Zone Master Key
Prajakta S
I am new to the security model framework.I am going through the
document:
http://jpos.org/wiki/HSM_basics_continued
I would like to know scenarios under which ZMK (Zone Master Key) is
used.The matter on the link above explains TMK....how is TMK different
than/related to ZMK?
Thanks,
chhil
Prajakta S
pinblock translation.
But then, TMK is not clear...what soes the term "terminal" involved
here really mean?
The Financial Instituion will be always interacting with an ATM ,a
remote entity,
which means using ZMK...then when does TMK come into picture?
-Thanks,
On Mar 10, 2:20 pm, chhil <chil...@gmail.com> wrote:
> A zone master key is a Master Key shared between you and the network to
> exchange keys which can be used for translating your pinblocks in your zone
> to the remote entities zone.
> Conceptually its like the TMK that you share with the terminal to exchange
> keys to get encrypted pinblocks. Now you have the pinblock and you need to
> send this to the network who has no knowledge of the TMK so you would
> translate it using the network key and send the translate encrypted pinblock
> to it.
>
>
> -chhil
>
>
>
> On Tue, Mar 10, 2009 at 12:10 PM, Prajakta S <prajaktas...@gmail.com> wrote:
>
> > Hi,
> > I am new to the security model framework.I am going through the
> > document:
> >http://jpos.org/wiki/HSM_basics_continued
> > I would like to know scenarios under which ZMK (Zone Master Key) is
> > used.The matter on the link above explains TMK....how is TMK different
> > than/related to ZMK?
>
>
> - Show quoted text -
chhil
Mark Salter
> Ok,so in the real world scenario, I guess we would be using ZMK for
> pinblock translation.
In PIN block translation you will have two keys - the key under which
the PIN block was encoded *and* the key you want it encoded.
All this detail you will pass on a message to a secure device which will
do the translation for you.
To confuse things further, the keys you pass in are very likely to also
be encoded under another key (LMK - Local Master Key). Only the device
knows this LMK, so can get all the clear key values, 'undo' the PIN
block and then encode it under the destination key (and the wanted PIN
block format).
> But then, TMK is not clear...what soes the term "terminal" involved
> here really mean?
> The Financial Instituion will be always interacting with an ATM ,a
> remote entity,
> which means using ZMK...then when does TMK come into picture?
As Chhil indicates a TMK can be used for transporting keys from the host
system that terminals talks to out to a terminal that will use the keys
to encode data that the host use (as they share a key).
Three letter acronyms given to keys are just handles and the letters
used can vary from use to use, person to person and organisation to
organisation and even at which end of the exchange you are standing.
What the keys are used to transport and between who is the important
thing to understand, letting the key acronym follow.
Can you try and think more about what is happening and why, rather than
focusing on and trying to categorise functions with the acronyms given?
Bear in mind that the security of such exchanges is never in the
algorithms, it is only based upon how secure the keys are.
I'm not sure this will help you initially, but what aspect or
application do you need to deal with first. Are you 'just' interested
in PIN blocks or some other application?
--
Mark