Company information Banking equipment Banking solutions ²Ò - solutions 1Ñ - solutions Partners Job vacancies
» Home page
» Department information
» Payment receipt system
» Monitoring systems
» Video control systems
» Terminal software of the NSMEP
» Administrative keys
» Other solutions
» Support service





EKMS software (Encrypting Key Management System) serves for secure remote loading of primary encryption keys into EPP-devices of Wincor Nixdorf, Diebold and NCR ATMs.

EKMS software allows:

  • to securely enter encryption keys on the EKMS Workplace;
  • to administer terminals and encryption keys on the EKMS Workplace;
  • to safely transfer encryption keys from the Workplace to the Terminal agent;
  • to correctly enter encryption keys into the ATM EPP-device.

 Advantages of EKMS software:

  • significant security upgrade of the encryption key input process on the ATM;
  • restriction of encryption key circulation inside the bank (using EKMS software you can reduce the list of employees, who work with the primary encryption keys to two people);
  • reduction of cash and time expenses of the bank employees on visiting ATMs for primary encryption key entering;
  • acceleration and simplification of the encryption key circulation process within the banking institution;
  • organization of the integrated system on the encryption key input, circulation and management.
 The given solution consists of:
  • EKMS Workplace – designed to enter encryption keys, their secure transfer on the terminal agent, to receive answerback from the Terminal agent and to store the list of registered terminals.
  • EKMS Terminal agent – serves to exchange encryption keys in the terminal EPP-device. Works in the background mode on the terminal and waits for connection with the Workplace.

EKMS software operation scheme:

Secure data transfer in EKMS software

Security of network interactions between the Terminal agent and the Workplace is provided by authentication, message signing and key transfer in the encrypted form.

Terminal encryption keys are not transmitted across the network in clear text; they are encoded by a network key. Each terminal has its network key which is stored in the terminal EPP-device and on the Workplace in an encrypted form in the database. Network keys are encoded by a global key before they are saved into the database. Global key is general for the entire Workplace and is stored in the EPP.

The following procedure describes the terminal key installation:

  1. Terminal key installation.
  2. Terminal registration.
  3. Obtaining information about the terminal.
  4. Network key installation for the terminal..
  5. Terminal key installation.

EKMS Workplace

Two types of users can operate EKMS workplace (administrator and operator) and depending on the type, they are given access to different functions.

Administrators:

  • change of the user password;
  • program setting;
  • user administration;
  • terminal journal review;
  • user journal review;
  • supplemental information review.

Operators:

  • change of the user password;
  • administration of terminal key titles;
  • global key management;
  • terminal administration;
  • network and terminal key change;
  • terminal journal review;
  • supplemental information review.

Under the function allocation, administrators are responsible for general program configuration, user administration and browse the workplace working journals, and operators are in charge of terminal administration, network and terminal key change.

EKMS Terminal agent

EKMS terminal agent is a part of EKMS software designed for installation on the ATM and is responsible for proper and secure loading of encryption keys on the ATM.

EKMS agent provides:

  • automatically identifies the manufacturer and WOSA/XFS software version during its operation on the terminal.
  • network interaction with EKMS Workplace, ensuring the message authentication, integrity and transfer of encryption keys in the encrypted form.
  • provides the correct change of terminal encryption keys, verifying the meaning of the saved key, detects hardware and software errors during the key change.

System requirements

To ensure the efficiency of EKMS terminal agent, ATM must meet the following minimum requirements:

Hardware configuration:

  • availability of free disk space - 100 MB;
  • EPP-device installed in its basic configuration;
  • free space availability in the EPP-device to save two keys;
  • network communication equipment (NIC LAN) supporting ÒÑÐ/²Ð protocol suite.

Software configuration:

  • Microsoft Windows NT/XP SP1/SP2 operating system (for Wincor Nixdorf terminals).
  • Microsoft Windows XP SP1/SP2 operating system (for Diebold/NCR terminals);.
  • ProDDC/NDC functional software version 1.2/10 and higher (for Wincor Nixdorf terminals) with WOSASSP 31.43 version and higher;
  • Functional software of the terminal manufacturer with implementation of CEN/XFS 3.0-3.03 specification (for Diebold/NCR terminals).

Download bucklet with information about EKMS software (PDF)
© 2007-2011 Ðåíîìå-Ñìàðò.   Âñ³ ïðàâà çàõèùåíî.
    Âàäèì Ïîëåí÷óê