SlideShare ist ein Scribd-Unternehmen logo

Ghl systems net matrix terminal line encryption 2009 2010

Alex Tan
Alex Tan

NetMATRIX (Multi-Application Transaction Routing and Identification eXchange) Terminal Line Encryption - is the complete solution for banks wishing to introduce terminal line encryption into their existing POS network infrastructure.

1 von 53
Downloaden Sie, um offline zu lesen
Agenda
PAYMENT & SECURITY TRENDS
E2EE: What is it? “…is defined as the continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination.…” Computer Desktop Encyclopedia
E2EE: The story so far… Smart Card Alliance Sept 2009
KEY CONCEPTS OF TLE
en·cryp·tion /-'krip-sh&n/ In cryptography, encryption, is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (Wikipedia)
MAC-ing is the process of “fingerprinting” data to allow any tampering to be detected, where the fingerprint is encrypted so only Sender/Receiver can form a real MAC and thus, allowing the receiver to authenticate & verify the message Message Authentication Code
THE MALAYSIAN EXPERIENCE
Real Tapping Threats
Wire tapping threats
A brief look at history…
The Line Encryption Working Group
Design Parameters
Key Considerations
Minimum Data Encryption Requirements Encrypted Data Elements 1. CVV 2. CVV and PAN / Track2 Terminal Key Storage 2 2 4 2 3 4 1. Outside secure module 2. Within tamper reactive module MAC algorithm Key Usage Methodology ENC algorithm 1. Unique-key-per-terminal 2. Unique-key-per-session-per-term Key Differentiation 3. Unique-key-per-transaction Key Usage 4. Derived Unique Key Per Txn (DUKPT) Key Storage Key Differentiation 1. Same key for ENC & MAC ENC Data elements 2. Different key for ENC & MAC Encryption Algorithm 1. TEA – Tiny Encryption Algorithm 2. DES – Data Encryption Standard Highest Score: 2-2-4-2-3-4 3. 3DES/AES Lowest Score: 1-1-1-1-1-1 MAC Algorithm 1. No MAC 2. CRC32 + MAC 3. CRC32 + RMAC 4. SHA-1 + RMAC, or SHA-1 + AES MAC
General Approaches Host-based NAC-based Interception-based Host Host Host HSM SNAC NAC NAC NAC NAC NAC NAC NAC
THE RESULTS
The Results… Source: Visa VPSS Payment Security Bulettin, 2006
The Results… Source: Visa VPSS Payment Security Bulettin, 2006
The Results… Source: Visa VPSS Payment Security Bulettin, 2006
The Results… Source: Visa VPSS Payment Security Bulettin, 2006
The Results…
Payments: The story today… Source: BNM, 2009 Financial Stability and Payment Systems Report 2008
Payments: The story today “…(card fraud) losses continued to be insignificant, accounting for less than 0.04% of total card transactions during the year.”
PAYMENT SECURITY MYTHS
Encryption Myths
Summary: Considerations for TLE Addresses all threats Addresses Implementation issues Addresses Deployment Issues Addresses Administration Issues Multi-channel & multi-device Support Vendor Independence Performance Cost-Effective Remote Key Injection
Additional References 1. The Smart Card Alliance (http://www.smartcardalliance.org/) 2. PCI Security Standards Council (https://www.pcisecuritystandards.org/) 3. Visa Best Practices, Data Field Encryption Version 1.0 (http://corporate.visa.com/_media/best-practices.pdf) 4. Secure POS Vendors Association (http://www.spva.org/index.aspx) 5. GHL Systems (http://www.ghl.com/netMATRIX )
Net MATRIX Terminal Line Encryption
“Typical” Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host Issuing Switching NAC Bank Host 160 Message Remote NAC Remote NAC EDC Terminals
Encrypted Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message NetMATRIX TLE NII: Issuing 161 Bank Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
Encrypted Transaction Flow II Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message Issuing NetMATRIX TLE NII: Bank 161 Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
                  
Accolades & Accomplishments
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010

Empfohlen

Smart Wifi Dustbin System
Smart Wifi Dustbin SystemSmart Wifi Dustbin System
Smart Wifi Dustbin System
IJARIIT
 
Iot based acquaponic system (dsd)
Iot based acquaponic system (dsd)Iot based acquaponic system (dsd)
Iot based acquaponic system (dsd)
fahima meem
 
IoT enabled automatic aquaponics system
IoT enabled automatic aquaponics systemIoT enabled automatic aquaponics system
IoT enabled automatic aquaponics system
Nishmi Suresh
 
153285580 lld-template
153285580 lld-template153285580 lld-template
153285580 lld-template
jax100
 
Virtual Network Computing
Virtual Network ComputingVirtual Network Computing
Virtual Network Computing
rojalina nanda
 
Smart aquarium project
Smart aquarium projectSmart aquarium project
Smart aquarium project
Express News
 
2023 State of Network Automation Survey Results - NANOG 88
2023 State of Network Automation Survey Results - NANOG 882023 State of Network Automation Survey Results - NANOG 88
2023 State of Network Automation Survey Results - NANOG 88
Chris Grundemann
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 

Empfohlen

Smart Wifi Dustbin System
Smart Wifi Dustbin SystemSmart Wifi Dustbin System
Smart Wifi Dustbin System
IJARIIT
 
Iot based acquaponic system (dsd)
Iot based acquaponic system (dsd)Iot based acquaponic system (dsd)
Iot based acquaponic system (dsd)
fahima meem
 
IoT enabled automatic aquaponics system
IoT enabled automatic aquaponics systemIoT enabled automatic aquaponics system
IoT enabled automatic aquaponics system
Nishmi Suresh
 
153285580 lld-template
153285580 lld-template153285580 lld-template
153285580 lld-template
jax100
 
Virtual Network Computing
Virtual Network ComputingVirtual Network Computing
Virtual Network Computing
rojalina nanda
 
Smart aquarium project
Smart aquarium projectSmart aquarium project
Smart aquarium project
Express News
 
2023 State of Network Automation Survey Results - NANOG 88
2023 State of Network Automation Survey Results - NANOG 882023 State of Network Automation Survey Results - NANOG 88
2023 State of Network Automation Survey Results - NANOG 88
Chris Grundemann
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
Anwesh Dixit
 
SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)
NAIM Networks, Inc.
 
WIRELWIRELESS INTEGRATED NETWORK SENSORS
WIRELWIRELESS INTEGRATED NETWORK SENSORSWIRELWIRELESS INTEGRATED NETWORK SENSORS
WIRELWIRELESS INTEGRATED NETWORK SENSORS
Deepak Kumar Mohapatra
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
CoreStack
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
Robb Boyd
 
Embedded based home security system
Embedded based home security systemEmbedded based home security system
Embedded based home security system
NIT srinagar
 
WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Original Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&Omega
Original Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&OmegaOriginal Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&Omega
Original Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&Omega
AUTHELECTRONIC
 
F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!
Niasta Learning
 
Home security system
Home security system Home security system
Home security system
ABHIJITPATRA23
 
Wireless lan security
Wireless lan securityWireless lan security
Wireless lan security
Ankit Anand
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentation
Azhar Khuwaja
 
Enterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WANEnterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WAN
Toshal Dudhwala
 
Water level monitoring system
Water level monitoring systemWater level monitoring system
Water level monitoring system
Gaurav kumar rai - student
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
What is SASE
What is SASEWhat is SASE
What is SASE
Adi Ruppin
 
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxNSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptx
Atif Raees
 
The case for vm based cloudlets in mobile computing
The case for vm based cloudlets in mobile computingThe case for vm based cloudlets in mobile computing
The case for vm based cloudlets in mobile computing
Asanka Nissanka
 
GSM Based climate Monitoring System for Agriculture
GSM Based climate Monitoring System for AgricultureGSM Based climate Monitoring System for Agriculture
GSM Based climate Monitoring System for Agriculture
Lokesh K N
 
Vsat systems
Vsat systemsVsat systems
Vsat systems
RAVIKIRAN ANANDE
 
microcontroller based controlled irrigation system for plantation
microcontroller based controlled irrigation system for plantationmicrocontroller based controlled irrigation system for plantation
microcontroller based controlled irrigation system for plantation
Rohithasangaraju
 
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
Alex Tan
 
Derived Unique Token per Transaction
Derived Unique Token per TransactionDerived Unique Token per Transaction
Derived Unique Token per Transaction
Priyanka Aash
 

Weitere ähnliche Inhalte

Was ist angesagt?

TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
Robb Boyd
 
Water level monitoring system
Water level monitoring systemWater level monitoring system
Water level monitoring system
Gaurav kumar rai - student
 
GSM Based climate Monitoring System for Agriculture
GSM Based climate Monitoring System for AgricultureGSM Based climate Monitoring System for Agriculture
GSM Based climate Monitoring System for Agriculture
Lokesh K N
 
microcontroller based controlled irrigation system for plantation
microcontroller based controlled irrigation system for plantationmicrocontroller based controlled irrigation system for plantation
microcontroller based controlled irrigation system for plantation
Rohithasangaraju
 

Was ist angesagt? (20)

SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)SDN입문 (Overlay and Underlay)
SDN입문 (Overlay and Underlay)
 
WIRELWIRELESS INTEGRATED NETWORK SENSORS
WIRELWIRELESS INTEGRATED NETWORK SENSORSWIRELWIRELESS INTEGRATED NETWORK SENSORS
WIRELWIRELESS INTEGRATED NETWORK SENSORS
 
Introduction to SDN and NFV
Introduction to SDN and NFVIntroduction to SDN and NFV
Introduction to SDN and NFV
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
 
Embedded based home security system
Embedded based home security systemEmbedded based home security system
Embedded based home security system
 
WPA2
WPA2WPA2
WPA2
 
Original Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&Omega
Original Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&OmegaOriginal Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&Omega
Original Mosfet Driver AO4407A 4407A 4407 SOP-8 New Alpha&Omega
 
F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!F5 LTM Course by NIASTA Learning!
F5 LTM Course by NIASTA Learning!
 
Home security system
Home security system Home security system
Home security system
 
Wireless lan security
Wireless lan securityWireless lan security
Wireless lan security
 
SDN Fundamentals - short presentation
SDN Fundamentals - short presentationSDN Fundamentals - short presentation
SDN Fundamentals - short presentation
 
Enterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WANEnterprise WAN Evolution with SD-WAN
Enterprise WAN Evolution with SD-WAN
 
Water level monitoring system
Water level monitoring systemWater level monitoring system
Water level monitoring system
 
Wlan security
Wlan securityWlan security
Wlan security
 
What is SASE
What is SASEWhat is SASE
What is SASE
 
NSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptxNSX-T Architecture and Components.pptx
NSX-T Architecture and Components.pptx
 
The case for vm based cloudlets in mobile computing
The case for vm based cloudlets in mobile computingThe case for vm based cloudlets in mobile computing
The case for vm based cloudlets in mobile computing
 
GSM Based climate Monitoring System for Agriculture
GSM Based climate Monitoring System for AgricultureGSM Based climate Monitoring System for Agriculture
GSM Based climate Monitoring System for Agriculture
 
Vsat systems
Vsat systemsVsat systems
Vsat systems
 
microcontroller based controlled irrigation system for plantation
microcontroller based controlled irrigation system for plantationmicrocontroller based controlled irrigation system for plantation
microcontroller based controlled irrigation system for plantation
 

Ähnlich wie Ghl systems net matrix terminal line encryption 2009 2010

NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
Alex Tan
 
Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...
Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...
Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...
TUESDAY Business Network
 
Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Nate Lawson
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase
 

Ähnlich wie Ghl systems net matrix terminal line encryption 2009 2010 (20)

NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
NetMatrix TLE Terminal Line Encryption. SPVA certified, DUKPT, 3DES, DES, AES...
 
Derived Unique Token per Transaction
Derived Unique Token per TransactionDerived Unique Token per Transaction
Derived Unique Token per Transaction
 
Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012
 
Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...
Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...
Zranitelnost čipových platebních karet jako příklad on-line hrozby - Tomáš Ro...
 
Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)Highway to Hell: Hacking Toll Systems (Blackhat 2008)
Highway to Hell: Hacking Toll Systems (Blackhat 2008)
 
Transaction MAC Feature
Transaction MAC FeatureTransaction MAC Feature
Transaction MAC Feature
 
OpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosOpenStack and OpenFlow Demos
OpenStack and OpenFlow Demos
 
Bloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server BrochureBloombase Spitfire Link Encryptor Server Brochure
Bloombase Spitfire Link Encryptor Server Brochure
 
New flaws in WPA-TKIP
New flaws in WPA-TKIPNew flaws in WPA-TKIP
New flaws in WPA-TKIP
 
Resilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential ModeResilience in the ZigBee Residential Mode
Resilience in the ZigBee Residential Mode
 
ATM
ATMATM
ATM
 
The Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on SecurityThe Potential Impact of Software Defined Networking SDN on Security
The Potential Impact of Software Defined Networking SDN on Security
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
EMV Credit Card Technology in Parking
EMV Credit Card Technology in ParkingEMV Credit Card Technology in Parking
EMV Credit Card Technology in Parking
 
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe LangloisAttacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
Attacking SS7 - P1 Security (Hackito Ergo Sum 2010) - Philippe Langlois
 
ACR88 product presentation by Advanced Card Systems Ltd.
ACR88 product presentation by Advanced Card Systems Ltd.ACR88 product presentation by Advanced Card Systems Ltd.
ACR88 product presentation by Advanced Card Systems Ltd.
 
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
Exploring Quantum Engineering for Networking by Melchior Aelmans, Juniper Net...
 
Spark-on-Yarn: The Road Ahead-(Marcelo Vanzin, Cloudera)
Spark-on-Yarn: The Road Ahead-(Marcelo Vanzin, Cloudera)Spark-on-Yarn: The Road Ahead-(Marcelo Vanzin, Cloudera)
Spark-on-Yarn: The Road Ahead-(Marcelo Vanzin, Cloudera)
 
Spark on YARN: The Road Ahead
Spark on YARN: The Road AheadSpark on YARN: The Road Ahead
Spark on YARN: The Road Ahead
 
Understanding senetas layer 2 encryption
Understanding senetas layer 2 encryptionUnderstanding senetas layer 2 encryption
Understanding senetas layer 2 encryption
 

Mehr von Alex Tan

NetAccess W1000 WAN transaction router GHL Systems
NetAccess W1000 WAN transaction router GHL SystemsNetAccess W1000 WAN transaction router GHL Systems
NetAccess W1000 WAN transaction router GHL Systems
Alex Tan
 
ATM Deployers Moving Towards Wireless Connectivity
ATM Deployers Moving Towards Wireless ConnectivityATM Deployers Moving Towards Wireless Connectivity
ATM Deployers Moving Towards Wireless Connectivity
Alex Tan
 
Netaccess introduction
Netaccess introductionNetaccess introduction
Netaccess introduction
Alex Tan
 
Net Access L 300 Training Slides
Net Access L 300 Training SlidesNet Access L 300 Training Slides
Net Access L 300 Training Slides
Alex Tan
 
Net Access L 200 Training Slides
Net Access L 200 Training SlidesNet Access L 200 Training Slides
Net Access L 200 Training Slides
Alex Tan
 
Net access web page configurations
Net access web page configurationsNet access web page configurations
Net access web page configurations
Alex Tan
 
Ghl systems net access w & n series presentation sept 2009 for wnb
Ghl systems net access w & n series presentation sept 2009 for wnbGhl systems net access w & n series presentation sept 2009 for wnb
Ghl systems net access w & n series presentation sept 2009 for wnb
Alex Tan
 
Ghl net access_deployments_presentation_-_ikea_case_study
Ghl net access_deployments_presentation_-_ikea_case_studyGhl net access_deployments_presentation_-_ikea_case_study
Ghl net access_deployments_presentation_-_ikea_case_study
Alex Tan
 
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
Alex Tan
 
Net access multi-lane_deployments_presentation
Net access multi-lane_deployments_presentationNet access multi-lane_deployments_presentation
Net access multi-lane_deployments_presentation
Alex Tan
 
Ghl systems may 2010
Ghl systems may 2010Ghl systems may 2010
Ghl systems may 2010
Alex Tan
 
Ghl success stories retail series aug 2010
Ghl success stories retail series aug 2010Ghl success stories retail series aug 2010
Ghl success stories retail series aug 2010
Alex Tan
 
Ghl success stories transportation series - mar 2010
Ghl success stories transportation series - mar 2010Ghl success stories transportation series - mar 2010
Ghl success stories transportation series - mar 2010
Alex Tan
 
Ghl systems customer success story zouk kl
Ghl systems customer success story zouk klGhl systems customer success story zouk kl
Ghl systems customer success story zouk kl
Alex Tan
 
Ghl systems customer success story shoemart
Ghl systems customer success story shoemartGhl systems customer success story shoemart
Ghl systems customer success story shoemart
Alex Tan
 
Net Access W & N Presentation, Switching NAC, Network transaction concentrato...
Net Access W & N Presentation, Switching NAC, Network transaction concentrato...Net Access W & N Presentation, Switching NAC, Network transaction concentrato...
Net Access W & N Presentation, Switching NAC, Network transaction concentrato...
Alex Tan
 
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
Alex Tan
 

Mehr von Alex Tan (20)

NetAccess W1000 WAN transaction router GHL Systems
NetAccess W1000 WAN transaction router GHL SystemsNetAccess W1000 WAN transaction router GHL Systems
NetAccess W1000 WAN transaction router GHL Systems
 
ATM Deployers Moving Towards Wireless Connectivity
ATM Deployers Moving Towards Wireless ConnectivityATM Deployers Moving Towards Wireless Connectivity
ATM Deployers Moving Towards Wireless Connectivity
 
Netaccess introduction
Netaccess introductionNetaccess introduction
Netaccess introduction
 
Net Access L 300 Training Slides
Net Access L 300 Training SlidesNet Access L 300 Training Slides
Net Access L 300 Training Slides
 
Net Access L 200 Training Slides
Net Access L 200 Training SlidesNet Access L 200 Training Slides
Net Access L 200 Training Slides
 
Net access web page configurations
Net access web page configurationsNet access web page configurations
Net access web page configurations
 
Ghl systems net access w & n series presentation sept 2009 for wnb
Ghl systems net access w & n series presentation sept 2009 for wnbGhl systems net access w & n series presentation sept 2009 for wnb
Ghl systems net access w & n series presentation sept 2009 for wnb
 
Secure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - finalSecure ip payment networks what's available other than ssl - final
Secure ip payment networks what's available other than ssl - final
 
L 200 optimus payment data voice concentration of multiple downlink devices i...
L 200 optimus payment data voice concentration of multiple downlink devices i...L 200 optimus payment data voice concentration of multiple downlink devices i...
L 200 optimus payment data voice concentration of multiple downlink devices i...
 
NetMatrix TLE minimum data encryption guidelines end to end encryption termin...
NetMatrix TLE minimum data encryption guidelines end to end encryption termin...NetMatrix TLE minimum data encryption guidelines end to end encryption termin...
NetMatrix TLE minimum data encryption guidelines end to end encryption termin...
 
Ghl net access_deployments_presentation_-_ikea_case_study
Ghl net access_deployments_presentation_-_ikea_case_studyGhl net access_deployments_presentation_-_ikea_case_study
Ghl net access_deployments_presentation_-_ikea_case_study
 
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
 
Net access multi-lane_deployments_presentation
Net access multi-lane_deployments_presentationNet access multi-lane_deployments_presentation
Net access multi-lane_deployments_presentation
 
Ghl systems may 2010
Ghl systems may 2010Ghl systems may 2010
Ghl systems may 2010
 
Ghl success stories retail series aug 2010
Ghl success stories retail series aug 2010Ghl success stories retail series aug 2010
Ghl success stories retail series aug 2010
 
Ghl success stories transportation series - mar 2010
Ghl success stories transportation series - mar 2010Ghl success stories transportation series - mar 2010
Ghl success stories transportation series - mar 2010
 
Ghl systems customer success story zouk kl
Ghl systems customer success story zouk klGhl systems customer success story zouk kl
Ghl systems customer success story zouk kl
 
Ghl systems customer success story shoemart
Ghl systems customer success story shoemartGhl systems customer success story shoemart
Ghl systems customer success story shoemart
 
Net Access W & N Presentation, Switching NAC, Network transaction concentrato...
Net Access W & N Presentation, Switching NAC, Network transaction concentrato...Net Access W & N Presentation, Switching NAC, Network transaction concentrato...
Net Access W & N Presentation, Switching NAC, Network transaction concentrato...
 
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
NetAccess L-Series Payment Routers, Network transaction concentrator plug-and...
 

Ghl systems net matrix terminal line encryption 2009 2010

  • 1.
  • 4. E2EE: What is it? “…is defined as the continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination.…” Computer Desktop Encyclopedia
  • 5. E2EE: The story so far… Smart Card Alliance Sept 2009
  • 7. en·cryp·tion /-'krip-sh&n/ In cryptography, encryption, is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (Wikipedia)
  • 8. MAC-ing is the process of “fingerprinting” data to allow any tampering to be detected, where the fingerprint is encrypted so only Sender/Receiver can form a real MAC and thus, allowing the receiver to authenticate & verify the message Message Authentication Code
  • 12. A brief look at history…
  • 13. The Line Encryption Working Group
  • 16. Minimum Data Encryption Requirements Encrypted Data Elements 1. CVV 2. CVV and PAN / Track2 Terminal Key Storage 2 2 4 2 3 4 1. Outside secure module 2. Within tamper reactive module MAC algorithm Key Usage Methodology ENC algorithm 1. Unique-key-per-terminal 2. Unique-key-per-session-per-term Key Differentiation 3. Unique-key-per-transaction Key Usage 4. Derived Unique Key Per Txn (DUKPT) Key Storage Key Differentiation 1. Same key for ENC & MAC ENC Data elements 2. Different key for ENC & MAC Encryption Algorithm 1. TEA – Tiny Encryption Algorithm 2. DES – Data Encryption Standard Highest Score: 2-2-4-2-3-4 3. 3DES/AES Lowest Score: 1-1-1-1-1-1 MAC Algorithm 1. No MAC 2. CRC32 + MAC 3. CRC32 + RMAC 4. SHA-1 + RMAC, or SHA-1 + AES MAC
  • 17. General Approaches Host-based NAC-based Interception-based Host Host Host HSM SNAC NAC NAC NAC NAC NAC NAC NAC
  • 19. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 20. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 21. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 22. The Results… Source: Visa VPSS Payment Security Bulettin, 2006
  • 24. Payments: The story today… Source: BNM, 2009 Financial Stability and Payment Systems Report 2008
  • 25. Payments: The story today “…(card fraud) losses continued to be insignificant, accounting for less than 0.04% of total card transactions during the year.”
  • 28. Summary: Considerations for TLE Addresses all threats Addresses Implementation issues Addresses Deployment Issues Addresses Administration Issues Multi-channel & multi-device Support Vendor Independence Performance Cost-Effective Remote Key Injection
  • 29. Additional References 1. The Smart Card Alliance (http://www.smartcardalliance.org/) 2. PCI Security Standards Council (https://www.pcisecuritystandards.org/) 3. Visa Best Practices, Data Field Encryption Version 1.0 (http://corporate.visa.com/_media/best-practices.pdf) 4. Secure POS Vendors Association (http://www.spva.org/index.aspx) 5. GHL Systems (http://www.ghl.com/netMATRIX )
  • 30.
  • 31. Net MATRIX Terminal Line Encryption
  • 32.
  • 33.
  • 34.
  • 35.
  • 36. “Typical” Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host Issuing Switching NAC Bank Host 160 Message Remote NAC Remote NAC EDC Terminals
  • 37. Encrypted Transaction Flow Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message NetMATRIX TLE NII: Issuing 161 Bank Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
  • 38. Encrypted Transaction Flow II Acquiring Net MATRIX Bank Credit Card Host NII: 160 Acquiring Host 160 Enc Message Issuing NetMATRIX TLE NII: Bank 161 Switching NAC Host 161 Enc Message Remote NAC Remote NAC EDC Terminals
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.                  