New Post: Online Banking Authentication

November 22, 2014, 1:22 am

≫ Next: New Post: ATM Terminal Master Key - TMK

≪ Previous: New Post: Online Banking Authentication

$

0

0

Hi!

Ok, now I understand what actually you need.

You can encrypt the PIN-block by your software, but it is not the best practice from security point of view. The PIN-blocks will be transmited in encrypted manner over TCP/IP but you are able to access the key. You can make yous software ask 2/3 ZPK components to be entered during start up by 2/3 security officers, but the key will be accessible in the process (you are able to dump it).

The second way is to use HSM. But you will need to pass clear PIN to encrypt it

Why you do not use the code cards to authenticate users, eg. I have the card with 72 codes and when I am logging into my e-bank the authentication screes asks me to enter the code number X. Each time code number is different. It is very simple to create such authentication and you do not require to pass PINs over TCP/IP.

Regards,
Juris

---

New Post: ATM Terminal Master Key - TMK

November 22, 2014, 1:26 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: Online Banking Authentication

$

0

0

Hi,

No, ATMs stores keys in very secure manner and no one can access it. You can access only check values of the keys.

Regards,
Juris

New Post: "M2" comand returns error 35

November 23, 2014, 7:18 am

≫ Next: New Post: New in HSM

≪ Previous: New Post: ATM Terminal Master Key - TMK

$

0

0

I am working on data decryption with Thales HSM. For data decryption command "m2" is used.
But I am getting error: '35' : Illegal Message Format
Commands are bellow. That is wrong with my requests?
Request :
M2011100AU099AF4F0F998CE9D3720B9B23095E1B200000000000000000030C79B16C02A5208D916B954A414A66B2600E1976808376906
Response:
M335

I have tried to decrypt data by 8 bytes blocks, but then last block decryption fails:
Request:
M2011100AU099AF4F0F998CE9D3720B9B23095E1B216B954A414A66B26001000E1976808376906
Response:
M335

Thanks, Andrzej

New Post: New in HSM

November 24, 2014, 12:17 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

Can any one help me out how to use Thales Simulator.

New Post: "M2" comand returns error 35

November 24, 2014, 1:31 am

≫ Next: New Post: New in HSM

≪ Previous: New Post: New in HSM

$

0

0

Hi!

Send us pls QS console command outut. Probebly there is an issue with ZEK parameters.

Regards,
Juris

New Post: New in HSM

November 24, 2014, 1:34 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

Hi!

Just download, install it and configure paths in ThalesParametrs.txt file. By default Thales simulator uses 2 ports, 9997 for Console interface and 9998 for Host interface. If you have any Host applications running HSM it should be configured to use 9998 port.

Regards,
Juris

New Post: "M2" comand returns error 35

November 24, 2014, 1:38 am

≫ Next: New Post: How to interact with HSM using JAVA

≪ Previous: New Post: New in HSM

$

0

0

Hello,
Which settings are you interested in?
BR,
Andrzej

New Post: How to interact with HSM using JAVA

November 24, 2014, 2:11 am

≫ Next: New Post: How to interact with HSM using JAVA

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

Hi Juris,

I managed to send the commands to Simulator. But now i am unable to get any response from the simulator.
Everytime I am trying to execute a command, I am getting an EOF error. (Collections$RandomAccessList error)

Regards,
Amrutansu

---

New Post: How to interact with HSM using JAVA

November 24, 2014, 5:13 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: How to interact with HSM using JAVA

$

0

0

Hi!

Are you sure you want to execute HC command instead of NC?

HC command generates and exports the key of type 002 under the key of the same type (TMK / TPK / PVK). The HC command, except the command code requires the TMK key.

So, before use HC first generate the key of type 002 using KG console command or simply try the exaple command below:

HCU3F731898ABAB31614E2B108E1B366461

It should work for you if you are using default LMK provided with simulator.

Regards,
Juris

New Post: "M2" comand returns error 35

November 24, 2014, 5:16 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: How to interact with HSM using JAVA

$

0

0

Hi,

On different firmwares of HSM these settings was different, but the name of parameter(s) will be like that:

Enable ZEK/TEK encryption of ASCII data or Binary data or None

Regards,
Juris

New Post: "M2" comand returns error 35

November 24, 2014, 5:44 am

≫ Next: New Post: Unable to decrypt PIN block

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

Hi,
"Enable ZEK encryption of “Hex-only” ASCII chars" - property Enabled.

I want to notice that when I try to decrypt data (24 bytes) by 8 byte blocks, decryption of last block fails, while 2 previous blocks are decrypted successfully.
BR,
Andrzej

New Post: Unable to decrypt PIN block

November 24, 2014, 7:31 am

≫ Next: New Post: Unable to decrypt PIN block

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

So I managed to get the info:

1. They have shared ZPK under ZMK and ZPK under LMK with me.
2. The key has been exported under the 'U' scheme.
3. I have tried encrypting with both these keys and both haven't worked.
   

Hope that this is useful.

New Post: Unable to decrypt PIN block

November 25, 2014, 11:01 am

≫ Next: New Post: Unable to decrypt PIN block

≪ Previous: New Post: Unable to decrypt PIN block

$

0

0

I think it would be useful to mention that solutions which use JPOS library would be useful

New Post: Unable to decrypt PIN block

November 26, 2014, 1:40 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: Unable to decrypt PIN block

$

0

0

Hi,

When you import ZPK from under ZMT to LMK verify if you have the same check values for ZPK on your side and the opponent who have sent it to you. You can use CK console command for verification.

Regards,
Juris

New Post: "M2" comand returns error 35

November 26, 2014, 1:41 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: Unable to decrypt PIN block

$

0

0

Hi,

And what values are assigne to the other "ZEK" parameters?

Regards,
Juris

---

New Post: "M2" comand returns error 35

November 26, 2014, 2:08 am

≫ Next: New Post: New in HSM

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

Hi,
All ZEK - properties Enabled.
BR,
Andrzej

New Post: New in HSM

November 26, 2014, 4:09 am

≫ Next: New Post: Unable to decrypt PIN block

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

Could u please help me out how to check following items.

1. Creation of all the Key ZMK ,ZPK ,TMK
2. Pin Block
3. Posting Transaction with PIN Block.
   

Regards
kamal gupta

New Post: Unable to decrypt PIN block

November 26, 2014, 9:58 am

≫ Next: New Post: "M2" comand returns error 35

≪ Previous: New Post: New in HSM

$

0

0

I imported the ZPK under LMK using the IK command in JPOS but the key check value is different.

Here's the command I used
smconsole -lmk LMK_FILE IK ZPK:1U ZPK_VALUE ZMK:1U ZMK_VALUE KEY_CHECK_OF_ZMK

New Post: "M2" comand returns error 35

November 28, 2014, 12:55 am

≫ Next: New Post: Translating Pin Block Under ZPK

≪ Previous: New Post: Unable to decrypt PIN block

$

0

0

Hi,

Where are you receiving encrypted data from? Are you sure the 3rd party encrypts data the same way you are decrypting? You are decrypting in CBC mode.

Regards,
Juris

New Post: Translating Pin Block Under ZPK

December 22, 2014, 9:40 pm

≫ Next: New Post: Translating PIN Block Under Issuer ZPK using Thales Simulator

≪ Previous: New Post: "M2" comand returns error 35

$

0

0

Hi,

I would like to know how to translate a PIN Block under issuer ZPK.

1.What are all the steps required?
2.What are the commands needed to send to HSM?

Thanks in advance.