Key Management KEY-UP II & III units provide total facilities to create, store and secure the following DES keys:
Master File Key (MFK)
An MFK is injected into the module at initialization and never utilized outside the unit. It is used for encryption of other keys to be used by KEY-UP II. Encrypted keys may be stored on the host database or on KEY-UP II's internal table.
Key Exchange Key (KEK)
A KEK is required for each pair of processors that will be in communication. It is used to encrypt and decrypt the "working keys" the pair will need to share. KEY-UP II generates a KEK for manual injection into the remote processor. The identical key is encrypted under the MFK for local storage.
ATM Keys
Used for key management by ATMs. These keys can be generated by KEY-UP II, but are manually loaded into the ATM.
Working Keys
This includes keys for PIN encryption/decryption (KPE), PIN verification (KPV), message authentication (KMAC) and data encryption (KC). Except for KPVs, which are predetermined, working keys are automatically generated as needed, distributed through the network under the KEKs and stored on the host database, encrypted under the MFK.
