANCE ................................................................. 15
GENERAL........................................................................................................... 15
COMMAND MESSAGE FORMAT................................................................................... 16
Start of Text Character ................................................................................................................................ 16
Message Header .......................................................................................................................................... 16
Command Code ........................................................................................................................................... 16
Data ............................................................................................................................................................. 16
Message Trailer ........................................................................................................................................... 16
End of Text Character .................................................................................................................................. 17
RESPONSE MESSAGE FORMAT .................................................................................. 17
Start of Text Character ................................................................................................................................ 18
Message Header .......................................................................................................................................... 18
Response Code ............................................................................................................................................. 18
Error Code .................................................................................................................................................... 18
Data ............................................................................................................................................................. 18
Message Trailer ........................................................................................................................................... 18
End of Text Characters ................................................................................................................................. 18
DATA REPRESENTATION ......................................................................................... 18
ASCII Character Codes.................................................................................................................................. 19
EBCDIC Character Codes .............................................................................................................................. 19
INPUT/OUTPUT FLOW CONTROL ................................................................................ 20
ERROR HANDLING ................................................................................................ 21
ERROR LOG........................................................................................................ 21
USE OF MULTIPLE HSM UNITS ................................................................................. 22
USER STORAGE ................................................................................................... 22
CHAPTER 2 – HOST CONNECTIONS ................................................................... 23
GENERAL........................................................................................................... 23
ASYNCHRONOUS CONNECTED OPTION ......................................................................... 23
TRANSPARENT ASYNCHRONOUS CONNECTED OPTION ....................................................... 23
Sending Commands ..................................................................................................................................... 23
HSM Processing of Packets .......................................................................................................................... 24
TCP/IP PROTOCOL ............................................................................................... 24
Port Addresses ............................................................................................................................................. 24
Sending Commands ..................................................................................................................................... 25
Returning Responses ................................................................................................................................... 25
UDP PROTOCOL .................................................................................................. 26
Sending Commands ..................................................................................................................................... 26
Returning Responses ................................................................................................................................... 26
FICON............................................................................................................. 27
Connections ................................................................................................................................................. 27
Configuration Settings ................................................................................................................................. 27
CHAPTER 3 – PIN PRINTING AND SOLICITATION............................................. 28
INTRODUCTION ................................................................................................... 28
PIN MAILERS ..................................................................................................... 28
Overview ...................................................................................................................................................... 28
payShield 9000 Host Programmer’s Manual
RELATIONSHIP BETWEEN THALES KEY BLOCKS AND TR-31 KEY BLOCKS ............................... 144
TR-31 KEY BLOCK STRUCTURE ............................................................................... 144
KEY BLOCK HEADER............................................................................................. 145
Key Block Length (Bytes 1-4) ...................................................................................................................... 145
Key Usage (Bytes 5-6) ................................................................................................................................ 146
Algorithm (Byte 7) ..................................................................................................................................... 147
Mode of Use (Byte 8) ................................................................................................................................. 147
Key Version Number (Bytes 9-10) .............................................................................................................. 147
Exportability (Byte 11) ............................................................................................................................... 148
Number of Optional Blocks (Bytes 12-13) .................................................................................................. 148
Example ..................................................................................................................................................... 148
OPTIONAL HEADER .............................................................................................. 149
USING TR-31 KEY BLOCKS .................................................................................... 149
Licensing .................................................................................................................................................... 150
Key Scheme Tags ....................................................................................................................................... 150
GISKE KEY BLOCK ............................................................................................. 150
CHAPTER 12 – DES KEY SUPPORT ................................................................... 151
DES KEYS ........................................................................................................ 151
KEY USAGE ....................................................................................................... 151
KEY ENCRYPTION SCHEMES .................................................................................... 151
ANSI X9.17 method .................................................................................................................................... 151
Variant method.......................................................................................................................................... 151
Thales Key Block Method ........................................................................................................................... 151
X9 TR-31 Method ....................................................................................................................................... 151
GISKE Method ............................................................................................................................................ 152
Key Generate, Import and Export .............................................................................................................. 152
REJECTION OF WEAK, SEMI-WEAK, & POSSIBLY WEAK KEYS ............................................ 152
DES Weak Keys .......................................................................................................................................... 153
DES Semi-Weak Keys ................................................................................................................................. 153
DES Possibly Weak Keys ............................................................................................................................. 153
CHAPTER 13 – AES KEY SUPPORT ................................................................... 155
OVERVIEW ........................................................................................................ 155
AES Keys ..................................................................................................................................................... 155
Key Management Keys .............................................................................................................................. 155
Data Authentication Keys .......................................................................................................................... 155
Data Encryption Keys ................................................................................................................................. 155
Key Encryption Schemes ............................................................................................................................ 156
SUPPORT FOR AES IN THE PAYSHIELD 9000................................................................ 156
IMPLEMENTING AES ON AN EXISTING PAYSHIELD 9000 ................................................... 158
Re-encrypting existing keys under an AES Key Block LMK ......................................................................... 158
Creating AES working keys ........................................................................................................................ 159
SUPPORT FOR AES IN HOST COMMANDS ..................................................................... 159
Processing data using AES keys ................................................................................................................. 159
AES Key Management ............................................................................................................................... 160
AES Key Block LMK support ....................................................................................................................... 161
SUPPORT FOR AES IN CONSOLE COMMANDS ................................................................. 167
Managing the HSM.................................................................................................................................... 167
AES Key Management ............................................................................................................................... 167
AES Key Block LMK support ....................................................................................................................... 168
SUPPORT FOR AES IN PAYSHIELD MANAGER ................................................................ 169
Managing the HSM.................................................................................................................................... 169
AES Key Block LMK support ....................................................................................................................... 169
CHAPTER 14 – PIN BLOCK FORMATS .............................................................. 171
GENERAL.......................................................................................................... 171
PCI HSM Compliance.................................................................................................................................. 171
This document is a legal agreement between Thales e-Security, Inc., ("Thales e-Security"), 900 South Pine
Island Road, Suite 710, Plantation, FL 33324 U.S.A. and the end user customer that has purchased a Thales e-
Security hardware device, (hereafter referred to as the "End User Customer"). Any person who manifests their
agreement to this Agreement represents that they have the requisite and appropriate legal authority to bind
the End User Customer.
1. Definitions
(a) "Affiliates" means Thales Transport & Security (Hong Kong) Ltd. and Thales UK Limited.
(b) "Software" means machine readable instructions and all modifications and customizations thereof in
binary form and any other machine readable materials (including, but not limited to, libraries, source files,
header files, and data files), any updates or error corrections provided by Thales e-Security or its corporate
Affiliates that direct a computer’s processor to perform specific operations.
2. Ownership
Software consists of a combination of proprietary components that are owned by or licensed to Thales e-
Security or its Affiliates together with free or open source components ("Free Software Components") that are
identified in the text files that are provided with the Software. ONLY THOSE TERMS AND CONDITIONS
SPECIFIED FOR, OR APPLICABLE TO, EACH SPECIFIC FREE SOFTWARE COMPONENT PURSUANT TO ITS
APPLICABLE GOVERNING LICENSE SHALL BE APPLICABLE TO SUCH FREE SOFTWARE COMPONENT. Each Free
Software Component is the copyright of its respective copyright owner. Software is licensed to End User
Customer and is not sold. End User Customer has no ownership rights in the Software. Rather, End User
Customer is hereby granted a license to use the Software. The Software is copyrighted by Thales e-Security or
its Affiliates or its suppliers. End User Customer hereby agrees to respect and not to remove or conceal from
view any copyright or trademark notice appearing on the Software or documentation, and to reproduce all
copyright or trademark notices on any copy of the Software and documentation or any portion thereof and on
all portions contained in or merged into other programs and documentation.
3. License to Use
Subject to the terms and conditions of this Agreement Thales e-Security grants to End User Customer a non-
exclusive, limited license to use Software unmodified for the sole purpose of running or operating Software on
or with a Thales e-Security hardware device and to copy such Software provided that such copies are made in
machine readable form for backup purposes.
4. Restrictions
Software is confidential and copyrighted. Unless enforcement is prohibited by applicable law, End User
Customer may not modify, decompile, or reverse engineer Software. End User Customer shall not permit any
other person to do any of the same. End User Customer may not rent, lease or sublicense the Software. Any
rights not expressly granted by Thales e-Security to End User Customer hereunder are reserved by Thales e-
Security and its licensors and all implied licenses are disclaimed. Any other use of the Software by any other
entity is strictly forbidden and is a violation of this Agreement. The Software and any accompanying written
materials are protected by international copyright and patent laws and international trade provisions. No right,
title or interest is granted under this Agreement in or to any trademark, service mark, logo or trade name of
Thales, S.A., Thales e-Security or its licensors or corporate Affiliates. End User Customer may not disassemble
the Thales e-Security owned or licensed components of the Software. End User Customer may not create
derivative works based on the Software except as may be necessary to permit integration with other
technology.
5. Limited Warranty
(a) Thales e-Security warrants that a Thales e-Security hardware device and the accompanying Software
will function substantially as detailed in their respective and applicable specifications. The warranty period for a
Thales e-Security hardware device is one year from the date of delivery and the warranty period for Software is
ninety (90) days from the date of delivery. If either a Thales e-Security hardware device or Software fails to
materially conform to their applicable specifications, Thales e-Security or its Affiliates will repair or replace the
affected hardware device or Software provided that End User Customer provides Thales e-Security with a
written notice of a claim or a defect under this warranty within the warranty period herein described. FOR THE
AVOIDANCE OF DOUBT, THALES E-SECURITY NEITHER WARRANTS, NOR CAN BE EXPECTED TO WARRANT
THAT A THALES E-SECURITY HARDWARE DEVICE OR SOFTWARE IS WHOLLY FREE FROM DEFECT, OR THAT
ANY PARTICULAR DEFECT CAN BE REMEDIED, OR THAT A REMEDY CAN BE PROVIDED IN ANY PARTICULAR
TIMEFRAME. THE FOREGOING WARRANTY SHALL NOT APPLY IF THE NONCONFORMITY ISSUE IS CAUSED BY
ANY MODIFICATION OR REPAIRS TO A THALES E-SECURITY HARDWARE DEVICE OR SOFTWARE PERFORMED
BY ANYONE OTHER THAN THALES E-SECURITY OR TO ANY ASSOCIATED OR COMPLEMENTARY EQUIPMENT OR
SOFTWARE NOT FURNISHED BY THALES E-SECURITY OR ITS CORPORATE AFFILIATES, OR BY ANY HARDWARE
DEVICE OR SOFTWARE MISUSE OR NEGLECT.
(b) NOTWITHSTANDING THE FOREGOING, TO THE MAXIMUM EXTENT PERMITTED BY LAW, THALES E-
SECURITY, ON BEHALF OF ITSELF, ITS AFFILIATES AND ITS THIRD PARTY SUPPLIERS, HEREBY DISCLAIMS
ANY AND ALL WARRANTIES OF ANY OTHER KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-
INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. THALES E-SECURITY DOES NOT WARRANT THAT
THE FUNCTIONS CONTAINED IN THE HARDWARE DEVICE OR SOFTWARE WILL MEET ANY REQUIREMENTS OR
NEEDS THAT END USER CUSTOMER MAY HAVE, OR THAT A THALES E-SECURITY HARDWARE DEVICE OR
SOFTWARE WILL OPERATE ERROR FREE, OR IN AN UNINTERRUPTED FASHION, OR THAT ANY DEFECTS OR
ERRORS WILL BE CORRECTED, OR THAT THE SOFTWARE OR HARDWARE DEVICE IS COMPATIBLE WITH ANY
PARTICULAR PLATFORM. SOME JURISDICTIONS DO NOT ALLOW FOR THE WAIVER OR EXCLUSION OF IMPLIED
WARRANTIES SO THEY MAY NOT APPLY. IF THIS EXCLUSION IS HELD TO BE UNENFORCEABLE BY A COURT OF
COMPETENT JURISDICTION, THEN ALL EXPRESS AND IMPLIED WARRANTIES SHALL BE LIMITED IN DURATION
TO A PERIOD OF THIRTY (30) DAYS FROM THE DATE OF PURCHASE OF THE HARDWARE DEVICE OR
SOFTWARE, AND NO WARRANTIES SHALL APPLY AFTER THAT PERIOD.
Thales e-Security shall defend or, at its option, settle, any claim, action or proceeding brought against End User
Customer alleging that a Thales e-Security hardware device or Software infringes upon a trademark, patent,
copyright or trade secret or other intellectual property right in a country that is a signatory to the Berne
Convention, and shall indemnify End User Customer from and against all damages and costs finally awarded
against End User Customer in any such action or proceeding, provided that End User Customer (a) promptly
notifies Thales e-Security in writing of the claim, (b) gives Thales e-Security full authority, information and
assistance to defend such claim and (c) gives Thales e-Security sole control of the defense of such claim and all
negotiations for the compromise or settlement thereof. If a Thales e-Security hardware device or Software or
any part thereof becomes, or in the opinion of Thales e-Security is likely to become the subject of a valid claim
of infringement or the like under any trademark, patent, copyright or trade secret or other intellectual property
right law, Thales e-Security shall have the right, at its option and expense, either to obtain for End User
Customer a license permitting the continued use of the Thales hardware device or Software or such part, or to
replace or modify it so that it becomes non-infringing. Thales e-Security shall have no liability hereunder for
any costs incurred or settlement entered into without its prior written consent. Thales e-Security shall have no
liability hereunder with respect to any claim based upon (i) the combination of a Thales hardware device or
Software with other equipment not furnished by Thales e-Security (except if the infringement occurs due to the
use of the Thales e-Security hardware device or Software itself as originally provided by Thales e-Security or its
Affiliates); (ii) any addition to or modification of a Thales e-Security hardware device or Software by any person
or entity other than Thales e-Security or its Affiliates; or (iii) use of a superseded or altered release of the
Software. THE FOREGOING STATES THE SOLE AND EXCLUSIVE LIABILITY OF THALES E-SECURITY AND ITS
LICENSORS AND THE SOLE AND EXCLUSIVE REMEDY OF END USER CUSTOMER WITH RESPECT TO ANY CLAIM
OF PATENT, COPYRIGHT, TRADEMARK, TRADE SECRET OR OTHER INTELLECTUAL PROPERTY RIGHTS
INFRINGEMENT BY A THALES E-SECURITY HARDWARE DEVICE OR SOFTWARE, ANY SERVICE, ANY PART
THEREOF OR THE USE THEREOF, AND IS IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED OR
ARISING BY CUSTOM OR TRADE USAGE, AND INDEMNITIES WITH RESPECT THERETO. NOTWITHSTANDING
THE FOREGOING, ALL OPEN SOURCE SOFTWARE OR FREEWARE INCLUDED WITH THE SOFTWARE IS
PROVIDED WITHOUT ANY RIGHTS TO INDEMNIFICATION.
7. Limited Liability
TO THE EXTENT ALLOWED BY LAW, IN NO EVENT WILL THALES E-SECURITY OR ITS CORPORATE AFFILIATES
OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR ANY SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF
LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF THALES
E-SECURITY OR ANY OF ITS CORPORATE AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. In no event will Thales e-Security or its corporate affiliate's liability, whether in contract, tort
(including negligence), or otherwise, exceed the amount paid by End User Customer for the Thales e-Security
hardware device or Software under this Agreement. The foregoing limitations will apply even if the above
stated warranty fails of its essential purpose.
8. Export Restrictions.
Thales e-Security hardware devices and Software are subject to the restrictions imposed by the United States
Export Administration Regulations and the United Kingdom Export Control Order 2008 and may be subject to
export or import regulations in other countries. End User Customer agrees to comply strictly with all such laws
and regulations and acknowledges that it has the responsibility to obtain such licenses to export, re-export, or
import as may be required.
9. Transfer Rights
End User Customer may transfer a Thales e-Security hardware device together with the Software, and this
license to another party if the other party agrees to accept the terms and conditions of this Agreement and
notice of such transfer and acceptance is provided to Thales e-Security in writing. FOR THE AVOIDANCE OF
DOUBT, IF END USER CUSTOMER TRANSFERS POSSESSION OF ANY COPY OF THE SOFTWARE TO ANOTHER
PARTY, EXCEPT AS PROVIDED IN THIS SECTION 9, THE LICENSE GRANT PROVIDED HEREIN IS
AUTOMATICALLY REVOKED, CANCELLED AND TERMINATED.
10. Termination
This Agreement is effective until terminated. End User Customer may terminate this Agreement at any time by
destroying or erasing all copies of the Software and accompanying written materials in its possession or control.
This license will terminate automatically, without notice from Thales e-Security if End User Customer fails to
comply with the terms and conditions of this Agreement. Upon such termination, End User Customer shall
destroy or erase all copies of the Software (together with all modifications, upgrades and merged portions in
any form) and any accompanying written materials in its possession or control.
Software and Documentation acquired by the U.S. Government or on its behalf is furnished with "RESTRICTED
RIGHTS," as defined in Federal Acquisition Regulation ("FAR") 52.227-19(b)(2), and DFAR 252.227-7013 to
7019, as applicable. Use, duplication or disclosure of the Software and Documentation by the U.S. Government
and parties acting on its behalf is governed by and subject to the restrictions set forth in FAR 52.227-19(b)(1)
and (2) or DFAR 252.227-7013 to 7019, as applicable.
(a) If an End User Customer is located in Anguilla, Antigua and Barbuda, Argentina, Aruba, Bahamas,
Barbados, Belize, Bermuda, Bolivia, Bonaire, Sint Eustatius and Saba, Brazil, British Virgin Islands, Canada,
Cayman Islands, Chile, Colombia, Costa Rica, Cuba, Curaçao, Dominica, Dominican Republic, Ecuador, El
Salvador, Falkland Islands (Malvinas), French Guiana, Greenland, Grenada, Guadeloupe, Guatemala, Guyana,
Haiti, Honduras, Jamaica, Martinique, Mexico, Monserrat, Nicaragua, Panama, Paraguay, Peru, Puerto Rico,
Saint-Barthélemy, St. Kitts and Nevis, Saint Lucia, Saint Martin, Saint Vincent and the Grenadines, Saint Pierre
and Miquelon, Sint Maarten, Suriname, Trinidad and Tobago, Turks and Caicos Islands, United States, United
States Virgin Islands, Uruguay or Venezuela, this End User License Agreement shall be construed, interpreted
and governed by the laws of the State of Florida, United States of America without regard to conflicts of laws
and all disputes shall be submitted to the State or Federal courts located in Florida.
(c) If an End User Customer is located in Algeria, Angola, Afghanistan, Albania, Andorra, Armenia, Austria,
Azerbaijan, Bahrain, Bangladesh, Belarus, Belgium, Benin, Bhutan, Bosnia-Herzegovina, Botswana, Bulgaria,
Burkina Faso, Burundi, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo, Cote d'Ivoire,
Croatia, Cyprus, Czech Republic, Denmark, Democratic Republic of the Congo, Djibouti, Egypt, Equatorial
Guinea, Eritrea, Estonia, Ethiopia, Finland, Faroe Islands, France, Gabon, Gambia, Germany, Gibraltar, Georgia,
Greece, Ghana, Guerney and Alderney, Guinea, Guinea-Bissau, Hungary, Iceland, India, Iran, Iraq, Ireland,
Island of Man, Israel, Italy, Jersey, Jordan, Kazakhstan, Kenya, Kosovo, Kyrgyzstan, Kuwait, Latvia, Lesotho,
Liberia, Libya, Liechtenstein, Lithuania, Lebanon, Luxembourg, Macedonia, Madagascar, Malawi, Maldives, Mali,
Malta, Mauritania, Mauritius, Moldova, Monaco, Montenegro, Morocco, Mozambique, Namibia, Nepal,
Netherlands, Niger, Nigeria, Norway, Oman, Palestine, Pakistan, Poland, Portugal, Qatar, Romania, Russia,
Rwanda, San Marino, Sao Tome & Principe, Saudi Arabia, Senegal, Serbia, Seychelles, Sierra Leone Slovakia,
Slovenia, Somalia, South Africa, South Sudan, Sudan, Spain, Sri Lanka, Swaziland, Sweden, Svalbard and Jan
Mayen Islands, Switzerland, Syria, Tajikistan, Tanzania, Togo, Tunisia, Turkey, Turkmenistan, Uganda, Ukraine,
United Arab Emirates, United Kingdom, Uzbekistan, Vatican City State (Holy See), Yemen, Zambia, or
Zimbabwe, this End User License Agreement will be governed by the laws of England and Wales and all
disputes shall be submitted to the courts of England.
(c) If an End User Customer is located in American Samoa, Australia, Brunei Darussalam, Cambodia,
China, Cook Islands, Fiji, Guam, Hong Kong, Indonesia, Japan, Kiribati, Laos, Macao, Malaysia, Marshall
Islands, Micronesia, Mongolia, Myanmar (ex-Burma), New Caledonia, New Zealand, Papua New Guinea,
Philippines, Samoa, Singapore, Solomon, Islands, South Korea, Taiwan, Thailand, Timor Leste, Tonga, Tuvalu,
Vanuatu, Vietnam or Western Samoa, this End User License Agreement will be governed by the Law of the
Hong Kong Special Administrative Region of the People’s Republic of China and all disputes shall be submitted
to arbitration in Hong Kong.
If End User Customer elects to purchase a Thales e-Security hardware device containing elliptic curve
cryptography software (ECC) it agrees that its use of ECC is limited to storing cryptographic keys and the
performance of cryptographic operations in a hardware environment together with the management and
issuance of digital certificates by a registration authority or certificate authority provided such certificates are
either (i) solely for the internal use of the registration authority or (ii) are solely for the internal use of an
enterprise that is hosted by a registration authority or certificate authority. No right or license is provided or
granted to use ECC as part of a third party service provider for the purpose of acting as a commercial
registration authority or certificate authority as part of a commercial service offered by an enterprise, either as
a vendor of digital certificates or in the provisioning of certificates for use in a commercial service.
Revision Status
Document No. Manual Set Software Version Release Date
References
The following documents are referenced in this document:
Chapter 1 – Introduction
Introduction
The payShield 9000 hardware security module (HSM) acts as a peripheral to the Host
computer. It performs cryptographic processing in a physically secure environment on
behalf of the Host. The processing is performed by a payShield 9000 HSM in response to
commands, which it receives via a data link.
For commands that are entered manually at a Console terminal attached to an HSM, see
the Console Reference Manual. A glossary of terms can be found in the payShield 9000
General Information Manual.
General
The application program sends commands to an HSM, and receives responses from it.
Each command and response consists of a variable number of fields.
Versions of the payShield 9000 HSM can be configured to support asynchronous, TCP/IP,
and UDP communications protocols. The HSM has no flow control support so the
programmer must ensure that the HSM input buffer is not exceeded.
The HSM returns an error code to the Host as part of the response message. The
programmer must ensure that a suitable response is made to each type of error.
In a typical system, a minimum of two HSMs are connected to the Host via separate Host
ports. The HSM units are independent, and the programmer should make maximum use
of all the HSM units to increase throughput, using one HSM if another is already
processing data or is faulty. Also, it is useful to ensure that the program allows for
additional HSM units to be subsequently added as throughput requirements increase.
Each HSM has a user storage area reserved for use by the programmer to store data
required during processing. Typically it is used to store keys and tables. Instructing an
HSM to access data from user storage reduces the amount of data necessary in each
command, and thus reduces the communications time.
There is a facility to print data (e.g., account holder PINs) at a printer connected to a
payShield 9000 HSM. The HSM must have format information for the data before sending
it to the printer. The program must send a print format command to an HSM before print
commands can be issued.
Message Header
The message header field can be any length from 1 to 255 characters and it is configured
at installation. It can contain any printable characters and an HSM returns them
unmodified in the response message.
It can be used to label commands and their responses for systems that implement batch
queues or which multi-thread commands.
Command Code
Every command has a unique two-character command code. The command codes are
detailed in the Host Command Reference Manual.
Data
Most HSM commands require data, often including cryptographic keys. Details of the data
for each command can be found in the Host Command Reference Manual.
Message Trailer
The message trailer is an additional variable-length field (to a maximum of 32
characters), which can be used to pass additional details required by the Host for further
processing. The field should always be preceded by the EM control character; ASCII and
EBCDIC value is X'19.
The data in this field can be any printable character, and it is returned in the response
message unchanged for error codes 00 and 02. (The trailer is not returned for other error
codes.)
In response to a command.
As a second response to a print command after an HSM has finished sending the
print data to the printer.
In response to the entry of PIN solicitation data at the Console (but only after the
Host has enabled this function).
Each response from an HSM consists of the following:
Error Code
Response Code
Message Header
Start of Text Character
Message Header
The message header field is a copy of the field received in the command message from
the Host. The data is returned to the Host unchanged.
It can be used to label commands and their responses for systems that implement batch
queues or which multi-thread commands.
Response Code
Every response has a unique two-character code. Normally this code has the same first
character as the command to which it is a response, and the second character is one
greater than the second character of the command (e.g., if the command code is AA, the
response code is AB). The value of each code is detailed in the Host Command Reference
Manual.
Error Code
The two-character error code field is used by an HSM to report errors detected during
processing. The values are alphanumeric and the value 00 indicates that no errors have
been found. If an error (other than 00) is returned, subsequent fields, with the exception
of the end of text character, are not returned by an HSM. Error codes specific to a
command or frequently returned with a command are listed with the command code in
the Host Command Reference Manual. A list of global errors is also included in the Host
Command Reference Manual.
Data
Many payShield 9000 HSM commands return data as a result of the processing. Details
of the contents of the returned data are given in the Host Command Reference Manual.
Generally, data is not returned for error codes other than 00. There are some exceptions
to this rule, for example the Key Import command (A6) returns error code 01 to advise
that the key being imported does not have odd parity.
Message Trailer
The message trailer field is present only if it was present in the command message, and
it is returned unchanged. It is not returned for error codes other than 00 or 02.
Data Representation
For asynchronous serial communications, the HSM expects all data to be encoded as
either ASCII or EBCDIC characters with the exception of the STX (X'02), ETX (X'03) and
EM (X'19) control characters. Where an HSM does not try and interpret the data (e.g., in
the message header and message trailer fields), it is possible to include other control
characters, but this is not good practice.
When sending data to an HSM, other than data that is already in character format,
encode each digit (0-9, A-F) as a character (e.g., to send the hexadecimal value
1234ABCD to an HSM requires 8 characters).
For Ethernet communications, the HSM accepts certain fields in binary format. Refer to
individual host commands for full details.
Note: The payShield 9000 HSM automatically detects whether an incoming command
message uses ASCII or EBCDIC characters, and process the command accordingly,
returning the result in the same format.
No single command contains more than 32Kbytes, including any STX and ETX characters.
Where an Async connected HSM operates in half duplex the response to a command
must be received before a new command request is sent.
Error Handling
There are four types of errors generated by a payShield 9000 HSM:
Fatal errors.
Non-recoverable errors.
Recoverable errors.
Programming errors.
Fatal errors indicate a hardware fault in the equipment. Such an error should be logged
and reported for user action to be taken (e.g., report to supervisor). Fatal errors are
normally reported on the console and are not seen by the host application. The host
application usually times out if a fatal error occurs.
Non-recoverable errors cannot be rectified by the program and need user intervention
(e.g., with an HSM set into the Authorized state). Such errors should also be logged and
reported for user action to be taken (e.g., report to supervisor). This type of error does
not mean that an HSM cannot action other types of commands.
Recoverable errors may be the result of data corruption or indicate that an HSM cannot
process a command because some other action is required first. The application should
attempt to recover by re-issuing the command, attempting to clear the corruption or by
implementing the missing action (e.g., an HSM reports that the print format definition is
not loaded, so the program should load it and re-issue the failed command).
Programming errors are normally found during testing, but if they occur at other times,
they are probably non-recoverable.
Additionally the application should monitor an HSM for timeouts on the interface.
In any of the above events, the application should try to continue processing by using
another HSM to action the command. Continued failure may indicate a catastrophic
failure of all HSM units (unlikely), a power failure or a program error.
The application should monitor usage of all HSM units and mark any unit as "out of
service" if it has given a fatal error, or where a unit repeatedly reports non-recoverable
errors.
Error Log
Hardware failures, software errors and alarm events are recorded in the Error Log. This
has 100 slots, with fields for error code, sub-code, date, time and severity level. There
are four severity levels: informative, recoverable, major and catastrophic (needing a
reboot). When an error is recorded for a particular error code, any subsequent error with
the same code updates the date and time for that code., thus each error type remains in
the log until it is cleared.
Error log maintenance is performed from the console using the command ERRLOG to
retrieve the log and CLEARERR to clear the log. Once the log has been read, the flashing
Error LED changes to a steady illumination. If the log is cleared, the Error LED is
extinguished. It is possible to configure the payShield 9000 security settings such that
the Error LED is extinguished after the error log has been viewed.
Optionally it is possible to have a backup unit not connected to the Host but ready for
connection in place of a faulty unit. This is not the preferred practice because the unit
may remain idle for a long time and may itself have developed a fault.
In addition to the ‘live’ units, a typical system contains at least one HSM connected to a
test or development computer system. This allows changes in the environment to be
tested, without disturbing the live system.
User Storage
It is possible to store keys and other data securely inside the payShield 9000 using the
User Storage facility. This is described in Chapter 13.
Sending Commands
The Host port of the payShield 9000 HSM must be configured for Transparent Async
Communications and 8-bit data transfers. The message format for Transparent Async
Communications is:
Where:
STX is the Start of Text character (X'02).
COUNT is a two-byte hexadecimal value in the range X'0003 to X'7FFB inclusive,
representing the number of bytes in the COMMAND/DATA field. The count
excludes the STX, COUNT, LRC and ETX.
LRC is a single-byte Longitudinal Redundancy Check character. It is calculated by
performing an exclusive-OR on each byte of the data sent over the
communications link excluding the STX, COUNT, LRC and the ETX.
ETX is the End of Text character (X'03).
If the HSM reports Error 90 there is a Data Parity Error. Check the payShield 9000 Host
port settings using the QH (Query Host) console command and ensure that the correct
parity is in use.
TCP/IP Protocol
IP addresses can be configured manually or obtained automatically by using DHCP. DNS
is also supported to allow the HSM to be addressed by name rather than by its IP
address.
The HSM employs TCP for the transfer of data (see Chapter 1). It acts as a TCP server
supporting multiple TCP clients configurable via the CH command. The maximum number
of TCP sockets that can be supported is 64. If a TCP client attempts to establish a
connection with an HSM that already has the maximum number of configured sockets
active, the TCP client’s request is rejected.
The HSM supports the TCP Push function. To improve the efficiency of data transfer the
TCP protocol software can buffer data into larger blocks, or divide the data into smaller
blocks. This is useful for time-critical applications, such as transaction processing
systems, where response time is more important than Ethernet utilization efficiency.
The HSM always returns a response to a command using the Push function.
The payShield 9000 Secure Host Communications facility supports the use of SSL and
TLS to protect the TCP/IP link between the HSM and the host. This facility is described in
Chapter 14 of the payShield 9000 General Information Manual.
The payShield 9000 also allows whitelists of acceptable host IP addresses to be
configured using its Access Control Lists (ACL) facility. See the payShield 9000 Console
Reference Manual and the payShield Manager User Guide for information on setting up
ACLs.
Port Addresses
When the port is configured using the Console or payShield Manager, a well-known port
address is assigned (default value 1500). See Chapter 1 of the payShield 9000 Host
Command Reference Manual for information on how port addressing can be used to
specify which LMK a Host Command requires to be used.
Sending Commands
The HSM expects a command to be sent in the form defined in the table.
Multiple commands can be sent to an HSM within one TCP transmission. Each should be
of the form defined in the table.
Example:
where the HSM message header length is set to 04, a message header of 1234 is used,
and character representation is ASCII.
Returning Responses
When an HSM receives a command from a TCP client, the command is processed and the
response returned to the TCP client. The response is of the form defined in the table.
The result of each command sent to an HSM is returned as a separate response to the
TCP client. This also operates when multiple commands are sent to an HSM in a single
TCP transmission.
All HSM responses are returned to the TCP client using the TCP Push function.
Example:
X’00 X’21 X’31 X’32 X’33 X’34 X’4E X’43 X’30 X’30 X’32 X’36
X’38 X’36 X’30 X’34 X’37 X’34 X’34 X’34 X’39 X’31 X’32 X’34
X’32 X’32 X’30 X’30 X’30 X’37 X’2D X’45 X’30 X’30 X’30
where the HSM message header length is set to 04, a message header of 1234 is used,
and the character representation is ASCII.
The example shows the error code returned was 00 and the LMK check value returned
was 2686047444912422 and the firmware installed is 0007-E000.
UDP Protocol
The HSM client expects all UDP connections to be made on the Well-Known-Port at the IP
address (see Chapter 1). The IP address and Well-Known-Port address are defined to the
HSM when configuring the software settings with the Console CH command.
All UDP host clients sending data to an HSM send the datagrams to the Well-Known-Port
at the IP address. The HSM (UDP server) processes the datagram and returns a
datagram response to the originating UDP host client.
Sending Commands
The payShield 9000 HSM expects a command to be sent in the form defined in the table.
Only a single command can be sent to an HSM in one UDP transmission (packet).
Example:
where the HSM message header length is set to 04, a message header of 1234 is used,
and character representation is ASCII.
Returning Responses
When an HSM receives a command from a UDP client the command is processed and the
response returned to the UDP client. The response is of the form defined in the table.
The result of each command sent to an HSM is returned as a separate response to the
UDP client.
Example:
X’00 X’21 X’31 X’32 X’33 X’34 X’4E X’43 X’30 X’30 X’32 X’36
X’38 X’36 X’30 X’34 X’37 X’34 X’34 X’34 X’39 X’31 X’32 X’34
X’32 X’32 X’30 X’30 X’30 X’37 X’2D X’45 X’30 X’30 X’30
where the HSM message header length in set to 04, a message header of 1234 is used,
and the character representation is ASCII.
The example shows the error code returned was 00 and the LMK check value returned
was 2686047444912422 and the firmware installed is 0007-E000.
FICON
FICON is the system for fiber-optic connections to IBM mainframes, and replaces the
older ESCON system. The payShield 9000 Installation Manual gives extensive information
about setting up FICON on the payShield 9000.
Connections
To achieve maximum throughput on the HSM, the FICON interface needs to be driven by
the host with multiple connections. Optimum performance is normally achieved with 4 - 8
connections (depending on the payShield 9000 performance model and the commands
being processed), although for FICON on the 1500 tps model the performance improves
right up to the maximum of 16 connections. Running with only a single connection can
significantly reduce the throughput of the payShield 9000, and means that you will not
be able to reach the rated throughput for the machine.
Configuration Settings
The FICON interface is configured using the CH console command or using Configuration
/ Host Settings / FICON in payShield Manager. The following FICON-specific settings can
be specified:
PIN Mailers
Overview
The principle of PIN mailer printing is straightforward – the card issuer’s computer
systems generate a PIN when a new card is issued or a PIN change is requested, print it
in tamper-evident PIN mailer stationery through which the PIN cannot be viewed, and
post it to the cardholder separately from the card itself.
The need for security, to prevent the PIN being disclosed within the card issuer’s data
centre, means that an HSM should be used to prevent the PIN being available in the
clear. Using the methodology described in this chapter, the PIN is in the clear only on the
cable connecting the printer to the HSM (and, of course, inside the PIN mailer).
The stages in providing a secure method of printing PIN mailers are as follows:
Commands,
format,
encrypted PINs,
& data
Host
Computer
Impact
printer
HSM
A form definition needs to be loaded into the payShield 9000 so that it can format the
output sent to the printer. The HSM can hold a single form definition at a time: this
definition formats the printed output. Form definitions may be used for other purposes
such as key component printing, and so a PIN Mailer form may need to be loaded before
each PIN mailer print run. The form definition data is loaded onto the HSM as text
strings. This data consists of:
It is possible to format PIN mailers to be "one-up" (i.e. the PIN mailers are printed one
after another on the PIN mailer stationery) or "two-up" (i.e. the PIN mailers are printed
in side-by-side pairs).
Note that the PAN is not printed on the mailer, although the last 6 digits can be printed
for the cardholder’s convenience.
1 THOMAS M SMITH
2 APT 4B 1782
3 39 ELM DR
4 MEDIA PA 19063
5 YOUR FULL SERVICE BANK
6
1 JOHN R JONES
2 427 WEST 9TH ST 3690
3 WAYNE PA 19132
4
5 YOUR FULL SERVICE BANK
6
The formatting string required to generate the above form is:
>L>013^0>L>013^1>041^P>L>013^2>L>013^3>L>013 YOUR FULL SERVICE
BANK>L>F>
See the previous example to understand the meanings of the formatting codes.
The PIN is stored encrypted under the LMK, and is passed to the HSM in this encrypted
form at print time. Therefore the PIN is never available in plain text to the host
computer.
A PE command is issued for each PIN mailer record. The parameters for this command
include:
Whether this record is for one-up printing, or whether it is record 1 or 2 for two-up
printing.
The PAN
The PIN, encrypted under the LMK.
The values for the Print Fields identified in the form definition.
The HSM will decrypt the PIN, and then output the record in the defined format to the
printer. The only time the PIN is in the clear is on the cable linking the HSM to the
printer.
It may be, however, that the PIN derives from a different source, which cannot encrypt
the PIN under the payShield 9000 LMK. In this case, the PIN will be available as a PIN
Block encrypted using a Zone PIN Key (ZPK) and the following payShield 9000 host
command should be used to obtain the LMK-encrypted PIN which is required by the PE
command:
After the HSM has processed the PE Host command, it sends 2 responses to the Host
application:
The Host application should confirm the check value returned in the PF response. It does
this by sending the following Host command - preferably to a different HSM from the one
that printed the mailer (but which is using the same LMK).
This command contains the same PAN and encrypted PIN as was used in the PE Host
command, and the check value contained in the PF response.
The PH response to the PG Host command will indicate whether there is a mismatch
between the encrypted PIN and the check value.
PIN solicitation
Overview
The objective of PIN solicitation is to send a mailer to the cardholder to invite them to:
select their desired PIN when a new card is about to be issued and return the
desired PIN to the card issuer.
select a new PIN for a previously issued card.
The PIN may be returned by various methods depending on how the card issuer’s
applications have been designed, such as:
Returning all or part of the PIN Solicitation mailer onto which the PIN has been
entered;
Entry at an ATM
Entry via the Internet
Entry by telephone (Interactive Voice Recognition)
Once the PIN is returned, it is then associated with the card data in the card issuer’s
application.
The crucial factor in making this secure is that the mailer and returned data do not
include the PAN. Instead they include a reference number which is a cryptographic
representation of the last 10 digits of the account number (excluding the account number
check digit). This reference number is a 10-digit number, followed by two check digits.
Because the reference number is the only link to the cardholder’s PIN, there must be a
means of validating the data that is manually entered. There is no way to validate the
PIN except through dual entry procedures or through the visual comparison of the value
entered and the value recorded on the mailer form.
The 12-digit reference number, unlike the PIN, can be validated by a Host program – see
the next sub-section. The check digits can be validated during or after data entry.
PIN solicitation data is batch processed using Host commands. The number of records
entered must be greater than or equal to the minimum batch size specified in the
payShield 9000’s security settings. Each batch consists of at least one logical record.
Each logical record contains the 12-digit reference number in the returned solicitation
mailer and the cardholder-selected PIN.
When the batch has been loaded to the payShield 9000 internal memory, the HSM
encrypts the PINs under LMK pair 02-03, and decrypts the reference numbers, yielding a
value which contains the 10 right-most digits of the account number (excluding the check
digit). The encrypted PIN and 10 digits of the account number are returned to the Host.
The Host can match the account number digits and store the encrypted PIN for
subsequent processing (for verification purposes or the creation of PIN offsets etc.).
Validation Algorithm
The algorithm for validating the two check digits of a reference number is as follows:
where Y is the sum of the products obtained by multiplying the 3rd to the 10th digits of
the reference number by the following weights:
Digit Weight
3 9
4 7
5 8
6 6
7 7
8 9
9 6
10 8
Digit f(digit n)
0 0
1 2
2 4
3 6
4 8
5 1
6 3
7 5
8 7
9 9
The MOD 10 (n) operation yields a value that is the remainder after dividing n by 10.
This remainder is the same as the low-order digit on n.
Example:
The following example illustrates the validation of the reference number 936125183702,
where 0 is the first check digit and 2 is the second check digit.
9 3 6 1 2 5 1 8 3 7 0 2
The available symbols to control printing (sent to the HSM using the PA and PC Host
commands) include:
The mailer can be designed to print the Reference Number but not the PIN in situations
where the cardholder is required to provide a PIN. Alternatively both the reference
Number and the PIN can be printed for situations where the cardholder is invited to
change the default PIN that the issuer has provided and will use in the absence of a
customer-specified PIN.
Note that the PAN is not printed on the mailer, although the last 6 digits can be printed
for the cardholder’s convenience.
Where an encrypted PIN is required, the same Host commands are used as described
previously.
Where only the Reference Number (without the PIN) is to be printed on the mailer, the
OA Host command should be used.
This provides the same information as the PE Host command, except that it does not
provide an encrypted PIN.
The Reference Number is not part of the PE or OA command, but is calculated by the
HSM from the last 10 digits of the PAN (excluding the check digit) prior to printing the
mailer.
The Host application should confirm the check value returned in the PF or OB response. It
does this by sending the following Host commands - preferably to a different HSM (but
with the same LMK).
These commands contain the same PAN and encrypted PIN as was used in the PE or OA
Host command, and the check value contained in the PF or OB response.
In order to prevent the plain text PIN in the QA/QC commands from being matched with
the account number in the QD response(s), the order of the records in the QD
response(s) is randomized. To provide additional security, the minimum batch size (as
defined in the CS Console command or in the payShield Manager Configuration / Security
Settings / Initial dialogue box) should be made as large as possible.
Printer Support
Impact printers
The payShield 9000 allows direct attachment of printers with the following interfaces:
Serial
Parallel - D25 connectors
Parallel – Centronics
USB
These printers are connected to one of the USB ports on the payShield 9000. Serial and
parallel printers are attached using the appropriate serial or parallel adapter cable from
Thales: these adapter cables are intelligent and include microprocessors, the drivers for
which are included with the HSM software. (USB adapters from other sources should not
be used as these may not work with the drivers installed on the HSM.)
Cable length limitations conform to appropriate standards. (Note that for serial printers,
the maximum cable lengths are dependent on the baud rate of the interface and the
physical characteristics of the type of cable used.)
Printers must support the ASCII character set.
A PC application (e.g. Thales PINman) is required to manage and drive the laser printer,
providing very accurate positioning of printing. Additional fonts are required, and the
laser printer may require additional memory to accommodate these.
As with the use of directly-attached impact printers, this arrangement offers a high
degree of security because the clear PINs are only present on the printer cable and in the
printer.
For convenience, this document will refer just to laser printers. However, ink-jet printers
can also be used.
Commands,
format,
encrypted PINs,
PC Application & data
Host
Computer
Laser
or ink-jet
printer
HSM
Special fonts, provided by the stationery manufacturer, are required to allow the PIN to
be printed over the mask. Accurate positioning is essential to align the mask and printed
PIN.
Bastione PIN-TAB
Hyadalam Laser pin
Page International ICS V3
Caution
The use of laser printers for printing of mailers is growing in popularity because of the
benefits in terms of performance, reduced noise, and quality of output. However, some
concern has been expressed about the security of this approach - for example at:
http://www.cl.cam.ac.uk/~mkb23/research/PIN-Mailer.pdf
PC Application
A PC application is necessary to enable this approach to work. This must be able to:
Communicate with the payShield 9000 - sending the appropriate host commands
and data (including encrypted keys) and processing responses.
Design output forms.
Pass printer control data to the HSM, using the PA and PC host commands as
described previously. Particularly important is the ability to accurately position the
(notional) print head - the standard column/row positioning provided by the
standard PA/PC formatting commands is not precise enough, and the laser printer
chosen must allow print head positioning by user-defined data. In the PA/PC
command the control string required by the printer to do this would be passed by
the application to the HSM using the "|" Symbol (‘6A’ in EBCDIC, ‘7C’ in ASCII).
See Appendix E for an example.
In this case, the printer is not directly connected to the HSM but is connected to the print
server. The print server can make use of one or more HSMs to decrypt the PINs provided
by the host application. It then incorporates the clear PINs returned by the HSM in the
data sent to the printer.
Print Server
Printer data,
Encrypted PINs Inc. clear PINs
& data
High-volume
Encrypted Clear printer
Host PINs PINs
Computer
Commercial products implementing this architecture are available from various vendors
such as Red Titan and Phalanx e-Solutions.
Security Considerations
Whereas in the previously discussed cases of directly attached printers the clear PINs are
only present in the printer and the cable connecting the printer to the HSM, in the print
factory scenario the PINs are also in the clear in the print server and on the network
connecting the print server to the HSM. Furthermore, the print server is also connected
to the host system and potentially to the institution’s network.
There is therefore a wider range of attack opportunities than with directly attached
printers. Organizations implementing this printing architecture should satisfy themselves
that they have implemented suitable security and system design measures - which might
include:
a PIN encrypted under a ZPK to be translated to encryption under the LMK (so that
it can then be decrypted).
The response to the NG command includes both the clear PIN for PIN Mailer printing and
a Reference Number that can be used for PIN Solicitation Mailer printing.
Racal (or APACS) Transaction Key Scheme (RTKS). Discussed in this chapter.
Detailed descriptions of the host commands are included in 1270A546 payShield
9000 Host Command Reference Manual.
Derived Unique Key Per Transaction (DUKPT). Discussed in this chapter. Detailed
descriptions of the host commands are included in 1270A546 payShield 9000 Host
Command Reference Manual.
Australian (AS 2805) Transaction Key Scheme. This requires optional license
HSM9-LIC003 to be installed on the payShield 9000. The Scheme is described
in1270A547 payShield 9000 Australian Standards Reference Manual.
The payShield 9000 also provides functionality to enable it to participate in systems
meeting the requirements of GBIC/ZKA: this is discussed later in this chapter.
In the Racal Transaction Key Scheme the TPK and the TAK are updated after each EFT
transaction using an algorithm that depends on the current key and the details of the
transaction (which are known to both communicating parties but do not form part of the
transmitted message, and so would not be known to a third party).
This affords a very high degree of protection for the cryptographic keys. Even if a third
party were able to discover the value of the cryptographic key in use at a particular time,
this would not facilitate discovery of the keys used on previous transactions (i.e., the
scheme has good break-backward protection). Also, if some card data were not
transmitted, the third party would not be able to discover the new value of the keys for
the subsequent transaction (break-forward protection).
T r a n s a c tio n K e y
K ey Req MR R e sp M R
D e riv e d M A C K e y K ey
D a ta
R e sp on se M essa ge D a ta MAC
OWF
P IN
D a ta
D e riv e d P IN K e y K ey E n c r y p te d P IN
N e w T r a n s a c tio n K e y
The key update algorithm used in the Racal Transaction Key Scheme is based on a One-
Way Function (OWF) involving the current key value and the Message Authentication
Code (MAC) residues from the request and response messages from the transaction. The
use of the MAC residues is important, as they are not part of the transmitted data.
In this scheme, the MACs are calculated using a key derived from the transaction key,
and not the transaction key itself. This also applies to the PIN encrypting key.
For more details of the Racal Transaction Key Scheme see Racal-Transcom Publication
RRL4 Secure Key Management for Pin Encryption and Message Authentication.
RTKS Functions
The following functions are all for use at an acquirer site:
Transaction request with PIN (T/AQ key). Used to receive a cardholder request
message from a terminal with a PIN encrypted under the T/AQ key.
Transaction request without PIN. Used to receive a cardholder request message
from a terminal with no PIN.
Transaction request with PIN (T/CI key). Used to receive the request from the
terminal when the PIN key cannot be determined by the acquirer.
KEYVAL translation. Used to pass KEYVAL to the card issuer (required to derive
the PIN key) when the PIN key cannot be determined by the acquirer.
Administration request. Used to receive an administration request message (such
as a reconciliation request).
Transaction response originating at the card issuer. Used when authorization is
generated at the card issuer.
Transaction response originating at the acquirer. Used when authorization is
generated by the acquirer.
Verify confirmation message from terminal. Used to verify the MAC on a
confirmation message from the terminal.
The commands RI, RK, RM, RO, RQ, RS and RU are only available when Racal
Transaction Key Scheme is selected in the payShield 9000 security settings.
The existing Racal Transaction key commands have been modified to support longer
messages. The new commands are backward compatible with existing systems.
The details of the modifications are as follows:
Old style: Pointer (not all functions) 2H
Message Length 2H
Message Text nA
New style: Pointer (if required) 2H
Message Length 2H
Message Text nA
Delimiter 1C Optional, only if original length is 0
Extended Message Pointer(s) 4H Optional, only if original length is 0 and
function requires one or two pointers
Extended Message Length 4H Optional, only if original length is 0
Extended Message nA Optional, only if above field is non zero
To use the extended message length option, the calling application has to set the
Message Length field to zero, whereupon the Message Text field will be of zero length,
i.e. not present. The zero Message Length enables an HSM to check for the optional
Delimiter, any Extended Message Pointer(s), and the Extended Message Length field
which defines the length of the Extended Message.
Some of the functions do not include a pointer to items included in the message, whilst
other functions include either one or two pointers. If a function does include one or two
pointers, one or two Extended Message Pointers are included after the Delimiter as
appropriate. The original pointer(s) in the function are ignored when extended messages
are used, however the 2 hex digit placeholder(s) for the original pointer(s) must still be
supplied.
Whilst the extended commands allow for message sizes up to 65537 characters long (hex
FFFF), in practice the limit is imposed by the maximum size of the HSM input buffer. The
HSM has a much larger input buffer (32K) per connection although the interface option in
use may impose limits which are smaller than this. The HSM will check that the message
lengths (and the pointers) are within sensible limits for an HSM platform executing the
function.
Users may, if they wish, use the Extended Message Length scheme for small messages
(i.e. less than 160 bytes).
Because the two TKSs were mutually exclusive, the same Host command code was used
to identify two different commands, one applicable to the Racal TKS and the other
applicable to the Australian TKS. The command codes affected by this are:
Code ø
Racal TKS Australian TKS
RI Transaction Request With a PIN Verify a Transaction Request, with PIN,
The functionality delivered when any of these Host commands was used was dependent
on the security setting mentioned above.
More recently, the need has arisen for both TKSs to be used on the same payShield
9000, and therefore to have access to both versions of these R* commands. In order to
allow users to have access to both versions of the commands, the R* commands have
been "aliased" as H* commands - e.g. for each of the two RI commands there is an HI
command which is identical to the RI command except for the Command code (HI
instead of RI) and Response code (HJ instead of RJ).
Where the user wishes to use the version of the command that is appropriate to the TKS
selected in the security setting they should use the R* variant of the command. For
example:
if the TKS is set to "Racal" and the user wants the"Transaction Request Without a
PIN" functionality then they would use the RK command.
if the TKS is set to "Australian" and the user wants the "Generate Transaction
Response, with Auth Para Generated by Acquirer" functionality then they would
use the RK command.
This is exactly as for earlier versions of payShield 9000 software, and so provides
backwards compatibility for existing applications.
On the other hand, if the user wishes to use the version of the command that is not
appropriate to the selected TKS, they should use the H* variant of the command. For
example:
if the TKS is set to "Australian" and the user wants the "Transaction Request
Without a PIN" functionality then they would use the HK command.
if the TKS is set to "Racal" and the user wants the "Generate Transaction
Response, with Auth Para Generated by Acquirer" functionality then they would
use the HK command.
In summary:
Merchant’s
POS Terminal
The strength of DUKPT lies in the fact that a new, unique key is generated for each
transaction, such that if a transaction key is compromised this cannot be used to attack
previous at that terminal or transactions at any other terminal. In addition, key
management in the DUKPT environment is simplified by having a single master key
which can manage an entire estate of terminals.
This technique involves the use of a non-secret "key serial number" and a secret "Base
Derivation Key", or BDK. On each transaction, the PIN pad uses a unique key based on a
previous key and the key serial number, which contains a transaction counter. It
encrypts the PIN with this key, then returns both the encrypted PIN and the key serial
number to the acquirer. In an HSM, the key generated by the PIN pad is derived
dynamically and independently of the PIN pad, using the original BDK together with the
key serial number supplied by the PIN pad.
The same BDK can be used by thousands of PIN pads because each PIN pad has a unique
serial number. Therefore each PIN pad produces a unique key for every transaction and a
successful cryptographic attack on one PIN pad will have no effect on any other. The
acquirer only has to manage a relatively small number of BDKs, and the algorithm to
derive a given transaction key is designed in such a way as to require very little
overhead in an HSM.
The Host has the responsibility for maintaining the BDKs. For each transaction, the Host
verifies that the serial number supplied by the PIN pad is valid and extracts from internal
storage the appropriate encrypted BDK identified by the left-most portion of the serial
number. The Host controls BDK generation.
DUKPT Keys
Three levels of keys are employed in DUKPT:
Base Derivation Key (BDK) - a TDES master key owned by the acquirer. The BDK
is used for a large number of terminals - perhaps all the terminals that the
provider ships, or to a model of terminals, or to a serial number range.
Initial Key (IKEY, IK, or IPEK) - a TDES key that is unique to a terminal. The IKEY
is used to initiate the sequence of transaction keys, and is then discarded by the
terminal.
Transaction key - generated within the terminal. Keys for PIN encryption, data
encryption, and MACing are derived from the transaction key. Each transaction is
provided with a unique key to protect its data. When the encrypted data is
received by the Acquirer, the Acquirer will derive the same transaction key using
the same process that the terminal used to derive the encryption key.
These are described in the following sections.
It can be seen from this process that there is no requirement for the Acquirer and
terminal to exchange keys - except in the unlikely event of a terminal generating a
million transaction keys and therefore requiring a new IKEY.
It is expected that DUKPT will be able to manage AES keys in the future.
Code Description
A0 Generate a random BDK and return it to the Host encrypted under the
Local Master Key (LMK)
A6 Accept a BDK encrypted under a Zone Master Key (ZMK) and translate
it to encryption under the LMK
A8 Translate a BDK from LMK to ZMK encryption
The latest revision of the DUKPT standard (X9.24-1:2009) defines two different methods
for deriving data authentication & encryption keys:
The bidirectional method uses a single key to protect terminal-to-host data and
host-to-terminal data. BDK types 1 and 3 support the bidirectional method. (Note
that a BDK type 3 uses the 'PIN encryption' variant to derive the data encryption
key, and therefore can only be used to perform data encryption operations. A
BDK-3 cannot be used to perform PIN-related operations.)
The unidirectional method uses two keys: one key to protect terminal-to-host
data, and another key to protect host-to-terminal data. BDK types 2 and 4
support the unidirectional method.
Further information about the usage of the various BDK types is provided later in this
chapter on the section on Thales Key Types for DUKPT.
the BDK
the Key Serial Number (KSN) which is unique to the terminal – see below.
The payShield 9000 A0 host command can generate an IKEY and export it under a TMK
(Terminal Master Key) or ZMK (Zone Master Key).
Once created, the IKEY is installed into the terminal. (The IKEY is also recreated
transiently by the Acquirer when processing transactions from the terminal in order to
derive the same transaction key that the terminal used to encrypt its data.)
The first 3 elements in the table above form the Initial Key Serial Number, and do not
change during the life of the terminal (unless a new IKEY is loaded for any reason).
Often only 64 bits of the KSN are used, with the KSN padded with "F" Hex characters to
the left. In this scheme, the KSN would have the following structure:
Transaction Keys
When the IKEY is installed in the terminal, it calculates up to 21 "Future Keys". These
Transaction Keys are the keys that will be used in the encryption of future transactions.
The calculation of these keys involves the value of the transaction counter, which
increments for each transaction.
When the initial batch of Future Keys has been derived, the IKEY is no longer required,
and is deleted by the terminal.
When a transaction is being processed, the next available Transaction Key is used. The
keys used for PIN block encryption, MACing, and data encryption are derived from this
transaction key.
The DUKPT terminal sends its encrypted data and the KSN, together with other
transaction data, to the Acquirer.
As each Transaction Key is used, it is deleted by the terminal and replaced by a new
Future Transaction Key. This means that even if the security of the terminal is
compromised in any way and its keys extracted, they cannot be used to attack a
previous transaction from this or any other terminal because the key for that transaction
has already been deleted and each terminal generates different keys.
The Acquirer needs to re-package the data received from the terminal into the standard
formats used by the payments network. This will include actions such as:
Translating a DUKPT PIN Block encrypted with the DUKPT transaction key into one
of the standard PIN Block formats that the payments network uses encrypted with
a Zone PIN Key (ZPK).
Verifying and translating MACs.
Terminal Payments
Terminal Acquirer
Vendor Network
Generate BDK
FTKs +
KSN0
Initialization
Transaction Use next FTK to derive
keys for transaction
Notes:
1. KSN0 = Initial Key Serial Number (with Transaction Counter = 0). May be
modified by Acquirer before generating IKEY.
2. KSNT = Key Serial Number for the transaction, with Transaction Counter
incremented)
3. The BDKs held by the acquirer will be protected using an HSM.
4. The Acquirer operations shown here will involve the use of an HSM for various
cryptographic functions.
Variations on DUKPT
Data Encryption using a PIN Encryption Key Variant
The traditional method of implementing DUKPT X9.24-1:2004 is where the terminal is
initially loaded with an IKEY, and thereafter derives a new PIN encryption key (and
optionally a new MAC key) for each transaction it performs. Since this method does not
support the derivation of data encryption keys, some terminal vendors have implemented
the following hybrid method, using two BDKs: one of which is used to derive the PIN
encryption keys and MAC keys, and a second BDK which is used to derive the data
encryption keys.
In this case, the terminal is initially loaded with IKEYa and IKEYb (which have been
derived from BDKa and BDKb respectively). During each transaction, the terminal derives
two keys, TransactionKeya and TransactionKeyb. The PIN encryption key (and optionally
the MAC key) is derived from TransactionKeya using X9.24-1:2004 compliant methods.
The data encryption key is derived from TransactionKeyb using the PIN encryption key
derivation method described in X9.24-1:2004.
BDKa is a BDK Type 1 and BDKb is a BDK Type 3 - see the section on Thales Key Types
for DUKPT.
Merchant’s
POS Terminal
Here we have an additional link in the chain - the Payment Gateway. This is an
intermediary between the merchant and the Acquirer. The Payment Gateway provides
various services to the Merchant, and might be needed because the merchant is too
small to have a direct relationship with an Acquirer. For the present discussion we shall
assume that the Payment Gateway is required because the Acquirer provides support for
only DUKPT terminals, but the merchant does not support DUKPT.
Encrypting cardholder data at the merchant, at the Acquirer, and on the network
connecting them - whether this is a private network or not - takes the data out of scope
of PCI DSS compliance and audit. This is very attractive to merchants and Acquirers
because of the cost of PCI DSS compliance and audits, and so there is a growing interest
in encrypting all cardholder data in the Acquirer domain - this is referred to as P2PE.
A wide variety of P2PE implementations are available, with proprietary designs by their
vendors. These implementations may involve a Payment Gateway.
DUKPT is often used as the key management method for a P2PE solution, because it
provides a standardised way of exchanging encrypted data (not just PINs) and high
levels of security.
With Mobile Acceptance, the terminal consists of low-cost, secure card readers and PIN
entry devices attached to intelligent mobile communications devices (such as tablets or
standard smartphones). This brings the technology within financial reach of any
merchant or service provider and removes the dependence on a fixed communications
infrastructure.
P2PE must be employed between the mobile terminal and the Acquirer (or a Payment
Gateway providing a mobile transaction service to merchants and passing the
transactions to an Acquirer).
Again, DUKPT is often employed as the key management scheme in this environment.
Systems and products used by these organizations must comply with standards
developed by PCI - a body set up by the card schemes. Acquirers’ systems are audited
against the PCI DSS standard. Payments products must comply with a number of
standards and are certified against various PCI standards. For instance, payment
terminals, including DUKPT-capable devices, must be certified against the PCI PED (PIN
Entry Device) standard. In the case of HSMs, PCI introduced the PCI HSM standard fairly
recently. Although this standard is not yet mandated by the card schemes, PCI in their
standard for P2PE specify that the HSMs used by the acquirer are certified to either FIPS
140-2 or the PCI HSM standard.
PIN Processing
MACing
GBIC/ZKA PIN Authentication, Message Authentication, and Data Encryption keys are
derived from ZKA Master Keys. The payShield 9000 A0 host command supports the
generation of these working keys: the required random number input can be provided as
one of the A0 command input parameters or generated by the command.
The RSA public key algorithm was devised in 1979 by Rivest, Shamir and Adleman
(hence the name). It is an asymmetric cryptographic algorithm, which means that the
encryption and decryption keys are different, and that it is computationally infeasible to
deduce the decryption key from the encryption key. The encryption key may be made
public and distributed in clear without compromising the security of the decryption key,
hence the term Public Key Cryptography.
Data Formats
Certificates, signatures, encrypted key blocks and message data supplied in commands
specified in this document are binary fields, with the leftmost byte being the most
significant and the rightmost byte being the least significant. Note that the binary data
may be right justified and padded to the left with zeros, if necessary, in order to make
the data length (in bits) an exact multiple of eight.
the correct result. Although the commands specified in this document, which use a
Public Key, could be used with an even Exponent, there is no guarantee that the results
produced by these commands will be correct. It is strongly recommended that the
commands in this document are used only with odd Public Exponents. Note that it is not
possible to use an HSM to generate an RSA Key Set that has an even Public Exponent.
Common Parameters
Within these functions certain common parameters are defined as follows:
If the DES Key Type is 0600, LMK pair 06-07 is used (no variant).
If the DES Key Type is 3007, variant 7 of LMK pair 30-31 is used.
Signature Algorithm
01 = RSA
Encryption Identifier
01 = RSA
Hash Identifier
01 = SHA-1, produces a 20 byte result.
02 = MD5, produces a 16 byte result.
03 = ISO 10118-2, produces a 16 byte result.
04 = No hash.
05 = SHA-224
06 = SHA-256
07 = SHA-384
08 = SHA-512
04 = No hash
The no-hash option can be used when an HSM provides signature generation or
validation, or certificate validation, on data that is hashed outside an HSM.
If the no-hash option is chosen, the data that is provided in the Validate a Certificate,
Generate a Signature and Validate a Signature commands is not modified in any way by
an HSM, so it must be precisely the data in the plain signature block (which depends on
the pad mode selected by the Pad Mode Identifier). It is the responsibility of the Host
application to ensure that the precise data to be included in the signature block is
supplied in the command.
Example:
If the SHA-1 algorithm is used to hash the data and the resultant hash value is:
0123456789ABCDEF0123456789ABCDEF01234567
and if the PKCS#1 pad mode is used, the data to be provided must be the complete
ASN.1 DER encoded DigestInfo, which is:
30 21 300906052B0E03021A0500 04140123456789ABCDEF0123456789ABCDEF01234567.
Note that when using the no-hash mode, the HSM checks that the DER encoded
DigestInfo syntax is correct. If there is a digest info syntax error, the HSM returns error
code 74.
The PKCS#1 standard (see References 3 and 4 at the beginning of this manual) defines
the padding method to be used before operating with a public or secret RSA key.
01 = PKCS#1 v1.5
This simple padding scheme was introduced in the original PKCS#1 specification. The
data to be encrypted or decrypted is padded as follows:
00 BT PS 00 D
where:
BT is a single byte indicating the block type. BT is 01 for a secret key operation;
02 for a public key operation.
PS is a padding string consisting of bytes FF....FF for block type 01, random non-
zero bytes for block type 02. PS must contain at least 8 bytes.
D is the data block.
The total length of the padded block is equal to the length (in bytes) of the RSA
key modulus
The data block D is the ASN.1 encoded message digest, or AES/DES key (depending on
the command used), as follows:
DigestInfo :: SEQUENCE {
digestAlgorithm DigestAlgorithmldentifier,
digest OCTET STRING
}
DigestAlgorithmldentifier :: SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters NULL
}
Example 1:
Assume that the SHA-1 algorithm is used to produce the 20-byte digest:
0123456789ABCDEF0123456789ABCDEF01234567.
30 09 06 05 2B0E03021A 05 00.
Thus, the ASN.1 DER encoded DigestInfo is:
30 21 300906052B0E03021A0500
04140123456789ABCDEF0123456789ABCDEF01234567
Example 2:
30 14 04080123456789ABCDEF 04089999999999999999.
When the PKCS#1 pad mode is used, the following validity checks are carried out:
For a validation operation (Validate a Certificate, Validate a Signature):
The length of the data to be validated is equal to the length (in bytes) of the
modulus of the key to be used for the validation. If not, error code 76 is
returned.
The first byte of the clear data block is 00. If not, error code 77 is returned.
The second byte of the clear data block is 01. If not, error code 77 is returned.
Subsequent bytes consist of at least 8 bytes of binary 1s, followed by a zero byte.
If not, error code 77 is returned.
The hash algorithm object identifier corresponds to that of the identifier of the
hash algorithm supplied in the command message. If not, error code 79 is
returned.
The digest is compared with the hash of the supplied data. If the two values are
not equal, error code 02 is returned.
For a generation operation (Generate a Signature):
The length (in bytes) of the data block D is at most m-11 (where m is the length,
in bytes, of the modulus of the key to be used). If not, error code 76 is returned.
For an import key operation (Import a DES Key):
The length of the imported key block is equal to the length (in bytes) of the
modulus of the secret key to be used to decrypt the block. If not, error code 76 is
returned.
The first byte of the clear data block is 00 and the second byte is 02. If not, error
code 77 is returned.
Subsequent bytes consist of at least 8 bytes of random non-zero bytes, followed
by a zero byte. If not, error code 77 is returned.
The data block D conforms to the ASN.1 encoding rules. If not, error code 77 is
returned.
For an export key operation (Export a DES Key):
The length (in bytes) of the data block D is at most m-11 (where m is the length,
in bytes, of the modulus of the key to be used). If not, error code 76 is returned.
02 = OAEP
Optimal Asymmetric Encryption Padding (OAEP) was introduced in PKCS#1 v2.0, as an
improvement on the original, simple PKCS#1 v 1.5 method described above. OAEP
requires four additional parameters:
Mask Generation Function
01 = MGF1
MGF Hash Function
01 = SHA1
OAEP Encoding Parameters Length
Specifies the length of the encoding parameters.
OAEP Encoding Parameters
The host may optionally supply a set of OAEP encoding parameters. If OAEP
padding is used, but no Encoding Parameters are required, then OAEP Encoding
Parameters Length should be "00", and this field will be empty.
The OEAP fields are encoded according to PKCS#1 version 2.0 section 11.2.1 (see
Reference 3 at the beginning of this manual). The HSM does not interpret or validate the
contents of this field, it applies the Hash Algorithm to it and feeds the result into the
OAEP process.
This parameter specifies the type of data structure used to carry a DES key.
For key export, an HSM overlays the zero filled data with a DES or Triple DES key as
appropriate.
For key import, an HSM verifies that the decrypted data conforms to the specified
padding, then checks that the supplied template matches the decoded data. It then
extracts the data at the position indicated by the DES Key Offset, and use this as the key
for import.
An example Key Block structure and template is shown below. This structure is used for
Diebold Remote Key Transport.
Example Key Block Structure
RecipientInfo ::= SEQUENCE {
version Version,
issuerAndSerialNumber IssuerAndSerialNumber,
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
keyOrKey block KeyOrKey block
Another two optional parameters support a check value. The Check Value is not required
for the Diebold implementation, but provides flexibility to support applications that
require a check value in the key block.
Check Value Length
Length in bytes of the check value field. This field should be 0 if no check value is
used.
Check Value Offset
Offset to the location of the check value within the key block.
A public key Modulus represented in 2’s complement form will always have a leading 00
byte, the most significant bit of the second byte will always be ‘1’. A public key modulus
represented in unsigned form will never begin with a 00 byte, the most significant bit of
the modulus will always be ‘1’.
Examples:
1024 bit modulus with an exponent of 03 using Public Key Encoding 01:
X'30 X'81 X'86 X'02 X'81 X'80 128 bytes X'02 X'01 X'03
Where:
X'81 X'80 specifies the length of the following field in bytes using the same
definition as above (128 Bytes).
The modulus in this example is 1024 bits. For Public Key Encoding 01 this is
represented in unsigned form. The resulting field is 128 bytes.
X'02 is the identifier specifying the start of the second integer.
X'01 specifies the length of the following field in bytes using the same definition
as above (1 Byte).
X'03 is the value of the exponent.
1024 bit modulus with an exponent of 03 using Public Key Encoding 02:
X'30 X'81 X'87 X'02 X'81 X'81 129 bytes X'02 X'01 X'03
Where:
Worked Examples
This section demonstrates the typical use of the GK (Export Key under RSA Public Key)
host command, whereby a ZPK is securely transported from the local system (an HSM) to
a trusted external system (X).
External Local
System System
ZPK
(X) (HSM)
Both systems must previously have generated RSA key pairs. Additionally, both systems
must trust each other's public keys. For the local system, this can be achieved using the
EO (Generate a MAC on a Public Key) command, which requires Authorized State. How
the external system achieves this is outside the scope of this example.
The ZPK is encrypted using X’s public key, positioned within a block containing additional
data, and then signed using an HSM’s private key.
The examples provide values for all input and (anticipated) output parameters to the GK
(Export Key under RSA Public Key) command when using both 1024-bit and 2048-bit
RSA keys.
The first section defines a number of values that are used in producing the encrypted &
signed ZPK (using 1024-bit RSA keys).
The second section Sample Data Generation Procedure (1024-bit RSA keys) shows the
intermediate steps to producing the encrypted & signed ZPK (using 1024-bit RSA keys).
The third section Sample Data Calculation (1024-bit RSA keys) consists of a complete
command message / response message sequence for this example (using 1024-bit RSA
keys).
The fourth section Sample Data Definitions (2048-bit RSA keys) defines a number of
values that are used in producing the encrypted & signed ZPK (using 2048-bit RSA keys).
The fifth section Sample Data Generation Procedure (2048-bit RSA keys) shows the
intermediate steps to producing the encrypted & signed ZPK (using 2048-bit RSA keys).
The sixth and final section Sample Data Calculation (2048-bit RSA keys) consists of a
complete command message / response message sequence for this example (using
2048-bit RSA keys).
ENCRYPTION PADDING MODE = OAEP (MGF1, SHA-1, OAEP PARAMS = "09 08 07 06")
0000: 30 81 89 02 81 81 00 40 CE 04 F8 5B 70 30 49 C8 0•‰.••.@Î.ø[p0IÈ
0010: 48 6C 84 C8 EB 40 54 EC B2 2A FD 6B 78 96 7D A2 Hl„Èë@Tì²*ýkx–}¢
0020: D8 CD F7 5E 5E B9 63 94 95 43 C6 8F 54 31 88 11 ØÍ÷^^¹c"•CÆ•T1ˆ.
0030: B3 A9 91 27 A8 C1 D0 9C B1 3C CD 70 05 80 8E 91 ³©‘'¨ÁÐœ±<Íp.€Ž‘
0040: 80 80 B0 AF 5A 58 C7 11 8B 44 3F C7 CD AE E4 D5 €€°¯ZXÇ.‹D?ÇÍ®äÕ
0050: A7 F6 3C C0 F3 59 6C 98 E3 7B 9F 97 9D 53 C4 4B §ö<ÀóYl˜ã{Ÿ—•SÄK
0060: E1 0E C4 06 8F DD 7A 38 24 BD 20 34 F0 E5 EA 19 á.Ä.•Ýz8$½ 4ðåê.
0070: 8E FF 9B 36 B0 EF 65 90 BF D0 50 99 E2 8A E0 4D Žÿ›6°ïe•¿ÐP™âŠàM
0080: 09 96 D2 E1 36 21 E9 02 03 01 00 01 .–Òá6!é.....
0000: 30 81 89 02 81 81 00 40 85 8A 70 C8 7F 3E AB 9E 0‰..@…ŠpÈ•>«ž
0010: 13 6D 2C 0C A3 B6 CC 47 ED 68 6E 3C 6F 31 46 C5 .m,.£¶ÌGíhn<o1FÅ
0020: FE 05 64 3B 4F EE F9 B6 9A 1C ED 6A EB D3 B9 15 þ.d;Oîù¶š.íjëÓ¹.
0030: 31 3C 8C D1 5C BF 26 FB AB D4 8C 6E 08 2A D0 F0 1<ŒÑ\¿&û«ÔŒn.*Ðð
0040: D5 FD 03 64 56 B6 CE A5 91 DF B7 F5 A4 30 B2 6B Õý.dV¶Î¥‘ß·õ¤0²k
0050: EA 3A 8C E4 15 2C DC 50 DE AF 9D DF EF D8 AC 10 ê:Œä.,ÜPÞ¯•ßïج.
0060: DB FF 2B 92 F1 97 C7 D6 D0 CF BC 1A 6D 85 06 CB Ûÿ+’ñ—ÇÖÐϼ.m….Ë
0070: F8 1B 76 F1 5D 32 AC D0 72 ED 34 72 30 A9 24 F0 ø.vñ]2¬Ðrí4r0©$ð
0080: 6D B2 E3 8D 55 33 33 02 03 01 00 01 m²ã•U33.....
SIGNATURE PRIVATE KEY (D) =
0000: 01 9F 3E 65 05 75 57 C0 B5 08 7F B4 D3 EE 3B 6B .Ÿ>e.uWÀµ.•´Óî;k
0010: 39 4C 42 79 B1 D7 89 33 BD DA C9 B1 E9 3C 62 33 9LBy±×‰3½Úɱé<b3
0020: C3 7B 00 A6 4F E6 87 45 15 76 4E 6A 62 26 2D C0 Ã{.¦Oæ‡E.vNjb&-À
0030: 9D 90 86 72 AF 9E 9A 5F 3D 7A 2A 92 53 66 B8 F6 †r¯žš_=z*’Sf¸ö
0040: 0D A9 89 E5 24 1D 38 B8 1B 01 0D 55 A6 59 C4 E5 .©‰å$.8¸...U¦YÄå
0050: 53 2F 2A A9 53 CF 68 CF 20 AE 4B CD 9E 26 F1 60 S/*©SÏhÏ ®KÍž&ñ`
0060: 05 4A 58 29 7A C8 43 7F D1 46 C8 E9 E0 66 EE FF .JX)zÈC•ÑFÈéàfîÿ
0070: 64 93 6C 3D 12 CF 3B 78 42 3D 39 77 3E EF 42 E9 d"l=.Ï;xB=9w>ïBé
SIGNATURE PRIVATE KEY (ENCRYPTED UNDER LMK) =
0000: B9 02 C5 03 07 7E E3 DF FF 12 DC 4F 35 A9 96 22 ¹.Å..~ãßÿ.ÜO5©–"
0010: 11 58 A5 59 72 A7 CB 93 0C 39 93 C9 FD 70 07 6D .X¥Yr§Ë".9"Éýp.m
0020: F6 3D 62 C1 BF 00 65 86 42 84 72 9B DE AD 89 8A ö=bÁ¿.e†B„r›Þ‰Š
0030: 3F 58 94 CE B2 7E 66 E5 15 D7 E1 6A 91 6F F1 96 ?X"β~få.×áj‘oñ–
0040: 89 BF AC 5F 97 54 B1 EF 4A 36 2A 1A 53 6F 3F 82 ‰¿¬_—T±ïJ6*.So?‚
0050: AA 31 F9 F7 1A 95 EC E9 DD 70 76 CE 7E E5 1C B4 ª1ù÷.•ìéÝpvÎ~å.´
0060: 70 FE A8 A8 6D CC E8 25 E8 6E 4E D7 7A 0A 71 22 pþ¨¨mÌè%ènN×z.q"
0070: 25 5D 11 1C D2 DA EE DA FC 5A 92 93 39 39 2C 77 %]..ÒÚîÚüZ’"99,w
0080: 93 A2 C9 47 ED 0A F1 7C 4F 15 A6 0F C7 F4 36 E4 "¢ÉGí.ñ|O.¦.Çô6ä
0090: 60 D0 38 4F 5F B2 43 3C 01 13 57 44 9A BA 8D 94 `Ð8O_²C<..WDšº•"
00A0: 95 98 E0 A5 EE D3 8C D8 8F 29 93 AF 62 E0 0B E2 •˜à¥îӌؕ)"¯bà.â
00B0: 12 B7 07 76 05 BC BB 0D D2 EB 87 B1 DC D8 B8 12 .·.v.¼».Ò뇱Üظ.
00C0: 26 B3 EA 58 58 D1 1F 3B C1 66 DC 75 68 7C EF 64 &³êXXÑ.;ÁfÜuh|ïd
00D0: 4D 46 61 F8 C3 74 AC 76 B4 42 D1 9B D7 D4 63 DC MFaøÃt¬v´BÑ›×ÔcÜ
00E0: C2 A0 E7 CA 7C 4E 7A 09 57 DA FA 3E A6 C8 50 4E  çÊ|Nz.WÚú>¦ÈPN
00F0: BC 49 37 97 C1 89 67 26 07 2C 3C 1C 1B 8A 53 A4 ¼I7—Á‰g&.,<..ŠS¤
0100: AB F1 63 F1 9D 9E ED 59 EF 62 E3 75 22 13 BD 46 «ñcñžíYïbãu".½F
0110: 10 BC ED CE 38 78 03 72 F5 D1 2D 1C DF 62 42 73 .¼íÎ8x.rõÑ-.ßbBs
0120: 52 53 2C 67 84 AE 7B A7 3B B3 AD 1C 33 EE 6E E4 RS,g„®{§;³.3înä
0130: A0 F2 62 AE 82 DE F1 80 7A 69 8C 68 27 FA 4A 45 òb®‚Þñ€ziŒh'úJE
0140: 73 E2 B4 7C 12 13 9C D3 BC 23 72 9A C3 42 91 20 sâ´|..œÓ¼#ršÃB‘
0150: 8B 1B 9A F3 1F 7D 37 9D ‹.šó.}7•
0070: 1D 01 13 08 42 2E 2F A6 67 22 6E 84 D7 8D 0D DC ....B./¦g"n„ו.Ü
Note: PKCS#1’s OAEP padding involves a random input, and therefore is not predictable.
The value of an encrypted DES key and its signature will be different each time this
command is run, even if the DES key and RSA keys remain the same. The values in the
table above should only be used to indicate how an HSM’s internal processing works: do
not expect to get the same encrypted key and signature as shown above!
ENCRYPTION PADDING MODE = OAEP (MGF1, SHA-1, OAEP PARAMS = "09 08 07 06")
0000: 30 82 01 0A 02 82 01 01 00 40 F5 B5 3A 32 47 50 0‚...‚...@õµ:2GP
0010: 90 AD DE 8A 33 EF 6F 9F 95 EE 58 41 84 F1 FE 7D ÞŠ3ïoŸ•îXA„ñþ}
0020: 31 AE 58 C6 CA E2 A0 62 DA B0 39 E7 45 03 9F 7A 1®XÆÊâ bÚ°9çE.Ÿz
0030: A4 3A 23 6A 45 40 AD 0A 3F 36 1F 90 5F 29 B1 A0 ¤:#jE@-.?6.•_)±
0040: E9 C1 65 B0 A6 56 D9 F8 18 C5 7E 05 D7 87 F1 F8 éÁe°¦VÙø.Å~.ׇñø
0050: EE 0C 6B E9 B4 2A 83 2C FD BD 35 74 A5 E7 EF 86 î.ké´*ƒ,ý½5t¥çï†
0060: 3B 11 FF 3F 95 DC AC BB DC FD D9 0E A9 C7 D5 52 ;.ÿ?•Ü¬»ÜýÙ.©ÇÕR
0070: CF 0D 1B E4 71 53 2C F6 4E 02 9C CD D7 D9 AE C9 Ï..äqS,öN.œÍ×Ù®É
0080: 2F 90 C3 9D 1B E9 63 AE E6 F5 78 E6 A3 D8 3A C6 /•Ã•.éc®æõxæ£Ø:Æ
0090: 57 2E B5 52 5D 0A 81 79 BC BA 02 63 D8 2E BB 5D W.µR].•y¼º.cØ.»]
00A0: 77 C3 35 56 16 06 B3 27 01 75 3A ED C4 2A AA E1 wÃ5V..³'.u:íÄ*ªá
00B0: 20 D9 23 3C B3 B9 EF 4D DE 0C 7B 07 02 25 3E 25 Ù#<³¹ïMÞ.{..%>%
00C0: 5C 1E DE 05 2D 9C 4F 7A 6C 7A FB F4 E4 08 BB 18 \.Þ.-œOzlzûôä.».
00D0: D9 53 54 C4 44 62 FF 35 2B FF 31 1E 8E 07 A3 83 ÙSTÄDbÿ5+ÿ1.Ž.£ƒ
00E0: 49 A7 88 08 16 4A 24 A0 8F D9 D3 54 9B C3 3D 58 I§ˆ..J$ ÙÓT›Ã=X
00F0: DE C5 25 E9 7F FB FB F8 A6 D4 12 05 12 0A E8 D4 ÞÅ%é•ûûø¦Ô....èÔ
0100: AC 75 6F 3E 85 80 91 8D CB 02 03 01 00 01 ¬uo>…€‘•Ë.....
0000: 07 B7 88 C7 78 98 9B 3C 0C C3 AE A4 5B D1 E5 61 .·ˆÇx˜›<.î¤[Ñåa
0010: F0 D6 20 36 74 6F 18 9D 51 CA 6F 17 44 13 EC 9A ðÖ 6to.QÊo.D.ìš
0020: 71 2B F7 CA ED 92 C1 05 88 78 93 93 D5 8A 98 F8 q+÷Êí’Á.ˆx""ÕŠ˜ø
0030: 88 6B F8 81 2D 99 51 F5 E3 09 3B 12 8F A7 C6 3E ˆkø•-™Qõã.;.•§Æ>
0040: DF 1B 49 03 61 3D 80 26 7B 68 48 73 A4 47 40 0D ß.I.a=€&{hHs¤G@.
0050: 86 B0 36 82 CD 0A 59 E6 63 8D 70 96 D3 87 DB AB †°6‚Í.Yæc•p–Ó‡Û«
0060: 75 A6 97 04 D9 5E 00 BF E3 1D 48 A6 A3 CC 68 18 u¦—.Ù^.¿ã.H¦£Ìh.
0070: 3D 5C 36 61 E9 94 C7 86 B4 8A 60 7C 23 DE 39 35 =\6aé"dž´Š`|#Þ95
0080: 4D 19 5D DA 82 71 06 4F C7 73 82 A0 F9 AB 9F 10 M.]Ú‚q.OÇs‚ ù«Ÿ.
0090: 25 3B 43 74 B6 5B 29 79 0C 34 C2 FF 82 2C D9 62 %;Ct¶[)y.4Âÿ‚,Ùb
00A0: 45 1B 66 0E 43 67 56 A1 E1 9E 04 E8 D1 FD 23 72 E.f.CgV¡áž.èÑý#r
00B0: 4D 81 1D 61 54 22 95 2B 66 05 A5 A2 CD 20 6F 74 M.aT"•+f.¥¢Í ot
00C0: 18 18 FA E4 BD 0F 6E D9 24 64 F6 A7 C6 16 5E 89 ..úä½.nÙ$dö§Æ.^‰
00D0: 46 85 00 12 9F 45 50 CA 6F C9 A9 3B AC E4 2F 39 F…..ŸEPÊoÉ©;¬ä/9
00E0: BA B7 63 7E 8B BB 97 4C D7 A3 90 C8 39 62 85 AE º·c~‹»—L×£È9b…®
00F0: B1 AC 82 E0 70 F8 84 05 53 99 F6 7E 33 EA 76 F1 ±¬‚àpø„.S™ö~3êvñ
SIGNATURE PUBLIC KEY (ASN.1 DER ENCODED) =
0000: 30 82 01 0A 02 82 01 01 00 40 BD C2 92 8D CF A2 0‚...‚...@½Â’•Ï¢
0010: 96 A7 B3 F2 FE 3E 78 C7 24 21 F3 B2 89 A0 CA 5D –§³òþ>xÇ$!ó²‰ Ê]
0020: 6E E5 9F 4F 14 76 59 95 64 32 D2 30 31 42 8D 9B nåŸO.vY•d2Ò01B›
0030: 83 99 99 1A DB E3 B7 10 17 4C 12 87 1F 53 49 05 ƒ™™.Ûã·..L.‡.SI.
0040: 82 46 F3 94 22 32 D2 2F 02 B5 AF D3 C0 E9 1A 28 ‚Fó""2Ò/.µ¯ÓÀé.(
0050: 51 13 96 3A 66 05 98 D9 00 40 E8 CB 48 71 C4 48 Q.–:f.˜Ù.@èËHqÄH
0060: BA FA 17 46 38 DB 3C 35 BA F5 CA 5D C5 6D B9 3D ºú.F8Û<5ºõÊ]Åm¹=
0070: E2 5A C2 A5 C3 D7 49 1F 5B A7 02 98 F0 42 3A DE âZÂ¥Ã×I.[§.˜ðB:Þ
0080: 55 06 9B 0B 40 B4 38 78 E0 55 76 B0 8F 71 A8 EE U.›.@´8xàUv°•q¨î
0090: 10 B1 F7 52 4D A7 DF 52 C4 4B 23 0E 31 E0 B1 E4 .±÷RM§ßRÄK#.1à±ä
00A0: B5 A1 E4 B4 7C 94 E9 E5 30 F6 DB 57 70 7E 53 5A µ¡ä´|"éå0öÛWp~SZ
00B0: 5F BF B0 32 21 44 B5 04 B2 8D 22 B7 21 E4 D5 98 _¿°2!Dµ.²"·!äÕ˜
00C0: 10 17 3B 2B 71 4A 70 3B B3 6F FC B8 9A D5 33 32 ..;+qJp;³oü¸šÕ32
00D0: 60 91 FB 41 A6 D4 FB 71 F4 12 5E 80 33 1D BC E7 `‘ûA¦Ôûqô.^€3.¼ç
00E0: 53 EC 13 4F 9B 3D A9 E7 77 FF 89 54 CC 25 A8 FF Sì.O›=©çwÿ‰TÌ%¨ÿ
00F0: C7 D3 E0 2F C7 03 F0 CF 0F 18 C8 8D 1F 5D 35 32 ÇÓà/Ç.ðÏ..È•.]52
0100: BB 17 DB 94 63 03 77 34 73 02 03 01 00 01 ».Û"c.w4s.....
SIGNATURE PRIVATE KEY (D) =
0000: 01 A1 65 CD 90 11 BB 1C 05 34 34 79 EF B3 D5 FC .¡eÍ•.»..44yï³Õü
0010: 14 78 D1 35 C3 1D 65 95 FD E5 71 B5 E7 B7 20 DA .xÑ5Ã.e•ýåqµç· Ú
0020: 89 A7 1E 7C 97 1A FE E0 25 15 A4 86 06 29 9D 97 ‰§.|—.þà%.¤†.)•—
0030: A0 9C 54 D7 D6 9E 9F AB 64 C3 0C A7 81 D5 26 46 œT×ÖžŸ«dÃ.§•Õ&F
0040: F0 B1 71 69 49 D5 95 4F 59 69 6E A6 14 1D 01 D6 ð±qiIÕ•OYin¦...Ö
0050: 0E 4C 6E 96 2F FB 4C 03 9D 79 C9 94 73 FD 03 B3 .Ln–/ûL.•yÉ"sý.³
0060: 66 2E 47 07 4A 58 A0 74 DB 69 4C 88 6E 9B 12 55 f.G.JX tÛiLˆn›.U
0070: 9A 12 A8 2C 60 D6 9F B3 CF 7B 47 20 C5 89 28 8E š.¨,`ÖŸ³Ï{G ʼn(Ž
0080: 23 4C D6 97 21 D0 19 DF 7E A3 05 AC F2 2E 0C E9 #LÖ—!Ð.ß~£.¬ò..é
0090: 59 7C 98 1B DF AA D7 09 69 D3 04 CA 09 87 4E 52 Y|˜.ߪ×.iÓ.Ê.‡NR
00A0: C5 62 CE 85 39 2B 45 8E 6E E3 AA DD E1 85 BD 62 ÅbÎ…9+EŽnãªÝá…½b
00B0: 4F 0A 0F 75 29 32 30 4A 4B 07 7C AA 4A C8 50 48 O..u)20JK.|ªJÈPH
00C0: 0A EE 65 55 89 6B 2D 98 40 33 61 1D DA 24 F4 E8 .îeU‰k-˜@3a.Ú$ôè
00D0: 08 79 D5 AA 5F 4B F8 EB FB 98 DC B9 CB CD 09 AC .yÕª_Køëû˜Ü¹ËÍ.¬
00E0: 78 A0 10 A0 96 5A 63 59 D5 03 2C F3 68 64 D8 B0 x . –ZcYÕ.,óhdØ°
00F0: 05 D2 74 6B 18 A5 0A FB F9 AF 84 31 DB 5B 41 39 .Òtk.¥.ûù¯„1Û[A9
SIGNATURE PRIVATE KEY (ENCRYPTED UNDER LMK) =
0000: 14 F7 B6 45 05 43 83 DA 0C 52 C6 5F 91 86 ED 10 .÷¶E.CƒÚ.RÆ_‘†í.
0010: F6 88 11 F2 8D 0F 69 98 00 3F A6 48 A7 5C E5 12 öˆ.ò.i˜.?¦H§\å.
0020: 34 59 53 EB 41 5B B1 DE C9 21 F5 DD B3 E1 5D 47 4YSëA[±ÞÉ!õݳá]G
0030: 5D 8A 27 E4 C8 A9 48 CC 36 F8 C2 5D 84 7B 42 BA ]Š'äÈ©HÌ6øÂ]„{Bº
0040: 66 55 1F 66 DA 86 02 B1 8C B0 F9 F0 B4 90 0E 1C fU.fÚ†.±Œ°ùð´•..
0050: 40 DB BA 12 D3 E2 E7 D1 44 AF 02 97 70 38 8A F9 @Ûº.ÓâçÑD¯.—p8Šù
0060: BC 88 D9 FC 29 6B 1F A8 88 44 47 6D 5E B8 FC 70 ¼ˆÙü)k.¨ˆDGm^¸üp
0070: 90 8D F0 FC B8 18 B7 BB 48 67 67 D1 CB E4 BA 92 ðü¸.·»HggÑË互
0080: 77 D7 50 08 84 4E EB FE 38 E6 39 1C DB C8 D4 1C w×P.„Nëþ8æ9.ÛÈÔ.
0090: F2 F6 5C C4 B8 1A BD A0 6D 37 13 75 06 85 A3 0A òö\ĸ.½ m7.u.…£.
00A0: 24 62 99 72 02 E0 F5 FE D5 BF 2A 3A 0C 25 0E 3D $B™R.ÀÕÞÕ¿*:.%.=
00B0: 64 09 2E 7D 2A 1B 72 3B D1 57 1A 71 92 68 C3 F0 D..}*.R;ÑW.Q’HÃÐ
00C0: DF E6 24 8A 8F 3D D9 34 43 7B 34 25 3D 06 1C 40 ßæ$Š•=Ù4C{4%=..@
00D0: 14 2E B0 F3 83 25 DE 14 3C 6F 3A E3 56 15 FC 61 ..°óƒ%Þ.<o:ãV.üa
00E0: A4 A7 A2 0D E4 F6 BF 38 66 CC 6E 80 6B DD 28 C2 ¤§¢.äö¿8fÌn€kÝ(Â
00F0: AD 96 BE F3 B3 AE 81 EE 49 5D 0E 25 90 A3 32 34 -–¾ó³®•îI].%•£24
0100: 73 5F 48 A8 53 57 00 DF 51 71 E3 9B 1D 6B 35 B7 s_H¨SW.ßQqã›.k5·
0110: 28 AD FC E9 4D B6 95 DC 8D 26 9B 86 40 82 30 AA (üéM¶•Ü&›†@‚0ª
0120: 26 B6 C1 CC 72 48 B3 36 D5 65 18 A2 AF 09 C4 D2 &¶ÁÌrH³6Õe.¢¯.ÄÒ
0130: EB 1A FB F5 4B 91 C6 C0 BD 13 AD 0A F8 D4 EA B2 ë.ûõK‘ÆÀ½..øÔê²
0140: 3F A2 AD 0F 8C CE 1E 4B BE 2F D8 52 4E ED E0 76 ?¢.ŒÎ.K¾/ØRNíàv
0150: 90 D9 B0 C3 67 0F 71 51 3B 78 BE 32 B0 DC 28 56 •Ù°Ãg.qQ;x¾2°Ü(V
0160: 71 70 49 C0 55 1F 4E FD 5F AC 8A 46 F8 E6 02 DC qpIÀU.Ný_¬ŠFøæ.Ü
0170: A6 55 A8 2A F9 18 2D E3 90 7D F7 6F E4 8B B9 65 ¦U¨*ù.-ã}÷o䋹e
0180: 85 F6 9B FE B0 D4 37 4A 36 E0 C3 D6 D5 2D 9F 61 …ö›þ°Ô7J6àÃÖÕ-Ÿa
0190: E9 A2 5E 5E 4A A1 E4 C3 CC 74 4C B4 9E 86 4D 8B é¢^^J¡äÃÌtL´ž†M‹
01A0: 23 6B E5 15 B2 42 5D 6F 28 0C 74 3F 4B CF B0 64 #kå.²B]o(.t?KÏ°d
01B0: 95 82 E9 9A 06 FB 78 ED F7 5D AE 1F D9 D3 FA 66 •‚éš.ûxí÷]®.ÙÓúf
01C0: B9 40 7C F2 B4 4A 6F 6E 3F AB 21 49 0A 30 91 92 ¹@|ò´Jon?«!I.0‘’
01D0: 5B 0D DF F0 98 9D 62 58 9A 4F 23 06 1A 2C DB 41 [.ßð˜bXšO#..,ÛA
01E0: CF 34 3D 89 46 EB 39 02 81 9A 81 57 AC B2 B2 BF Ï4=‰Fë9.šW¬²²¿
01F0: 58 7F 84 CF D6 7B FE 91 DB 9A FB BF A3 01 FC B5 X•„ÏÖ{þ‘Ûšû¿£.üµ
0200: 7B C5 12 64 BC 3A 75 8E DF 57 04 B6 A1 69 18 A6 {Å.d¼:uŽßW.¶¡i.¦
0210: 6F E4 E8 67 78 42 B9 08 0E 5C D1 CF 7E E2 FD 7A oäègxB¹..\ÑÏ~âýz
0220: A7 AC 3B 4E 41 39 3F A2 D5 14 B9 76 1A 22 A5 FD §¬;NA9?¢Õ.¹v."¥ý
0230: 80 9A 21 06 D9 9B 40 6A 1C 5B E7 A7 F9 97 7A 98 €š!.Ù›@j.[ç§ù—z˜
0240: 8B AA 1A 37 54 1C D7 D3 8D B0 64 88 AE C8 0E 0A ‹ª.7T.×Ó°dˆ®È..
0250: 9C D3 18 17 7B C1 09 DB 87 68 EA 57 1F 38 4E 45 œÓ..{Á.Û‡hêW.8NE
0260: 7F 80 08 B8 05 5A 6B 4B 82 98 F8 83 B5 1D 72 40 •€.¸.ZkK‚˜øƒµ.r@
0270: 12 A8 F5 DD 87 8D 58 50 40 BF E5 2C 5C 00 61 22 .¨õ݇•XP@¿å,\.a"
0280: B4 8B 14 E9 13 2E B2 61 75 77 7B 9F 74 B8 F7 3F ´‹.é..²auw{Ÿt¸÷?
0090: E0 38 6F F8 31 CE 18 5B 17 BA F0 47 83 EE D7 7C à8oø1Î.[.ºðGƒî×|
00A0: F9 CD 37 C9 9A AD D1 FF 12 8D 27 9F 03 7D F4 41 ùÍ7ÉšÑÿ.'Ÿ.}ôA
00B0: A8 3B 9C F8 C4 5E 80 F3 2D AF 6F 20 F1 81 7E 07 ¨;œøÄ^€ó-¯o ñ•~.
00C0: 74 E4 0C E8 C0 2A FA D7 BD 22 18 FF BA DB F1 E1 tä.èÀ*ú×½".ÿºÛñá
00D0: 5D AB 8A 0A CC A1 6C 72 FB 8A 5E 8A 13 5B EC 2F ]«Š.Ì¡lrûŠ^Š.[ì/
00E0: A8 8A 55 93 F4 56 CF A4 2E 84 23 1D 7B 8E 4F 54 ¨ŠU"ôVϤ.„#.{ŽOT
00F0: 4D AF 58 F9 FF FA 1F 9C 9D F4 A8 5D 2B 2E FA 12 M¯Xùÿú.œ•ô¨]+.ú.
00E0: 09 06 05 2B 0E 03 02 1A 05 00 04 14 27 E2 34 FF ...+........'â4ÿ
00F0: D1 99 2F 8A A8 56 F0 54 B5 A7 6D 81 A5 80 FA 42 Ñ™/Š¨VðTµ§m¥€úB
LMKs provide separation between different types of keys to ensure that keys can be used
only for their intended purpose. Thales payment HSMs support two types of LMK, both of
which provide key separation:
Variant LMKs. These are double- or triple-length Triple-DES keys and provide
key separation by encrypting different types of key with different variants of the
LMK. Double-length Variant LMKs have been in use for many years, and are the
most widely used type of LMK. Triple-length Variant LMKs were introduced for
later versions of the payShield 9000. Chapter 7 – Variant LMK Key Scheme
describes Variant LMKs in more detail.
Key Block LMKs. These are either triple-length Triple-DES keys, or 256-bit AES
keys, and key separation is provided by parameters in the key block which govern
characteristics such as usage and exportability of the protected key. Key Block
LMKs are newer technology than Variant LMKs and so are still less widely used,
but provide security benefits. Chapter 8 – Key Block LMK Key Scheme describes
Key Block LMKs in more detail.
Multiple LMKs
It is possible to install multiple LMKs within a single payShield 9000. For more
information see Chapter 9.
See Chapter 1 of the payShield 9000 Host Command Reference Manual for information
on how the required LMK can be specified in Host commands.
Note:
The term "Variant LMK" refers to the 'variant' method of encrypting keys; a
Variant LMK is not itself a variant of any other key.
Keys encrypted under a Variant LMK have an associated (3-digit) Key Type Code, which
is used to enforce key separation between different types of keys. The different types of
symmetric keys available are included in the table below.
NOTE: Variant LMKs cannot be used to protect AES keys or RSA keys longer than 2048
bits.
The tables below use the same pink shading as in the payShield 9000 Host Command
Reference Manual to indicate information relating to variant keys.
Double-length key:
Left part – A6
Right part – 5A
Triple-length key:
Left part – 6A
Middle part – DE
Right part– 2B
Example 1:
Given a double-length encrypting key of: XXXX XXXX XXXX XXXX YYYY YYYY YYYY YYYY, and
a double-length key of: AAAA AAAA AAAA AAAA BBBB BBBB BBBB BBBB:
Given a double-length encrypting key of: XXXX XXXX XXXX XXXX YYYY YYYY YYYY YYYY, and
a triple-length key of: AAAA AAAA AAAA AAAA BBBB BBBB BBBB BBBB CCCC CCCC CCCC CCCC:
Variant 1 : A6
Variant 2 : 5A
Variant 3 : 6A
Variant 4 : DE
Variant 5 : 2B
Variant 6 : 50
Variant 7 : 74
Variant 8 : 9C
Variant 9 : FA
The example below demonstrates how a Local Master Key variant is calculated for key
type MK-SMI:
1. Refer to the Key Type Table to select the appropriate LMK pair for the type of key
that you wish to encrypt. For example, for key type MK-SMI, LMK 28-29 is used:
Test LMK 28-29: 1A1A 1A1A 1A1A 1A1A 1C1C 1C1C 1C1C 1C1C
2. Identify from the Key Type Table which Variant of the LMK is required. For key
type MK-SMI variant 2 is used:
Variant 2: 5A
3. Exclusive-OR the selected variant with the first byte of the LMK pair :
1A XOR 5A = 40
Replace the left-most byte of the LMK pair with the result of Step 3 and use the
resulting key to encrypt the MK-SMI:
LMK Variant 2 = 401A 1A1A 1A1A 1A1A 1C1C 1C1C 1C1C 1C1C
When the Variants are applied to the standard Double-length Variant Test LMK or Triple-
length Variant Test LMK (see later in this chapter), the left-most bytes of the sets are as
follows:
To ensure that the Left and Right parts of a double-length Triple-DES key can only
be used as such.
To ensure that the Left, Middle and Right parts of a triple-length Triple-DES key
can only be used as such.
The following variants are used for this purpose:
Double-length key:
Left part – A6
Right part – 5A
Triple-length key:
Left part – 6A
Middle part – DE
Right part– 2B
Key Scheme tags are used to identify the technique used to encrypt keys.
'U' is used to identify double-length Triple DES keys that are encrypted using the
Triple-DES variant Scheme
'T' is used to identify triple-length Triple DES keys that are encrypted using the
Triple-DES variant scheme.
The example below demonstrates how a double-length MK-SMI is encrypted using this
method. The test key to be encrypted is:
Test MK-SMI = F1F1 F1F1 F1F1 F1F1 C1C1 C1C1 C1C1 C1C1
Refer to the Key Type Table to select the appropriate LMK pair and variant for the
type of key that you wish to encrypt. For example, for key type MK-SMI, LMK 28-
29 Variant 2 is used (this is the LMK variant that was calculated in the example in
section 15):
LMK 28-29 Variant 2 = 401A 1A1A 1A1A 1A1A 1C1C 1C1C 1C1C 1C1C
Select the appropriate variants to be applied to the encrypting key. In this case
the MK-SMI is a double-length Triple-DES key, so the following variants should be
used:
To encrypt the left part of the MK-SMI – A6
To create the key with which to encrypt the left part of MK-SMI, Exclusive-OR A6
with the first byte of the right part of the LMK pair:
1C XOR A6 = BA
Use the key calculated in step 3 to encrypt the left part of the MK-SMI:
Key with which to encrypt left part of MK-SMI
= 401A 1A1A 1A1A 1A1A BA1C 1C1C 1C1C 1C1C
To create the key with which to encrypt the right part of MK-SMI, Exclusive-OR
5A with the first byte of the right part of the LMK pair
1C XOR 5A = 46
Use the key calculated in step 5 to encrypt the right part of the MK-SMI:
Key with which to encrypt right part of MK-SMI
= 401A 1A1A 1A1A 1A1A 461C 1C1C 1C1C 1C1C
The example above can be demonstrated on an HSM by using the FK console command,
with inputs as follows:
Offline-AUTH> FK <Return>
Enter key length [1,2,3]: 2 <Return>
Enter key type: 209 <Return>
Enter key scheme: U <Return>
Enter component type [X,H,T,E,S]: X <Return>
Enter number of components [1-9]: 2 <Return>
Enter component 1: 50505050505050505050505050505050 <Return>
Enter component 2: A1A1A1A1A1A1A1A19090909090909090 <Return>
Encrypted key: U 5178 C9D3 D105 2B15 BF6A EC45 8B4A 4564
Key check value: 8357D9
When the Variants are applied to the standard test LMK set (see next section), the first
bytes of the second key are as follows:
Note: the term "LMK Pair" and the associated numbering scheme is retained for historical
reasons, even though for triple-length LMKs each key is actually a triplet.
When the HSM encrypts a key component under a variant of the LMK, an additional
variant (0xFF) is applied to the first byte of the LMK. This is to prevent a single encrypted
component from masquerading as an encrypted key.
Password 1 01 01 01 01 01 01 01 01
Password 2 NOWISTHETIMEFORA
The check value for the Double-length Variant Test LMK is: 268604
Password 1 D3 CB 07 68 76 A2 07 04
Password 2 01 01 01 01 01 01 01 01
Note: the term "LMK Pair" and the associated numbering scheme is retained for historical
reasons, even though for triple-length LMKs each key is actually a triplet.
The check value for the Triple-length Variant Test LMK is: 665641
Key Key
Type Type
Key Type Code 1 Code 2 Description
ZMK 000 000 Zone Master Key (also known as ZCMK)
ZMK (Comp) 100 100 Zone Master Key Component (legacy commands only)
KML 200 200 Master Load Key (Visa Cash)
KEKr 300 300 (AS 2805) Key Encryption Key of Recipient
KEKs 400 400 (AS 2805) Key Encryption Key of Sender
ZPK 001 001 Zone PIN Key
PVK 002 002 PIN Verification Key
PVVK 002 002 (OBKM) P V V Key
TPK 002 70D Terminal PIN Key
PEK 002 70D (AS 2805) PIN Encipherment Key
Key Key
Type Type
Key Type Code 1 Code 2 Description
PEK 002 70D (LIC031) PIN Encryption Key
TMK 002 80D Terminal Master Key
KT 002 80D (AS 2805) Transaction Key
TK 002 80D (AS 2805) Terminal Key
KI 002 80D (AS 2805) Initial Transport Key
KCA 002 80D (AS 2805) Sponsor Cross Acquirer Key
KMA 002 80D (AS 2805) Acquirer Master Key Encrypting Key
TKR 002 90D Terminal Key Register
TMK1 102 102 (AS 2805) Terminal Master Key
TMK2 202 202 (AS 2805) Terminal Master Key
IKEY 302 302 Initial Key (DUKPT)
CK-ENK 30D 30D (Issuing) Card Key for Cryptograms
CVK 402 402 Card Verification Key
CSCK 402 402 Card Security Code Key
CK-MAC 40D 40D (Issuing) Card Key for Authentication
CK-DEK 50D 50D (Issuing) Card Key for Authentication
KIA 602 602 (AS 2805) Acquirer Initialization Key
TAK 003 003 Terminal Authentication Key
TAKr 103 103 (AS 2805) Terminal Authentication Key of Recipient
TAKs 103 103 (AS 2805) Terminal Authentication Key of Sender
KML 105 105 (OBKM) Master Load Key
KMLISS 105 105 (OBKM) Master Load Key for Issuer
KMX 205 205 (OBKM) Master Currency Exchange Key
KMXISS 205 205 (OBKM) Master Currency Exchange Key for Issuer
KMP 305 305 (OBKM) Master Purchase Key
KMPISS 305 305 (OBKM) Master Purchase Key for Issuer
KIS.5 405 405 (OBKM) S5 Issuer Key
KM3L 505 505 (OBKM) Master Key for Load & Unload Verification
KM3LISS 505 505 (OBKM) Master Key for Load & Unload Verification for Issuer
KM3X 605 605 (OBKM) Master Key for Currency Exchange Verification
(OBKM) Master Key for Currency Exchange Verification for
KM3XISS 605 605
Issuer
KMACS4 705 705 (OBKM)
KMACS5 805 805 (OBKM)
KMACACQ 905 905 (OBKM)
KMACACX 905 905 (OBKM)
WWK 006 006 Watchword Key
KMACUPD 106 106 (OBKM)
KMACMA 206 206 (OBKM)
KMACCI 306 306 (OBKM)
KMACISS 306 306 (OBKM)
KMSCISS 406 406 (OBKM) Secure Messaging Master Key
BKEM 506 506 (OBKM) Transport key for key encryption
BKAM 606 606 (OBKM) Transport key for message authentication
Key Key
Type Type
Key Type Code 1 Code 2 Description
KEK 107 107 (Issuing) Key Encryption Key
KMC 207 207 (Issuing) Master Personalization Key
(Issuing) Session Key for cryptograms and encrypting card
SK-ENC 307 307
messages
SK-MAC 407 407 (Issuing) Session Key for authenticating card messages
SK-DEK 507 507 (Issuing) Session Key for encrypting secret card data
KD-PERSO 507 507 (Issuing) KD Personalization Key
ZKA MK 607 607 Master key for GBIC/ZKA key derivation
MK-KE 807 807 (Issuing) Master KTU Encipherment key
MK-AS 907 907 (Issuing) Master Application Signature (MAC) key
ZAK 008 008 Zone Authentication Key
ZAKs 108 108 (AS 2805) Zone Authentication Key of Sender
ZAKr 208 208 (AS 2805) Zone Authentication Key of Recipient
BDK-1 009 009 Base Derivation Key (type 1)
MK-AC 109 109 Master Key for Application Cryptograms
MK-SMI 209 209 Master Key for Secure Messaging (for Integrity)
MK-SMC 309 309 Master Key for Secure Messaging (for Confidentiality)
MK-DAC 409 409 Master Key for Data Authentication Codes
MK-DN 509 509 Master Key for Dynamic Numbers
BDK-2 609 609 Base Derivation Key (type 2)
MK-CVC3 709 709 Master Key for CVC3 (Contactless)
BDK-3 809 809 Base Derivation Key (type 3)
BDK-4 909 909 Base Derivation Key (type 4)
ZEK 00A 00A Zone Encryption Key
ZEKs 10A 10A (AS 2805) Zone Encryption Key of Sender
ZEKr 20A 20A (AS 2805) Zone Encryption Key of Recipient
DEK 00B 00B Data Encryption Key
TEK 00B 00B (AS 2805) Terminal Encryption Key
TEKs 10B 10B (AS 2805) Terminal Encryption Key of Sender
TEKr 10B 10B (AS 2805) Terminal Encryption Key of recipient
TEK 30B 30B Terminal Encryption Key
RSA-SK 00C 00C RSA Private Key
HMAC 10C 10C HMAC key
RSA-PK 00D 00D RSA Public Key
TPK 002 70D Terminal PIN Key
PEK 002 70D (AS 2805) PIN Encipherment Key
TMK 002 80D Terminal Master Key
KT 002 80D (AS 2805) Transaction Key
TK 002 80D (AS 2805) Terminal Key
KI 002 80D (AS 2805) Initial Transport Key
KCA 002 80D (AS 2805) Sponsor Cross Acquirer Key
KMA 002 80D (AS 2805) Acquirer Master Key Encrypting Key
TKR 002 90D Terminal Key Register
IKEY is also known as IPEK.
Notes:
1 This Key Type Code column applies when the security setting "Enforce key
type 002 separation for PCI HSM compliance" has a value of ‘N’ – i.e. key
separation is not PCI HSM complaint.
2 This Key Type Code column applies when the security setting "Enforce key
type 002 separation for PCI HSM compliance" has a value of ‘Y’ – i.e. key
separation is PCI HSM complaint.
(OBKM) For use with Optional License HSM9-LIC004
For a list of permissions associated with these key types, see the Key Type Table below.
Errors are reported when an action breaks the rules imposed by the table. For example:
The Key Type table is automatically modified dependent on the value of the Security
Setting "Enforce key type 002 separation for PCI HSM compliance": a setting of 'N'
indicates non-compliance with the requirements of PCI HSM, and a setting of 'Y' indicates
compliance with the key separation requirements of PCI HSM.
Key Type Table 1 - "Enforce key type 002 separation for PCI HSM compliance" set to ‘N’
(i.e. key separation is not PCI HSM compliant)
IKEY is also known as IPEK.
PCI Compliant
Variant 0 1 2 3 4 5 6 7 8 9
LMK G E I G E I G E I G E I G E I G E I G E I G E I G E I G E I
Pair Code
ZMK
ZMK KML KEKr1 KEKs1
04 – 05 00 (Comp)
A U A U U A U U A U U A U
ZPK PEK4a Auth
06 – 07 01 ZKA MK Para1
U A U
PVK
CVK
PVVK2 TMK11 TMK21 IKEY KIA1 PPASN1
14 – 15 02 CSCK
ZKA MK
U A U U A U U A U U A U U A U U A U
1 1
TAK TAKs TAKr
16 – 17 03
U A U U A U U A U
DTAB IPB
18 – 19 04
Key Type Table 2 - "Enforce key type 002 separation for PCI HSM compliance" set to ‘Y’
(i.e. key separation is PCI HSM compliant)
IKEY is also known as IPEK.
Notes
1. For optional AS2805 License (HSM9-LIC003)
2. For optional Europay Security Platform (OBKM) License (HSM9-LIC004)
3. For optional EMV-based Card data Preparation License (HSM9-LIC016), General
Purpose Card Personalization License (HSM9-LIC018), MULTOS Card Data
Preparation License (HSM9-LIC023)
4. For use with Optional License HSM9-LIC031
a. Where Source PEK Type = 0
The payShield 9000 HSM provides a set of commands for key generation, key export and
key import. An export command is one that translates a key from LMK encryption to
encryption under a ZMK or an RSA public key, for sending to another party. Import is the
reverse, for receiving keys and translating to local storage. The Key Type Table controls
'permitted actions' for the console and host commands used to generate, import and
export keys.
Errors are reported when an action breaks the rules imposed by the table. For example:
The table above shows the actions that can be applied to each specific LMK pair. For each
key type, the 3 boxes below the key type refer, from left to right, to:
Each of these 3 boxes contains one of the following entries to define permissions:
When using a Key Block LMK, working keys are encrypted as a Thales key Block.
Two types of Thales Key Block LMKs are supported in the payShield 9000:
DES Key Block LMK – based on a triple-length 3-DES key. This key provides a
security strength of 112-bits, and can be used to protect subordinate DES, TDES,
RSA (up to 2048 bits), and HMAC keys.
AES Key Block LMK – based on a 256-bit AES key. This key provides a security
strength of 256-bits, and can be used to protect subordinate AES, DES, TDES,
RSA & HMAC keys.
Notes:
The term "Key Block LMK" refers to the 'key block' method of encrypting keys; a
Key Block LMK is not itself stored in key block form.
AES key block LMKs must be used to protect AES keys and RSA keys longer than
2048 bits.
The tables in this chapter use the same blue shading as in the payShield 9000
Host Reference Manual to indicate information relating to keys encrypted using
key blocks LMKs.
The main difference between the Thales and TR-31 Key Blocks is that the TR-31 Key
Block is less flexible in terms of Header values and supports only a small number of types
of Optional Header blocks.
The TR-31 Key Block allows key exchange between HSMs from multiple vendors which
have implemented the TR-31 specification
The Thales Key Block is a superset of the TR-31 Key Block, and can also be used for the
secure exchange of keys between HSMs. However, because the Thales Key Block
includes proprietary extensions it can be used to transfer keys only between Thales
payment HSMs (i.e. the payShield 9000 and HSM 8000).
The Thales and TR-31 Key Blocks can be supported and utilized independently of one
another. The combination of Thales and TR-31 Key Blocks defines a "trusted" HSM
environment, in which key manipulation is practically infeasible.
This chapter discusses Thales Key Blocks: further information on TR-31 key blocks can be
found in Chapter 11.
a 16-byte (clear) Key Block Header, which defines the key usage (e.g. Visa PVV) and mode of use (e.g.
verification only), the algorithm with which the key is used (e.g. AES 256-bit) and the limitations on the
exportability of the key (e.g. no export permitted); the Header also identifies the LMK used to encrypt
the key in the Key Block;
a (clear) Optional Header block, which can be used (for example) to define the period of validity of the
key contained in the Key Block;
the Encrypted Key Data, which includes the actual key itself, encrypted under the "encryption variant"
of the identified LMK;
a Key Block Authenticator, calculated using the "authentication variant" of the identified LMK; the use
of the Authenticator prevents unauthorized modification to the Key Block.
The next 4 sections describe Key Block Headers, Optional Headers, Encrypted Key Data,
and Authenticators.
TR-31
Value Hex Algorithm Description
KB
TR-31
Value Hex Algorithm Description
KB
TR-31
Value Hex Algorithm Description
KB
IKEY is also known as IPEK.
Algorithm (Byte 7)
Byte 7 of the Header defines the cryptographic algorithm with which the key contained in
the key block will be used. The following values are defined, although only four of these
values are currently supported:
B X'42 The key may be used to perform both encrypt and decrypt
operations.
C X'43 The key may be used to perform MAC calculation (both generate &
verify) operations.
D X'44 The key may only be used to perform decrypt operations.
E X'45 The key may only be used to perform encrypt operations.
G X'47 The key may only be used to perform MAC generate operations.
N X'4E No special restrictions apply.
S X'53 The key may only be used to perform digital signature generation
operations.
V X'56 The key may only be used to perform digital signature verification
operations.
X X'58 The key may only be used to derive other keys.
The "C", "G" and "V" field values will apply to HMAC keys, as well as "ordinary" MAC
keys.
The mode of use corresponding to the above values will be extended to include other key
usage, as follows:
For example, if, in a particular key block, bytes 5-8 have the values "11TV", this
indicates that the key in the key block is a 3-DES key that can only be used for the
verification of American Express CSCs. Similarly, if bytes 5-8 have the values "52TE"
then the key in the key block is a 3-DES ZMK that can only be used for key export and if
bytes 5-8 have the values "01DN" then the key is a single-length WatchWord key that
can be used for both response generation and verification.
Value
Hex Key Version Number
(byte 9) (byte 10)
0 0 X'3030 Key versioning is not used for this key
A "c" in byte 9 indicates that the key carried in
c Any X'6300
the key block is a key component.
Any other combination of The version of the key or key component carried
printable characters in the key block
Note:
If byte 9 is set to "c" then byte 10 will be used to indicate the component number.
For example, if bytes 9-10 = "c2" (X'6332) then this indicates that the key in the
key block is the second component of a key. Note, however, that this gives no
information regarding the total number of key components.
"Sensitive" export includes, for example, when a Key Block LMK is used and the key is
exported in ANSI X9.17 format. Export in X9.17 format is disabled by default in the
payShield 9000 security settings and must be specifically enabled (e.g. via the CS
console command) if required.
Note: When a key block is exported in a Thales or TR-31 Key Block format, byte 11 in
the exported key block dictates how further export must be handled by the recipient of
the key block. Hence, if the received byte 11 has value "E" then further "trusted" export
is permitted, but if byte 11 has value "N" then no further export will be permitted. Such
considerations must be taken into account when the key is initially generated. It will be
possible to change the value of byte 11 from "E" or "S" to "N" (so that no further export
will be permitted), via an optional field at the end of the command message.
Bytes 12-13 of the Header specify the number of Optional Header Blocks in the key
block. A value of "00" (X'3030) indicates there are no optional blocks. A value of "12"
(X'3132) indicates that there are 12 optional blocks.
Example
As an example, a Key Block Header of
00072V2TG22N0033
indicates:
Optional Header
An Optional Header Block has the following structure:
Thus the maximum length of an Optional Header block is 255 bytes (and the minimum
length is 4 bytes). The overall length of all the Optional Header Blocks must be a multiple
of the encryption block length (8 bytes in the case of 3-DES), which is achieved (if
necessary) by the inclusion of a "Padding" block that must be the last Optional Header
Block.
Note: In theory, a Key Block may have a maximum of 99 optional blocks. In practice,
however, a Key Block may not possess more than one optional block with the same
identifier. If a key block (Thales or TR-31) contains more than one Optional Header Block
with the same identifier then the HSM will return an error:
BC – Repeated optional block
This error will be returned if any attempt is made to use a host command to generate,
import or export such a key block.
Optional
Header
Hex Field Name Comments
Block
ID
KS X'4B53 Key Set Identifier See examples in Annex E of ANSI X9.24-1
Used to define the version of the set of key
block field values and that the key block
KV X'4B56 Key Block version contains provisional values not yet
approved by ANSI. This field must contain
4 printable ASCII characters.
Used to ensure that the overall length of
the Optional Header Blocks is a multiple of
the encryption block length; the data field
PB X'5042 Padding block
is filled with readable (random) ASCII
characters; if used, the Padding block must
be the last Optional Header Block.
Key status; permitted values:
"E" (Expired)
"L" (Live)
"P" (Pending)
00 X'3030 Key Status
"R" (Revoked)
"T" (Test)
See notes below on permitted Key Status
transitions.
Algorithm and mode used to encrypt the
Key Data in the key block; only permitted
01 X'3031 Key Block Encryption
value:
"00" (current mechanism).
Algorithm and mode used to authenticate
Key Block
02 X'3032 the key block; only permitted value:
Authentication
"00" (current mechanism).
Date and time from which the key block is
03 X'3033 Start Date/Time valid; format:
YYYY:MM:DD:HH
Date and time after which the key block is
04 X'3034 End Date/Time invalid; format:
YYYY:MM:DD:HH
Any combination of printable characters; a
05 X'3035 Text
zero length data field will not be permitted
The "KS", "KV" and "PB" optional blocks are inherited from the TR-31 standard, but the
remaining optional block types are proprietary to the Thales key block. The "01" and "02"
optional blocks are for future-proofing, in the event that the LMK is changed to another
algorithm (as happened with AES).
For example, a key block that contains a "live" key could have an Optional Header Block
structure as follows (the space is to aid readability and is not part of the Optional Header
Block):
0005L PB0Brrrrrrr
In this case, the "Number of Optional Blocks" field in the key block header (bytes 12-13)
will contain the value "02" (X'3032).
The Padding block (containing 7 random padding characters in this case) is required to
ensure that the total length of the Optional Header Block is a multiple of 8 bytes. Note
that any optional block must be at least 4 bytes in length.
Notes:
The order in which optional blocks appear in a key block is immaterial, except that
"PB" Padding block must be the last optional block.
Optional Header Blocks with identifiers "01" and "02" will not normally be used,
but are included in the event that multiple encryption and authentication modes
may be required in the future. If they are used then they must have data value
"00".
Revoked
Notes:
A security setting (e.g. in the CS console command) allows users to ensure that all
double-length keys in Thales Key Blocks are padded with an additional 8 bytes of random
values to disguise the length of the key. If this option is not selected then the minimum
padding necessary will be applied in all cases.
Note:
The minimum padding necessary for AES, RSA and HMAC keys will always be
applied, regardless of this security setting.
Authenticator
The key block Authenticator ensures the integrity of the key block, and is calculated over
the Header, Optional Header Blocks and the Key Data. The authentication algorithm
used depends on the specific Key Block LMK being used:
When using a DES Key Block LMK, the key block Authenticator is calculated using
a 3-DES CBC-MAC, with a zero IV. (No padding is required, as the data to be
authenticated is always a multiple of 8 bytes in length.) The leftmost 4 bytes of
the result will be used as the Authenticator. The authentication key will be a
variant of the LMK.
When using an AES Key Block LMK, the key block Authenticator is calculated using
an AES CMAC over the clear key block. The leftmost 8 bytes of the result will be
used as the Authenticator. The authentication key will be cryptographically
derived from the LMK.
Note: The Key Scheme Tag "S" is not included in the authenticated data.
LMK 01 23 45 67 89 AB CD EF 80 80 80 80 80 80 80 80 FE DC BA 98 76 54 32 10
Password 1 89 89 89 89 89 89 89 89
Password 2 THEQUICKBROWNFOX
LMK 9B 71 33 3A13 F9 FA E7 2F 9D 0E 2D AB 4A D6 78 47 18 01 2F 92 44 03 3F
3F 26 A2 DE 0C 8A A1 1A
Online>
Online>
In the above example, the Key Usage value "B0" indicates that the key is a BDK and the
Mode of Use value "N" means that there are no specific restrictions on the use of the key.
Host Commands
Host Command Examples
The document payShield 9000 Host Command Examples includes examples of Host
Commands and Responses when key block LMKs are being used.
Error Codes
Implementation of Key Blocks is a complex matter, so a large number of error codes are
provided to aid development and testing. For example:
The payShield has the capability of Multiple LMKs, such that up to 20 LMKs of different
types can be in use at any one time. Each LMK can be managed by a separate security
team, allowing a single payShield 9000 to be used for multiple purposes – such as
different applications or different clients.
Multiple LMKs
The LMK mechanism is simple, easy to understand and secure, but it does have some
limitations. In particular, the use of a single LMK within an HSM (or cluster of HSMs)
means that it is not possible to achieve cryptographic isolation of applications that are
calling the HSM. This may breach the requirements of some PCI security standards and
may be a cause for other concerns. For example:
In a bureau situation, there is generally a need to support keys from many different
clients, yet maintain cryptographic isolation of such keys; the use of multiple LMKs is
one way to achieve this;
Some users may wish to use the HSM in both a live operational environment and a
test or development environment (not recommended, but may be a necessity in some
cases).
The availability of Multiple LMKs also makes it easier to migrate operational keys from an
old LMK to a new one. Such LMK migration should be performed every few years for
security purposes, but may also be necessary for operational reasons – for example
when upgrading from double- to triple-length Variant LMKs or from Variant LMKs to Key
Block LMKs.
Although the payShield 9000 allows for changing the LMK, it means that all operational
keys need to be translated from encryption under the old LMK to encryption under the
new LMK before they can be used. A "big bang" approach typically requires very careful
planning and coordination, with possible downtime or need for additional HSM capacity.
As a consequence, some HSM users are reluctant to change the LMK.
The use of multiple LMKs allows users to adopt a phased approach to LMK change. LMK
migration is described in Chapter 10.
Additional optional licenses can be added to the payShield 9000 to enable use of up to 20
LMKs, of any mix of Variant and Key Block LMKs, on a single payShield 9000.
Equivalent functionality when using payShield Manager is found under Operational / Local
Master Keys.
LMK Loading
When the LMK is loaded into the HSM by forming it from components (e.g. using the
console LK console command), the LMK identifier is entered so that the LMK can be
stored in the correct "slot" in secure memory. It is important to note that the identifier is
only defined when the LMK is loaded.
Secure> LK <Return>
Enter LMK id: 02 <Return>
Enter comments: Live LMK for PQR Bank <Return>
LMK in selected location must be erased before proceeding.
Erase LMK? Y <Return>
Load LMK from components
Insert card and enter PIN: ******** <Return>
Check: 012345
Load more components? [Y/N]: Y <Return>
…
…
Check: 396723
Load more components? [Y/N]: N <Return>
LMK id: 02
LMK key scheme: Key block
LMK algorithm: 3DES (3key)
LMK status: Live
Comments: Live LMK for PQR Bank
Confirm details? [Y/N]: Y <Return>
…
Secure>
Equivalent functionality when using payShield Manager is found under Operational / Local
Master Keys.
Equivalent functionality when using payShield Manager is found under Operational / Local
Master Keys.
Once the old and new LMKs are loaded in the correct locations, migration of keys from
old to new LMK (and from variant to key block, if required) can take place. The same
mechanism can be used to provide a phased migration of keys from one LMK to another.
In this case, the "old" key may continue to be used as an operational LMK at the same
time as keys are migrated to encryption under a new LMK. This mechanism allows, for
example, existing keys for different applications to be cryptographically isolated from
each other. For more detail, see Chapter 10.
Authorization
Authorization is required to enable certain console and host commands to be executed.
Either the whole HSM can be put into Authorized State, which enables all commands
requiring authorization to be executed. Alternatively, the HSM can be configured to
support Multiple Authorized Activities: in this mode, authorization can be applied to
individual activities or groups of activities.
In order to set authorization, two smartcard holders must authenticate themselves to the
HSM by presenting the smartcards and entering the smartcards’ PINs. These PINs are set
up when the smartcards are formatted (e.g. by using the FC console command).
With multiple LMKs, each LMK will have its own authorizing smartcards and PINs. This
means that commands can be authorized for a specific LMK. So, for example, in the
previous section when using the LO command for loading an "old" LMK in key change
storage, LMK with identifier=02 has been specified: authorization requires the use of the
authorization smartcards and PINs used when setting up LMK 02 and so only permits the
old LMK to be loaded in key change storage slot 02.
This technique provides for highly granular control over sensitive LMK operations. The A
console command can be used to see which activities have been authorized:
Online> A <Return>
Enter LMK id: 03 <Return>
No activities are authorized for LMK id 03
List of authorizable activities:
…
…
The following activities are pending authorization for LMK id 03:
pin.mailer
First Officer:
Insert card for Security Officer and enter the PIN: ******** <Return>
Second Officer:
Insert card for Security Officer and enter the PIN: ******** <Return>
The following activities are authorized for LMK id 03:
pin.mailer
Online-AUTH>
In this example, only PIN mailer printing is authorized and then only for the LMK with
identifier 03. Equivalent functionality when using payShield Manager is found under
Operational / Local Master Keys.
LMK table
From a management perspective, it is important to know which LMKs have been loaded
into the HSM (and in which locations). This information can be displayed using the VT
console command:
Online> VT <Return>
LMK table:
ID Authorized Scheme Algorithm Status Check Comments
00 Yes(1H,1C) Variant 3DES(2key) Test 268604 For RST Bank
01 No Key block 3DES(3key) Test 999999 For XYZ Bank
02 Yes(4H,0C) Key block AES-256 Live 324365 For PQR Bank
03 Yes(0H,1C) Key block AES-256 Live 963272 Mngmnt LMK
Online>
As can be seen, details of operational LMKs and any LMKs that have been loaded into key
change storage are displayed. The second column of the LMK table indicates whether any
activities are authorized for that LMK and, if so, how many ("H" = Host commands, "C" =
Console commands).
Equivalent functionality when using payShield Manager is found under Operational / Local
Master Keys.
Deleting LMKs
With multiple LMKs in the HSM, it is necessary to be able to delete individual LMKs from
the HSM’s memory without deleting any other LMK. This is achieved using the DM
console command:
Secure-AUTH> DM <Return>
Enter LMK id: 01 <Return>
Secure>
As can be seen from the above example, if an LMK is deleted then any LMK in the
corresponding "slot" in key change storage is also deleted.
Similarly, individual LMKs that have been loaded into key change storage may be deleted
without deleting the live LMK by using the DO console command.
Equivalent functionality when using payShield Manager is found under Operational / Local
Master Keys.
Console Commands
For console commands, the user will simply be required to enter the LMK identifier. For
example:
Online> CK <Return>
Enter LMK id: 03 <Return>
Enter key block: S 0xxxxxxxxxxxxx03xx………xxxxx <Return>
In the above example, the LMK with identifier 03 is a key block LMK and the command
returns the check value for the key contained within the key block. Note that the key
block itself also includes the identifier of the LMK used to encrypt and authenticate the
key block, in bytes 14-15. If this value does not agree with the value entered by the user
then an error message will be displayed.
Host Commands
For host commands, the situation is somewhat more complicated and a number of
mechanisms can be used to indicate which LMK to use in the processing of the command.
Default LMK
One particular LMK is identified as the "default" LMK and, in the absence of any other
indication in the command message, it is assumed that the default LMK is being used.
The principal benefit of this mechanism is that it provides a backwards-compatibly for
host applications written without consideration of the multiple LMK capability.
The identifier for the default LMK (which may be the same as the management LMK – see
below) is defined using the CS console command ("Configure Security") or Configuration
/ Security Settings / General in payShield Manager.
Management LMK
One LMK is designated as the "management" LMK and is required for a small number of
host commands, mainly associated with the HSM’s audit functions.
The identifier for the management LMK (which may be the same as the default LMK
discussed above) is defined using the CS console command ("Configure Security") or
Configuration / Security Settings / General in payShield Manager.
If there is a "mis-match" between the LMK identifiers in a command then the HSM will
return an error. This could happen, for example, if:
host commands directed to the Well-Known Port will use the Default LMK;
host commands directed to [Well-Known Port +1] will automatically use LMK Id
00;
host commands directed to [Well-Known Port +2] will automatically use LMK Id
01;
more generally, host commands directed to [Well-Known Port + n, where n1] will
automatically use LMK Id [n-1].
The situation for an HSM using the default Well-Known Port value of 1500 is summarized
in the table below:
The identification of the required LMK by using the TCP Port number is normally
overridden by LMK identifiers explicitly specified in host commands or key blocks.
However, the payShield 9000 security settings can specify that the TCP port number can
override LMK identifiers in host commands (e.g. the Enforce host port override for LMK
use? setting in the CA console command).
Card schemes are requesting that customers change their master keys every 2
years.
Adoption of Key Block LMKs, with their added security, requires a migration from
Variant LMKs.
This chapter outlines the migration process.
Multiple LMKs
By default, the payShield 9000 is delivered with the ability to install 1 or 2 LMKs. If 2
LMKs are installed, one must be a Variant type and one must be a Key Block type (see
below).
It is also possible to purchase optional licenses for the payShield 9000 to allow up to 20
LMKs to be installed at the same time:
License Description
HSM9-LIC001 Two concurrent LMKs can be installed; however, one
(standard license) must be a Variant LMK, and the other a Key Block LMK.
HSM9-LIC012 LMK x 2 Two concurrent LMKs can be installed; they can be any
(optional license) combination of Variant and Key Block LMKs.
HSM9-LIC013 LMK x 5 Five concurrent LMKs can be installed; they can be any
(optional license) combination of Variant and Key Block LMKs.
HSM9-LIC021 LMK x 10 Ten concurrent LMKs can be installed; they can be any
(optional license) combination of Variant and Key Block LMKs.
HSM9-LIC022 LMK x 20 Twenty concurrent LMKs can be installed; they can be
(optional license) any combination of Variant and Key Block LMKs.
LMK Live storage. Transaction processing and other LMK functions can make use
only of LMKs in Live storage.
Key Change storage. LMKs in Key Change storage cannot be used for any purpose
other than as part of the LMK migration process. Where multiple LMKs are
deployed, there is one Key Change storage "slot" for each LMK in the Main
storage.
The new LMK (which has not yet been deployed for live operation) is loaded into
Live storage, and the old LMK (which is still being used for live processing) is
loaded into Key Change storage using the LO console command (as described
later). This is the original method that was available on the payShield 9000. It
means that the payShield 9000 being used for migration cannot be used to
process transactions until the LMK migration process is completed and the new
LMK comes into operational use, but it is then immediately ready to process
transactions because the new LMK is already loaded in Live storage.
The old LMK (still being used for live operation but about to be obsoleted) is left in
Main Live, and the new LMK (which has not yet been deployed for live operation)
is loaded into Key Change storage using the LN console command (as described
later). This is a more recent option and means that the payShield 9000 can
continue processing transactions using the current LMK at the same time as it is
used for migrating keys to the new LMK. On the other hand, when the new LMK is
ready to go live, the new LMK must be loaded into Live storage before any
transactions can be processed.
The steps needed to migrate from an old LMK to a new LMK are:
1. Create smartcards with components for the new LMK.
2. Load the new LMK (from components cards) into either LMK Live storage or LMK
Key Change storage.
3. Either:
leave the old LMK in LMK Live storage and load the new LMK (from
component cards) into LMK Key Change storage, or
load the new LMK (from component cards) into LMK Live storage and load
the old LMK (from components cards) into LMK Key Change storage in the
same HSM.
4. Re-encrypt the operational keys from the old LMK to the new LMK and hold these
in a pending new key database.
5. Re-encrypt PINs from the old LMK to the new LMK and hold these in a pending
new PIN database.
6. Re-encrypt decimalization tables from the old LMK to the new LMK and hold these
in a pending new decimalization table database.
7. If the new LMKs have been loaded into Key Change storage, re-load them into
Live storage.
8. Make the pending key/PIN/decimalization table databases the live databases.
The first stage, therefore, is to create smartcards which have the components for the
new LMK. These components have completely random values, and are created on any
payShield 9000.
Each component must be held by a different security officer, and access to the
component cards must be securely controlled (e.g. by storing the card securely and
requiring security officers to check the cards out and in).
All component cards are required to load (or form) an LMK, and so loss of any card or
absence of a card holder prevents the LMK being loaded (or re-loaded at a later date if
necessary). Therefore at least one backup should be made of each component card.
Note that the terms "LMK card" and "LMK component card" are interchangeable. Only
LMK components are ever written to cards - the whole LMK is never written to a card.
HSM LMK cards - using the card reader built into the HSM. This type of card is
created and used by operators using a console and the HSM card reader.
payShield Manager RLMK cards - created by operators using payShield Manager
and the card reader attached to the remote management PC.
The principles are the same for both types of card, although the detail of the processes is
different. The two types of card are incompatible, although either type of card can be
created from the other.
Cards which have been used previously and are no longer required can be re-formatted
to enable the new components to be written to them. Do not re-format the
component cards for the old LMK that you are about to migrate from - you will
be needing them !
Each component holder should format their own card plus at least one backup per
component.
HSM LMK smartcards are formatted using the FC console command (described in the
payShield 9000 Console Reference Manual).
Various warnings and errors may be reported during this process. These are easy to
understand, and appropriate responses should be made.
The new LMK now needs to be installed into either LMK Live storage or LMK Key Change
storage depending on the approach being taken – see the section on Overview of the
LMK Migration Process.
The new LMK can be loaded using a Console or payShield Manager.
The smart cards used must be HSM cards - not cards created for payShield Manager.
To migrate keys from encryption under an old (current) LMK to encryption under the new
LMK, we also need to have the old LMK into the HSM. The old LMK can be left in LMK
Lives storage or loaded into LMK Key Change Storage, depending on the approach being
taken – see the section on Overview of the LMK Migration Process.
If the old LMK is to be loaded into Key Change Storage, this can be done using a Console
or payShield Manager.
The payShield 9000 must be in Secure state. In addition, the HSM must be in Authorized
state. If multiple authorized states is enabled, the activity category is admin (with no
sub-category), and the console interface should be selected.
The use of the LO console command is the same as for the LK console command
mentioned previously, except that no existing LMK needs to be erased and so you will
not be prompted to confirm an erasure.
After loading the old LMK, the HSM should be returned to Online state by turning the
physical keys.
takes each operational key (encrypted under the old LMK) from the old key
database
sends the encrypted key to the HSM using the BW host command.
Receives the BX response from the HSM containing the operational key encrypted
under the new LMK.
Puts the operational key encrypted under the new LMK into the new key database.
The BW host command automatically adapts its processing depending on where the old
and new LMKs are stored:
If the old LMK was loaded into Key Change storage (e.g. the LO console command
was used), then keys and data are re-encrypted from encryption under the (old)
LMK in Key Change storage to encryption under the (new) LMK in Live storage.
If the new LMK was loaded into Key Change storage (e.g. the LN console
command was used), then keys and data are re-encrypted from encryption under
the (old) LMK in Live storage to encryption under the (new) LMK in Key Change
storage.
The table below indicates the structure of the BW host command when it is used in this
way.
Length &
Field Type Notes
Message Header mA This field contains whatever the user wants. The
length of the field is defined using the CH console
command or Configuration / Host Settings in
payShield Manager. It is subsequently returned
unchanged in the response to the host.
Key Type code 2H Indicates the LMK under which the key is encrypted:
'00' : LMK pair 04-05 (Key Type 000)
'01' : LMK pair 06-07 (Key Type 001)
'02' : LMK pair 14-15 (Key Type 002)
'03' : LMK pair 16-17 (Key Type 003)
'04' : LMK pair 18-19 (Key Type 004)
'05' : LMK pair 20-21 (Key Type 005)
'06' : LMK pair 22-23 (Key Type 006)
'07' : LMK pair 24-25 (Key Type 007)
'08' : LMK pair 26-27 (Key Type 008)
'09' : LMK pair 28-29 (Key Type 009)
'0A' : LMK pair 30-31 (Key Type 00A)
'0B' : LMK pair 32-33 (Key Type 00B)
'10' : Variant 1 of LMK pair 04-05 (Key Type 100)
'42' : Variant 4 of LMK pair 14-15 (Key Type 402)
'FF' : Use this value where the key type is specified
after the first ‘;’ delimiter below. This allows key
types other than those listed above to be specified.
Key Type 3H Where ‘FF’ was entered for Key Type Code, this is
the 3-digit key type code of the key being translated.
For a list of key type codes, see the appropriate table
of Key Type Codes in Chapter 4 of the payShield
9000 General Information Manual.
Length &
Field Type Notes
Key Scheme 1A Optional. Key scheme for encrypting key under LMK
(LMK) (or '0' (zero) ). For a list of key schemes, see the
Key Scheme Table at Appendix C of the payShield
9000 General Information Manual.
LMK Identifier 2N Where the user is using multiple LMKs on the same
HSM, this allows the ID of the LMK being migrated to
be selected. Minimum value = '00'; maximum value
is defined by licence. This field must be present if the
above Delimiter is present. If the field is not present,
then the default LMK will be used.
Length &
Field Type Notes
Length &
Field Type Notes
Key 16/32 H The resulting key, re-encrypted under the new LMK.
or
1A+
32/48 H
The BW host command already described for Variant LMK Variant LMK migration can
also be used for Variant LMK Key Block LMK migration. When used for this purpose,
the BW command and BX response are modified as indicated below.
Note that it is not possible to migrate from:
Length &
Field Type Notes
Key Usage 2A The required key usage for the key encrypted under
the Key Bock LMK. This information is included in the
Key Block header and should be determined using the
Key Usage Table in Chapter 5 of the payShield 9000
General Information Manual. This field determines
type of the operational key (e.g. RSA private key,
BDK, ZEK), and enforces key separation.
Mode of Use 1A The required mode of use for the key encrypted under
the Key Bock LMK. This information is included in the
Key Block header, and should be determined using
the Mode of Use Table in Chapter 5 of the payShield
9000 General Information Manual. This field
determines how the operational key can be used (e.g.
encryption, decryption, MACing).
Key Version 2N A value from ‘00’ to ‘99’, for inclusion in the Key Block
Number header. Determined by the user. ‘00’ denotes that
key versioning is not in use for this key.
Length &
Field Type Notes
Length
Field & Type Notes
Response 2A Has the value 'BX'. (As for Variant LMK Variant
Code LMK)
Length
Field & Type Notes
Key 1A+ The operational key, encrypted under the new Key
nA Block LMK.
Length &
Field Type Notes
Length &
Field Type Notes
Length
Field & Type Notes
Response 2A Has the value 'BX'. (As for Variant LMK Key Block
Code LMK)
Length
Field & Type Notes
Although this can be done as a separate operation, it can be achieved at the same time
as migrating between LMKs using the BW host command by entering ‘F2’ as the Key
Type Code, and the desired destination key type in the Key Type field: see the payShield
9000 Host Command Reference Manual for further details.
For an overview of the PCI HSM standard and its relevance to payShield 9000, see
Chapter 10 of the payShield 9000 General Information Manual.
Re-encrypting PINs
Where PINs have been stored encrypted under the old LMK (in LMK Live storage or LMK
Key Change storage) these will need to be re-encrypted using the new LMK (in LMK Key
Change storage or LMK Live storage). This can be done by using the BG host command.
A host application will be required that takes each PIN from the old PIN database, re-
encrypts it using the BG host command, and stores the re-encrypted PIN into the new
PIN database.
Length &
Field Type Notes
Message Header mA This field contains whatever the user wants. The
length of the field is defined using the CH console
command or Configuration / Host Settings in
payShield Manager. It is subsequently returned
unchanged in the response to the host.
Length &
Field Type Notes
LMK Identifier 2N Where the user is using multiple LMKs on the same
HSM, this allows the required LMK to be selected.
Minimum value = '00'; maximum value is defined by
licence. This field must be present if the above
Delimiter (%) is present. If the field is not present,
then the default LMK will be used.
The BH Response
The HSM will return the following BH response to the host’s BG command:
Length &
Field Type Notes
Length &
Field Type Notes
This is achieved by having a host application which takes each decimalization table from
the old decimalization table database and re-encrypting it under the new LMK using the
LO (where "O" is the alphabetic "O for Oscar") host command (not to be confused with
the LO console command discussed earlier!) and then storing it in a new decimalization
table database. The new LMK can be in either Key Change storage or Live storage.
The structure of the LO host command is as follows:
Length &
Field Type Notes
Message Header mA This field contains whatever the user wants. The
length of the field is defined using the CH console
command or Configuration / Host Settings in
payShield Manager. It is subsequently returned
unchanged in the response to the host.
LMK Identifier 2N Where the user is using multiple LMKs on the same
HSM, this allows the required LMK to be selected.
Minimum value = '00'; maximum value is defined by
licence. This field must be present if the above
Delimiter (%) is present. If the field is not present,
then the default LMK will be used.
The payShield 9000 will return the following LP response to the host:
Length &
Field Type Notes
On the other hand, if the re-encryption of keys was done on an HSM with the new
LMK in Key Change storage, then the new LMK needs to be loaded into LMK Live
storage on all the HSMs in the system.
A total interruption of service can be avoided by a gradual switchover from the old LMK
to the new - but in this case the host applications must know whether an HSM is using
the old or new LMK and must retrieve the key or data from the appropriate database.
The use of the Multiple LMK feature of the payShield 9000 offers additional options, and
is described in the following section.
The multiple LMK feature offers a number of valuable benefits, and provides additional
flexibility to simplify the process.
Here is an example of how the multiple LMK feature can be used where the old (still Live)
LMK is in LMK Key Change storage and the new (future) LMK is in LMK Live storage:
let us take as a starting point a production system which has the live LMK at LMK
00.
LMK 00 is set up as the default LMK. This means that it is the LMK that is used by
default in host commands where no LMK is identified: this provides backwards
compatibility to applications developed before the multiple LMK facility was
introduced.
The future, new LMK is loaded as LMK 01 in LMK Live storage (see Loading the
new LMK).
The existing, "old" LMK, which is LMK 00 and is being used for production, is also
loaded into LMK Key Change Storage for LMK 01 (see Loading the old LMK.)
The BW, BG, and LO host commands can now be used to re-encrypt operational
keys, PINs, and decimalization tables from the old LMK (which is in Key Change
Storage, and also still in LMK 00 and therefore available for production) to the new
LMK, which is loaded as LMK 01. This is achieved by setting the LMK Identifier in
the host commands to a value of "01" : this must be preceded by a delimiter of
"%".
When all of the operational keys, PINs, and decimalization tables have been re-
encrypted under the new LMK, the host application can start using the new key
database when one of the following actions have been taken:
The new LMK is re-loaded on the payShield 9000 as LMK 00. Or
Host commands sent to the payShield 9000 are amended to use LMK 01 by
either:
Specifying the value "01" for the LMK identifier in host commands
(see the structure of commands in the payShield 9000 Host
Command Reference Manual). Or
Directing commands to the relevant TCP port (see the section on
Multiple LMKs in Chapter 1 of the payShield 9000 Host Command
Reference Manual).
The benefit of this approach is that there is no need to take one or more HSMs out of
productive use while the LMK migration is being performed, and therefore the key
migration using the BW host command can be spread over as many HSMs as desired.
Multiple LMKs could also be used to avoid a "big bang" switchover from old to new LMKs:
with the old LMK in one Live storage slot and the new LMK in a second Live storage slot,
individual elements of the system can be moved to the new LMK one at a time.
The LMK is deleted using the button displayed against the LMK in payShield Manager’s
Operational / LMK Operations / Key Change Storage tab. This can only be done in Secure
state. See the payShield Manager User Guide for more detailed information.
Length &
Field Type Notes
Message Header mA This field contains whatever the user wants. The
length of the field is defined using the CH console
command or Configuration / Host Settings in
payShield Manager. It is subsequently returned
unchanged in the response to the host.
LMK Identifier 2N Where the user is using multiple LMKs on the same
HSM, this allows the host to select which Old LMK is
to be deleted. Minimum value = '00'; maximum
value is defined by licence. This field must be present
if the above Delimiter (%) is present. If the field is
not present, then the default LMK will be used.
Length &
Field Type Notes
The section Loading the new LMK explains how to load the LMK to the location it is
desired, but in addition the LMK should be deleted from its temporary location. This can
be done by using one of the following methods:
Console
LMK deletion is achieved using the DM console command. This command requires Secure
state and authorization - in a multiple authorize state environment, the activity to be
authorized is admin.console.
Note that the DM console command also deletes the relevant old key in Key Change
Storage, avoiding the need to do this separately.
The LMK is deleted using the button displayed against the LMK in payShield Manager’s
Operational / LMK Operations / Local Master Keys tab. This can only be done in Secure
state. See the payShield Manager User Guide for more detailed information.
The Thales payShield 9000 supports the use of TR-31 Key Blocks. It also continues to
support the use of X9.17 because this method, although no longer meeting the needs of
standards, is still in widespread use.
This chapter describes TR-31 Key Blocks and their implementation in the Thales
payShield 9000.
a 16-byte (clear) Key Block Header, which defines the key usage (e.g. Visa PVV) and mode of use (e.g.
verification only), the algorithm with which the key is used (e.g. TDES) and the limitations on the
exportability of the key (e.g. no export permitted);
a (clear) Optional Header block, which can be used (for example) to define the key set identifier;
the Encrypted Key Data, which includes the actual key itself, encrypted under the "encryption variant"
of the wrapping key;
a Key Block Authenticator, calculated using the "authentication variant" of the wrapping key; the use of
the Authenticator prevents unauthorized modification of the Key Block.
Currently, the TR-31 standard only permits key encryption data using the DES or TDES
algorithms; the wrapping key must be a TDES key, but the key contained in the Key
Block may be a single, double or triple length key using any one of the accepted
algorithms. The standard has been designed to be sufficiently flexible so that other types
of key can be wrapped in a Key Block in the future.
The sections that follow define valid values for the fields described in the Key Block
Header.
Note: there are constant additions to the range of available values: the latest sets of
values can be found in the TR-31 report.
Corresponding
Value Definition
Thales KB Key Usage
B0 Base Derivation Key (BDK) B0, 41, 42, 43
B1 DUKPT Initial Key (IKEY) B1
C0 Card Verification Key C0, 11, 12, 13
D0 Data Encryption Key (Generic) D0, 21, 22, 23
E0 EMV/Chip card Master Key: Application E0
Cryptogram (MKAC)
E1 EMV/Chip card Master Key: Secure Messaging E1
for Confidentiality (MKSMC)
E2 EMV/Chip card Master Key: Secure Messaging E2
for Integrity (MKSMI)
E3 EMV/Chip card Master Key: Data Authentication E3
Code (MKDAC)
E4 EMV/Chip card Master Key: Dynamic Numbers E4
(MKDN)
E5 EMV/Chip card Master Key: Card Personalisation E5
E6 EMV/chip card Master Key: Other E6, 31, 32
I0 Initialization Value I0
K0 Key Encryption / Wrapping Key (Generic) K0, 51, 52
M0 ISO 16609 MAC algorithm 1 (using 3-DES) M0
M1 ISO 9797-1 MAC algorithm 1 M1
M2 ISO 9797-1 MAC algorithm 2 M2
M3 ISO 9797-1 MAC algorithm 3 M3
M4 ISO 9797-1 MAC algorithm 4 M4
M5 ISO 9797-1 MAC algorithm 5 M6
P0 PIN Encryption Key (Generic) P0, 71, 72, 73
V0 PIN Verification Key (Generic) V0
V1 PIN Verification Key (IBM 3624 algorithm) V1
V2 PIN Verification Key (Visa PVV algorithm) V2
All-numeric
Reserved for Proprietary Use
values
Note: How Key Usage codes are converted when exporting from Thales Key Block format
to TR-31 key format are also shown in Appendix C.
Algorithm (Byte 7)
Byte 7 of the Header defines the cryptographic algorithm with which the key contained in
the key block will be used. The following values are defined, although only two of these
values are currently supported:
Value Exportability
"Sensitive" export includes, for example, the case when a key is exported in ANSI X9.17
format. This type of export is disabled by default in the payShield 9000 security settings
and must be specifically enabled (e.g. using the CS console command) if required.
When a key is exported in a TR-31 Key Block format, byte 11 in the exported Key Block
dictates how further export must be handled by the recipient of the Key Block. Hence, if
the received byte 11 has value "E" then further "trusted" export is permitted, but if byte
11 has value "N" then no further export will be permitted.
Such considerations must be taken into account when the key is initially generated. It is
possible to change the value of byte 11 from "E" or "S" to "N" (so that no further export
will be permitted), via an optional field at the end of an HSM key export command
message.
Bytes 12-13 of the Header specify the number of Optional Header Blocks in the key
block. A value of "00" (X'3030) indicates there are no optional blocks. A value of "12"
(X'3132) indicates that there are 12 optional blocks.
Example
As an example, a TR-31 Key Block Header of
A0072V2TG22N0000
indicates:
a Key Block of 72 bytes,
that the key contained in the Key Block may only be used with the Visa PVV
algorithm (the "V2" field),
that it is a TDES key (the "T" field),
that it may only be used for PVV generation ("G"),
Optional Header
The Optional Header comprises a number of Optional Header blocks, each with the
structure:
Currently, only three types of optional block have been defined in TR-31:
Optional
Header Block Usage
ID
Key set identifier; as defined in ANSI X9.24-2004 Part 1,
KS
Annex E
Key Block values; used to define the version of the set of
KV
Key Block field values
Padding block; to ensure that the overall length of the
PB Optional Header blocks is a multiple of the encryption
block length
Reserved for proprietary use. If proprietary identifiers are
Numeric used, it is the responsibility of the application owner to
Values ensure that all necessary devices support the proprietary
Optional Block identifiers that they will use.
Other types of optional blocks will be supported by the payShield 9000 as and when they
are specified.
The key scheme identifier "R" is used to indicate to the HSM that the Key field is a TR-31
Key Block.
Most of the HSM legacy commands will not be upgraded to support TR-31 Key Blocks
since there are more flexible versions of these commands available which will support
TR-31.
Licensing
Use of TR-31 Key Blocks on the payShield 9000 is enabled by applying optional license
HSM9-LIC006. (Note that no optional license is required to enable use of Thales Key
Blocks.)
Key Usage
If the first character of the key is a hexadecimal character (0 – 9 or A - F) or "K" the
commands will operate as previously specified. In most circumstances the key is single-
length except for ZMKs when the ZMK length is configured for double-length or for
specific keys that are double-length by definition. This is the 16H or 32H length and
types referenced in the command structures in the payShield 9000 Host Command
Reference Manual.
To support double and triple-length keys throughout the command set key scheme tags
have been defined these enable an HSM to determine the key length and encryption
mechanism used for a key. The key scheme tag prefixes the key. This is the 1A+32H or
1A+48H length and types in the command structures.
Variant method
The payShield 9000 HSM supports the Thales Variant scheme, for the encryption and
authentication of keys.
X9 TR-31 Method
Information on the TR-31 key encryption scheme is provided in Chapter 11.
GISKE Method
For full details of the Verifone/GISKE key encryption scheme, refer to the GISKE
specification [Reference 8].
The extension consists of a delimiter ";" and three single character option fields. If the
extension is used all fields must be provided. If the command does not use an option, "0"
or any valid value can be entered in that field. The option will be ignored during
processing.
When an AES Key Block LMK is installed, the payShield 9000 will support the use of 128-
bit, 192-bit and 256-bit AES keys for key management, data encryption and data
authentication. AES keys are only supported when using the Thales Key Block scheme.
Note that the use of AES keys (and an AES Key Block LMK) requires the HSM to have the
AES license (HSM9-LIC007) installed.
The traditional DES-based ZMK and TMK are able to encrypt AES and DES subordinate
keys.
The ZAK and TAK may be 128-bit, 192-bit or 256-bit AES keys, and the supported
authentication methods are CBC-MAC and CMAC.
The structure of the Thales Key Block and other related information can be found in
Chapter 8.
256-bit AES Key Block LMKs to protect AES working keys plus other keys (except
single DES) and data protected in the HSM by LMKs.
Use of AES for ZMKs and TMKs.
Use of AES working keys for data encryption and MACing.
Support for 128-, 192-, and 256-bit AES keys.
Export/import of AES working keys using Thales Key Blocks. (Note: the TR-31
standard does not currently support the AES algorithm.)
Use of a Console or payShield Manager to manage AES keys and AES Key Block
LMKs.
The next section in this chapter gives information on implementing AES on existing
payShield 9000s. Later sections indicate how host commands, console commands, and
Local payShield Manager menu options support AES.
The following table shows the keys used in the payShield 9000, indicating which keys can
use AES.
Key
Variant Key
Block
Key Description AES* LMK Key Type
LMK Key
Typeø Code
Usage
Base Derivation Key (BDK) B0 009 BDK
Key
Variant Key
Block
Key Description AES* LMK Key Type
LMK Key
Typeø Code
Usage
Data Encryption Key (Generic) Yes D0 00B, 00A, DEK,
30B ZEK,
TEK
Key
Variant Key
Block
Key Description AES* LMK Key Type
LMK Key
Typeø Code
Usage
RSA Public Key 02 00D RSA-
PK
As and when updates to the standards published by bodies such as ANSI X9, ISO, and
EMVCo become available, the payShield 9000 software will be extended to support
additional AES key usages.
Support of AES requires optional license HSM9-LIC007 to be installed on the payShield
9000.
Even if there is no requirement to use AES working keys, users may wish to use AES Key
Block LMKs to protect TDES and other working keys because of the greater security
strength that the 256-bit AES Key Block LMK provides compared to a TDES LMK.
Where a payShield 9000 is equipped with an appropriate number of LMKs, it may not be
necessary to re-encrypt existing working keys under a new AES Key Block LMK: the
existing working keys could be left encrypted under the existing LMKs, with only new
working keys (including AES keys) being encrypted under a new AES Key Block LMK.
The multiple LMK approach may not be satisfactory, for example if:
The process for such an LMK migration is described in Chapter 10. This process is based
on:
multiple uses of the BW host command, which re-encrypts a working key from an
old LMK to a new LMK,
multiple uses of the BG host command to re-encrypt PINs,
multiple use of the LO host command to re-encrypt decimalization tables.
The chapter on LMK migration also outlines how to install the AES Key Block LMK.
Note that:
Any type of working key (including key encryption keys, but excluding single-DES
keys) and any data that can be encrypted under a payShield 9000 LMK can be
encrypted using an AES Key Block LMK. The use of AES Key Block LMKs is not
limited to AES keys.
AES keys cannot be encrypted under a TDES LMK (whether Variant or Key Block
type).
Keys can be re-encrypted from any type of LMK to an AES Key Block LMK.
Keys encrypted under an AES Key Block LMK can only be re-encrypted to another
AES Key Block LMK - they cannot be migrated to a TDES LMK of any type.
This can be achieved with the key management facilities available using:
Console commands - see the sub-section on AES Key Management in the section
on support for AES in console command.
Host commands - see the sub-section on AES Key Management in the section on
support for AES in host commands.
A2 Generate and Print a Component Choice of Algorithm when using AES key
block LMKs extended to include:
BY Translate ZMK from ZMK to LMK The ZMK being translated can be an AES
encryption ZMK. And the encrypting ZMK can be an AES
key. The LMK that the ZMK is to be
translated to must, of course, be an AES
Key Block LMK.
BW Translate Keys from Old LMK to Supports AES keys & LMKs
New LMK and Migrate to New Key
Type
NE Generate and Print a Key as Split Choice of Algorithm when using AES key
Components block LMKs extended to include:
BC Verify a Terminal PIN Using the The input PIN can be encrypted using an
Comparison Method AES Key Block LMK.
BE Verify an Interchange PIN Using The input PIN can be encrypted using an
the Comparison Method AES Key Block LMK.
BG Translate a PIN and PIN Length The input PIN can be encrypted under an
AES Key Block LMK.
BK Generate an IBM PIN Offset (of a Support is provided for decimalization tables
customer selected PIN) encrypted using AES Key Block LMKs.
CA Translate a PIN from TPK to ZPK Supports TDES TPK/ZPK encrypted under an
Encryption AES Key Block LMK
CC Translate a PIN from One ZPK to Supports TDES ZPK encrypted under an AES
Another Key Block LMK
CE Generate a Diebold PIN Offset The input PIN can be encrypted using an
AES Key Block LMK.
CG Verify a Terminal PIN Using the Supports TDES TPK encrypted under an AES
Diebold Method Key Block LMK
CI Translate a PIN from BDK to ZPK Supports TDES BDK/ZPK encrypted under an
Encryption (DUKPT) AES Key Block LMK
CK Verify a PIN Using the IBM Support is provided for decimalization tables
Method (DUKPT) encrypted using AES Key Block LMKs.
CM Verify a PIN Using the VISA PVV Supports TDES BDK/PVK encrypted under an
Method (DUKPT) AES Key Block LMK
CO Verify a PIN Using the Diebold Supports TDES BDK encrypted under an AES
Method (DUKPT) Key Block LMK
CQ Verify a PIN Using the Encrypted The encrypted data base PIN can be
PIN Method (DUKPT) encrypted using AES Key Block LMKs.
CU Verify & Generate a VISA PVV (of Supports TDES TPK/ZPK/PVK encrypted
a customer selected PIN) under an AES Key Block LMK
DA Verify a Terminal PIN Using the Support is provided for decimalization tables
IBM Method encrypted using AES Key Block LMKs.
DC Verify a Terminal PIN Using the Supports TDES TPK/PVK encrypted under an
VISA Method AES Key Block LMK
DE Generate an IBM PIN Offset (of Support is provided for decimalization tables
an LMK encrypted PIN) encrypted using AES Key Block LMKs.
DG Generate a VISA PIN Verification The input PIN can be encrypted using an
Value (of an LMK encrypted PIN) AES Key Block LMK.
DU Verify & Generate an IBM PIN Support is provided for decimalization tables
Offset (of customer selected new encrypted using AES Key Block LMKs.
PIN)
EE Derive a PIN Using the IBM Support is provided for decimalization tables
Method encrypted using AES Key Block LMKs.
EG Verify an Interchange PIN Using Supports TDES ZPK encrypted under an AES
the Diebold Method Key Block LMK
EM Translate a Private Key Input & Output private key can encrypted
under an AES Key Block LMK.
ES Validate a Certificate and Import The input private key can be encrypted
the Public Key using an AES Key Block LMK.
G0 Translate a PIN from BDK to ZPK The input BDK and ZPK can be encrypted
Encryption (3 DES DUKPT) using an AES Key Block LMK.
GA Derive a PIN using the Diebold The generated PIN can be encrypted using
method an AES Key Block LMK.
GI Import Key under an RSA Public The imported private key can be encrypted
Key under an AES Key Block LMK.
GK Export Key under an RSA Public The input private, TDES, and HMAC keys can
Key be encrypted using an AES Key Block LMK.
GO Verify a PIN Using the IBM Support is provided for decimalization tables
Method (3 DES DUKPT) encrypted using AES Key Block LMKs.
GQ Verify a PIN Using the VISA PVV Supports TDES BDK/PVK encrypted under an
Method (3 DES DUKPT) AES Key Block LMK
GS Verify a PIN Using the Diebold Supports TDES BDK encrypted under an AES
Method (3 DES DUKPT) Key Block LMK
GU Verify a PIN Using the Encrypted The encrypted data base PIN can be
PIN Method (3 DES DUKPT) encrypted using AES Key Block LMKs.
JC Translate a PIN from TPK to LMK The output PIN can be encrypted using an
Encryption AES Key Block LMK.
JE Translate a PIN from ZPK to LMK The output PIN can be encrypted using an
Encryption AES Key Block LMK.
JG Translate a PIN from LMK to ZPK The input PIN can be encrypted using an
Encryption AES Key Block LMK.
K0 Decrypt Encrypted Counters (EMV Input TDES MK-AC key can be encrypted
4.x) under AES Key Block LMK
KQ ARQC Verification and/or ARPC Input TDES MK-AC key can be encrypted
Generation (EMV 3.1.1) under AES Key Block LMK
KS Data Authentication Code and Input TDES MK-DAC and MK-DN keys can be
Dynamic Number Verification encrypted under AES Key Block LMK
(EMV 3.1.1)
KU Generate Secure Message (EMV Input TDES MK-SMI, MK-SMC, TK, source
3.1.1) PEK, and MK-AC keys can be encrypted
under AES Key Block LMK
KY Generate Secure Message (EMV Input TDES MK-SMI, MK-SMC, TK, source
4.x) PEK, and MK-AC keys can be encrypted
under AES Key Block LMK
KW ARQC Verification and/or ARPC Input TDES MK-AC key can be encrypted
Generation (EMV 4.x) under AES Key Block LMK
L0 Generate an HMAC Secret Key Output HMAC key can be encrypted under
AES Key Block LMK
LC Verify the Diebold Table in User The Diebold table can be encrypted using an
Storage AES Key Block LMK.
LU Import an HMAC key under a Supports TDES ZMK encrypted under an AES
ZMK Key Block LMK. The output HMAC key can be
encrypted under an AES Key Block LMK.
LW Export an HMAC key under a ZMK Supports TDES ZMK encrypted under an AES
Key Block LMK. The input HMAC key can be
encrypted under an AES Key Block LMK.
LY Translate a HMAC Key from Old The old and new LMKs can be AES Key Block
LMK to New LMK LMKs.
OA Print a PIN Solicitation Mailer Reference number check value can use an
AES Key Block LMK
PE Print PIN/PIN and Solicitation The input PIN can be encrypted using an
Data AES Key Block LMK.
PG Verify PIN/PIN and Solicitation The input PIN can be encrypted using an
Mailer Cryptography AES Key Block LMK.
Q0 Translate Audit Record MAC key The old and new LMKs can be AES Key Block
LMKs.
RI Transaction Request With a PIN The input Terminal Key Register can be
(T/AQ Key) encrypted using an AES Key Block LMK. The
output Response MAC Residue and TPK can
be encrypted using an AES Key Block LMK.
RO Transaction Response with Auth The input Terminal Key Register, ZPK, and
Para from Card Issuer Request MAC Residue can be encrypted
using an AES Key Block LMK. The output
Response MAC Residue and Terminal Key
Register can be encrypted using an AES Key
Block LMK.
RQ Generate Auth Para and The input Terminal Key Register and
Transaction Response Request MAC Residue can be encrypted
using an AES Key Block LMK. The output
Response MAC Residue and Terminal Key
Register can be encrypted using an AES Key
Block LMK.
RU Transaction Request With a PIN Support for output KEYVAL encrypted under
(T/CI Key) an AES Key Block LMK.
RY (Mode 3) Calculate Card Security Support for input CSCK encrypted under an
Codes AES Key Block LMK.
RY (Mode 4) Verify Card Security Support for input CSCK encrypted under an
Codes AES Key Block LMK.
CK Generate a Check Value Can generate a value for keys, including AES
keys, encrypted under an AES key block LMK.
FK Form Key from Components Can form an AES key from components. TDES
keys may be, and AES keys must be, encrypted
under an AES key block LMK.
GS Generate Key and Write Can generate AES keys/components. TDES keys
Components to Smartcard may be, and AES keys must be, encrypted under
an AES key block LMK.
KG Generate Key Can generate an AES key. TDES keys may be,
and AES keys must be, encrypted under an AES
key block LMK.
A Enter the Authorized State / Can authorize for AES key block LMKs.
Authorize Activity
CO Create an Authorizing Officer Can copy cards containing AES key block LMK
Smartcard components.
CV Generate a Card Verification Can use a CVK encrypted under an AES key
Value block LMK.
DC Duplicate LMK Component Can copy cards holding AES key block LMK
Sets components.
DO Delete ‘Old’ LMK from Key Can delete AES key block LMKs.
Change Storage
GK Generate LMK Component Can generate AES key block LMK components. A
single use of the command generates all the
required components.
LO Move ‘Old’ LMKs into Key Can work with AES key block LMKs. AES Key
Change Storage Block LMKs cannot be loaded as the old LMK
where the new LMK is TDES (either variant or
key block).
R Load the Diebold Table The table can be encrypted using an AES key
block LMK.
V Verify LMK Store Now works with AES key block LMKs
VC Verify the Contents of a Can verify cards holding AES key block LMK
Smartcard components.
Operational / Local master Can copy cards holding AES key block LMK
keys / Duplicate components.
Operational / LMK Operations Can generate AES key block RLMK cards.
/ Local Master Keys /
Generate
Operational / LMK Operations Can copy AES key block RLMK cards.
/ Local Master Keys /
Duplicate
Operational / LMK Operations Can uninstall or replace AES key block LMKs.
/ Local master Keys /
Operational / LMK Operations Can install AES key block LMKs into Key Change
/ Key Block Storage / Install Storage. AES Key Block LMKs cannot be loaded as the
old LMK where the new LMK is TDES (either variant or
key block).
Operational / LMK Operations Can uninstall or replace AES key block LMKs in Key
/ Key Block Storage / Change Storage
An overview of the needs of PCI HSM compliance relevant to the payShield 9000 is given
in Chapter 10 – PCI HSM Compliance of the payShield 9000 General Information Manual;
in that chapter, the section "Restrictions on PIN Block format translations and usage"
describing the PIN Block limitations.
Format 01
Format 01 is the ISO 9564-1 Format 0, equivalent to the ANSI X9.8 Format 0 PIN Block,
and can only be encrypted using a DES/3DES key.
The format combines the customer PIN and account number as follows:
A 16-digit block is made from the digit 0, the length of the PIN, the PIN, and a
pad character (hexadecimal F). For example, for the 5-digit PIN 92389, the block
is:
0592 389F FFFF FFFF
Another 16-digit block is made from four zeros and the 12 right-most digits of the
account number, excluding the check digit. For example, for the 13-digit account
number 4000 0012 3456 2, where the check digit is 2, the block is:
0000 4000 0012 3456
The two blocks are exclusive-OR added:
05 92 38 9F FF FF FF FF
00 00 40 00 00 12 34 56
PIN block: 05 92 78 9F FF ED CB A9
Format 02
Format 02 supports Docutel ATMs, and can only be encrypted using a DES/3DES key. A
PIN block is created from the PIN length, a 6-digit PIN, and a user-defined numeric
padding string.
If the PIN has fewer than 6 digits, it is left-justified and zero filled.
For example, for the 5-digit PIN 92389, the PIN digits are 923890.
With pad characters added, the PIN block could be, for example:
Format 03
Format 03 supports Diebold and IBM ATMs, and can only be encrypted using a DES/3DES
key. It also applies to the Docutel format that does not include a PIN length. The PIN
block is created from the customer PIN and the hexadecimal F padding character. For
example, for the 5-digit PIN 92389, the PIN block is:
Format 04
Format 04 is the PIN block format adopted by the PLUS network, and can only be
encrypted using a DES/3DES key. The format combines the customer PIN and the related
account number as follows:
A 16-digit block is made from the digit 0, the length of the PIN, the PIN, and a
pad character (hexadecimal F). For example, for the 5-digit PIN 92389, the block
is:
Another 16-digit block is made from four zeros and the left-most 12 digits of the
account number. For example, for the 16-digit account number 2283 4000 0012
3456, where the check digit is 6, the block is:
0000 2283 4000 0012
Notes: Any transaction that requires a PIN block as a parameter accepts Format
04. The major impact of this format is on the account number field
length: when a PIN block is formatted according to Format 04, the
account number field becomes 18 digits in length.
For the PIN translation CA and CC commands, there are two format fields;
if either is 04, the account number field must be 18 digits. If the account
number is less than 18 digits, it must be right-justified and padded with
X'F on the left.
Format 05
Format 05 is the ISO 9564-1 Format 1 PIN Block, and can only be encrypted using a
DES/3DES key.
Where:
N is the PIN length (4 - C),
The following validity checks are carried out on incoming Format 05 PIN blocks:
Format 34
Format 34 is the ISO 9564-1 Format 2 PIN Block (the standard EMV PIN block format),
and can only be encrypted using a DES/3DES key. It is only available as an Output from
EMV PIN change commands (KU and KY).
The PIN block is created from a fixed Control Field, the length of the PIN, the customer
PIN itself and the hexadecimal F padding character. PINs from 4 to 12 digits in length are
accommodated.
Where:
N is the length of the PIN and can be any binary value from 0100 to
1100 (X'4 to X'C).
P is a digit of the PIN and can be any binary value from 0000 to 1001
(X'0 to X'9).
P/F is either a PIN digit or the binary value 1111 (X'F) filler depending
on the length of the PIN.
Thus for a 5 digit PIN of 34567, the PIN block would hold the 16 hexadecimal values as
shown below:
2 5 3 4 5 6 7 F F F F F F F F F
Format 35
PIN Block format 35 is the PIN Block required by Europay/MasterCard for their Pay Now
& Pay Later products, and can only be encrypted using a DES/3DES key.
The PIN block is created from a fixed Control Field, the length of the PIN, the customer
PIN itself and the customer account number. PINs from 4 to 12 digits in length are
accommodated.
A 16-digit (8 byte) block is constructed as follows:
Where:
C is a fixed control field of binary value 0010 (X'2).
N is the length of the PIN and can be any binary value from 0100 to
1100 (X'4 to X'C).
P is a digit of the PIN and can be any binary value from 0000 to 1001
(X'0 to X'9).
P/F is either a PIN digit or the binary value 1111 (X'F) filler depending
on the length of the PIN.
Thus for a 5 digit PIN of 34567, the block would hold the 16 hexadecimal values as
shown below:
2 5 3 4 5 6 7 F F F F F F F F F
Another 16-digit block is made from four zeros and the 12 right-most digits of the
account number, excluding the check digit.
For account number 1234 0000 0123 4562 where 2 is the check digit, the block is:
0 0 0 0 4 0 0 0 0 0 1 2 3 4 5 6
2 5 3 4 5 6 7 F F F F F F F F F
0 0 0 0 4 0 0 0 0 0 1 2 3 4 5 6
2 5 3 4 1 6 7 F F F E D C B A 9
Format 41
PIN Block Format 41 is the Visa format for PIN change without using the current PIN. The
method for constructing the PIN block is defined in section C.11.2 of reference 9, and can
only be encrypted using a DES/3DES key.
The PIN Block is created using the new PIN and part of the card's unique DEA Key as
follows:
0 0 0 0 0 0 0 0
Where:
N is the length of the new PIN and can be any binary value from 0100
to 1100 (X'4 to X'C).
P is a digit of the new PIN and can be any binary value from 0000 to
1001 (X'0 to X'9).
P/F is either a PIN digit or the binary value 1111 (X'F) filler depending
on the length of the PIN.
1
The Thales HSM terminology for the UDK is DK-AC. This is the card-unique key that is
derived from MK-AC, the Master Key for Application Cryptograms.
Format 42
PIN Block Format 42 is the Visa format for PIN change using the current (old) PIN. The
method for constructing the PIN block is defined in section C.11.1 of reference 9, and can
only be encrypted using a DES/3DES key.
The PIN Block is created using the old PIN, the new PIN and part of the card's unique
DEA Key as follows:
0 0 0 0 0 0 0 0
Where:
C is a fixed control field of binary value 0000 (X'0).
N is the length of the new PIN and can be any binary value from 0100
to 1100 (X'4 to X'C).
P is a digit of the new PIN and can be any binary value from 0000 to
1001 (X'0 to X'9).
P/F is either a PIN digit or the binary value 1111 (X'F) filler depending
on the length of the PIN.
Create a third 16 decimal digit block of data using the old PIN as follows:
Where:
P is a digit of the old PIN and can be any binary value from 0000 to
1001 (X'0 to X'9).
P/0 is either a PIN digit or the binary value 0000 (X'0) filler depending
on the length of the PIN.
2
The Thales HSM terminology for the UDK is *DK-AC. This is the card-unique key that is
derived from *MK-AC, the Master Key for Application Cryptograms..
Format 47
PIN Block Format 47 is the ISO 9564-1 Format 3 PIN Block, and can only be encrypted
using a DES/3DES key.
This PIN block is constructed by modulo-2 addition of two 64-bit fields: the plain text PIN
field and the account number field.
Where
N = PIN length - 4-bit binary number with permissible values of 0100 (X'4)
to 1100 (X'C).
P = PIN digit - 4-bit field with permissible values of 0000 (X'0) to 1001
(X'9).
F = Fill digit - 4-bit field, with values from 1010 (X'A) to 1111 (X'F), where
the fill-digit values are randomly or sequentially selected from this set of
six possible values, such that it is highly unlikely that the identical
configuration of fill digits will be used more than once with the same
account number field by the same PIN encipherment device.
The account number field is formatted as follows:
Where:
0 = Pad digit - A 4-bit field; the only permissible value is 0000 (0).
Format 48
PIN Block Format 48 is the ISO 9564-1 Format 4 PIN Block, and can only be used with an
AES key.
The PIN block is constructed using two 128-bit blocks: the first containing the plaintext
PIN, and the second containing the plaintext account number.
C N P P P P P/ P/ P/ P/ P/ P/ P/ P/ F F R R R R R R R R R R R R R R R R
F F F F F F F F
Where
N = PIN length – 4-bit binary number with permissible values of 0100 (4) to
1100 (12).
P = PIN digit – 4-bit field with permissible values of 0000 (0) to 1001 (9).
P/F = PIN/Fill digit – designation of these fields is determined by the PIN length
field.
F = Fill digit - 4-bit field, with values from 1010 (10)
R = Random digit - 4-bit field, with values from 0000 (0) to 1111 (15)
M A A A A A A A A A A A A A/ A/ A/ A/ A/ A/ A/ 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
Where
M = PAN length – 4-bit field with permissible values 0000 (0) to 0111 (7), which
when added to 7, indicates the PAN length. If the PAN is less than 12 digits, the
digits right justified and padded to the left with zeros, and M is set to 0.
A = PAN digit – 4-bit field with permissible values 0000 (0) to 1001 (9)
0 = Pad digit – 4-bit field with only permissible value 0000 (0)
A/0 = PAN/Pad digit – designation of these fields is determined by the PAN
length field.
To produce an encrypted PIN block in this format, using an AES PIN encryption key, K:
1. Format the PIN into the plaintext PIN field as shown above.
2. Format the PAN into the plaintext PAN field as shown above.
3. Encrypt the plaintext PIN field (from step 1) using the key, K.
4. XOR the plaintext PAN field (from step 2) with the result of step 3.
To decrypt an encrypted PIN block in this format, using an AES PIN encryption key, K:
1. Format the PAN into the plaintext PAN field as shown above.
2. Decrypt the encrypted PIN block using the key, K.
3. XOR the plaintext PAN field (from step 1) with the result of step 2.
In addition, keys and other data can also be stored in the User Storage area inside the
payShield 9000 itself. This method does not provide the capacity or flexibility that is
experienced when storing at the host, but ensures that the data is protected by the
HSM's security.
Performance
The use of keys and key blocks held in user storage will enhance the throughput of
payShield 9000s using asynchronous host communications. With this communications
method, the throughput of the payShield 9000 is limited by the time taken to transmit
the command and response: with the fastest payShield 9000, the throughput is almost
entirely determined by the speed of the connection and the time taken to transmit the
command and response. Because the use of user storage reduces the size of the host
command and therefore the time taken to transmit it to the HSM, the throughput will be
increased.
Each block is identified by an index, with values ranging from "000" to "FFF" in
hexadecimal characters (equivalent to 0 to 4,095 in decimal).
Blocks have either:
a fixed size (of 16, 32, or 48 hexadecimal characters - corresponding to
the size of single-, double-, and triple-length TDES keys), or
variable size
depending on the block size setting.
Blocks can contain any information that the user desires.
The user storage area is in tamper-protected volatile memory, and so the stored data will
be lost on events such as a tamper, a power cycle, use of the Restart button, or use of
the RESET console command.
Valid entries are S, D, T, or V (or, in fact, any string beginning with these characters)
representing the following block sizes:
S = Fixed Block Size for Single-length keys, i.e. block size of 16 hexadecimal
characters (8 Bytes)
D = Fixed Block Size for Double-length keys, i.e. block size of 32 hexadecimal
characters (16 Bytes)
T = Fixed Block Size for Triple-length keys, i.e. block size of 48 hexadecimal
characters (24 Bytes)
The Variable block size capability was added in payShield 9000 v2.3a. It provides more
flexibility than the S/D/T options, and operates differently. In the notes below, the
operation of User Storage when the block size is selected to be Single/Double/Triple-
length is described first. The operation of User Storage when Variable Block Size is
selected is described later.
Index Address (3H - Valid range "000" to "FFF") - the index pointing to the
location where the first data block is to be written.
Block Count (2H - Valid range "00" to "20") - the number of data blocks which are
included in the command. Up to 32 data blocks can be included with the
command. The sum of [(Index Address) + (Block Count-1)] must not exceed FFF
(4,095 decimal).
Data Blocks - a number of blocks of data to be stored. Data must be entered as
ASCII-encoded hexadecimal characters (e.g. the byte with a binary value
00111101, hexadecimal 3D, would be entered as the two characters "3" and "D"
and stored as 2 bytes.) The number of blocks must correspond to the value of
the Block Count field. The size of the data block must correspond to the length set
using CS or payShield Manager Configuration / Security Settings / General: if the
data has a shorter length than this, the block should be padded with hexadecimal
F characters.
Keys shorter than the specified block size can be stored by padding the key to the
specified block size with hexadecimal F characters.
An example of the use of the LA command is provided in the document payShield 9000
Host Command Examples.
There are two ways that LMK-encrypted keys can be retrieved from user storage by the
host system. Firstly, the data can be read by the host system using the LE host
command, as outlined above, and then inserting the returned key into a host command
which is then sent to the payShield 9000.
Alternatively, host commands can point to an LMK-encrypted key held in user storage,
avoiding the need to first retrieve the encrypted key from the payShield 9000. In order
to do this, the field in the host command which would normally provide the LMK-
encrypted key would instead include a key reference consisting of:
The key scheme - e.g. [null] for single-length DES, "U" for double-length Triple
DES, "T" for Triple-length Triple DES.
"K" to indicate that what follows is an index to user storage.
The 3-hex character index to the LMK-encrypted key in user storage.
For example:
Examples of the CA host command which include the key in the command and which use
a key reference can be found in the document payShield 9000 Host Command Examples.
Note that it is possible to store and recover keys of a length inconsistent with the Block
Size. This is useful, for example, if it is necessary to store keys of different lengths.
If the Block Size is set to Single (i.e. 16 hex characters), user storage can still be
used to store double and triple-length keys. In this case, 2 blocks must be
allocated for a double-length key, and three blocks for a triple-length key. When
inserting a key reference in a command (e.g. "UKB17"), the appropriate number
of blocks will be retrieved. Working in this way reduces the number of keys that
can be stored because more than one index address is required for a key - for
example, if only double-length keys were being used, then only 2,048 keys could
be stored.
As an example, if the double-length encrypted key
92385025801691228682054947200919 was to be stored at index 0FE,
then the example of the LA host command entitled "LA Command - Load
Data to User Storage (double-length TDES key encrypted under a variant
LMK)" in the document payShield 9000 Host Command Examples could be
used.
If the Block Size is set to Triple (i.e. 48 hex characters), for example, single- or
double-length keys can still be stored. However, the shorter keys must be padded
with hexadecimal F characters to bring them up to the Triple Block size.
User storage and Key Block LMKs with fixed block sizes
When using Key Block LMKs, the LMK-encrypted key can be written to user storage using
the LA host command. The host system can later read the key back from user storage
using the LE host command and insert the it (with the preceding key scheme indicator of
"S") into another host command sent to the payShield 9000.
Note that the key block must be expanded to hex encoding. For example, the following
key block:
0007271TN00S0002B7CC796C2A4909FF12174898C4286E5AE2E8230E89284ED715D1D7F0
plus any required "F" padding. If the User Storage Block Size has been defined as Double
(32 hexadecimal characters) then this key would be written as the following 5 blocks:
30303037323731544E30305330303032
42374343373936433241343930394646
31323137343839384334323836453541
45324538323330453839323834454437
3135443144374630FFFFFFFFFFFFFFFF
The facility to use key references in commands (e.g. "SK123") is not available when
using key block LMKs.
4D617279206861642061206C6974746C65206C616D622C0D0A49747320666C6565636
52077617320776869746520617320736E6F772E
If the User Storage Block Size has been set to Double (i.e. 32 Hexadecimal characters)
this input would have to be written to User Storage as four 32-character blocks, padded
with Hexadecimal F:
4D617279206861642061206C6974746C
65206C616D622C0D0A49747320666C65
65636520776173207768697465206173
20736E6F772EFFFFFFFFFFFFFFFFFFFF
Up to 1,260 records can be loaded using the QC command, and multiple preceding QA
commands (each containing up to 25 records) can be used to load a total of 2,520
records. The user cannot define where this data is to be written in the user storage area.
The PIN solicitation data overwrites existing data in user storage. Therefore any user
storage data must be reloaded after PIN Solicitation has been performed.
The Diebold Table shares the same storage blocks as other data in user storage, and so
the user must ensure that the 32 blocks allocated to the Diebold table are not being used
to store any other data.
The Diebold Table stored in the HSM is encrypted using the LMK. For variant LMKs, this
will use LMK pair 14-15 variant 0 or LMK pair 36-37 variant 6, depending on the security
settings relating to PCI HSM compliance.
The Diebold Table in user storage can be verified using the LC host command.
Where the decimalization table is required in host commands (such as BK, DE, EE, GO),
it can be referenced in the command using the same ["K" + index] structure described
earlier for symmetric keys.
The key block example in the section on User Storage and Key Block LMKs, at
index decimal 123 (hexadecimal 07B);
The single-length variant-LMK encoded key 9A73BC83A90012BD, at the next
available index – which would be 128 (hexadecimal 080);
The example data in the section on Storing general data, at the next available
index – which would be 129 (hexadecimal 081).
This could be done using a single LA host command, where:
See later in this chapter for how RSA keys can be stored in user storage when variable
block sizes have been specified.
The command requires a Key index in the range 00-20 (decimal) to identify which
location the key is to be loaded to.
The enhanced functionality, where V is selected for the block size, allows RSA keys and
Key Block LMK-encrypted keys to be held in User Storage, and to be referenced by host
commands. Stored keys and data no longer have to be of a fixed length, removing the
need to specify a block size or to pad data blocks to the appropriate size.
The text below assumes that the reader is familiar with the information in the earlier
section on the operation of User Storage when using fixed block sizes, and therefore
identifies only the differences from that information.
If the S(ingle), D(ouble), or T(riple) options are selected, user storage operates as
described earlier in this chapter, and the enhanced functionality for variable-length user
storage is not available.
For Index Addresses 000-07F (0-127 decimal), the maximum length is 1,000
bytes. This enables the storage of longer data items such as RSA keys or the
Diebold Table, but can be used to store any data such as AES or TDES keys.
For Index Addresses 080-FFF (128-4095 decimal, i.e. 3,968 entries), the
maximum length is 100 bytes. This is designed for use with shorter data items
such as AES or TDES keys.
Data to be stored can now be defined as being ASCII, ASCII-encoded hexadecimal, or
binary. It is no longer necessary to pad data to the block size.
The stored data can, as previously, be keys, PIN solicitation data, a Diebold table,
decimalization tables, or any other data that the user desires.
Where the loaded data represents keys, the keys can be encrypted using any type of
LMK (i.e. including AES and TDES Key Block types).
Here are some examples. <…> indicates binary data represented here as hexadecimal
characters.
LMK-encrypted key LMK Key Index Key in host command Key reference in
Type Type in User if key provided by host command if
Storage host key stored in
user storage
9A73BC83A90012BD Var Sngle 3A8 9A73BC83A90012BD K3A8
TDES DES
23A7BB616A198EFF Var Dble B17 U23A7BB616A198EFF UKB17
1298FAE25D3A4BF5 TDES TDES 1298FAE25D3A4BF5
18A7DE43129C2CD6 Var Triple 179 T18A7DE43129C2CD6 TK179
BBA965823F5A78A9 TDES TDES BBA965823F5A78A9
9987AA4F5890B0C3 9987AA4F5890B0C3
00072B1TN00S0001 Kbl Dble A12 S00072B1TN00S0001 SKA12
3FC2C2BD71EFA6A1 TDES TDES 3FC2C2BD71EFA6A1F6
F65A01CC3EA930CE 5A01CC3EA930CED51
D51E07D8A818AC06 E07D8A818AC06742D
742D1651 1651
<AC5DC5A50CA3D9 Var RSA 01C <AC5DC5A50CA3D929 K01C
293629994FF8452E7 TDES Prv 3629994FF8452E767
67 1024 … (344 bytes of binary
… (344 bytes of data) …
binary data) … 402E0399AC47527F7
402E0399AC47527F E881BA68F1>
7E881BA68F1> (344 bytes of binary
(344 bytes of binary data)
data)
0037603RN00N0202 Kbl RSA 06E S0037603RN00N0202 K06E
0005TPB0B4vzoOWb TDES Prv 0005TPB0B4vzoOWb
<F343F5C367CB557 1024 <F343F5C367CB557
BC217195EBFD4821 BC217195EBFD4821
… (336 bytes of … (336 bytes of binary
binary data) … data) …
09E3AD2CFCE4B045 09E3AD2CFCE4B045
CEC4D2C23061455> CEC4D2C23061455>
99653B1A 99653B1A
CA Command - Translate a PIN from TPK to ZPK Encryption (using keys and PIN
Block held in user storage)
DE Command - Generate an IBM PIN Offset
EW Command - Generate a signature (with variant LMK-encrypted RSA key held
in user storage)
EW Command - Generate a signature (with key block LMK-encrypted RSA key
held in user storage)
JE Command – Translate a PIN from ZPK to LMK encryption
JG Command – Translate a PIN from LMK to ZPK encryption
LA Command - Load Data to User Storage (double-length TDES key encrypted
under a variant LMK).
LA Command - Load Data to User Storage (RSA private key encrypted under a
TDES variant LMK).
LA Command - Load Data to User Storage (RSA private key encrypted under a
TDES key block LMK).
LE Command - Read Data from User Storage (single/double/triple block size
setting).
LE Command - Read Data from User Storage (variable block size setting).
M0 Command – encrypt a block of data (using a key block LMK-encrypted key
held in user storage).
Chapter 16 – SNMP
Introduction
The payShield 9000 supports industry-standard SNMP (Simple Network Management
Protocol) to provide information about the payShield 9000’s state to external
management devices. Information can be obtained from the payShield 9000 in two
operational modes:
Network Connectivity
SNMP traffic to and from the payShield 9000 can use any one of its 4 Ethernet ports:
Host Port 1
Host port 2
Management Port
Auxiliary Port
SNMP is enabled/disabled and the desired port selected by using the SNMP console
command. Users of payShield Manager should use the Configuration / SNMP Settings
dialogue box:
The ports themselves are configured using the CH, CM, and CA console commands.
payShield Manager users can configure host ports using Configuration / Host Settings
and the management port using Configuration / Management Settings.
SNMP traffic to the payShield 9000 is received on UDP port 161, and SNMP traffic is sent
to a specified UDP port (usually 162) at the management device.
SNMP versions
payShield 9000 supports SNMP versions 1, 2, and 3.
For SNMP versions 1 and 2, Communities are set up by providing a read string. For
version 3, Users are set up under a username with details of authentication/privacy
algorithms and passwords. This configuration is done using the SNMPADD (or SNMPDEL
to delete a Community or User) console command or payShield Manager Configuration /
SNMP Settings.
Configuring Traps
For Traps to be sent by the payShield 9000, both SNMP (e.g. using the SNMP console
command) and traps (e.g. using the TRAP console command) must be enabled.
Multiple traps can be configured:
ps9000SettingsPCICompliant Whether all settings are compliant with PCI HSM standard.
System
The date and time as reported by the system's Real Time
ps9000SystemDateAndTime
Clock.
ps9000VersionSoftwareHSMCoreAPIVe
Core API version of software running on the Payshield 9000
rsion
Licensing
ps9000LicensingPerformanceModel Maximum transactions per second the unit is licensed for.
LMK Information
ps9000LmkNumLoaded The number of LMKs currently loaded into the device
ps9000LmkStatusTable A table that returns the status of all possible LMK sets
Row in the LMK Status table. Each row contains the following
ps9000LmkStatusEntry
objects:
Utilisation Information
ps9000UtilLoad Instantaneous HSM load
ps9000HostConnectionAsyncTerminati
Async terminating sequence.
ngSequence
ps9000HostConnectionAsyncDeviceNa
The name of the async controller.
me
ps9000HostConnectionAsyncFlowContr
Flow control setting of the host async interface.
ol
ps9000HostConnectionEthernetSSLEna
Whether TLS/SSL has been enabled.
bled
ps9000HostConnectionEthernetACLsEn
Whether Access Control Lists are enabled.
abled
ps9000HostConnectionEthernetUDPEna
Whether UDP is enabled.
bled
ps9000HostConnectionEthernetTCPEna
Whether TCP is enabled.
bled
ps9000HostConnectionEthernetMaxTcp
Maximum number of TCP sessions allowed per interface.
Connections
ps9000HostConnectionEthernetTcpKee
TCP keep alive timeout in minutes.
palive
ps9000HostConnectionEthernetWellKn
The well known TCP port.
ownPortTcp
ps9000HostConnectionEthernetWellKn
The well known TLS port.
ownPortTls
ps9000HostConnectionEthernetConf
Whether ethernet is configured.
igured
ps9000HostConnectionEthernetInte
Host Port number (1 or 2).
rfaceNumber
ps9000HostConnectionEthernetConf
Whether DHCP or Static IP address.
igMethod
ps9000HostConnectionEthernetHost
Network name (DHCP only).
Name
ps9000HostConnectionEthernetIpAd
IP address.
dress
ps9000HostConnectionEthernetSub
Subnet mask.
netMask
ps9000HostConnectionEthernetGate
Gateway IP address.
way
ps9000HostConnectionEthernetMac
MAC address.
Address
ps9000HostConnectionEthernetPort
Speed/duplexity
Speed
ps9000HostConnectionNumberOfCo
Number of TCP connections in use.
nnectionsUsed
ps9000HostConnectionFiconControlUni
Control unit address defined in the mainframe I/O definition.
tImage
ps9000HostConnectionFiconControlUni
Starting unit address.
tAddress
ps9000ManagementEthernetNetworkN
Name of this interface if in DHCP mode.
ame
ps9000ManagementEthernetIpAddress IP address.
ps9000ManagementEthernetSubnetMa
Subnet mask.
sk
ps9000ManagementEthernetMacAddre
MAC address.
ss
ps9000ManagementConsoleFlowContro
Flow control method.
l
Communications Services
Whether the process to service Console Management
ps9000CommsMgmtConsoleState
requests is currently running.
Communication Ports
ps9000HostPortEthernet1 If the first host ethernet port is up and running.
Operator Actions
ps9000PowerOnAlarm Trap indicating the unit has been powered up.
ps9000RestartAlarm Trap generated when the reset button has been pressed.
Logs
ps9000LogsErrorlogTotalCount Total number of entries in the error log.
Fraud Detection
Whether the allowable PIN verifications/minute, or PIN
ps9000FraudPinVerifyLimitsExceeded
verifications/hour, have been exceeded.
ps9000HealthCheckCountsPinAttackLi Number of times the pin attack limit was exceeded since the
mitExceeded last reset of health counters.
Tampers
ps9000StateTamperState Current tamper state of the HSM
ps9000StateTamperDate Date and Time that the last tamper event occurred.
Health Diagnostics
Number of minutes after midnight the diagnostic tests start
ps9000HealthDiagSelfTestTimeOfDay
at.
ps9000HealthDiagSelfTestOK Whether one or more of the tests in the last self-test failed.
ps9000BadDataProtocol The protocol that bad data detected was transmitted with.
Tamper
If the payShield 9000 detects a tamper, a Trap will be sent when the unit restarts.
The Trap is issued as MIB object ps9000TamperAlarm, and the following supporting
information is provided:
Powering up
When the payShield 9000 is powered up, a Trap is sent using MIB object
ps9000PowerOnAlarm.
the date and time of the use of the Erase button is provided in
ps9000AlarmEraseTimeandDate.
Fraud Detection
See Chapter 7 of the payShield 9000 General Information Manual for a description of the
payShield 9000's Fraud Detection feature.
If a fraud attempt is detected a Trap is issued in the ps9000FraudAlarm MIB object. The
following supporting information is available:
the cause of the fraud detection in ps9000FraudType.
This document describes how the payShield 9000 could be used to generate and print
KEK components at the issuing organization, and to re-form the KEK from components at
the recipient organization. User organizations must review the suggested methods
described in this document to ensure that they meet the organizations’ security and
operational requirements.
Additional detail in some areas such as creating print forms can be found elsewhere in
this manual. Reference is made here to the use of HSM Host commands. These
commands are described fully in the payShield 9000 Host Command Reference Manual.
A KEK that is to be shared between two organizations will be generated by one of the
parties and conveyed to the other in a secure manner. In the payments industry this is
typically done by the issuer splitting the KEK into components which are then delivered
to different individuals at the recipient organization. These individuals come together to
re-form the KEK in the recipient organization’s systems.
Each user organization needs to design its own component distribution process to meet
its operational and security requirements. One possible sequence of events, making use
of a Thales payShield 9000 to provide a high level of security, is as follows:
The possible process model outlined here can be modified to the needs of individual
organizations. As an example of this, an approach taken by some users of Thales
payment HSMs for setting up TMKs is to pre-print batches of components in secure
envelopes, with an associated reference number: the component check value has been
used for this by at least one organization, but in this case a process must be put in place
to allow for the (unlikely) occurrence of a non-unique value. A supply of components is
provided to each component holder. All the components are also held at the host system.
The component holders visit the ATMs, and each takes any one of their stock of
components and enters it into the ATM to form the ATM’s copy of the TMK. Each
component holder then calls the operations center and provides the reference number of
the component they used. The host computer can then retrieve the same components
and form its copy of the TMK.
As mentioned above, each organization needs to design its own procedures to provide
the level of security that the organization feels is appropriate. It is suggested that these
procedures include the disposal of printed components after they have been used.
Commands,
format,
& request to generate
a component
Host
Computer
Impact
printer
HSM
a parallel printer attached to a USB port on the payShield 9000 via a USB-to-
parallel cable available from Thales
a serial printer attached to a USB port on the payShield 9000 via a USB-to-serial
cable available from Thales
a USB printer attached to a USB port on the payShield 9000 via a standard USB
cable.
To choose which type of printer to use and to configure the printer, use the CP
(Configure Printer) console command or payShield Manager Configuration / Printer
Settings.
Non-impact Printers
It is unlikely that laser or ink-jet printers can be used in this way, because use of this
type of printer to print secret information (such as PINs) requires specialized stationery
with plasticized windows: it is unlikely that stationery with large enough windows for
component printing will be readily available.
Any type of printer could be used to print components onto plain stationery. However, if
plain stationery is to be used, security measures should be in place to ensure that the
component can be seen by no more than one person and that any one person cannot see
more than one component.
component, and that procedures are in place to protect the components (e.g. if they are
transcribed onto paper).
The payShield 9000 can hold a single form definition at a time. Formatting data is loaded
onto the HSM as text strings. This data consists of:
Key ^P ^Q ^R
length
Single 1st 8 hex digits of 2nd 8 hex digits N/A
component of component
Double 1st 16 hex digits 2nd 16 hex digits N/A
of component of component
Triple 1st 16 hex digits 2nd 16 hex digits 3rd 16 hex digits
of component of component of component
The above example would print the following key component form:
..(Field 0)....................(Field 1)
..KEY.COMPONENT.PART.1:.xxxxxxxxxxxxxxxx
..KEY.COMPONENT.PART.2:.yyyyyyyyyyyyyyyy
..KEY.COMPONENT.PART.3:.zzzzzzzzzzzzzzzz
..KEY.CHECK.VALUE:.vvvvvv
..DO.NOT.DISCLOSE.THIS.COMPONENT.TO.ANYONE.ELSE
Notes:
This form definition is loaded onto the HSM using payShield 9000 Host commands. The
required host commands are as follows - see the payShield 9000 Host Command
Reference Manual for full details:
Typically 3 components will be generated and printed in this way, by running the A2
command once for each component.
Each component will be printed in its own mailer, which should be designed such that the
component cannot be read from the outside of the mailer, and any attempt to access the
component inside the mailer will be evident.
The HSM will provide 2 responses to the A2 command sent by the host:
The issuer’s host will receive and hold the encrypted component.
This command generates both the clear component and the component encrypted under
the payShield 9000’s LMK and displays them to the user.
The output from this command must be manually written or printed onto the mailer using
a separate system.
Security considerations
Whenever components are output in any way other than inside a secure, tamper-evident
mailer, the originating organization should satisfy themselves that procedures are in
place to ensure that not more than one person can see any component, and that any one
person cannot see more than one component.
However, the NE command is provided purely for backwards compatibility with older
systems that were designed to make use of it. It is recommended that use of this
command is avoided, and that it is disabled using the CONFIGCMDS Console command or
in the payShield Manager Configuration / Configure Commands / Host dialogue box,
because it generates components as split keys rather than full-length components which
are XORed together.
The issuer’s host now forms the KEK from the encrypted components it is holding by
sending the components to a payShield 9000 in the following host command:
The payShield 9000 will form the KEK, encrypt it using its LMK, and return the LMK-
encrypted KEK to the host system. The host can now add this encrypted KEK to its key
database. Whenever a cryptographic operation requires the KEK, the encrypted KEK will
be included in the host command sent to the HSM and the HSM will decrypt the KEK and
use it within its secure boundary.
There are 3 ways that this can be done using the payShield 9000. In each case:
Console
The following Console command allows the component holders to enter their components
sequentially and then displays the encrypted key and its check value:
This Console command can also form a key from encrypted components (e.g. if the
encrypted components generated by the GC Console command option had been provided
to the recipient).
payShield Manager
The ability to Install an LMK from RLMK Card Set can be found in payShield Manager at
Operational / LMK Operations / Local master Keys.
The standalone KMD can be used to form an LMK-encrypted key from components – see
the payShield 9000 General Information Manual.
Further Information
Further, more detailed information relating to the methodologies described in this
document can be found in the following Thales publications:
Other chapters in this manual
1270A546 payShield 9000 Host Command Reference Manual.
1270A645 payShield Manager User Guide
The PCI HSM standard relates specifically to HSMs, such as the payShield 9000. Although
not yet mandated by the card schemes, compliance with the PCI HSM standard is sought
by many users and is required for compliance with certain other PCI standards (e.g.
Point-to-Point Encryption and mPOS; Card Production).
The payShield 9000 hardware and selected versions of software have been certified as
being compliant with this standard. In order to achieve this certification, a number of
changes were made to the payShield 9000 software, some of which apply to user
operation of the device and some of which are relevant to application developers. This
chapter focusses on the changes which may impact on developers:
PIN Blocks
Updating Key Type 002 in host commands
Migrating keys from Key Type 002
Diebold Table re-encryption
Note that where changes have been made to the payShield 9000 to enable it to comply
with the requirements of the PCI HSM standard, the user can decide whether to use
these changes through the payShield 9000's security settings. If the changes to the
software are not used then the payShield 9000 can run with full compatibility with legacy
units, but it is then not compliant with the requirements of PCI HSM.
A general description of the PCI HSM standard and the effects on operations can be
found at Chapter 10 of the payShield 9000 General Information Manual. That chapter
includes a description of the conditions necessary to make a payShield 9000 compliant
with the PCI HSM standard.
PIN Blocks
Using PIN Block formats in a compliant manner
PCI HSM compliance requires adherence to the recommendations of ISO 9564 / ANSI
X9.8 in terms of allowed PIN Block Format translations and usage.
The allowed translations and usage are a sub-set of what was previously available on the
payShield 9000. Therefore users could already be compliant with ISO 9564 / ANSI X9.8
with older HSMs, simply by using only the allowed functionality. However, for PCI HSM
compliance the payShield 9000 must enforce the limitations.
For users not already conforming to ISO 9564/ANSI X9.8, the payShield 9000 allows the
user to continue operating in this fashion until such time as the user wishes to become
PCI HSM compliant. This is done by manipulating the security setting Restrict PIN block
usage for PCI compliance:
if this is not set the user can continue to using PIN Block Format translations or
usage outside of those allowed by ISO 9564/ANSI X9.8 and PCI HSM
if it is set then only the permitted functionality is available.
Translation to:
Thales PIN
01 02 03 04 05 34 35 41 42 46 47 48
Block Format
ISO
0 - - - 1 2 - - - - 3 4
Format
01 0
02 -
03 -
04 -
Translation from:
05 1
34 2
35 -
41 -
42 -
46 -
47 3
48 4
Note: the rows shaded light blue indicate that these translations are not currently used in
any payShield 9000 Host commands.
With this security setting, users must ensure that their applications are not requesting
non-permissible PIN Block Format translations when sending any of the following Host
commands to the payShield 9000:
Command
PIN Block Format for Values Derived from PIN & PAN
When the security setting Restrict PIN block usage for PCI compliance is set, payShield
9000 will enforce the ISO 9564 / ANSI X9.8 and PCI HSM requirement that only Thales
PIN Block formats 01 (ISO format 0), 47 (ISO format 3), and 48 (ISO format 4) may be
used when calculating values (e.g. offsets, PVV) from the PIN and PAN.
Command
Where the security setting is not set, this restriction is not enforced and users can
continue to use other PIN Block formats to calculate offsets, PVVs, etc., until such time
as the user wants to implement an ISO 9564/ANSI X9.8 and PCI HSM compliant
environment.
PCI HSM certification requires additional key separation to be applied to the HSM. This
means that, for users of Variant LMKs, various data and keys in key type 002 (i.e.
encrypted with LMK Pair 14-15, variant 0) must be moved to a different key type.
Users can plan when they want to move the keys from the legacy key type (002) to the
new PCI HSM compliant key types by making use of the security setting Enforce key type
002 separation for PCI HSM compliance:
If this is not set, then the affected keys remain in key type 002: this provides
interoperability with legacy systems but means that the payShield 9000 is not PCI
HSM compliant.
If the setting is set, the affected keys use the new key types as required for PCI
HSM compliance.
The keys involved and their new key types are as follows:
PEK PIN Encryption Key where PEK Type=1 70D 36-37 var 7
In order to operate with the new key types, Host applications issuing commands to the
HSM which specify the key type must be modified to specify the new key type. The Host
commands affected by this are:
Host Command
A0 Generate a Key
A2 Generate and Print a Component
A4 Form a Key from Encrypted Components
A6 Import a Key
A8 Export a Key
B0 Translate Key Scheme
BK Gen IBM PIN Offset (customer selected PIN)
BU Generate a Key Check Value
BW Translate Keys from Old to New LMK
DU Verify & Generate an IBM PIN Offset (of customer selected new PIN)
Example
If it is required to use the A0 Host command to generate a TPK where:
the key is to be encrypted under the default Variant LMK
the key does not need to be encrypted under a ZMK or TMK
the key does not need to be exported in TR-31 format
no command message trailer is required.
A legacy application might send the following Host command:
Field Value
Message Header 1234
Command Code A0
Mode 0
Key Type 002
Key Scheme U
If the security setting Enforce key type 002 separation for PCI HSM compliance is set, the
Host command would be modified to the following:
Field Value
Message Header 1234
Command Code A0
Mode 0
Key Type 70D
Key Scheme U
HSM 8000 users should upgrade to v3.3a or later. These versions of HSM 8000 software
include the same capability of changing key types as described above. Some Host
commands will also be disabled. (Note that the HSM 8000 is not PCI HSM compliant,
even with version 3.3a of software installed.)
Users of payShield 9000 with software versions earlier than v1.2a should upgrade their
HSMs to v1.2a or later. This will provide interoperability but will not necessarily make the
payShield 9000 PCI HSM compliant.
It is not possible for a PCI HSM compliant payShield 9000 HSM to inter-operate with
older Thales RG6000 and RG7000 payment HSMs.
The processes below indicate approaches that might be taken to achieve migration, but
users will need to design processes that suit their own environment. The starting point in
these processes is that transaction processing is using the existing key database, and the
security setting Enforce key type 002 separation for PCI HSM compliance has not been
set on any HSM.
is a TPK
is a Triple-length DES key
is using the default LMK
has no message trailer
Field Value
Message Header 1234
Command Code BW
Key Type code E2
Key length 2
Key U12345678…ABCDEF
Delimiter ;
Key Type 70D
Note that when the Key Type Code is E2, no LMK is needed in the Key Change Storage.
If the same key is being migrated but this time with a change of LMK:
Field Value
Message Header 1234
Command Code BW
Key Type code F2
Key length 2
Key U12345678…ABCDEF
Delimiter ;
Key Type 70D
Note that when Key Type Code is F2, both the old LMK (that is being moved away from)
and the new LMK (that is being moved to) must be installed on the payShield 9000. See
Chapter 10 for a discussion about how to have one in LMK Live storage and one in LMK
Key Change Storage.
Immediately after setting the security setting Enforce key type 002 separation for PCI
HSM compliance on a payShield 9000, the following actions must be taken:
Erase the existing encrypted version of the Diebold table using the LA Host
command to overwrite it with hexadecimal F digits. The Index Address must be
the same as that used when the encrypted Diebold table was set up; 32 blocks of
16 hexadecimal F digits should be written. (This step is unnecessary if the re-
encrypted Diebold table is to be written to the same location in user storage as
the existing encrypted table.)
Use the R Console command to load the new Diebold Table. This requires access
to the plaintext version of the Diebold Table.
Use the LC Host command to verify the Diebold Table.
Repeat the above steps for each LMK which has an encrypted Diebold Table.
Note that if for any reason the security setting Enforce key type 002 separation for PCI
HSM compliance is unset the Diebold table will have to be re-entered again.
Key
Scheme Notes
Tag
None/Z Encryption of a single-length DES key using X9.17 methods. Used for
encryption of keys under a variant LMK, and can also be used for the
import or export of keys.
U Encryption of a double-length DES key using the variant method; used
for encryption of keys under a variant LMK.
T Encryption of a triple-length DES key using the variant method; used
for encryption of keys under a variant LMK.
X Encryption of a double-length key using X9.17 methods; only available
for import and export of keys. This mode is enabled within the
Configure Security command,
Y Encryption of a triple-length key using X9.17 methods; only available
for import and export of keys. This mode is enabled within the
Configure Security command.
Encryption of keys using Verifone/GISKE methods; used for export of
V
DES keys.
Encryption of keys using TR-31 Key Block methods; only used for
R import or export of keys. The use of this scheme requires optional
license HSM9-LIC006.
Encryption of DES, AES, RSA & HMAC keys using Thales Key Block
S
methods; used for encryption of keys under a key block LMK.
None -
Internal Exported
(Thales) Key Usage (TR-31)
Key Block Key Block
'41' Base Derivation Key Type 2 (BDK-2) 'B0'
'42' Base Derivation Key Type 3 (BDK-3) 'B0'
'43' Base Derivation Key Type 4 (BDK-4) 'B0'
'11' Card verification (American Express CSC) 'C0'
'12' Card verification (Mastercard CVC) 'C0'
'13' Card verification (Visa CVV) 'C0'
'21' Data encryption using a DEK (DEK) 'D0'
'22' Data encryption using a ZEK (ZEK) 'D0'
'31' Visa Cash Master Load Key (KML) 'E6'
'32' Dynamic CVV Master Key (MK-CVC3) 'E6'
'51' Terminal key encryption (TMK) 'K0'
'52' Zone key encryption (ZMK) 'K0'
'71' Terminal PIN encryption (TPK) 'P0'
'72' Zone PIN encryption (ZPK) 'P0'
'73' Terminal Key Register (TKR) 'P0'
For example:
ONE TWO THREE FOUR.
English is used as the default setting. The symbols can be used in addition to the
symbols for printing PINs in numeric format (e.g., 1234).
2 TWO
3 THREE
4 FOUR
For the following definition of print symbols an n is used to indicate which digit of a PIN is
to be printed. The relationship between PIN digits and n is as follows:
PIN 1 2 3 4 5 6 7 8 9 10 11 12
Digit
‘n’ 1 2 3 4 5 6 7 8 9 A B C
For a full explanation of the print formatting symbols see the payShield 9000 Host
Programmer’s Manual.
The example symbol sequence is as follows, and is explained in the subsequent table.
>L
>L|91B2661393030763048|91B2666313030793358|51B28313055|B1B28733170333
676323554|D1B266136373930763133343048
>005^P
>L|A1B287330703130763354|91B2661393030763048
>005^^00
>L
>005^^01
>L
>005^^02
>L
>005^^03
>L
>005^^04
>L
>005^^05
>L
>005^^06
>L
>F
--------------------------------------------------------------------------------------------------
-- Thales e-Security, Inc.
-- Version: 1.0
-- Date: June 10, 2010
-- Changes:
IMPORTS
NOTIFICATION-TYPE, OBJECT-TYPE, MODULE-IDENTITY,
enterprises, IpAddress, Integer32, Gauge32
FROM SNMPv2-SMI
TEXTUAL-CONVENTION, MacAddress, DisplayString,
DateAndTime, TruthValue
FROM SNMPv2-TC;
payshield9000MIB MODULE-IDENTITY
LAST-UPDATED "201606060810Z"
ORGANIZATION
"Thales e-Security"
CONTACT-INFO
"954 888 6200"
DESCRIPTION
"Provides utilization and state information for Thales e-Security's Payshield 9000
devices.
The utilization statistics provide information on the device's current host command
processing load. The state information provides status on currently loaded LMKs,
the status of processes used to service host and management commands,
and network interfaces.
Added Version,Logs,Health, Host Connection, Management,Printer and
PCI Security settings branches."
REVISION "201304030810Z"
DESCRIPTION
"Updates"
REVISION "201507122215Z"
DESCRIPTION
"Added support for snmp traps."
REVISION "201606060115Z"
DESCRIPTION
"Added MIB enhancements"
::= { ps9000 1 }
-- Payshield 9000
-- Ths utilization statistics provide information on the device's current host command
-- processing load.
-- Provides information on whether or not the Fraud Detection limits have been exceeded.
-- Provides the number of and list of host commands that are enabled on this Paysheild.
-- Provides the number of diagnostic tests last performed and the results of each test.
-- Health check counts for the Payshield. These cover reboots, tampers and suspicious
-- pin verification failure patterns
-- Contains information about the configuration of Host interfaces. For enabled interfaces
-- details about the physical and protocol configuration are provided.
-- The detailed configuration info of the console async and ethernet management interfaces.
-- Data concerning the printer configuration of the unit. This includes the universally
-- used settings for all printers and the printer report on the actual printer hooked up.
-- This is the identical report the console QP command and the payShield Manager give.
-- Payshield settings.
ps9000UtilLoad OBJECT-TYPE
SYNTAX Gauge32 (0..100)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Displays the instantaneous load for all host commands processed by the
payshield 9000 in the previous time period. The load is represented as a percentage of the
total processing capacity of the device."
::= { ps9000Util 1 }
-- The octet string is formatted as follows (where CC is command code, e.g. A0):
--
-- <measurement period in seconds>,<num commands in report><LINE FEED>
-- "CC",<total number commands>;"CC",<total number commands>; ... etc...
ps9000UtilHostCmdVolume OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..484))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Lists all host commands that have been processed within the previous time
period and the number of transactions processed per second. Note that if a large variety of
commands are processed, then this list may be incomplete and will contain the commands that
consumed the highest proportion of the device's capacity."
::= { ps9000Util 2 }
ps9000UtillEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if Utilization turned on"
::= { ps9000Util 3 }
ps9000StateDevice OBJECT-TYPE
SYNTAX INTEGER {
payshieldStateUnavailable (1),
payshieldStateOnline (2),
payshieldStateOffline (3),
payshieldStateSecure (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the current state of the Payshield 9000"
::= { ps9000State 1 }
ps9000StateTamperState OBJECT-TYPE
SYNTAX INTEGER {
ps9000StateTamperStateUnknown (1),
ps9000StateTamperStateOK (2),
ps9000StateTamperStateTamper (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether the device is currently in a tamper state."
::= { ps9000StateTamper 1 }
ps9000StateTamperDate OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Date and Time that the last tamper event occurred. A NULL value indicates
that the unit has not registered any tamper events."
::= { ps9000StateTamper 2 }
ps9000StateTamperCause OBJECT-TYPE
SYNTAX INTEGER {
ps9000StateTamperUnavailable (1),
ps9000StateTamperCauseTempOutOfRange (2),
ps9000StateTamperCauseBatteryLow (3),
ps9000StateTamperCauseEraseButtonPressed (4),
ps9000StateTamperCauseSecurityProcessorWatchdog (5),
ps9000StateTamperCauseSecurityProcessorRestart (6),
ps9000StateTamperCausePowerTooHigh (7),
ps9000StateTamperCauseMotionDetected (8),
ps9000StateTamperCauseCaseTampered (9),
ps9000StateTamperCauseTSPPModule (10),
ps9000StateTamperGeneral (11)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The cause of the last tamper event"
::= { ps9000StateTamper 3 }
ps9000LmkNumLoaded OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
ps9000LmkNumTestLmksLoaded OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of 'test' LMKs loaded (as opposed to production). When
the Payshield 9000 is operating in a live environment, no test LMKs should be loaded and this
field should be returned as 0."
::= { ps9000Lmk 2 }
ps9000LmkNumOldLmksLoaded OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of old LMKs currently loaded in the Payshield 9000. Old
LMKs should be stored in the device only as long as they are needed for translation purposes.
Once all LMK-protected data has been placed under the control of the new LMK set, then the old
LMK set should be deleted."
::= { ps9000Lmk 3 }
ps9000LmkStatusTable OBJECT-TYPE
SYNTAX SEQUENCE OF Ps9000LmkStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"A table that returns the status of all possible LMK sets."
::= { ps9000Lmk 4 }
ps9000LmkStatusEntry OBJECT-TYPE
SYNTAX Ps9000LmkStatusEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Row in the LMK Status table"
INDEX { ps9000LmkStatusIndex }
::= { ps9000LmkStatusTable 1 }
ps9000LmkStatusScheme
INTEGER,
ps9000LmkStatusAlgorithm
INTEGER,
ps9000LmkStatusLiveTest
INTEGER,
ps9000LmkStatusComments
OCTET STRING,
ps9000LmkStatusCheckDigits
DisplayString
}
ps9000LmkStatusIndex OBJECT-TYPE
SYNTAX Integer32 (1..20)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The index into the LMK Status table"
::= { ps9000LmkStatusEntry 1 }
ps9000LmkStatusLoaded OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates whether or not an LMK set is currently loaded at this index in the
table. Returns TRUE if loaded, else FALSE."
::= { ps9000LmkStatusEntry 2 }
ps9000LmkStatusAuth OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Authorised state of this LMK set. A value of TRUE indicates that the LMK is in
an authorised state; FALSE indicates that it is not authorised."
::= { ps9000LmkStatusEntry 3 }
ps9000LmkStatusNumAuthActivities OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the number of authorised activities if the Payshield 9000 is set to
Multi-Auth mode. If not in multi-auth mode, this node returns 0."
::= { ps9000LmkStatusEntry 4 }
ps9000LmkStatusScheme OBJECT-TYPE
SYNTAX INTEGER {
lmkSchemeUnknown (1),
lmkSchemeVariant (2),
lmkSchemeKey Block (3),
lmkSchemeAes (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the scheme of the loaded LMK set (variant, key block, or AES)"
::= { ps9000LmkStatusEntry 5 }
ps9000LmkStatusAlgorithm OBJECT-TYPE
SYNTAX INTEGER {
lmkAlgorithmUnknown (1),
lmkAlgorithm3Des2Key (2),
lmkAlgorithm3Des3Key (3),
lmkAlgorithmAes256 (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the algorithm use by the LMK set for encryption. "
::= { ps9000LmkStatusEntry 6 }
ps9000LmkStatusLiveTest OBJECT-TYPE
SYNTAX INTEGER {
lmkStatusUnknown (1),
lmkStatusLive (2),
lmkStatusTest (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the status of the currently loaded LMK set. This will be either
'Live' or 'Test'. Note that test LMKs should not be loaded into a Payshield 9000 operating in
a live customer environment."
::= { ps9000LmkStatusEntry 7 }
ps9000LmkStatusComments OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..41))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Textual description of the LMK set loaded. A string of length 0 indicates that
no description is stored"
::= { ps9000LmkStatusEntry 8 }
ps9000LmkStatusCheckDigits OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates the check digits for an LMK. "
::= { ps9000LmkStatusEntry 9 }
ps9000CommsMgmtConsoleState OBJECT-TYPE
SYNTAX INTEGER {
ps9000CommsMgmtConsoleStateUp (1),
ps9000CommsMgmtConsoleStateDown (2),
ps9000CommsMgmtConsoleStateDisabledByGui (3),
ps9000CommsMgmtConsoleStateUnavailable (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates whether the process to service Console Management requests is
currently running. ps9000CommsMgmtConsoleStateUp (1) indicates that it is; all the other
states indicate that the console is currently inactive. "
::= { ps9000CommsMgmt 1 }
ps9000CommsMgmtGuiState OBJECT-TYPE
SYNTAX INTEGER {
ps9000CommsMgmtGuiStateUp (1),
ps9000CommsMgmtGuiStateDown (2),
ps9000CommsMgmtGuiStateUnavailable (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates whether the process to service GUI requests is currently running.
ps9000CommsMgmtGuiStateUp (1) indicates that it is; all the other states indicate that the GUI
is currently inactive. "
::= { ps9000CommsMgmt 2 }
ps9000CommsHostAsyncServer OBJECT-TYPE
SYNTAX INTEGER {
ps9000CommsHostAsyncServerUp (1),
ps9000CommsHostAsyncServerDown (2),
ps9000CommsHostAsyncServerNotEnabled (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates whether the process to service host commands is currently running
over the Async host port. ps9000CommsHostAsyncServerUp (1) indicates that it is; all the other
states indicate that Async is currently inactive. "
::= { ps9000CommsHost 1 }
ps9000CommsHostTcpServer OBJECT-TYPE
SYNTAX INTEGER {
ps9000CommsHostTcpServerUp (1),
ps9000CommsHostTcpServerDown (2),
ps9000CommsHostTcpServerNotEnabled (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates whether the process to service host commands is currently running
over the Ethernet host port using the TCP protocol. ps9000CommsHostTcpServerUp (1) indicates
that it is; all the other states indicate that TCP is currently inactive. "
::= { ps9000CommsHost 2 }
ps9000CommsHostUdpServer OBJECT-TYPE
SYNTAX INTEGER {
ps9000CommsHostUdpServerUp (1),
ps9000CommsHostUdpServerDown (2),
ps9000CommsHostUdpServerNotEnabled (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates whether the process to service host commands is currently running
over the Ethernet host port using the UDP protocol. ps9000CommsHostUdpServerUp (1) indicates
that it is; all the other states indicate that UDP is currently inactive. "
::= { ps9000CommsHost 3 }
ps9000CommsHostFiconServer OBJECT-TYPE
SYNTAX INTEGER {
ps9000CommsHostFiconServerUp (1),
ps9000CommsHostFiconServerDown (2),
ps9000CommsHostFiconServerNotEnabled (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates whether the process to service host commands is currently running
over the FICON host port. ps9000CommsHostFiconServerUp (1) indicates that it is; all the other
states indicate that FICON is currently inactive. "
::= { ps9000CommsHost 4 }
ps9000HostPortEthernet1 OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostPortEthernet1Up (1),
ps9000HostPortEthernet1Down (2),
ps9000HostPortEthernet1Unavailable (3),
ps9000HostPortEthernet1NotConfigured (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates if the first host ethernet port is up and running."
::= { ps9000HostPort 1 }
ps9000HostPortEthernet2 OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostPortEthernet2Up (1),
ps9000HostPortEthernet2Down (2),
ps9000HostPortEthernet2Unavailable (3),
ps9000HostPortEthernet2NotConfigured (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
" Indicates if the second host ethernet port is up and running."
::= { ps9000HostPort 2 }
ps9000HostPortAsync OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostPortAsyncUp (1),
ps9000HostPortAsyncDown (2),
ps9000HostPortAsyncUnavailable (3),
ps9000HostPortAsyncNotConfigured (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates if the Async Port (if present) is up and running."
::= { ps9000HostPort 3 }
ps9000HostPortFicon OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostPortFiconUp (1),
ps9000HostPortFiconDown (2),
ps9000HostPortFiconUnavailable (3),
ps9000HostPortFiconNotConfigured (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Indicates if the FICON port (if present) is up and running."
::= { ps9000HostPort 4 }
ps9000SystemDateAndTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The date and time as reported by the system's Real Time Clock."
::= { ps9000System 1 }
ps9000SystemSerialNum OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Displays the serial number of the Payshield 9000."
::= { ps9000System 2 }
ps9000FraudPinVerifyLimitsExceeded OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Returns TRUE if fraud detection is turned on, and either the allowable PIN
verifications/minute, or PIN verifications/hour, have been exceeded."
::= { ps9000Fraud 1 }
ps9000FraudPinAttackLimitsExceeded OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Returns TRUE if Fraud detection is turned on, AND the total number of PIN
attacks have exceeded the allowed count."
::= { ps9000Fraud 2 }
ps9000VersionSoftwareBaseRelease OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Software base release of software running on the Payshield.
"
::= { ps9000Version 1 }
ps9000VersionSoftwareRevision OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Software Revision of the software running on the Payshield.
"
::= { ps9000Version 2 }
ps9000VersionSoftwareBuildNumber OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Build number of the software running on the Payshield.
"
::= { ps9000Version 3 }
ps9000VersionSoftwareHSMCoreAPIVersion OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"HSM core API version of the software running on the Payshield.
"
::= { ps9000Version 4 }
ps9000LicensingPerformanceModel OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum transactions per second this unit is licensed for."
::= { ps9000Licensing 1 }
ps9000LicensingOptionalLicenseCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of optional licences this Payshield unit has installed."
::= { ps9000Licensing 2 }
ps9000LicensingOptionalLicensesList OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..2048))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The optional licenses this Payshield unit is licenced for separated by ';'
"
::= { ps9000Licensing 3 }
ps9000LicensingCryptoAlgorithmCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of Cryptographic Algorithms enabled by the Payshield's licencing."
::= { ps9000Licensing 4 }
ps9000LicensingCryptoAlgorithmList OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The list of Crypto Algorithms the licencing supports. These will be
descriptive strings each
terminated by a semi-colon ';'.
There will be ps9000LicensingCryptoAlgorithmCount of them."
::= { ps9000Licensing 5 }
ps9000EnabledHostCommandsCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of host commands enabled on this Payshield.
"
::= { ps9000EnabledHostCommands 1 }
ps9000EnabledHostCommandsList OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..2048))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Enitre list of enabled commands separated by a semi-colon ';'.
"
::= { ps9000EnabledHostCommands 2 }
ps9000LogsErrorlogTotalCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of entries in the errorlog
"
::= { ps9000LogsErrorlog 1 }
ps9000LogsAuditlogTotalCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Total number of entries in the audit log.
"
::= { ps9000LogsAuditlog 1 }
ps9000HealthDiagSelfTestTimeOfDay OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of minutess after midnite the diagnostic tests begins at.
"
::= { ps9000HealthDiagSelfTest 1 }
ps9000HealthDiagSelfTestOK OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True unless one or more of the tests in the last self test failed .
"
::= { ps9000HealthDiagSelfTest 2 }
ps9000HealthDiagSelfTestCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of self tests run last test cycle on this Payshield.
"
::= { ps9000HealthDiagSelfTest 3 }
ps9000HealthDiagSelfTestList OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..2048))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The complete results of the last run self test.
Syntax of string Testname:testresult;
Test/results pairs are separated by a colon ':'
They are delimited by a semi-colon ; .
Results are the string 'passed' or 'failed'.
There are ps9000HealthDiagSelfTestCount of them.
"
::= { ps9000HealthDiagSelfTest 4 }
ps9000HealthHealthCheckEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
ps9000HealthCheckCountsStartTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Date/Time of last health stats reset."
::= { ps9000HealthCheckCounts 2 }
ps9000HealthCheckCountsEndTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Date/time of when stats collecting was last disabled.
If health stats are not disabled, the Date/Time when this field was read."
::= { ps9000HealthCheckCounts 3 }
ps9000HealthCheckCountsRebootCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of times the Payshield rebooted since the last reset of health
counters"
::= { ps9000HealthCheckCounts 4 }
ps9000HealthCheckCountsTamperCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of tampers detected since the last reset of health counters."
::= { ps9000HealthCheckCounts 5 }
ps9000HealthCheckCountsPinFailuresMinuteLimit OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of minutes in which the maximum pin verify failures was exceeded
since the last reset of health counters"
::= { ps9000HealthCheckCounts 6 }
ps9000HealthCheckCountsPinFailuresHourLimit OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of hours in which the maximum allowable pin failures per hour was
exceeded since the last reset of health counters"
::= { ps9000HealthCheckCounts 7 }
ps9000HealthCheckCountsPinAttackLimitExceeded OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of times the pin attack limit was exceeded since the last reset of
health counters"
::= { ps9000HealthCheckCounts 8 }
ps9000HostConnectionEthernetEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether the Payshield is configured to provide ethernet host interfaces. "
::= { ps9000HostConnection 1 }
ps9000HostConnectionAsyncEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether the Payshield is configured to provide an async host interface."
::= { ps9000HostConnection 2 }
ps9000HostConnectionFiconEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether or not the Payshield is configured to provide a FICON host interface."
::= { ps9000HostConnection 3 }
ps9000HostConnectionEthernetIIfCount OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of physical ethernet interfaces enabled to process host commands.
This will be 1 or 2."
::= { ps9000HostConnectionEthernet 1 }
ps9000HostConnectionEthernetSSLEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"If true TLS/SSL has been enabled."
::= { ps9000HostConnectionEthernet 2 }
ps9000HostConnectionEthernetACLsEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether Access Control Lists are enabled."
::= { ps9000HostConnectionEthernet 3 }
ps9000HostConnectionEthernetUDPEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether UDP is enabled."
::= { ps9000HostConnectionEthernet 4 }
ps9000HostConnectionEthernetTCPEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether TCP is enabled."
::= { ps9000HostConnectionEthernet 5 }
ps9000HostConnectionEthernetMaxTcpConnections OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The maximum number of TCP sessions allowed per interface.
(0-64)"
::= { ps9000HostConnectionEthernet 6 }
ps9000HostConnectionEthernetTcpKeepalive OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"TCP keep alive timeout in minutes.
(0-120)
"
::= { ps9000HostConnectionEthernet 7 }
ps9000HostConnectionEthernetWellKnownPortTcp OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The well known TCP port
(0-65535)"
::= { ps9000HostConnectionEthernet 8 }
ps9000HostConnectionEthernetWellKnownPortTls OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The well known TLS port.
(0-65535)"
::= { ps9000HostConnectionEthernet 9 }
ps9000HostConnectionEthernetTable OBJECT-TYPE
SYNTAX SEQUENCE OF Ps9000HostConnectionEthernetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The interface specific ethernet configuration/status information.
For interfaces that are disabled or fields that are not relevent,
all values will be set to a NULL value."
::= { ps9000HostConnectionEthernet 10 }
ps9000HostConnectionEthernetEntry OBJECT-TYPE
SYNTAX Ps9000HostConnectionEthernetEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
INDEX { ps9000HostConnectionEthernetIndex }
::= { ps9000HostConnectionEthernetTable 1 }
ps9000HostConnectionEthernetConfigMethod
INTEGER,
ps9000HostConnectionEthernetHostName
DisplayString,
ps9000HostConnectionEthernetIpAddress
IpAddress,
ps9000HostConnectionEthernetSubnetMask
IpAddress,
ps9000HostConnectionEthernetGateway
IpAddress,
ps9000HostConnectionEthernetMacAddress
MacAddress,
ps9000HostConnectionEthernetPortSpeed
DisplayString,
ps9000HostConnectionNumberOfConnectionsUsed
Integer32
}
ps9000HostConnectionEthernetIndex OBJECT-TYPE
SYNTAX Integer32 (1..2)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
""
::= { ps9000HostConnectionEthernetEntry 1 }
ps9000HostConnectionEthernetConfigured OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Tells whether a row of the table is configured. For a 1 interface system it is
possible
that the configured interface could be either the first or second one.
"
::= { ps9000HostConnectionEthernetEntry 2 }
ps9000HostConnectionEthernetInterfaceNumber OBJECT-TYPE
SYNTAX Integer32 (1..2)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This binds a row to a physical host ethernet interface.
1 corresponds to Ethernet interface HostPortEthernet1
2 corresponds to Ethernet interface HostPortEthernett2"
::= { ps9000HostConnectionEthernetEntry 3 }
ps9000HostConnectionEthernetConfigMethod OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionEthernetConfigMethodStatic (0),
ps9000HostConnectionEthernetConfigMethodDHCP (1),
ps9000HostConnectionEthernetConfigMethodUnknown (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"DHCP and static ip configuration are the possibilities . When we are
statically configured we report
the addresses and such are set from the payShield's configuration. When we use
DHCP these
values are configured by the network.
"
::= { ps9000HostConnectionEthernetEntry 4 }
ps9000HostConnectionEthernetHostName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Network Name is present for a DHCP configured port only.
If the ethernet port is configured statically set to 'NotApplicable'.
If the ethernet port is not configured set to 'Interface not enabled'."
::= { ps9000HostConnectionEthernetEntry 5 }
ps9000HostConnectionEthernetIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"IP address for this interface.
If this interface is not enabled returns 000.000.000.000"
::= { ps9000HostConnectionEthernetEntry 6 }
ps9000HostConnectionEthernetSubnetMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Subnet mask for this interface.
If this interface is not enabled returns 000.000.000.000"
::= { ps9000HostConnectionEthernetEntry 7 }
ps9000HostConnectionEthernetGateway OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Gateway ip address used by this interface.
if this interface is not enabled returns 000,000,000,000"
::= { ps9000HostConnectionEthernetEntry 8 }
ps9000HostConnectionEthernetMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"MAC address for this ethernet interface.
If this ionterface is not enabled returns 00.00.00.00.00.00"
::= { ps9000HostConnectionEthernetEntry 9 }
ps9000HostConnectionEthernetPortSpeed OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Describes the speed/duplex this port is configured at.
If the port is configured for 'ethernet autoselect' returns:
'ethernet autoselect(speed/duplex )'
If the ethernet interface is not confiigured returns:
'Interface not enabled'"
::= { ps9000HostConnectionEthernetEntry 10 }
ps9000HostConnectionNumberOfConnectionsUsed OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Number of TCP connections in use for this physical interface.
range (0-ps9000HostConnectionMaxTcpConnections)"
::= { ps9000HostConnectionEthernetEntry 11 }
ps9000HostConnectionAsyncMode OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionAsyncAsync (0),
ps9000HostConnectionAsyncTransparent (1),
ps9000HostConnectionAsyncModeUnknown (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The Payshield async host interface can be configured for Async and Transparent
formatting of the async data stream."
::= { ps9000HostConnectionAsync 1 }
ps9000HostConnectionAsyncTerminatingSequence OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(2))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Two hex values each 0 to 255.
"
::= { ps9000HostConnectionAsync 2 }
ps9000HostConnectionAsyncDeviceName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the async controller
example:
USB-Serial Controller by Prolific Technology Inc."
::= { ps9000HostConnectionAsync 3 }
ps9000HostConnectionPortName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"A string describing the name of the physical port. This was selected by the
user when
the serial port was configured.
"
::= { ps9000HostConnectionAsync 4 }
ps9000HostConnectionAsyncStatus OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionAsyncReady (0),
ps9000HostConnectionAsyncMissing (1),
ps9000HostConnectionAsyncUnavailable (2),
ps9000HostConnectionAsyncError (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The status of the Host Async interface"
::= { ps9000HostConnectionAsync 5 }
ps9000HostConnectionAsyncBaud OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionAsyncBaudUnknown (0),
ps9000HostConnectionAsyncBaud1200 (1200),
ps9000HostConnectionAsyncBaud2400 (2400),
ps9000HostConnectionAsyncBaud4800 (4800),
ps9000HostConnectionAsyncBaud9600 (9600),
ps9000HostConnectionAsyncBaud19200 (19200),
ps9000HostConnectionAsyncBaud38400 (38400),
ps9000HostConnectionAsyncBaud57600 (57600),
ps9000HostConnectionAsyncBaud115200 (115200)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The baud rate for the host async interface. "
::= { ps9000HostConnectionAsync 6 }
ps9000HostConnectionAsyncDataBits OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionAsyncDataBits5 (5),
ps9000HostConnectionAsyncDataBits6 (6),
ps9000HostConnectionAsyncDataBits7 (7),
ps9000HostConnectionAsyncDataBits8 (8),
ps9000HostConnectionAsyncDataBitsUnknown (99)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of data bits for the host async interface.
"
::= { ps9000HostConnectionAsync 7 }
ps9000HostConnectionAsyncStopBits OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionAsyncStopBits1 (1),
ps9000HostConnectionAsyncStopBits2 (2),
ps9000HostConnectionAsyncStopBitsUnknown (99)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The number of stop bits for the host async interface.
"
::= { ps9000HostConnectionAsync 8 }
ps9000HostConnectionAsyncFlowControl OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionAsyncFlowControlNone (0),
ps9000HostConnectionAsyncFlowControlHW (1),
ps9000HostConnectionAsyncFlowControlSW (2),
ps9000HostConnectionAsyncFlowControlUnknown (4)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The flow control setting of the host async interface."
::= { ps9000HostConnectionAsync 9 }
ps9000HostConnectionAsyncParity OBJECT-TYPE
SYNTAX INTEGER {
ps9000HostConnectionAsyncParityOdd (0),
ps9000HostConnectionAsyncParityEven (1),
ps9000HostConnectionAsyncParityNone (2),
ps9000HostConnectionAsyncParityUnknown (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The parity setting of the host async interface."
::= { ps9000HostConnectionAsync 10 }
ps9000HostConnectionFiconControlUnitImage OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This is the control unit address defined in the mainframe I/O definition
(CUADD on CNTLUNIT statement).
(0-255)"
::= { ps9000HostConnectionFicon 1 }
ps9000HostConnectionFiconControlUnitAddress OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The starting unit address for this control unit.
16 devices are enumerated from this point (UNITADD on CNTLUNIT statement).
(0-255)"
::= { ps9000HostConnectionFicon 2 }
ps9000HostConnectionFiconMIH OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This specifies the missing interrupt handler value to be used in the read
device
characteristics CCW for the mainframe. It is in minutes.
If set to 0, the mainframe setting is used
(0-60)"
::= { ps9000HostConnectionFicon 3 }
ps9000ManagementEthernetEnabled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether payShield Manager is enabled."
::= { ps9000ManagementEthernet 1 }
ps9000ManagementEthernetConfigMethod OBJECT-TYPE
SYNTAX INTEGER {
ps9000ManagementEthernetConfigMethodStatic (0),
ps9000ManagementEthernetConfigMethodDHCP (1),
ps9000ManagementEthernetConfigMethodUnknown (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The method the management ethernet interface uses to obtain its ethernet
address.
ps9000ManagementEthernetConfigMethodStatic - uses local stored information
ps9000ManagementEthernetConfigMethodDHCP - obtains settings from the network"
::= { ps9000ManagementEthernet 2 }
ps9000ManagementEthernetNetworkName OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name the Payshield assigns to this interface if in DHCP mode.
If the ethernet port is configured statically set to 'DoesNotApply'."
::= { ps9000ManagementEthernet 3 }
ps9000ManagementEthernetIpAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The managment ethernet interface's ip address.
If ps9000ManagementEthernetConfigMethod is set to DHCP, it will be set by the
network.
If ps9000ManagementEthernetConfigMethoS is set to static it will be set to the
payShield's
configured value.
A value of 00:00:00:00 means it is not successfuly fetched."
::= { ps9000ManagementEthernet 4 }
ps9000ManagementEthernetSubnetMask OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The managment ethernet interface's ip subnet mask.
If ps9000ManagementEthernetConfigMethod is set to DHCP, it will be set by the
network.
If ps9000ManagementEthernetConfigMethodt is set to static it will be to the
Payshield's
configured value.
A value of 00:00:00:00 means it was not successfuly fetched."
::= { ps9000ManagementEthernet 5 }
ps9000ManagementEthernetGateway OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The managment ethernet interface's ip gateway address.
If ps9000ManagementEthernetConfigMethod is set to DHCP, it will be set by the
network.
If ps9000ManagementEthernetConfigMethod is set to Static it will be set to the
Payshield's
configured value.
A value of 00:00:00:00 means it was not successfuly fetched."
::= { ps9000ManagementEthernet 6 }
ps9000ManagementEthernetMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The managment ethernet interface's MAC address.
Will be set to 00:00:00:00:00:00 if not successfuly fetched."
::= { ps9000ManagementEthernet 7 }
ps9000ManagementEthernetPortSpeed OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"String that describes the speed configured and the actual connection
properties.
Form is config (actual)
eg : ethernet autoselect (100baseTX full-duplex)"
::= { ps9000ManagementEthernet 8 }
ps9000ManagementConsoleBaud OBJECT-TYPE
SYNTAX INTEGER {
ps9000ManagementConsoleBaudUnknown (0),
ps9000ManagementConsoleBaud1200 (1200),
ps9000ManagementConsoleBaud2400 (2400),
ps9000ManagementConsoleBaud4800 (4800),
ps9000ManagementConsoleBaud9600 (9600),
ps9000ManagementConsoleBaud19200 (19200),
ps9000ManagementConsoleBaud38400 (38400),
ps9000ManagementConsoleBaud57600 (57600),
ps9000ManagementConsoleBaud115200 (115200)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Baud rate for Management console async interface."
::= { ps9000ManagementConsole 1 }
ps9000ManagementConsoleDataBits OBJECT-TYPE
SYNTAX INTEGER {
ps9000ManagementConsoleDataBits5 (5),
ps9000ManagementConsoleDataBits6 (6),
ps9000ManagementConsoleDataBits7 (7),
ps9000ManagementConsoleDataBits8 (8),
ps9000ManagementConsoleDataBitsUnknown (99)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The length of data in bits for the management console async interface, "
::= { ps9000ManagementConsole 2 }
ps9000ManagementConsoleStopBits OBJECT-TYPE
SYNTAX INTEGER {
ps9000ManagementConsoleStopBits1 (1),
ps9000ManagementConsoleStopBits2 (2),
ps9000ManagementConsoleStopBitsUnknown (99)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Number of stop bits for the Console Management async interface. "
::= { ps9000ManagementConsole 3 }
ps9000ManagementConsoleFlowControl OBJECT-TYPE
SYNTAX INTEGER {
ps9000ManagementConsoleFlowControlNone (0),
ps9000ManagementConsoleFlowControlSW (1),
ps9000ManagementConsoleFlowControlHW (2),
ps9000ManagementConsoleFlowControlUnknown (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Flow control setting for the management console async interface."
::= { ps9000ManagementConsole 4 }
ps9000ManagementConsoleParity OBJECT-TYPE
SYNTAX INTEGER {
ps9000ManagementConsoleParityNone (0),
ps9000ManagementConsoleParityOdd (1),
ps9000ManagementConsoleParityEven (2),
ps9000ManagementConsoleParityUnknown (3)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The parity setting of the management console async interface."
::= { ps9000ManagementConsole 5 }
ps9000Printer-LF-CR-reversed OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Whether CR and LF are reversed "
::= { ps9000Printer 1 }
ps9000PrinterTimeout-ms OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Printer timeout value in milliseconds.
(1000, 86400000)"
::= { ps9000Printer 2 }
ps9000PrinterDelay-ms OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Printer delay in milliseconds
(0-7200000)"
::= { ps9000Printer 3 }
ps9000PrinterReport OBJECT-TYPE
SYNTAX OCTET STRING (SIZE(0..2000))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The report of the dynamic state of printers in the system as produced fo QP
and the
payShield Manager. It will consist of printable characters."
::= { ps9000Printer 4 }
ps9000SettingsPCICompliant OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"True if all security settings are PCI compliant.
"
::= { ps9000Settings 1 }
ps9000FanID OBJECT-TYPE
SYNTAX INTEGER {
ps9000Fan1 (1),
ps9000Fan2 (2)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Identifies fan1 or fan2."
::= { ps9000AlarmFans 1 }
ps9000FanState OBJECT-TYPE
SYNTAX INTEGER {
ps9000FanOK (0),
ps9000FansCtl (1),
ps9000FanFail (2),
ps9000FanSlow (3),
ps9000FanFast (4)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Provides the status of a fan."
::= { ps9000AlarmFans 2 }
ps9000PsuNumber OBJECT-TYPE
SYNTAX INTEGER {
ps9000PSU-1 (1),
ps9000PSU-2 (2)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Identifies the power supply unit. 1 or 2."
::= { ps9000AlarmPSU 1 }
ps9000BadDataPhysicalPort OBJECT-TYPE
SYNTAX INTEGER {
ps9000Host1 (1),
ps9000Host2 (2),
ps9000Async (3),
ps9000Ficon (4)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The Physical port the bad data was detected on."
::= { ps9000AlarmBadPortData 1 }
ps9000BadDataProtocol OBJECT-TYPE
SYNTAX INTEGER {
ps9000TCP (0),
ps9000UDP (1),
ps9000Async (2),
ps9000Ficon (3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The method that bad data detected was transmitted."
::= { ps9000AlarmBadPortData 2 }
ps9000ErrorLogData OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"A textual error log entry as stored in the system. "
::= { ps9000AlarmErrorLog 1 }
ps9000BatteryState OBJECT-TYPE
SYNTAX INTEGER {
ps9000BatteryStateOK (0),
ps9000BatteryStateWarning (1),
ps9000BatteryStateFailure (2)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"State of the battery. "
::= { ps9000AlarmBattery 1 }
ps9000DiagnosticID OBJECT-TYPE
SYNTAX INTEGER {
ps9000Diag-AES (1),
ps9000Diag-DES (2),
ps9000Diag-MD5 (3),
ps9000Diag-Memory (4),
ps9000Diag-Power (5),
ps9000Diag-RNG (6),
ps9000Diag-RSA (7),
ps9000Diag-RTC (8),
ps9000Diag-SHA (9),
ps9000Diag-Temperature (10),
ps9000Diag-Fans (11),
ps9000Diag-Voltage (12),
ps9000Diag-cust1 (13),
ps9000Diag-cust2 (14),
ps9000Diag-cust3 (15),
ps9000Diag-cust4 (16),
ps9000Diag-cust5 (17),
ps9000Diag-cust6 (18),
ps9000Diag-cust7 (19),
ps9000Diag-cust8 (20),
ps9000Diag-cust9 (21),
ps9000Diag-cust10 (22),
ps9000Diag-cust11 (23),
ps9000Diag-cust12 (24),
ps9000Diag-cust13 (25),
ps9000Diag-cust14 (26),
ps9000Diag-cust15 (27),
ps9000Diag-cust16 (28),
ps9000Diag-cust17 (29),
ps9000Diag-cust18 (30),
ps9000Diag-cust19 (31),
ps9000Diag-cust120 (32),
ps9000Diag-Async (33),
ps9000Diag-Udp (34),
ps9000Diag-Tcp (35),
ps9000Diag-Ficon (36),
ps9000Diag-custproto1 (37),
ps9000Diag-custproto2 (38),
ps9000Diag-custproto3 (39),
ps9000Diag-custproto4 (40),
ps9000Diag-custproto5 (41),
ps9000Diag-custproto6 (42),
ps9000Diag-custproto7 (43),
ps9000Diag-custproto8 (44)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Diagnostic identifier as a code."
::= { ps9000AlarmDiagnostic 1 }
ps9000DiagnosticString OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Diagnostic identifier as a string."
::= { ps9000AlarmDiagnostic 2 }
ps9000FraudType OBJECT-TYPE
SYNTAX INTEGER {
ps9000FraudExceededFailuresPerMinute (1),
ps9000FraudExceededFailuresPerHour (2),
ps9000FraudExceededAttackLimit (3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates what sort of Fraud event took place."
::= { ps9000AlarmFraud 1 }
ps9000AlarmEraseTimeandDate OBJECT-TYPE
SYNTAX DateAndTime (SIZE(8))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"Indicates the time and date the erase button was pressed."
::= { ps9000AlarmErase 1 }
ps9000ModifiedSetting OBJECT-TYPE
SYNTAX INTEGER {
ps9000ModifiedSecuritySetting (1),
ps9000ModifiedPciSetting (2),
ps9000ModifiedAuditedItems (3),
ps9000ModifiedEnabledPinblocks (4)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
ps9000PowerOnAlarm NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"SNMP Trap indicating the unit has been powered up."
::= { ps9000tTraps 1 }
ps9000RestartAlarm NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"SNMP trap generated when the reset button has been pressed."
::= { ps9000tTraps 2 }
ps9000EraseAlarm NOTIFICATION-TYPE
OBJECTS { ps9000AlarmEraseTimeandDate }
STATUS current
DESCRIPTION
"SNMP trap indicating that the Erase button was pressed."
::= { ps9000tTraps 3 }
ps9000NewLicenceAlarm NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"SNMPA trap indicating the instalation of a new licence."
::= { ps9000tTraps 4 }
ps9000NewSoftwareAlarm NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"SNMP Trap indicating that new software has been installed."
::= { ps9000tTraps 5 }
ps9000PSUFailureAlarm NOTIFICATION-TYPE
OBJECTS { ps9000PsuNumber }
STATUS current
DESCRIPTION
"SNMP trap indicating that a Power supply unit has failed."
::= { ps9000tTraps 6 }
ps9000BatteryAlarm NOTIFICATION-TYPE
OBJECTS { ps9000BatteryState }
STATUS current
DESCRIPTION
"SNMP trap indicating a battery problem. Either it is in the warning zone of
2.5volts - 2.8 volts
or in the fault zone of < 2.5 volts."
::= { ps9000tTraps 7 }
ps9000FanAlarm NOTIFICATION-TYPE
OBJECTS { ps9000FanID,
ps9000FanState }
STATUS current
DESCRIPTION
"SNMP trap notifying that a Fan is Operating incorrectly."
::= { ps9000tTraps 8 }
ps9000TamperAlarm NOTIFICATION-TYPE
OBJECTS { ps9000StateTamperCause,
ps9000StateTamperDate,
ps9000StateTamperState }
STATUS current
DESCRIPTION
"SNMP trap indicating a tamper has been detected. Detected tamper is reported."
::= { ps9000tTraps 9 }
ps9000HostPortBadDataAlarm NOTIFICATION-TYPE
OBJECTS { ps9000BadDataPhysicalPort,
ps9000BadDataProtocol }
STATUS current
DESCRIPTION
"SNMP Trap indicating that protocol breaking data has arrived on a port.
Indicates which physical interface it arrived on and what protocol was being
used."
::= { ps9000tTraps 10 }
ps9000FraudAlarm NOTIFICATION-TYPE
OBJECTS { ps9000FraudType }
STATUS current
DESCRIPTION
"SNMP Trap that indicates a fraud limit was exceeded. "
::= { ps9000tTraps 11 }
ps9000DiagnosticTestFailureAlarm NOTIFICATION-TYPE
OBJECTS { ps9000DiagnosticID,
ps9000DiagnosticString }
STATUS current
DESCRIPTION
"SNMP Trap indicating a diagnostivc test has failed. Indicates which test
failed."
::= { ps9000tTraps 12 }
ps9000ErrorlogAlarm NOTIFICATION-TYPE
OBJECTS { ps9000ErrorLogData }
STATUS current
DESCRIPTION
"SNMP Trap that indicates an errorlog entry has been filed. Contains the
entry."
::= { ps9000tTraps 13 }
ps9000SettingsModifiedAlarm NOTIFICATION-TYPE
OBJECTS { ps9000ModifiedSetting }
STATUS current
DESCRIPTION
"SNMP Trap that indicates a setting of the Payshield has been modified
.It includes a ps9000ModifiedSetting object which ids which setting was
changed."
::= { ps9000tTraps 14 }
END
-- This MIB was created using NuDesign Team's Visual MIBuilder (Ver 4.7).