The KeyBRIDGE Point of Interaction (POI) platform is a vendor agnostic solution that performs both DUKPT and MK/SK key injection for payment terminals and peripheral devices. This use case supports compliant key injection for devices that must be managed in a secure facility where physical access controls are relied upon for the establishment of a new key that has no other basis for trust, other than the dual control, split knowledge, and chain of custody achieved through external process and procedure.
Full support for all key types, including but not limited to DUKPT (PIN, MAC, or Data), standard E2E keys, KEKs, Master Session methods as well as alternative derivation techniques. The platform streamlines key injection operational efficiency while automatically capturing all relevant audit log details that can be exported and validated with ease, further reducing overhead associated with audit cycles. KeyBRIDGE is now deployed to support key injection for both TDES DUKPT as well as AES DUKPT.
With POI, keys are delivered from KeyBRIDGE over a connected interface such as USB, Serial, or Ethernet to a target device. In some instances, a clear key may traverse this interface because of the additional policies and procedures that govern the operation of the secure room where this activity is performed. The KeyBRIDGE appliance augments these policies and procedures by enforcing the concepts of dual control and split knowledge, with extensive audit logging to capture each action that is performed. All activities can be reliably traced to at least two unique personnel, while system managers have greater granular flexibility to assign unique role based access controls.
The KeyBRIDGE appliance supports the majority of PED manufacturers in the marketplace with over 300 certified POI devices today. These devices with unique protocols are custom developed to ensure that every key delivered can be traced to a manufacturer, unique model, device serial number, and additionally configurable meta-data elements. The KeyBRIDGE appliance allows for the concurrent connection of sixteen unique devices. Injection profiles are configurable that allow a user to inject upwards of thirty keys to a single device in as few as four mouse-clicks.
Additional features that can be licensed include:
We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.
Subscribe now