DEP Documentation DEP Glossary

Transcription

1 Haachtsesteenweg Brussels Belgium DEP Documentation DEP Glossary Version: 04.00

2 Atos Worldline - Technology & Products / Engineering / DEP Page: 2/29 Version Management Report Version Name(s) Date Comments TheSteamFactory 19/09/2000 Initial version TheSteamFactory 26/12/2000 Continue F. Demaertelaere 12/02/2001 Final version F. Demaertelaere 26/11/2002 Documentation platform independent F. Demaertelaere 06/12/2002 Small remarks F. Demaertelaere 20/02/2003 After crash of document P.Stienon 02/08/2005 Add of items P.Stienon, Bernard Durieux, I. de Aguirre 03/02/2006 Add of DEP/T6 product, new disclaimer and some others items P.Stienon 11/01/2008 New C-ZAM/DEP Xentissimo Anna Papayan Add of items

3 Atos Worldline - Technology & Products / Engineering / DEP Page: 3/29 CONFIDENTIALITY The information in this document is confidential and shall not be disclosed to any third party in whole or in part without the prior written consent of Atos Worldline S.A./N.V. COPYRIGHT The information in this document is subject to change without notice and shall not be construed as a commitment by Atos Worldline S.A./N.V. The content of this document, including but not limited to trademarks, designs, logos, text, images, is the property of Atos Worldline S.A/N.V. and is protected by the Belgian Act of related to author s right and by the other applicable Acts. The contents of this document must not be reproduced in any form whatsoever, by or on behalf of third parties, without the prior written consent of Atos Worldline S.A./N.V. Except with respect to the limited license to download and print certain material from this document for non-commercial and personal use only, nothing contained in this document shall grant any license or right to use any of Atos Worldline S.A./N.V. s proprietary material. LEGAL DISCLAIMER While Atos Worldline S.A./N.V. has made every attempt to ensure that the information contained in this document is correct, Atos Worldline S.A./N.V. does not provide any legal or commercial warranty on the document that is described in this specification. The technology is thus provided as is without warranties of any kind, expressed or implied, included those of merchantability and fitness for a particular purpose. Atos Worldline S.A./N.V. does not warrant or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. To the fullest extent permitted under applicable law, neither Atos Worldline S.A./N.V. nor its affiliates, directors, employees and agents shall be liable to any party for any damages that might result from the use of the technology as described in this document (including without limitation direct, indirect, incidental, special, consequential and punitive damages, lost profits). JURISDICTION AND APPLICABLE LAW These terms shall be governed by and construed in accordance with the laws of Belgium. You irrevocably consent to the jurisdiction of the courts located in Brussels for any action arising from or related to the use of this document. sa Atos Worldline nv Chaussée de Haecht 1442 Haachtsesteenweg B-1130 Bruxelles-Brussel - Belgium RPM-RPR Bruxelles-Brussel - TVA-BTW BE

4 Atos Worldline - Technology & Products / Engineering / DEP Page: 4/29 1. TABLE OF CONTENTS 1. TABLE OF CONTENTS SCOPE OF THE DOCUMENT PRODUCT TERMINOLOGY GLOSSARY OF TERMS KEYS INITIAL AUTHORITY LEVEL BANKSYS AUTHORITY LEVEL CUSTOMER AUTHORITY LEVEL CAPABILITIES ABBREVIATIONS... 27

5 Atos Worldline - Technology & Products / Engineering / DEP Page: 5/29 2. SCOPE OF THE DOCUMENT The DEP Glossary document describes the terms used in the DEP documentation. This document centralises all the definitions and the abbreviations, normally every term is well explained in the appropriate documents. Here you can find the overview of the DEP product terminology. Together with the terminology and definitions, this document lists also some general keys and capabilities by their names and tags. 3. PRODUCT TERMINOLOGY DEP (Data Encryption Peripheral) The DEP is the name of the Banksys Host Security Module product line and is not considered as a product on itself. At this moment, the following DEP products are supported DEP/NT, DEP/Linux, DEP/XP, DEP/T6 and DEP/PCI. DEP/NT DEP/Linux DEP/XP DEP/T6 DEP/PCI DEP Crypto Module The DEP Crypto Module is a name for Atos Worldline own developed hardware responsible for cryptographic operations. Now, there is a DEP/ISA (end of life) and a DEP/PCI considered as DEP Crypto Module. DEP/ISA DEP/PCI

6 Atos Worldline - Technology & Products / Engineering / DEP Page: 6/29 DEP Platform A DEP Platform is either: Any Personal Computer (PC) or server in which one or more DEP Crypto Modules have been installed. Communication to the DEP Crypto Modules is done with software running on the PC or server itself (DEP/NT, DEP/Linux, or DEP/XP). The supervision on the DEP/NT and DEP/Linux can only be done with software running on the same DEP Platform, but for DEP/XP it can also be done with software (DEP/NMS) running on any other PC. A DEP/T6, where communication to the DEP Crypto Modules is done on the DEP/T6 and supervision of the DEP Platform and DEP Crypto Modules is done by the DEP/NMS and DEP/EM programs that are running on any other PC. DEP/ISA The DEP Crypto Module that is connected to the ISA slot of a DEP Platform (only supported in the DEP/NT). It is the first generation of the DEP Crypto Module. DEP/PCI The DEP Crypto Module that is connected to a PCI slot of a DEP Platform. It is the most recent generation of the DEP Crypto Module. The DEP/PCI v3.0 is

7 Atos Worldline - Technology & Products / Engineering / DEP Page: 7/29 Common Criteria EAL3+ certified and the DEP/PCI v4.0 is FIPS140-2 with Security Level3 certified. DEP/NT The DEP/NT is a DEP Platform based on a Windows NT 4.0 operating system with a Graphical User Interface. It supports both the DEP/ISA and the DEP/PCI. DEP/Linux The DEP/Linux is a DEP Platform based on a Linux operating system (minimal Linux kernel 2.4). The supervision is done through command line. It supports only DEP/PCI. DEP/T6 The DEP/T6 is a dedicated Banksys DEP Platform, it is designed with attention to reliability, performance and user-friendliness. It supports a high resolution graphic LCD, three soft menu keys and DEP/PCI.

8 Atos Worldline - Technology & Products / Engineering / DEP Page: 8/29 DEP/XP The DEP/XP is a DEP Platform based on a Windows XP operating system with Graphical User Interface. It supports only DEP/PCI. C-ZAM/DEP The C-ZAM/DEP is an independent chip card reader/encoder used to administer (loading keys and capabilities) a DEP Crypto Module. The new version of the C-ZAM/DEP is based on the Xentissimo terminal. DCC The C-ZAM/DEP is used as a keyboard for FIPS compliant DEP Crypto Modules. A DEP Control Card (DCC) is a chip card that is used to store all kinds of parameters and values used in a DEP Environment. They are used as a backup device to store secret (keys and capabilities) and non-secret (Definition Lists) values. It can be either a DCC List, DCC Storage or Dual Control Storage (DCS).

9 Atos Worldline - Technology & Products / Engineering / DEP Page: 9/29 4. GLOSSARY OF TERMS Alarm Software Executable software loaded during the production on the DEP Alarm of the DEP Crypto Module. It monitors continuously the tampering state of the DEP Crypto Module and takes the necessary actions in case of a tampering. Application Capabilities Capabilities required by the Application Software or BIOS to give the possibility to perform cryptographic operations or certain dedicated management functions (such as Application Software loading, Key backup/restore, etc.). Application Capabilities can only be loaded when an Application Software is present in the DEP Crypto Module. Application Keys Application Keys are secret keys required by the Application Software in order to perform cryptographic operations. Application Keys can only be loaded when an Application Software is present in the DEP Crypto Module. Application Secrets Application Secrets are secret values (Application Keys and Application Capabilities) that are used by the specific Application Software. Application Software Executable software loaded inside the DEP Crypto Module that performs cryptographic functions for the host. Application Software can easily be downloaded in a secure way (using the functionality of the BIOS). Authentication Key (AK) A key required for authentication of a DCC. The Authentication Key is known at C-ZAM/DEP and DCC level. Every Authority Level and Mode of Operation has its own Authentication Key. Authority Capability

10 Atos Worldline - Technology & Products / Engineering / DEP Page: 10/29 An Authority Capability is a dedicated capability that limits access to cryptographic operations/functions with Authority Keys. See paragraph 6 on page 26 for a list of the Authority Capabilities. Authority Keys The set of keys used to execute functions coupled to a certain Authority Level. E.g. the Authority Keys are used to protect the communication between the C- ZAM/DEP, DCC and DEP Crypto Module. See paragraph 5 on page 24 for a list of the Authority Keys. Authority Level The Authority Level provide a level of functionality/protection for the DEP Crypto Module. Every Authority Level has different Authority Secrets. Different Authority Levels have different functions available. The possible Authority Levels are No (NONE) Authority Level, Initial (INIT) Authority Level, Banksys (BKS) Authority Level and Customer (CUST) Authority Level. Application Software can only be loaded when the DEP is at CUST Authority Level. Authority Secrets Authority Secrets are secret values (Authority Keys and Authority Capabilities) that are used to build up the different Authority Levels. Atos Worldline Security Officer The ATOS Worldline Security Officer is the person responsible for the key management operations at Atos Worldline. The ATOS Worldline Security Officer manages the BKS Authority Keys. The personalisation of the DEP Control Cards is done under control of the ATOS Worldline Security Officer (AWL Security Officer). BIOS Executable software loaded during the production inside the DEP Crypto Module that starts-up the DEP Crypto Module and is responsible for loading Application Software. Capability Capabilities are required in the C-ZAM/DEP and DEP Crypto Modules to be allowed to perform certain secure operations. A Capability could be defined as the right to perform. It is implemented as a cryptographic result that is verified before a function is available.

11 Atos Worldline - Technology & Products / Engineering / DEP Page: 11/29 Capability Definition List The Definition List containing the descriptions and properties (name, tag and the reference to the Secret Sharing Scheme defined in the SSH Definition List) of capabilities used in the DEP Environment. Chip Card A programmable credit card-sized secure data storage device. The DEP Control Cards are personalised chip cards. Chip Card Reader (CCR) A device required to read/write the information from/to a chip card. The C- ZAM/DEP has a built-in Chip Card Reader. Check Value The Check Value is a 24-bits key value of type NORM, to guard against the keying errors. Critical Security Parameters Critical Security Parameters are security-related information (e.g., secret and private cryptographic keys, and authentication data such as passwords and PINs). The modification of CSPs can compromise the security of a cryptographic module. Cryptographic boundary A Cryptographic boundary is an explicitly defined continuous perimeter that establishes the physical bounds of a DEP Crypto Module and contains all the hardware, software, and/or firmware components. Customer Identification (CUST ID) The Customer Identification is a unique identification number of the customer. The Atos Worldline Security Officer guarantees that the Customer Identification is unique. Customer s Security Officer The Customer s Security Officer is the person responsible for the key management operations of the customer. This person is responsible for the key management, both at Authority Level (BKS Authority Keys, CUST Authority Keys and CUST Authority Capabilities) and at Application Software level (Application Keys and Application Capabilities). It is the Customer s Security Officer that operates the C-ZAM/DEP.

12 Atos Worldline - Technology & Products / Engineering / DEP Page: 12/29 C-ZAM/DEP Xentissimo The C-ZAM/DEP is the main key management device in a DEP Environment. This device can be connected directly to the DEP Crypto Module and guarantees a secure key input and treatment. The device possesses a display, chip card reader and keyboard for this purpose. Communication with the different peripherals (DEP Crypto Module and DCC) is protected with the Authority Keys. C-ZAM/DEP Application Transport Key A key defined in C-ZAM/DEP in Customer Authority Level via Definition List used to decrypt a manual entered application key. This application key is linked to the Application Transport Key. DCC Personalisation System The system that is responsible for the initialisation of virgin chip cards so that they become a DEP Control Card (DCC). This initialisation procedure is also called personalisation. The personalisation of the DCCs is done under supervision of the Atos Worldline Security Officer. Dedicated File (DF) The sub directory on a chip card is a Dedicated File that again can contain Elementary Files or sub directories in the form of Sub Dedicated Files. Definition List A Definition List contains the definitions and properties(name, tag, length, type, generation method and the reference to the Secret Sharing Scheme defined in the SSH Definition List) of keys (Key Definition List), capabilities (Capability Definition List) and Secret Sharing Schemes (SSH Definition List) to be used in the DEP Environment. It should be written on a DCC List. DEP/Linux Software Directory This is the directory where the DEP/Linux Software Environment will be installed on the Linux platform. DEP/Linux Software Environment The entire package of software (tools, DEPD Daemon, driver, ) that allows communication with and management of the DEP Crypto Module(s). DEP Alarm The DEP Alarm refers to the alarm processor of the DEP Crypto Module. This hardware is responsible for monitoring the DEP Crypto Module and taking the

13 Atos Worldline - Technology & Products / Engineering / DEP Page: 13/29 necessary actions when intrusion or tampering is detected (Tamper Responsiveness). DEP Control Card Identification (DCC ID) The DCC ID is a unique identification number of the DCC. The Atos Worldline Security Officer guarantees that the DCC identification number is unique per personalised DCC. DEP Control Card List (DCC List) A personalised Chip Card used for storing Definition Lists. DEP Control Card Storage (DCC Storage) A personalised Chip Card used for storing Application Secrets and/or Authority Secrets. Application Secrets and Authority Secrets can be stored using a defined Secret Sharing Scheme. DEPD Daemon (DEPD) The DEPD Daemon is a process running on the DEP/Linux. It is responsible for the communication with the DEP Crypto Module. DEPD Daemon Configuration File The DEPD Daemon Configuration File has a certain number of parameters that fine-tune the behaviour of the DEPD Daemon. DEP Environment The DEP Environment is the collection of different components that are necessary to manage, operate and use the DEP. It is a combination of a DEP Platform, a DEP Crypto Module, the C-ZAM/DEP and DCCs. DEP Handler Supervision The DEP Handler Supervision allows the user to manage the DEP Crypto Modules available in DEP/NT. Also it allows to obtain some supervision information about the DEP Crypto Modules. DEP Main The DEP Main refers to the main processor of the DEP Crypto Module. The main processor runs the Application Software and is responsible for the management of the Application Keys and Application Capabilities.

14 Atos Worldline - Technology & Products / Engineering / DEP Page: 14/29 DEP Master Key (DMK) The DEP Master Key of the DEP Crypto Module is used to encrypt/decrypt all Application Keys for backup and restore purpose. The DEP Master Keys should only be known at DEP Crypto Module level. DEP Parameter (DEP_PARAMETER) The DEP Parameter mechanism allows storing information in a DEP Crypto Module and provides means to protect and limit the use of this information to specific interfaces. The information can also be read again from the host. The purpose of the DEP Parameter mechanism is to provide means to the Security Officer to influence the behaviour of specific interfaces: a part of the information used by the interface is not sent to the DEP, but is already present in the DEP Crypto Module. DEP PC-AUX Application The DEP PC-AUX application is used to create and edit Definition Lists and exchange them with a C-ZAM/DEP. DEP Network Management System (DEP/NMS) Application This PC application is used to manage and configure DEP/T6 and DEP/XP Platforms and DEP Crypto Modules. The DEP/NMS application allows the management of a Pool of DEPs. DEP/NMS Application Plug Ins DEP/NMS Plug-Ins are additional tools developed by Atos Worldline to extend the functionality of DEP/NMS application. DEP/NMS License Dongle The DEP/NMS License Dongle is a Hardware USB dongle, which enables the usage of the Full Version of DEP/NMS. DEP Event Manager (DEP/EM) Application This PC application is used as a console that will receive the alarms/events coming from the managed DEP Platforms of type DEP/T6 and DEP/XP, their corresponding DEP Crypto Modules and from the connected DEP/NMS. DEP Software Cloning The DEP Software Cloning feature is used to transfer the application software, keys, capabilities and all parameters of master DEP Crypto Module to several selected DEP Crypto Modules. It speeds up the configuration of DEP Crypto

15 Atos Worldline - Technology & Products / Engineering / DEP Page: 15/29 Module with a same set parameters. It simplifies the process and reduces the time for secure installation or upgrade of a pool of DEP Crypto Modules.

16 Atos Worldline - Technology & Products / Engineering / DEP Page: 16/29 DEP Key Table (DKT) DEP Key Table is the table with permanent application key data. DEP Normal Transport Key (DNTK) With the DNTK an application key, exported by another device, can be imported. DEP RSA Key GEN&USE Application The DEP RSA Key GEN&USE application is used to generate RSA Key Pair, store them and then send them back to the host. DEP RSA Key Generation Plug-In The DEP RSA Key Generation Plug-In is used to generate RSA Key Pair and export them using RSA Transport Key (DES or AES). DEP RSA Key Loading Application The DEP RSA Key Loading application is used to generate RSA keys, to import them from files, to export them into files and to put them into the key table of the DEP Crypto Module. The program also allows generating EMV and PKCS#10 public key certificate requests based on the certificate s requester Self-Signed Certificate (SSC). This program can also read and check EMV certificate files. DEP RSA Key Import In Keytable Plug-In The DEP RSA Key Import In Keytable Plug-In is used to import RSA Keys into the DEP Crypto Module. DEP CTAP Certificate Generation Plug-In The DEP CTAP Certificate Generation Plug-In is used to generate CTAP Perso Provider and CTAP Security Scheme Provider Certificates. DEP NCR Self-Signed Certificate Plug-In The NCR Self-Signed Certificate Plug-In is used to generate a NCR Self- Signed Certificate and a Fingerprint on a RSA Public Key. DEP I_STD_IMPORT_EXPORT_KEY Application This application can be used to import and/or export keys into and/or from the DEP Crypto Module using the STD interfaces. DEP Special Transport Key (DSTK)

17 Atos Worldline - Technology & Products / Engineering / DEP Page: 17/29 With the DSTK an application key can be exported to another device for import with. DEP System 2 (DS2) DEP System 2 refers to the operating system of the previous generation of the Atos Worldline Host Security Modules. DEP System 3 (DS3) DEP System 3 refers to the operating system of the current generation of the Atos Worldline Host Security Modules. DEP System 4 (DS4) DEP System 4 is an extension made on the DS3. It allows a faster processing of the incoming messages possible. DS2 (Key) Backup A DS2 Backup is a secure backup of all the Application Keys of previous generation of the Banksys Host Security Modules (DEP/M3) based on the DEP System 2. DS3 (Key) Backup A DS3 Backup is a secure backup of all the Application Keys inside the DEP Crypto Module of the current generation of the Atos Worldline Host Security Modules based on the DEP System 3. Dual Control Storage (DCS) The DCS is used to store information of the customer administrators and software-loading operators. Such as customer administrators and softwareloading operators credentials, K_AWLs and Check Values and secret keys in Dual Control mode. Elementary File (EF) An Elementary File is a file on a chip card. Data is stored in Elementary Files, which can exist at any of the three directory levels. A distinction between several types of Elementary Files is made. The difference between those different file types lies in their access rights (Public File, Secret File or Working File). FIPS validation program

18 Atos Worldline - Technology & Products / Engineering / DEP Page: 18/29 Firmware FPGA The scope of this validation is the configuration of DEP/PC. This configuration is used to securely load an application and/or keys into it. Only authorized personnel, such as Customer Administrators and Operators belonging to the Software-loading group can load keys and load application software, respectively. Firmware is a program and data component of a DEP that are stored in hardware and cannot be dynamically written or modified during the execution. FPGA is a general purpose chip which can be programmed to carry out, in parallel, specific digital functions. The FPGA firmware contains implementations of AES, DES, RSA, ECC and SHS, which are used by the BIOS and by a DEP Application Software. Graphical User Interface (GUI) Hardware The Graphical User Interface includes all the applications on the DEP Platform that interact with the user in a graphical way. Hash Code The Hardware is physical equipment used to process programs and data. A Hash Code over a message is a message digest or fingerprint of the message. The Hash Code changes when even one bit in the message is modified. Besides it is practically impossible to find the message that results in the same message digest as another message (one-way function). Host Interface Supervision The Host Interface Supervision is part of the DEP/NT and allows parameterising the communication protocol between the DEP/NT and the host. In addition, it offers also some supervision information. Host Key Database (HKD) Host Key Database is a database on host with key tokens using HMK. Host Master Key (HMK) Key used to decrypt a key from Host Key Database and to generate cryptogram to store a key in Host Key Database.

19 Atos Worldline - Technology & Products / Engineering / DEP Page: 19/29 Host Security Module (HSM) The purpose of a Host Security Module (HSM) is to store secret keys in it and to use these keys in a strictly defined way. Moreover, a HSM supports the secure creation of the secret keys that need to be stored in it and offers the functionality to load in a secure way these keys in the protected environment of the device. To meet these requirements it is necessary that a HSM be protected against tampering, meaning that someone having physical access to the device should not be able to obtain the secrets that are stored in it. Because the keys may only be used in a strictly defined way, also the loading of software that has access to the keys should to be protected adequately.. Issuer Key (IK) A key required for accessing a files on a DCC. The Issuer Key is known at C- ZAM/DEP and DCC level. Every level of operation has its own Issuer Key. K_AWL key KeyMAC K_AWL key are AES 256-bits key, used for the protection of confidentiality and authenticity of DEP Application Software and Operator group configuration. AWL generates a K_AWL key per customer, divides it in 2 components and gives them in clear to the 2 Customer Administrators on paper, in separate envelopes. A cryptographic Hash Code that is calculated over all the keys available in the DEP Crypto Module. The KeyMAC is recalculated regularly to verify the integrity of the keys. Key Backup A Key Backup (DS2 Key Backup or DS3 Key Backup) is a secure backup of all the Application Keys available in the DEP Crypto Module. The backup is protected with the DEP Master Key. Key Backup Conversion Procedure The Key Backup Conversion Procedure is the procedure for converting a Key Backup from the DS2 generation (DS2 Key Backup) into a Key Backup for the DS3 generation Host Security Modules (DS3 Key Backup). Key Derivation Tool The Key Derivation Tool is an application used to create derived keys from a Master Key.

20 Atos Worldline - Technology & Products / Engineering / DEP Page: 20/29 Key Reconstruction The Key Reconstruction is one of the methods used to introduce the secret keys by the Security Officer. There are two methods of Key Reconstruction: Key Reconstruction in C-ZAM/DEP and Key Reconstruction in DEP. Key Restore A Key Restore is a secure restore of all the Application Keys to the DEP Crypto Module. The restore is protected with the DEP Master Key. Key Token The cryptogram used for a key stored in the Host Key Database (HKD). Key Tokens are downloaded into the DEP for being used as cryptographic keys. The download is temporary, i.e. the downloaded keys persist in the DEP secure memory only for the time necessary for the execution of the DEP call. Key Transport Key Transport is a secure transport of cryptographic keys from one DEP Crypto Module to another one. Manipulation Detection Code (MDC) A Manipulation Detection Code is a synonym of a Hash Code. Master File (MF) A Master File is the major overall file of the DCC. It can contain Elementary Files and Dedicated Files. Message Authentication Code (MAC) A Message Authentication Code is a Manipulation Detection Code that guarantees the integrity/authenticity of the message and that identifies the sender of the message. A Message Authentication Code is normally calculated with a cryptographic algorithm using cryptographic keys. Mode of Operation Indicates in which mode the DEP Environment has to operate: in live (LIV), for development purposes (DEV) or for testing purposes (TST). RTI (Real Time) is sometimes used as synonym of LIV (live) Mode of Operation.

21 Atos Worldline - Technology & Products / Engineering / DEP Page: 21/29 Personal Identification Number (PIN) Personal Identification Number is a numeric code used to authenticate an identity. Personal Identification Number Printing (PIN Printing) The PIN Printing operation is the sensitive operation of printing the clear secret PIN code of a chip card. Pool of DEPs The Pool of DEP is a group of DEP Crypto Modules. The message sent to the pool is accepted by the first free DEP Crypto Module in the pool. Platform software (VENUS) A Platform Software (VENUS) is a host application that lies on a DEP/T6. Pre-expired username and password AWL gives securely the corresponding clear default pre-expired passwords and usernames to the customer s administrators, on paper in separate envelopes, to be used as initial authentication credential. Printer Service The Printer Service is a DEP/T6 platform management service. It used to send information directly to the printer, which is connected to DEP/T6. Private Key (RSA or ECC) Private Key is a cryptographic key known only to the party or parties that exchange secret messages to encrypt and decrypt the messages. It is used together with the Public Key. Public Key (RSA or ECC) The Public Key is a cryptographic key provided by some designated authority as an encryption key that combined with a private key can be used to effectively encrypt messages and digital signatures. Public File (PF) A Public File is an Elementary File that can be read freely, but its changing is restricted.

22 Atos Worldline - Technology & Products / Engineering / DEP Page: 22/29 Real-Time Clock The Real-Time Clock is a secure date and time of the DEP Crypto Module (e.g. for signing operations). The Real-Time Clock has to be set by the Customer s Security Officer before it can be used. Secret File (SF) A Secret File is an Elementary File that can never be read via a chip card interface. It can only be used internally in and by the chip card. Changing a Secret File is restricted. Secret Sharing Definition List The Definition List containing Secret Sharing Schemes used in the DEP environment. Secret Sharing Scheme (SSH) The Secret Sharing Scheme defines the way in which a secret is divided in different parts to be distributed among different persons. Secret Sharing Index The Secret Sharing Index is the identification code of a specific Secret Sharing Scheme in the Secret Sharing Definition List. Secure Hash Algorithm (SHA) The Secure Hash Algorithm (SHA) is a secure algorithm delivering a Hash Code over a message. Security Officer Self-Tests A Security Officer is responsible for the management of secret keys and capabilities. The DEP Crypto Module performs a number of power-up and conditional Self-Tests to ensure the proper operation of the DEP Crypto Module. Self- Tests are run automatically when the DEP Crypto Module is initialized.

23 Atos Worldline - Technology & Products / Engineering / DEP Page: 23/29 Software Authentication Code (SW AC) A Software Authentication Code is a Message Authentication Code calculated over the Software Application to guarantee the integrity and origin of the software. The Atos Worldline Security Officer calculates the Software Authentication Code. Software MAC A cryptographic Hash Code that is calculated over the Application Software available in the DEP Crypto Module. The Software MAC is recalculated at every start-up. Software loading Operators The two customer Administrators together create the specialized group of Operators. The software-loading operators are responsible for loading the Application Software on FIPS compliant DEP Crypto Modules. At least two Software-loading Operators are needed. Software DFS document The software DFS document contains the Detailed Functional Specification (DFS) of DEP interfaces that are included in appropriate software. It also gives the list of all elements interfaces, data, keys, capabilities, parameters, errors) defined in the software it is given with. The document is used by the Host Developer to build calls. Status Information Status Information is indicating certain operational characteristics or states of the DEP Crypto Module. Sub Dedicated File (SDF) Tag A Sub Dedicated File is a directory in a Dedicated File. These SDFs cannot contain any more sub directories, but can only contain Elementary Files. A Tag is a four-byte identification number of information used in the DEP Environment. There are data tags, function tags, key tags, error tags, capability tags, parameter tags and counter tags Tamper Detection Tamper detection is an automatic determination by a DEP Crypto Module of an attempt to attack the physical security of the DEP Crypto Module.

24 Atos Worldline - Technology & Products / Engineering / DEP Page: 24/29 Tamper Evidence The intent of the tamper evidence is to provide evidence that an attack has been attempted and may or may not have resulted in the unauthorised disclosure or modification of the sensitive data. The disclosure of an attempted attack could be in the form of physical evidence such as damage to the packaging. (ISO CD 13491) The physical damage must be such so that the device cannot be placed back in service without a high probability of the tampering being detected. (ISO :1991(E)) Tamper Resistance The intents of tamper resistance is to block attacks against the information to be protected from unauthorised disclosure or modification by employing passive barriers. (ISO CD 13491) Tamper Response The intent of tamper response is to employ active barriers against attacks at unauthorised disclosure or modification of the protected information. (ISO CD 13491) Third Party s Security Officer The Third Party could develop its own Application Software and being responsible for the distribution of its Application Software, and thus the key management that is linked to it. In this case, the Third Party needs a Security Officer equivalent to the Atos Worldline Security Officer, called the Third Party s Security Officer. Transport Key (TK) A Transport Key is a key used to encrypt messages sent between the different devices in a DEP Environment. In other words, it is a key to transport (sensitive) information from one device to another in a secure way. Working File (WF) A Working File is an Elementary File whose protection rights are customisable. 5. KEYS 5.1. INITIAL AUTHORITY LEVEL The Initial Authority Keys consist of different parts.

25 Atos Worldline - Technology & Products / Engineering / DEP Page: 25/29 Name KM_AUTH_INIT_CAP_DEP_XXX KM_AUTH_INIT_TK_CZD_DEP_XXX KM_AUTH_INIT_TK_DEP_DCC_XXX KM_AUTH_INIT_CAP_CZD_XXX KM_AUTH_INIT_IK_DCC_XXX KM_AUTH_INIT_AK_DCC_XXX KM_AUTH_INIT_TK_CZD_DCC_XXX 04F F F F F00C00 04F00F00 04F01200 Tag XXX stands for LIV for live mode, TST for test mode and DEV for development mode BANKSYS AUTHORITY LEVEL The Banksys Authority Master Keys (KM_AUTH_BKS - 04F01500) consist of different parts: Name KM_AUTH_BKS_CAP_DEP_XXX KM_AUTH_BKS_TK_CZD_DEP_XXX KM_AUTH_BKS_TK_DEP_DCC_XXX KM_AUTH_BKS_CAP_CZD_XXX KM_AUTH_BKS_IK_DCC_XXX KM_AUTH_BKS_AK_DCC_XXX KM_AUTH_BKS_TK_CZD_DCC_XXX 04F F F F00A00 04F00D00 04F F01300 Tag XXX stands for LIV for live mode, TST for test mode and DEV for development mode CUSTOMER AUTHORITY LEVEL The Customer Authority Master Keys (KM_AUTH_CUST - 04F01600) consists of different parts: Name KM_AUTH_CUST_CAP_DEP_XXX KM_AUTH_CUST_TK_CZD_DEP_XXX KM_AUTH_CUST_TK_DEP_DCC_XXX KM_AUTH_CUST_CAP_CZD_XXX KM_AUTH_CUST_IK_DCC_XXX KM_AUTH_CUST_AK_DCC_XXX KM_AUTH_CUST_TK_CZD_DCC_XXX 04F F F F00B00 04F00E00 04F F01400 Tag XXX stands for LIV for live mode, TST for test mode and DEV for development mode.

26 Atos Worldline - Technology & Products / Engineering / DEP Page: 26/29 Note: All the keys have the same tag, whether they are meant for LIV, TST or DEV mode. The DEP security mechanisms ensure that a key value specified for a specific mode cannot be used by a device that is in another mode. This implies that keys of different modes cannot be mixed. 6. CAPABILITIES CAP_AUTH_BKS (Banksys Authority Master Capability - 05F00100) Capability to create/save Banksys Authority Master Keys, create/save Customer Authority Master Capability, read/save/change definition of the C- ZAM/DEP keys and capabilities. CAP_AUTH_CUST (Customer Authentication Master Capability - 05F00300) Capability to create/save Customer Authority Master Keys, create/save Customer Authority Capabilities for the DEP Crypto Module, create application keys on the C-ZAM/DEP, read/save/change the definition of Customer Application Keys/Capabilities. CAP_BKS_SW_AC (Software Authentication Capability - 05F00400) The CAP_BKS_SW_AC is the capability to generate a Software Authentication Code with the C-ZAM/DEP. CAP_STD_CHANGE_DMK (Change DMK Capability 05000F00) The CAP_STD_CHANGE_DMK is the capability to load the Alternative DMK in the DEP and to restore a DS3 keys backup under the control of this Alternative DMK. CAP_STD_MERGE_BACKUP (Merge Backup Capability 05000E00) The CAP_STD_MERGE_BACKUP is the capability that allows the merge of two DS3 keys backups in the same DEP. CAP_STD_SW_LOAD (Software Load Capability ) The CAP_STD_SW_LOAD is the capability to load the Application Software. CAP_STD_SAVE_KEYS (Save Application Key Capability ) The CAP_STD_SAVE_KEYS is the capability to create or restore a Key Backup.

27 Atos Worldline - Technology & Products / Engineering / DEP Page: 27/29 CAP_STD_SET_PARAMETER (Set Parameter Capability xx) The CAP_STD_SET_PARAMETER is a capability to modify a parameter in the DEP Crypto Module. CAP_STD_TRACE (Tracing Capability ) The CAP_STD_TRACE is a capability to activate the trace functionality of the DEP. CAP_STD_SET_RTC (Setting Real Time Clock Capability D00) The CAP_STD_SET_RTC is a capability to set the Real Time Clock in the DEP Crypto Module. CAP_STD_XOR_KEY_COMPONENT (Xoring keys in the DEP Crypto Module ) The CAP_STD_XOR_KEY_COMPONENT allows to load a key by XORing a number of key components. When this capability is active, the different key components sent to the DEP Crypto Module are XORed in the DEP Crypto Module to generate the final key. It can only be used for key loading via C- ZAM/DEP. 7. ABBREVIATIONS AC ADD AES AK AUTH BKS CAP CBC CC CMAC CMVP CSP CUST CZD DCC DCS DEP DEPD DEA DES Authentication Code (sometimes called a Certificate ) Algorithm Detailed Design Advanced Encryption Standard Authentication key (sometimes called a Acquire Key ) Authority Level Banksys (Authority Level) Capability Cipher Block Chaining Common Criteria Cipher-based MAC Cryptographic Module Validation Program Critical Security Parameter Customer (Authority Level) C-ZAM/DEP DEP Control Card Dual Control Storage Data Encryption Peripheral DEP Daemon (Linux only) Data Encryption Algorithm Data Encryption Standard

28 Atos Worldline - Technology & Products / Engineering / DEP Page: 28/29 DEV Development (Mode) DF Dedicated File DFS Detailed Functional Specifications DMK DEP Master Key DNS Dynamic Name Solving DNTK DEP Normal Transport Key DP DEP Protocol DS2 DEP System 2 DS3 DEP System 3 DS4 DEP System 4 DSTK DEP Special Transport Key DUKPT Derived Unique Key Per Transaction ECC Elliptic Curve Cryptography EDC Error Detection Code EDP Enhanced DEP Protocol EFT Electronic Fund Transfer EMC Electromagnetic compatibility EMI Electromagnetic Interference EMV Eurocard-Mastercard-Visa (standard) FIPS Federal Information Processing Standard FPGA Field-Programmable Gate Array GUI Graphical User Interface HKD Host Key Database HMK Host Master Key HSM Host Security Module ICC Integrated Chip Card ICV Initial Chaining Value INIT Initial (Authority Level) IK Issuer key ISA Industry Standard Architecture ISO International Organization for Standardization KD Derived Key KM Master Key LIV Live (Mode) MAC Message Authentication Code MDC Manipulation Detection Code MF Master File NORM First 3-bytes of the encryption of a zero string with the key to be checked NIST National Institute of Standards and Technology OS Operating System PC Personal Computer PCI Peripheral Component Interconnect bus PF Public File PIN Personal Identification Number PKI Public Key Infrastructure RAM Random Access Memory

29 Atos Worldline - Technology & Products / Engineering / DEP Page: 29/29 RSA RTC SDF SF SHA SO SSC SSH STD SW SW AC TK TST UKPT WF Rivest - Shamir - Adleman Real-Time Clock Sub Dedicated File Secret File Secure Hash Algorithm Security Officer Self-Signed Certificate Secret Sharing Scheme Standard Software Software Authentication Code Transport Key Test (Mode) Unique Key Per Transaction Working File