Understanding the Role of
Hardware Data Encryption in
EMV and P2PE from the
CEO’s Perspective
Futurex. An Innovative Leader in
Encryption Solutions.
• For over 30 years, more than 15,000 customers worldwide • Hardware-based solutions with integrated applications
provide the highest levels of compliance and security
• Entrepreneurial culture, fostering agility and innovation in the development of hardware encryption solutions
• Results-oriented engineering team based in our U.S. Technology Campus, with significant experience
delivering First-to-Market Customer Initiatives
• Members of ANSI X9F and PCI Security Standards Council bodies, CTGA-certified Solutions Architects
Unique Perspective of Futurex
As a hardware data encryption provider, Futurex has a
unique perspective of security in card transactions.
Issuers: data preparation, personalization, validation
Device Manufacturers: Certificate Authority (CA) and key management
Merchant Service Providers: key management and CA
Merchants: transaction security and key management
Acquirers: processing encrypted data in transactions
Switches: processing encrypted data in transactions
Why Use Hardware Security Modules?
• Prevents insider attack
– Dual Control
– Split Knowledge
– Tamper Protection for Keys
– Encryption Key Management
• PCI Requirement (aka SCD)
• Certifications (FIPS, PCI HSM)
PCI Requirements for HSMs
PCI DSS Requirement HSM Coverage (*Summary)
#3.4 Render PAN unreadable… Encryption, decryption, tokenization #3.5 Protect any keys… FIPS 140-2 Level 3 Secure Cryptographic
Devices (SCDs) #3.6 Fully document and
implement…key-management
NIST approved pseudo random number generator (PRNG), use key encrypting keys, and protect all keys under the Master File Key.
#4.1 Use strong cryptography to protect cardholder data
Meet PCI requirements for strong cryptography.
* Full details provided in separate white paper.
“In addition, it is important to note that in EMV
environments the PAN is not kept confidential at
any point in the transaction, indeed, it is necessary
for the PAN to be processed by the point-of-sale
terminal in the clear in order to complete critical
steps in the EMV transaction process. The expiry
date and other cardholder data are also
transmitted in clear-text.”
Ref: PCI DSS Applicability in an EMV Environment – A Guidance Document October 2010
Attack Vectors in a Card Transaction
1. Card cloning attacks
Transaction Acquirer Payment Card Brand Point-of-Interaction Cardholder Card Issuer
“P2PE technology is complementary to EMV chip
technology, by providing an added layer of protection
against the threat of data breaches...”
Aug 2012 VISA Press Release on PR Newswire.2. Attacks internal to POI devices
3. Network attacks
4. System level attacks
A. Malware attacks
B. Attacks on applications and databases C. Attacks on backups/storages media
7
Role of HSM in EMV
Online Card Validation During Transaction
Data Preparation and Card Personalization
Role of HSM in EMV
Online Card Validation During Transaction
1.Authentication request from POI to issuer
Transaction Acquirer Payment Card
Brand
3. Response Cryptogram 1. Request Cryptogram
Card Issuer Point-of-Interaction Cardholder HSM/SCD Host 2 3
2. Issuer validates request
Role of HSM in EMV
Data Preparation and Card Personalization
Data Preparation
• Key generation for authentication
• Digital signatures for authentication and data integrity
• Standards-based PIN block creation for user authentication
Integrated Circuit Card (ICC) or Smart Card
Issuer Data Personalization Preparation
Personalization
• Key generation for confidentiality, authentication, and data integrity • Protection of sensitive personalization data
10
Role of HSM in P2PE
What is Point-to-Point Encryption?
Protecting Data In Transit: Device Key Management
Encryption, Decryption, Key Management, Tokens
What is Point-to-Point Encryption?
Point-to-Point Encryption (P2PE) is encryption of sensitive data at the Point-of-Interaction for secure transmission to a secure
boundary where it may be decrypted, re-encrypted or tokenized.
Host Application
HSM/SCD Point of Interaction
The Role of HSMs in P2PE
Protecting Data in Transit: Device Key Management
• HSM for compliant key generation
HSM/SCD
Secure Injection Facility
HSM/SCD
Datacenter Remote Device
• Key lifecycle management
• Remote or direct key injection
Generate Distribute Track Usage Backup Revoke Terminate Archive
Role of HSM in P2PE
Encryption, Decryption, Key Management & Tokens
• Encryption and Decryption
• Key Management
= Encryption/Decryption = Data At Rest
= Data In Transit Switch Host Merchant (POI) Acquirer Host DB HSM/SCD DB = Token
• Tokens
* Case Study available upon request
14
Role of HSM in EMV and P2PE Environments
Typical Architecture of HSMs
Services to Look for in an HSM Provider
What to Ask for when Selecting HSMs
Typical Architecture for HSMs
• Remote Access • Centralized Administration • High Availability • Redundant • Compliant • Secured • Customizable Primary Site HSM #1 HSM #2 Secure Management Server Redundant Failover HSM #1 HSM #2 Secure Management Server Secondary SiteDirect Load Balancing
Automatic Synchronization* (All devices designated as Production within group)
Remote Access Device
Exceptional Support
TR-39-certified and PCI Subject Matter Experts 24x7x365 Business Critical support
Exceptional Support Services • Training (virtual or onsite) • Customized consulting • Hosted solutions
• Certificate authority
• Hosted HSMs for development and testing • Customized solution development
