Trust Management

Connected objects identity management

Cryptographic Data Preparation Device for EMV card personalization elements

Generate and secure EMV card personalization elements in your infrastructure

Atos offers the Cryptographic Data Preparation (CDP) device, security coprocessor manages the creation and security of EMV smart card personalization elements. The CDP device is physically a system consisting of a Linux rack mounted server, connected to a cryptographic security device (Horus CSD crypt2pay HR) by a Ethernet dedicated link. CDP Device can secure Banking and Financial Institutions.

Banking specialist

Through a network of recognized partners, Atos takes an active part in the implementation of complete payment systems with renowned editors as: ACI Worldwide, Worldline, eFunds, SOPRA Banking Software, S2M. Many banks and card management centers cards already rely on the technology and experience of Atos.


Atos has been recognized, through its products, like EMV provider by Visa and MasterCard International.


With over 30 years of presence in the security, Atos Big Data & Security (BDS) has acquired extensive professional experience in the field of electronic banking. BDS teams can provide banking institutions of global consulting, integration, maintenance and support services.

Product functionalities

►  4 to 12 digits PIN generation
►  ISO-0 PIN block encryption for storage
►  PIN block export for transfer in ISO-0, ISO-2 or ISO-3 format
►  Import of PIN block format ISO-0, ISO-2 or ISO-3 for storage in ISO-0 format

►  Computation of cryptographic elements for the ISO-2 track and its smart card equivalent: algorithms IBM3624, PVV, CVV/CVC CVV’/CVC’, CVV2/CVC2, iCVV/iCVC
►  Computation of cryptographic elements for smart card: IVCVC3, DAC, derived master personalization key and EMV issuer keys, signature of EMV data (SDA), RSA smart card generation, certification of smart card public keys
►  Encryption of EMV data groups
►  Computation or control of MAC
►  1, 2 or 3 levels of key for PIN block transfer

Technical performances

►  Nominal performance: 50,000 cards in 30 minutes to 1 hour
►  Capacity of a file: 200,000 cards


►  Secure access through the original input data control and differentiation of operator profile: Operator, Administrator, Security Officer, Super Administrator

Network connected to one or more system(s) computer(s), the CDP device performs safely cryptographic processing implemented in the process of preparation of EMV smart cards personalization data. The CDP device can be shared across multiple information system hosts. It may be managed:
remotely, by means of communication and exchanges
locally, by a operator using a Graphical User Interface (GUI)
a combination of both above.

Each application of information system hosts using the CDP device has a base key and security settings that are specific on the CDP device. Remote administration functions can be implemented by each host (back office) information system application, which is connected to the CDP device. The distribution of the administration functions between the local operator and the back office application depends on the features supported by this application.

The Man / Machine Interface offers the means to set up, configure, launch treatments and monitor the CDP device according to the profile of the active operator.

Access to the functions and rights of the operators according to their profile are managed by the access rights policy implemented by the CDP device application Super-Administrator.

Processing Mode
The CDP device receives batch files, processes, and sends response to the corresponding sender of the batch files.
Administration Mode
The CDP device receives command files, puts them on hold but does not process them.

Related resources and actuality

Brochure HSM

Data Security – Choosing the right path through compliance

Compliant, flexible and innovative, our Hardware Security Module range brings to companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands.

Cryptographic Data Preparation Factsheet

Management of the creation and security of EMV smart card personalization elements

The Cryptographic Data Preparation (CDP) device, security coprocessor manages the creation and security of EMV smart card personalization elements.


Atos releases the Horus security suite for Intelligent Transportation Systems to secure communications in connected vehicles

Atos launches Horus security appliances to make the deployment of trust infrastructures easier

Partner program


Atos provides products in the field of embedded device security in the context of Infineon Security Partner Network with a solution for connected cars.

Partnership cybersecurity products

Atos support consists of an international team of experts who will help you get optimal use out of our products in your specific environment every day.


Other Trust Management solutions

Device Security CardOS

Secure authentication and trusted identity delivering assurance and efficiency to every sector.
Visit product page >


Recording, creation and management of secure electronic identities.
Visit product page >


Creating and verifying secure transactions.
Visit product page >


A reliable time-stamping solution for transactions and archives generating time-stamp tokens (TSTs).
Visit product page >


Protecting sensible data by supporting the encryption and decryption of electronic documents.
Visit product page >


Centralizing the validation of public key certificates.
Visit product page >

Interested in our Cryptographic Data Preparation Device?