Cryptographic Data Preparation Device

Enable EMV card personalization

Generate and secure EMV card personalization elements in your infrastructure

Atos offers the Cryptographic Data Preparation (CDP) device, a security co-processor that manages the creation and security of EMV smart card personalization elements for banking and financial institutions.

The CDP device is a physical system that consists of a Linux rack-mounted server connected to a cryptographic security device (Trustway Crypt2pay HSM) by a dedicated Ethernet link.

Atos-cybersecurity-ECB-carte-bancaire

Follow or contact us:
Linkedin | Twitter


Banking specialist

 

Through a network of recognized partners, Atos takes an active part in the implementation of complete payment systems with noteworthy providers such as ACI Worldwide, Worldline, eFunds, SOPRA Banking Software and S2M. Many global banks and card management centers already rely on Atos technology and experience.

 

Certifications

 

Through its products, Atos has been recognized as an EMV provider by Visa and MasterCard International.

 

Services

 

With more than 30 years of experience in security, Atos Big Data & Security (BDS) has acquired extensive expertise in the field of electronic banking. Atos BDS teams can provide banking institutions with global consulting, integration, maintenance and support services.

Product functionality

4 to 12 digit PIN generation
ISO-0 PIN block encryption for storage
PIN block export for transfer in ISO-0, ISO-2 or ISO-3 format
Import of PIN block format ISO-0, ISO-2 or ISO-3 for storage in ISO-0 format
Computation of cryptographic elements for the ISO-2 track and its smart card equivalent: algorithms IBM3624, PVV, CVV/CVC CVV’/CVC’, CVV2/CVC2, iCVV/iCVC
Computation of cryptographic elements for smart card: IVCVC3, DAC, derived master personalization key and EMV issuer keys, signature of EMV data (SDA), RSA smart card generation, certification of smart card public keys
Encryption of EMV data groups
Computation or control of MAC
1, 2 or 3 levels of key for PIN block transfer

Technical performance

Nominal performance: 50,000 cards in 30-60 minutes
File capacity : 200,000 cards

Security

Secure access through the original input data control and differentiation of operator profiles: Operator, Administrator, Security Officer, Super Administrator

Network connected to one or more systems or computers, the CDP device safely performs cryptographic processing implemented in the process of preparing EMV smart card personalization data. The CDP device can be shared across multiple information system hosts. It may be managed:
remotely, by means of communication and exchanges
locally, by an operator using a Graphical User Interface (GUI)
or a combination of both

Each application of information system hosts using the CDP device has a base key and security settings that are specific on the CDP device. Remote administration functions can be implemented by each host (back-office) information system application, which is connected to the CDP device. The distribution of administrative functions between the local operator and the back-office application depends on the features supported by this application.

The human/machine Interface offers the means to set up, configure, launch treatments and monitor the CDP device according to the active operator’s profile.

Access to the functions and rights of the operators according to their profile are managed by the access rights policy implemented by the CDP device application Super Administrator.

Processing Mode
The CDP device receives batch files, processes, and sends a response to the corresponding sender of the batch files.

Administration Mode
The CDP device receives command files, puts them on hold but does not process them.

Related resources and products

Factsheet

Cryptographic Data Preparation: Management of the creation and security of EMV smart card personalization elements

The Cryptographic Data Preparation (CDP) device, a security co-processor that manages the creation and security of EMV smart card personalization elements.

Atos Brochure Trustway_HSM hardware Security Module

Brochure

Trustway HSM: Data Security – Choosing the right path through compliance

Compliant, flexible and innovative, our range of hardware security modules provides companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands.

Atos cybersecurity Trustway HSM product range

Product range

Hardware Security Module (HSM): Trustway HSM product range

Certified high security, the Trustway hardware security module product range brings companies and critical infrastructures the reliability of an innovative and robust architecture in compliance with strict security demands like GDPR, HIPAA, PCI DSS, and eIDAS.

Interested in our Cryptographic Data Preparation Device?