...

ID TECH Key Injection Facility and Service

ID TECH is a certified KIF (Key Injection Facility). We currently have more than one hundred production keys. Every Key we manage has an ID TECH part number (i.g. IDT-KEYINJ-D01). If you need a unit injected with the specific key, an ID TECH sales person salesperson will be able to tell you if the key is already managed by ID TECH or if the key will need to be transferred to ID TECH via a Secure Key Transfer process.

ID TECH has a service where we can create a new key. This service is referred to as a Key Generation service.

Cryptographic Keys are identified/validated by the KCV key check value. When we Transfer Keys, the Key will be split into components (usually 2. sometime 3) in our HSM. Each component will be handled separately... by separate operators. The components will be placed in tamper evident bags and shipped to different receiving parties via different carriers. All of this ensures that the Key never exists in whole outside the protection of an HSM.ID TECH also can accept new key through key transfer. For key transfer, it can be done through cryptogram transfer method or key component transfer method. The transfer procedure meets PCI security standard.  The cryptographic keys can be identified/validated by the KCV (Key Check Value).  

How to know with what key your reader is injected?

...

Key Component: 2 of 2
Check Digit: 8F9627
Key Component: 1AA1B5676BF243736B45DF9840B5A8B3 

How does one split / combine cryptographic keys?

...