Versions Compared

Old Version 11

changes.mady.by.user IT-ADMIN G

Saved on

compared with

New Version 12

changes.mady.by.user Yan Mu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...


ID TECH is a KIF (Key Injection Facility). We currently have more than one hundred production keys. Every Key we manage has an ID TECH part number (i.g. IDT-KEYINJ-D01). If you need a unit injected with the specific key, an ID TECH sales person will be able to tell you if the key is already managed by ID TECH or if the key will need to be transferred to ID TECH via a Secure Key Transfer process.

...


If you have a reader and you are not sure if it has been injected, you can look for the IDT_-KEYINJ sticker like shown below:

...

You can also look at the KSN (key serial number). This 10 Byte hex number is always available in plain text with any encrypted data. If the KSN begins with 629949, then it is a key ID TECH created and very likely injected into your reader. You can let us know the KSN and we can share what can be learned from it. Also, we can look up the readers reader's sales history using the serial number on the reader. Often we can track down the sales invoice that may include key injection service that specifies the key to be injected

...

Can the customer inject the encryption key by themselves?

Unless the product support RKIsupports the RKI (Remote Key Injection), only a Certified Key Injection Facility can inject the encryption key.

...

Refer to TS-1938 & TS-9219

image006.jpg



Can you show me how to decrypt the encrypted data or provide the decryption Dll used by your Demo?

...

Search the Knowledge Base for

...

several articles on how to perform decryption. Note: Encryption/

...

Decryption with production keys happens

...

within an HSM (hardware security module). You can perform decryption with a reader that was injected with a demo key instead of a production key.


Do you provide the key generating service?

Yes. Please contact our Sales team.

Can SecuRED and SREDKey be remotely key injected?

...

On some readers you can... For example, many VivoPay readers allow for this. PCI certified SRED devices and NGA readers like Augusta, Spectrum Pro, MiniSmartII do not.

...

Augusta takes the following settings (and needs the the ID-80000001-007 converter cable)

  • 9600 Baud
  • 8 data bits
  • N parity
     
    Firmware version of your HSM will need to support IDTECH NGA protocol.  And a LCL KEK must be created for the 3rd party key injection party to be able to inject our Augusta

...

The LCL-KEK or Local key injection key is present in all current emv readers. It is designed to prevent unauthorized key injection/modification. When performaing performing key injection the HSM must validate the lclLCL-kekKEK. ie the reader's stored LCL-KEK will need to also exist on the injecting HSM system. A KTK or a key transport key is used to protect a key while in transport. The KTK must get transferred to your HSM in multiple compnents components first. However, once that's done, then we can send keys encrypted with the KTK. This is far simpler than spiting the key, sending to 2 diffent different recipients via 2 different carriers.

For K100,  Is there a way to check whether a unit has the Production

...

LCL-KEK or the Demo

...

LCL-KEK loaded? If yes, how to do so?

Refer to TS-8585

You can use command "Get Key status"(78 46 25) to get the key status with uDemo

Where can I find out the correct key injection cable and protocol for injecting an IDTECH product (Internal Only)?

Spreadsheet (80096701 file) in the Key Management folder on the Snap server

...