Generate and secure EMV card personalization elements in your infrastructure
Atos offers the Cryptographic Data Preparation (CDP) device, a security co-processor that manages the creation and security of EMV smart card personalization elements for banking and financial institutions.
The CDP device is a physical system that consists of a Linux rack-mounted server connected to a cryptographic security device (Trustway Crypt2pay HSM) by a dedicated Ethernet link.
Follow or contact us:
Banking specialist
Through a network of recognized partners, Atos takes an active part in the implementation of complete payment systems with noteworthy providers such as ACI Worldwide, Worldline, eFunds, SOPRA Banking Software and S2M. Many global banks and card management centers already rely on Atos technology and experience.
Certifications
Through its products, Atos has been recognized as an EMV provider by Visa and MasterCard International.
Services
With more than 30 years of experience in security, Atos Big Data & Security (BDS) has acquired extensive expertise in the field of electronic banking. Atos BDS teams can provide banking institutions with global consulting, integration, maintenance and support services.
Product functionality
► 4 to 12 digit PIN generation
► ISO-0 PIN block encryption for storage
► PIN block export for transfer in ISO-0, ISO-2 or ISO-3 format
► Import of PIN block format ISO-0, ISO-2 or ISO-3 for storage in ISO-0 format
► Computation of cryptographic elements for the ISO-2 track and its smart card equivalent: algorithms IBM3624, PVV, CVV/CVC CVV’/CVC’, CVV2/CVC2, iCVV/iCVC
► Computation of cryptographic elements for smart card: IVCVC3, DAC, derived master personalization key and EMV issuer keys, signature of EMV data (SDA), RSA smart card generation, certification of smart card public keys
► Encryption of EMV data groups
► Computation or control of MAC
► 1, 2 or 3 levels of key for PIN block transfer
Technical performance
► Nominal performance: 50,000 cards in 30-60 minutes
► File capacity : 200,000 cards
Security
► Secure access through the original input data control and differentiation of operator profiles: Operator, Administrator, Security Officer, Super Administrator
Network connected to one or more systems or computers, the CDP device safely performs cryptographic processing implemented in the process of preparing EMV smart card personalization data. The CDP device can be shared across multiple information system hosts. It may be managed:
► remotely, by means of communication and exchanges
► locally, by an operator using a Graphical User Interface (GUI)
► or a combination of both
Each application of information system hosts using the CDP device has a base key and security settings that are specific on the CDP device. Remote administration functions can be implemented by each host (back-office) information system application, which is connected to the CDP device. The distribution of administrative functions between the local operator and the back-office application depends on the features supported by this application.
The human/machine Interface offers the means to set up, configure, launch treatments and monitor the CDP device according to the active operator’s profile.
Access to the functions and rights of the operators according to their profile are managed by the access rights policy implemented by the CDP device application Super Administrator.
Processing Mode
The CDP device receives batch files, processes, and sends a response to the corresponding sender of the batch files.
Administration Mode
The CDP device receives command files, puts them on hold but does not process them.
Related resources and products
Factsheet
Cryptographic Data Preparation: Management of the creation and security of EMV smart card personalization elements
The Cryptographic Data Preparation (CDP) device, a security co-processor that manages the creation and security of EMV smart card personalization elements.
Brochure
Trustway HSM: Data Security – Choosing the right path through compliance
Compliant, flexible and innovative, our range of hardware security modules provides companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands.
Product range
Hardware Security Module (HSM): Trustway HSM product range
Certified high security, the Trustway hardware security module product range brings companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands like GDPR, HIPAA, PCI DSS, and eIDAS.