ID TECH Key Injection Facility and Service

...

A KSN is 10 bytes fixed. It starts with the 3 bytes(6 digits, e.g. 629949 for our Demo key) IIN (Issuer Identification Number), and the next byte(2 digits) is the Customer ID which is fixed too, the next byte(two digits) is the Group ID (varies), next 19 bits is the Device ID which is unique to each device and the last 21 bits is the counter which increases by 1 for every swipe. You can tell the key is different by the first few bytes of the KSN. 

Example:

KSN: 62994900750003c0000f (as highlighted in the screenshot attached below)
Where:
IIN: 629949
CID: 00
Group ID: 75
Device ID: 0000 0000 0000 0011 110 ( 19 bit in binary) This is from the hex code 00003c with the last bit of the "c" going to the Counter field
Counter: 0 0000 0000 0000 0000 1111 (21 bits in binary) This is the last bit of the hex "c" plus the hex "0000f"

...

How to tell if the Augusta has an encryption key injected and how to activate the encryption with the key pre-injected?

...

Can you show me how to decrypt the encrypted data or provide the decryption dll used by your Demo?

...

What's the key press sequence to put the SREDKey into the KeyInjection mode?

" # Cancel  BS  Cancel  Enter  #" within 5 seconds after the device powered up with Ready displayed (for SREDKey)

What's the key injection protocol and converter cable for Augusta?

Augusta takes the following settings (and needs the ID-80000001-007 converter cable note: rev C and higher are required for FutureX 6. x) 

• 9600 Baud

• 8 data bits

• N parity

The firmware version of your HSM will need to support IDTECH NGA protocol.  And LCL-KEK must be requested/transferred for the 3rd party key injection facilities to be able to inject our Augusta readers with production keys

...

The LCL-KEK or Local Key Encryption Key is present in all current EVM readers. It is designed to prevent unauthorized key injection/modification. When performing key injection the HSM must validate the LCL-KEK. ie the reader's stored LCL-KEK will need to also exist on the injecting HSM system. A KTK or a Key Transport Key is used to protect a key while in transport. The KTK must get transferred to your HSM in multiple components first. However, once that's done, then we can send keys encrypted with the KTK. This is far simpler than spiting the key, and sending them to 2 different recipients via 2 different carriers.

For K100,  is   is there a way to check whether a unit has the Production LCL-KEK or the Demo LCL-KEK loaded? If yes, how to do so?

You can use the command "Get Key status"(78 46 25) to get the key status with the dotNET SDK Demo (aka uDemo).

Where can I find out the correct key injection cable and protocol for injecting an ID TECH product?

...

Key Component: 2 of 2
Check Digit: 8F9627
Key Component: 1AA1B5676BF243736B45DF9840B5A8B3

How does one split / combine cryptographic keys?

Related Articles: