Scribd
Upload
326 views1 page

NetMATRIX TLE Specification

The NetMATRIX TLE specifications are summarized as follows: 1) It uses SHA-1 + RMAC for message integrity and 3DES for message confidentiality. 2) It uses separate encryption and MAC keys for each transaction to provide security. 3) Key storage is dependent on the terminal hardware and can be linked to a tamper-reactive mechanism inside the terminal. 3) The entire transaction message except for the 5 byte TPDU header is encrypted to provide full message security.

Uploaded by

Razvan Troie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
326 views1 page

NetMATRIX TLE Specification

The NetMATRIX TLE specifications are summarized as follows: 1) It uses SHA-1 + RMAC for message integrity and 3DES for message confidentiality. 2) It uses separate encryption and MAC keys for each transaction to provide security. 3) Key storage is dependent on the terminal hardware and can be linked to a tamper-reactive mechanism inside the terminal. 3) The entire transaction message except for the 5 byte TPDU header is encrypted to provide full message security.

Uploaded by

Razvan Troie
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

NetMATRIX TLE Specifications

The specifications for NetMATRIX terminal line encryption solution is summarized


here:

No Item Solution Specifications Remarks


1 MAC Algorithm SHA-1 + RMAC Provides message integrity

2 Encryption Algorithm 3DES Provides message confidentiality

3 Key Differentiation Separate keys for ENC & Use different key for encryption and MAC
MAC

4 Key Usage Methodology Unique key per transaction Each transaction message will be encrypted
using different key

5 Key Storage in Terminal Software-based processing. The terminal key storage is terminal dependent.
Additional option of linking it Terminal vendor may implement storage by
to tamper reactive linking it to tamper-reactive mechanism provided
mechanism inside terminal on the particular terminal platform.
(dependant on Terminal
hardware and Terminal
vendor implementation)

6 Encrypted Data elements Full Message Encryption: Entire message (after 5 bytes TPDU header) will
be encrypted

7 Secure Key Injection Local & Remote Local and Remote via a Proxy Terminal (Key
Injector Device)

8 Direction Bi-directional Both upstream & downstream messages are


encrypted and MACed

9 Terminal Models Dependant on Bank and Terminal Line Encryption (TLE) customization
requires will be undertaken by respective Terminal
development/customization vendor.
on the Terminal

10 Network Environment Uplink to Host: TCP/IP Concentrator NAC (CNAC) uplinks to


Downlink from NACs: NetMATRIX TLE unit via TCP/IP. NetMATRIX
TCP/IP TLE unit connects to Credit Card Host via
TCP/IP

11 Channels Channel independent Provides “application layer” encryption, thus is


independent from the channel (e.g. dial-ups,
GPRS, lease line etc)

You might also like