Cryptographic Data Preparation Device

for EMV card personalization elements

Generate and secure EMV card personalization elements in your infrastructure

Atos offers the Cryptographic Data Preparation (CDP) device, security coprocessor manages the creation and security of EMV smart card personalization elements. The CDP device is physically a system consisting of a Linux rack mounted server, connected to a cryptographic security device (HSM Trustway crypt2pay) by a Ethernet dedicated link. CDP Device can secure Banking and Financial Institutions.

To follow or contact us:
Linkedin | Twitter

Banking specialist

Through a network of recognized partners, Atos takes an active part in the implementation of complete payment systems with renowned editors as: ACI Worldwide, Worldline, eFunds, SOPRA Banking Software, S2M. Many banks and card management centers cards already rely on the technology and experience of Atos.

Certifications

Atos has been recognized, through its products, like EMV provider by Visa and MasterCard International.

Services

With over 30 years of presence in the security, Atos Big Data & Security (BDS) has acquired extensive professional experience in the field of electronic banking. BDS teams can provide banking institutions of global consulting, integration, maintenance and support services.

Product functionalities

4 to 12 digits PIN generation
ISO-0 PIN block encryption for storage
PIN block export for transfer in ISO-0, ISO-2 or ISO-3 format
Import of PIN block format ISO-0, ISO-2 or ISO-3 for storage in ISO-0 format

Computation of cryptographic elements for the ISO-2 track and its smart card equivalent: algorithms IBM3624, PVV, CVV/CVC CVV’/CVC’, CVV2/CVC2, iCVV/iCVC
Computation of cryptographic elements for smart card: IVCVC3, DAC, derived master personalization key and EMV issuer keys, signature of EMV data (SDA), RSA smart card generation, certification of smart card public keys
Encryption of EMV data groups
Computation or control of MAC
1, 2 or 3 levels of key for PIN block transfer

Technical performances

Nominal performance: 50,000 cards in 30 minutes to 1 hour
Capacity of a file: 200,000 cards

Security

Secure access through the original input data control and differentiation of operator profile: Operator, Administrator, Security Officer, Super Administrator

Network connected to one or more system(s) computer(s), the CDP device performs safely cryptographic processing implemented in the process of preparation of EMV smart cards personalization data. The CDP device can be shared across multiple information system hosts. It may be managed:
remotely, by means of communication and exchanges
locally, by a operator using a Graphical User Interface (GUI)
a combination of both above.

Each application of information system hosts using the CDP device has a base key and security settings that are specific on the CDP device. Remote administration functions can be implemented by each host (back office) information system application, which is connected to the CDP device. The distribution of the administration functions between the local operator and the back office application depends on the features supported by this application.

The Man / Machine Interface offers the means to set up, configure, launch treatments and monitor the CDP device according to the profile of the active operator.

Access to the functions and rights of the operators according to their profile are managed by the access rights policy implemented by the CDP device application Super-Administrator.

Processing Mode
The CDP device receives batch files, processes, and sends response to the corresponding sender of the batch files.
Administration Mode
The CDP device receives command files, puts them on hold but does not process them.

Related resources and products

Brochure HSM

Data Security – Choosing the right path through compliance

Compliant, flexible and innovative, our Hardware Security Module (HSM) range brings to companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands.

Factsheet: Cryptographic Data Preparation

Management of the creation and security of EMV smart card personalization elements

The Cryptographic Data Preparation (CDP) device, security coprocessor manages the creation and security of EMV smart card personalization elements.

Atos cybersecurity Trustway HSM product range

Other produits : Hardware Security Module HSM

Trustway HSM products range

Certified high security, the Hardware Security Module Trustway product range brings to companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands (GDPR, HIPAA, PCI DSS, eIDAS..).

Interested in our Cryptographic Data Preparation Device?