HSM KEY CHANGE FLOW USING

THALES
 Arcitecture Transaction

Device (ATM/EDC) HSM Switching B

Bank DKI Switching Switching A Switching B

HSM Bank DKI HSM Switching A

Local Keys

Steps Of Thales payShield Manager

1. Prepared smart card

1 reader and smart card
payshield manager

2. Put smart card reader on

laptop. Open browser and
2 access https://<nama/ip
address HSM payshield
manager>

3. Login payShield Manager with PIN

3 on smart card reader on laptop

4. Choose Virtual Console

4
Local Keys

Generate Key HSM TMK and TPK Local

1. User generate Key with virtual console
payShield Manager. Run GC command. To
create TMK, use the key type 002. The 1 3 3. ATM Switching request generate
Outcome which is clear component, will TPK from HSM (A0 Command). The
become TMK clear/component. Then run FK Output is [TPK]LMK and [TPK]TMK.
command with Input TMK clear/component
use key type 002, and the output is
[TMK]LMK
Value of TMK[LMK] that stored in Bank 4. The output from A0
DKI Switching required for request Command which [TPK]LMK
2.TMK clear/component generate TPK with A0 command . stored in Database Bank DKI
injected to ATM, and Switching, Meanwhile
TMK[LMK] will be stored in [TPK]TMK stored in ATM
Switching Bank DKI.

2 4
2
TPK[LMK]
TMK Clear

4
TPK[TMK]

5. OnATM, [TPK]TMK decrypted under TMK

Value TPK[LMK] that stored
Clear so we get the TPK Clear. in Switching Bank DKI Switching Bank DKI
TPK Clear required for encrypted pinblock on
TPK Clear dan
required for verify pin to [TPK]LMK dan
ATM HSM
TMK Clear [TMK]LMK
Keys ATM Switching – Switching
If in the previous generated the TPK and TMK, well next we going to generate ZPK and ZMK.
TPK and TMK are key that used for local key transaction, example in house ATM Bank DKI,
Switching Bank DKI, and HSM Bank DKI. Whereas ZPK and ZMK is used for key transaction
between Bank DKI with Switching another bank.

1. Each Switching server generate ZMK clear/component on their hsm

(using command GC and key type 000). Number of ZMK
clear/component that will be generated according to the agreement
between switching Bank DKI and Switching A. for example,
1 Switching Bank DKI will generated ZMK clear/component 1 and 1
ZMK clear/component 2. Switching A will generated ZMK
clear/component 3.
Generate ZMK
Generate ZMK Switching Bank DKI Switching clear/comp 3
clear/comp 1 & ZMK
clear/comp 2
2. Bank DKI Team come to Switching A HSM. Switching A run FK Command using key type
000, then sequentially bank dki switching and switching A input the key clear/component from
2 each host. Bank DKI inputting ZMK clear/component 1 and ZMK clear/component 2, Switching A
inputting ZMK clear/component 3. Output of FK Command is ZMK[LMK] which stored on server
Switching A.
Switching A
Team Bank DKI ZMK[LMK]

Run FK command, input ZMK

clear/comp 1, 2 & 3

3. Team Switching Bank A come to Bank DKI Switching. Team Bank DKI run FK Command
3 using key type 000, then sequentially team Bank DKI and Team Switching A input the key
clear/component from each host. Bank DKI Inputting ZMK clear/component 1 and ZMK
Switching Bank DKI Team Switching clear/component 2, Switching A inputting ZMK clear/component 3. Output of FK command is
[ZMK]LMK ZMK[LMK] which stored on server Switching Bank DKI. Make sure key check value ZMK[LMK]
on point 2 and 3 are the same value.
Run FK command, input ZMK
clear/comp 1, 2 & 3
Keys ATM Switching – Switching
4. Next, Switching A will generate ZPK using A0 Command on Switching A
HSM. Output of the A0 Command is ZPK[ZMK] and ZPK[ZMK]. ZPK[LMK]
stored in Switching A whereas ZPK[ZMK] sent to Bank DKI Switching.
4
[ZPK]LMK
Switching A
Switching Bank DKI Value ZMK[LMK] required for run the A0
Sending [ZPK]ZMK Command when its switching to switching
ke Switching Bank
DKI

5. Bank DKI Switching receive ZPK[ZMK] from Switching A then import the key
using A6 Command. The output of A6 Command is ZPK[LMK] owned by Bank
DKI Switching. Make sure key check value of ZPK[LMK] from point 4 and 5 are
5 the same value.

Switching Bank DKI Switching A

[ZPK]LMK Value ZPK[ZMK] required for run the A6 Command

Imported key
(command A6)

6 So, Each host had [ZPK]LMK and

[ZMK]LMK.

Switching Bank DKI Switching

[ZPK]LMK [ZPK]LMK

[ZMK]LM] [ZMK]LM]
Keys ATM Switching A – Switching B
Key transaction between Switching A and Switching B are the same with key
transaction between Bank DKI Switching and Switching A before.

1. Each Switching server generate ZMK clear/component on their hsm

(using command GC and key type 000). Number of ZMK
clear/component that will be generated according to the agreement
between switching Bank DKI and Switching A. for example,
1 Switching A will generated ZMK clear/component 1 and ZMK 1
clear/component 2. Switching B will generated ZMK clear/component
3.
Generate ZMK
Generate ZMK Switching A Switching B clear/comp 3
clear/comp 1 & ZMK
clear/comp 2
2. Team Switching A come to Switching B HSM. Switching B run FK Command using key type
000, then sequentially switching A and switching B input the key clear/component from each host.
2 Switching A inputting ZMK clear/component 1 and ZMK clear/component 2, Switching B
inputting ZMK clear/component 3. Output of FK Command is ZMK[LMK] which stored on server
Switching B.
Switching B
[ZMK]LMK
Team Switching A
Run FK command, input ZMK
clear/comp 1, 2 & 3

3. Team Switching B come to Switching A. Team Switching A run FK Command using key type
3 000, then sequentially team Switching A and Team Switching B input the key clear/component
from each host. Switching A Inputting ZMK clear/component 1 and ZMK clear/component 2,
Switching A Team Switching B Switching B inputting ZMK clear/component 3. Output of FK command is ZMK[LMK] which
[ZMK]LMK stored on server Switching A. Make sure key check value ZMK[LMK] on point 2 and 3 are the
same value.
Run FK command, input ZMK
clear/comp 1, 2 & 3
Keys Switching A – Switching B
4. Next, Switching B will generate ZPK using A0 Command on Switching B
HSM. Output of the A0 Command is ZPK[ZMK] and ZPK[ZMK]. ZPK[LMK]
stored in Switching A whereas ZPK[ZMK] sent to Switching A.
4
[ZPK]LMK Value ZMK[LMK] required for run the A0
Switching A Switching B Command when its switching to switching

Sending [ZPK]ZMK to
Switching A

5. Switching A receive ZPK[ZMK] from Switching B then import the key using
5 A6 Command. The output of A6 Command is ZPK[LMK] owned by Switching A.
Make sure key check value of ZPK[LMK] from point 4 and 5 are the same value.

Switching A Switching B
[ZPK]LMK
Value ZPK[ZMK] required for run the A6 Command

Imported key
(command A6)

6 So, Each host had [ZPK]LMK and

[ZMK]LMK.

Switching A Switching B

[ZPK]LMK [ZPK]LMK

[ZMK]LMK [ZMK]LMK
 Key Transaction Process
Value ZPK[LMK] source, PVK[LMK],
and PINBLOCK (12 digits account
number excluded 1 digit behind)
required for run the EA Command

Device (ATM/EDC) Bank B HSM

1. Send PINBLOCK
encrypted with TPK Clear to verify a PIN with
Bank DKI Switching. (we got ZPK (Command
TPK Clear from TPK[TMK]
EA)
decrypted under TMK Clear
on device)

𝑃𝐼𝑁𝐵𝐿𝑂𝐶𝐾𝑍𝑃𝐾 𝑃𝐼𝑁𝐵𝐿𝑂𝐶𝐾𝑍𝑃𝐾

Bank DKI Switching

Switching A Switching B

2. Transalate [Pinblock] TPK 3. Transalate [Pinblock] ZPK Bank

Bank DKI Switching to DKI Switching to [Pinblock] ZPK
[Pinblock]ZPK Bank DKI Switching A on HSM (Command
Switching on HSM (Command CC)
CA)

Value TPK[LMK], Value ZPK[LMK] source,

ZPK[LMK],and PINBLOCK ZPK[LMK] destination,and
Bank DKI HSM LKM that stored in Switching PINBLOCK required for run
Bank DKI required for run Switching A HSM LMK the CC Command
the CA Command