You are on page 1of 31

HSM (Hardware Security Module)

HSM


HSM


HSM


2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

HSM


(Integrity)

(Confidentiality)

(Authentication)

(Non-repudiation)

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.




()

()
(
)
(Diversify)

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

()



()
(Personal Identify Number, PIN)
PIN Block
(PIN
Protection Key)PIN Block
953

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

()
(Message Authentication Code, MAC)


(Key Sync Check Item)

()

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

()

FISC
ATM

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

()
K1

K2

K3

Output

Input
E

Triple-DES Encryption
(K1 = K3) K2, Key Length 112 bits
K1 K2 K3, Key Length 168 bits
K1

Input

Output
E

Encryption
K1, Key Length 56 bits

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

10



()


()
Card Verification Value (CVV)Card Verification
Code (CVC)
()
(Card Verification Key, CVK)
Service Code
3

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

11

()
()
PIN Verification Value (PVV)
(PIN Verification Key, PVK)
4

()

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

12

()
()
Authorization Request Cryptogram (ARQC)

(Diversify)

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

13

()
UK-AC(L) = 3DES(MK-AC, 9937000001312000)
= 2F9752D23A2B708B
UK-AC(R) = 3DES(MK-AC, ~9937000001312000)
= 3DES(MK-AC, 66C8FFFFFECEDFFF)
= F4245DD9C25E8C89
OTmp = The last block of DES(UK-AC(L),
000000000128000000000000015880C00010000901071201409F1971
701C0001)
= C7F4200B4EA70AAF
ARQC = 3DES(UK-AC, OTmp 7B03A08000000000)
= 3DES(UK-AC, BCF7808B4EA70AAF)
= 2CAAEF006841ABED
MK-AC:Issuer Master Key-Authentication Cryptogram
UK-AC:User Key-Authentication Cryptogram

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

14



Financial Electronic Data Interchange (FEDI)




()

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

15

()

()

()

()

()

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

16

()

hash

hash

Compare ?
Decrypt

Encrypt

Private Key

Public Key

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

17

HSM

HSM

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

19




()


(HSM)



2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

20




()
HSM
HSM

HSM
HSM


2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

21

HSM

82

83

92
(CD/ATM)

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

22

HSM()



(Master Key)

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

23

HSM()
()

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

24

HSM

People



Technology

Process

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

26

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

27

()






2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

28


()

(Dual Control)


2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

29

()
()

()

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

30










(2)

2007/03//16

FINANCIAL INFORMATION SERVICE CO.,LTD.

31