Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide Hardware-based solutions with integrated applications provide the highest levels of compliance and security Entrepreneurial culture, fostering agility and innovation in the development of hardware encryption solutions Results-oriented engineering team based in our U.S. Technology Campus, with significant experience delivering First-to-Market Customer Initiatives Members of ANSI X9F and PCI Security Standards Council bodies, CTGA-certified Solutions Architects
Unique Perspective of Futurex As a hardware data encryption provider, Futurex has a unique perspective of security in card transactions. Issuers: data preparation, personalization, validation Device Manufacturers: Certificate Authority (CA) and key management Merchant Service Providers: key management and CA Merchants: transaction security and key management Acquirers: processing encrypted data in transactions Switches: processing encrypted data in transactions 3
Why Use Hardware Security Modules? Prevents insider attack Dual Control Split Knowledge Tamper Protection for Keys Encryption Key Management PCI Requirement (aka SCD) Certifications (FIPS, PCI HSM) 4
PCI Requirements for HSMs In addition, PCI DSS Requirement it is important to HSM note Coverage that (*Summary) in EMV #3.4 Render PAN unreadable Encryption, decryption, tokenization environments the PAN is not kept confidential at any #3.5 Protect point any in keys the transaction, FIPS 140-2 indeed, Level 3 Secure it is Cryptographic necessary Devices (SCDs) for the PAN to be processed by the point-of-sale #3.6 Fully document and NIST approved pseudo random number terminal implement key-management in the clear in generator order (PRNG), to complete use key encrypting critical keys, steps in the EMV transaction and protect process. all keys under The the Master expiry File Key. date and other cardholder data are also transmitted in clear-text. #4.1 Use strong cryptography to protect cardholder data Meet PCI requirements for strong cryptography. Ref: PCI DSS Applicability in an EMV Environment A Guidance Document October 2010 * Full details provided in separate white paper.
Attack Vectors in a Card Transaction Card Issuer Payment Card Brand Transaction Acquirer Point-of-Interaction Cardholder 1. Card cloning attacks 2. Attacks internal to POI devices 3. Network attacks 4. System level attacks P2PE technology is complementary to EMV chip technology, by providing an added layer of protection against the threat of data breaches... Aug 2012 VISA Press Release on PR Newswire. A. Malware attacks B. Attacks on applications and databases C. Attacks on backups/storages media
Role of HSM in EMV Online Card Validation During Transaction Data Preparation and Card Personalization 7
Host Card Issuer HSM/SCD 32 Role of HSM in EMV Online Card Validation During Transaction Payment Card Brand Transaction Acquirer Point-of-Interaction Cardholder 3. Response 1. Request Cryptogram 1.Authentication request from POI to issuer 2. Issuer validates request 3. Response from issuer to POI
Role of HSM in EMV Data Preparation and Card Personalization Issuer Data Preparation Personalization Integrated Circuit Card (ICC) or Smart Card HSM/SCD HSM/SCD Data Preparation Key generation for authentication Digital signatures for authentication and data integrity Standards-based PIN block creation for user authentication Personalization Key generation for confidentiality, authentication, and data integrity Protection of sensitive personalization data
Role of HSM in P2PE What is Point-to-Point Encryption? Protecting Data In Transit: Device Key Management Encryption, Decryption, Key Management, Tokens 10
What is Point-to-Point Encryption? Point-to-Point Encryption (P2PE) is encryption of sensitive data at the Point-of-Interaction for secure transmission to a secure boundary where it may be decrypted, re-encrypted or tokenized. Point of Interaction HSM/SCD Host Application
The Role of HSMs in P2PE Protecting Data in Transit: Device Key Management HSM for compliant key generation Remote or direct key injection Key lifecycle management Datacenter HSM/SCD Secure Injection Facility Remote Device Generate Distribute Track Usage Backup Revoke Terminate Archive HSM/SCD
Role of HSM in P2PE Encryption, Decryption, Key Management & Tokens Merchant (POI) Acquirer Host Switch Host DB HSM/SCD DB = Encryption/Decryption = Data At Rest = Token = Data In Transit Encryption and Decryption Key Management Tokens * Case Study available upon request
Role of HSM in EMV and P2PE Environments Typical Architecture of HSMs Services to Look for in an HSM Provider What to Ask for when Selecting HSMs 14
Typical Architecture for HSMs Remote Access Device Primary Site Secure Management Server HSM #1 HSM #2 Direct Load Balancing Redundant Failover Secondary Site Secure Management Server HSM #1 HSM #2 Remote Access Centralized Administration High Availability Redundant Compliant Secured Customizable Automatic Synchronization* (All devices designated as Production within group)
Exceptional Support Services to Look For in an HSM Provider TR-39-certified and PCI Subject Matter Experts 24x7x365 Business Critical support Exceptional Support Services Training (virtual or onsite) Customized consulting Hosted solutions Certificate authority Hosted HSMs for development and testing Customized solution development
In Summary What to ask for when selecting HSMs Is the solution comprehensive? Is the solution manageable (i.e., will you be able to pass audits easily)? Is the solution scalable? Does the vendor s support team have expertise in industry compliance requirements? 17
Thank You! Greg Stone Sr. Solutions Architect gstone@futurex.com Ryan Smith Chief Solutions Architect rsmith@futurex.com Booth #708 18