Generate and secure EMV card personalization elements in your infrastructure
Atos offers the Cryptographic Data Preparation (CDP) device, security coprocessor manages the creation and security of EMV smart card personalization elements. The CDP device is physically a system consisting of a Linux rack mounted server, connected to a cryptographic security device (HSM Trustway crypt2pay) by a Ethernet dedicated link. CDP Device can secure Banking and Financial Institutions.
To follow or contact us:
Through a network of recognized partners, Atos takes an active part in the implementation of complete payment systems with renowned editors as: ACI Worldwide, Worldline, eFunds, SOPRA Banking Software, S2M. Many banks and card management centers cards already rely on the technology and experience of Atos.
Atos has been recognized, through its products, like EMV provider by Visa and MasterCard International.
With over 30 years of presence in the security, Atos Big Data & Security (BDS) has acquired extensive professional experience in the field of electronic banking. BDS teams can provide banking institutions of global consulting, integration, maintenance and support services.
► 4 to 12 digits PIN generation
► ISO-0 PIN block encryption for storage
► PIN block export for transfer in ISO-0, ISO-2 or ISO-3 format
► Import of PIN block format ISO-0, ISO-2 or ISO-3 for storage in ISO-0 format
► Computation of cryptographic elements for the ISO-2 track and its smart card equivalent: algorithms IBM3624, PVV, CVV/CVC CVV’/CVC’, CVV2/CVC2, iCVV/iCVC
► Computation of cryptographic elements for smart card: IVCVC3, DAC, derived master personalization key and EMV issuer keys, signature of EMV data (SDA), RSA smart card generation, certification of smart card public keys
► Encryption of EMV data groups
► Computation or control of MAC
► 1, 2 or 3 levels of key for PIN block transfer
► Nominal performance: 50,000 cards in 30 minutes to 1 hour
► Capacity of a file: 200,000 cards
► Secure access through the original input data control and differentiation of operator profile: Operator, Administrator, Security Officer, Super Administrator
Network connected to one or more system(s) computer(s), the CDP device performs safely cryptographic processing implemented in the process of preparation of EMV smart cards personalization data. The CDP device can be shared across multiple information system hosts. It may be managed:
► remotely, by means of communication and exchanges
► locally, by a operator using a Graphical User Interface (GUI)
► a combination of both above.
Each application of information system hosts using the CDP device has a base key and security settings that are specific on the CDP device. Remote administration functions can be implemented by each host (back office) information system application, which is connected to the CDP device. The distribution of the administration functions between the local operator and the back office application depends on the features supported by this application.
The Man / Machine Interface offers the means to set up, configure, launch treatments and monitor the CDP device according to the profile of the active operator.
Access to the functions and rights of the operators according to their profile are managed by the access rights policy implemented by the CDP device application Super-Administrator.
The CDP device receives batch files, processes, and sends response to the corresponding sender of the batch files.
The CDP device receives command files, puts them on hold but does not process them.
Related resources and products
Compliant, flexible and innovative, our Hardware Security Module (HSM) range brings to companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands.
Factsheet: Cryptographic Data Preparation
The Cryptographic Data Preparation (CDP) device, security coprocessor manages the creation and security of EMV smart card personalization elements.
Other produits : Hardware Security Module HSM
Certified high security, the Hardware Security Module Trustway product range brings to companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands (GDPR, HIPAA, PCI DSS, eIDAS..).