Региональный Центр Защиты Информации

русский

THE CRYPTOGRAPHIC PROTECTION COMPLEX M-529 (RMB)

m529The M-529 Russian Security Module (RMB) is intended to provide protection of information
in the Russian segment of the payment systems VISA and MasterCard with the use of Russian and international standards.

THE RMB SPECIFIC FEATURES

  • High efficiency of processing of payment transactions:
    - For the RMB-X1 model with Ethernet interface - 1200 trans/s
    (the similar RG 7100 model can provide processing of 180 trans/s);
    - For the RMB-X2 model with RS-232 interface - 60 trans/s
    (the similar RG 7400 model can provide processing of 10 trans/s).
  • Availability of an in-build console (keyboard and indicator) for entering console commands increases security of implementation of commands working with key information and requires no connection with the terminal.
  • Possibility of inclusion of an additional level of encryption using an algorithm provided by the Russian National Standard (GOST) 28147-89 increases security of processing of payment transactions.
  • Authentication of actions executed by operators, keeping of internal registration logbooks.
  • Availability of a differentiation system allowing access by operators to those operations that are deemed critical from the security viewpoint.


CONTENT OF THE SECURITY SUBSYSTEM OF THE RUSSIAN SEGMENT

  • RMB-X is connected to the HOST computer of an acquirer or emitter
  • RMB-B is installed in an ATM (reader + RIK)
  • RMB-T is installed in POS terminal slot as a SAM-module
  • Workstation CVRK is used for preparation of key information

THE RUSSIAN SEGMENT OF AN INTERNATIONAL PAYMENT SYSTEM


SUPPORTED FUNCTIONS

  • Hardware-based implementation of cryptographic algorithms of encoding DES/Triple DES, Russian state Standard (GOST) 28147-89;
  • Implementation of the function of MAC calculation according to algorithm X9.19;
  • Implementation of the function of HASH calculation according to algorithm Russian National Standard (GOST) P34.11-94;
  • Implementation of the function of electronic digital signature according to algorithm Russian National Standard (GOST) P34.10-94, RSA;
  • Generation of PIN-codes of the card holders;
  • Generation and checking of CVV and PVV;
  • Printing of PIN-envelopes;
  • Generation, distribution, and secure delivery of the keys;
  • Authentication of the system's employees and checking of authority on access to the equipment modes;
  • Procedure of authentification of transactions and checking of completeness of messages transmitted in the system by means of Russian National Standard (GOST) and DES/Triple DES.


COMPATIBILITY AND COMMANDS

  • Implemented in RMB domestic cryptographic standards can provide an additional shield of protection implemented after the use of foreign cryptographic standards;
  • The use of the payment system RMB requires no additional development of the software that supports business processes of the payment system;
  • RMB provides compatibility with the command system of the HSM module of the 5.05 version;
  • An additional level of encryption of the key information is provided on LMK for storage in the HOST-system database without changes in commands' format;
  • An additional level of PIN encryption is provided as well as protection against falsified data entry in the message transmitted between terminal equipment (ATM and POS) the frontal system without changes in the message format.


INTERFACE AND RMB ELEMENTS

RMB-X is a hacking-proof device that contains therein the following range
of interfaces and elements:

  • Interfaces with HOST computer Ethernet (TCP/IP, UDP/IP), RS232 (ASYNC);
  • RS 232 (ASYNC) interface for connection of the PIN-printer;
  • in-built keyboard for entering console commands;
  • two readers of smart cards intended for authorization of the system staff and operations on reading (writing) of the system master keys;
  • liquid crystal indicator for showing console commands and diagnostic messages;
  • RMB is constructively implemented as a separate unit with overall sizes 320?320?120 mm, voltage 220 V, 50 Hz, wattage 15 W.

COMAPATIBILITY WITH PAYMENT SYSTEMS


The compatibility checkups with the following systems have been conducted::

  • Unicard
  • TP II
  • OPEN WAY 4.

Checkups have been conducted in the following modes:

  • Emission of cards;
  • Authorization of payment transactions and checking of completeness of messages;
  • Printing of PIN-envelopes;
  • Generation and distribution of the key information

CONCLUSION OF THE WORKING GROUP OF FSB-VISA-SB OF THE RUSSIAN FEDERATION ON 13 NOVEMBER 2002

  1. The suggested solution of an imposed cryptographic protection system does not contradict with the VISA requirements, neither does it decrease the protection level of the Russian segment of the payment system, and provides execution of requirements, pertaining to use of the domestic information protection standards on the territory of the Russian Federation.
  2. An analysis of the level of technological and algorithmic solutions used in RMB-X reveals that currently there are no reasons preventing their sale on the Russian market and abroad.

USE OF RMB (M-529 AND M-529A) IN THE MOBILE BANK SYSTEM

SYSTEM OF CONFIDENTIAL MESSAGES DISPATCHING

The system is comprised of

  • Workstation CVRK (the M-529B product with the M-529A product)
  • Gateway of preparation and dispatching confidential SMS
  • Mobile telephones with downloaded Java midlet or application MobiBank for processing protected SMS



The Automated Workstation of the Centre of Keys Generation and Distribution (M-529B) device of the cryptographic protection complex of the VISA and MasterCard payment systems is a multifunctional item intended to generate the key information, its recording on transferable carriers for delivery to the objects of the system equipped with various cryptographic protection means. In particular, its use can generate the key information for mobile telephones with downloaded Java midlet or application MobiBank for processing SMS; it can also carry out a wide
range of functions to serve the key bearers (the technical service cards and authorization cards).

The M-529B device is a software-hardware system that can function on the basis of a PC and the M-529A device.


THE M-529B STRUCTURAL SCHEME (Workstation CVRK)


In the database of the M-529B device stored are the key cryptograms, data on registered maintenance cards of operators of the M-529 (M-529A) products, authorization cards, as well as manuals on these devices (HOST-systems, ATMs, POS-terminals, mobile telephones) and data on actions undertaken by operators of the M-529B device. Generation of keys for the M-529B devices can be conducted according to the Rules for the Use of the System of Software and Hardware Means of the Subsystem of Cryptographic Protection of the Russian Segment of VISA and MasterCard Payment Systems drawn up in an established order, according to requests made by the bank braches. The procedure of keys generation for the system of confidential SMS dispatching is executed at putting into service the new mobile telephone users as well as at conducting the procedure of scheduled and unscheduled keys change. Individual keys of users are generated as well as individual
transportation passwords of users, necessary transportation keys intended for delivery of users' keys to the gateway of preparation and dispatching of protected SMS.

The generated values of keys and passwords are entered on the following types
of carriers:

  • Printed out in the form of open components into several PIN-envelopes (from two to nine);
  • Printed out in the form of cryptograms into the PIN-envelope;
  • Recorded in the form of cryptograms on 3.5'' flexible magnetic disks or other external carriers with CD, Flash-memory, etc..

Printing into the PIN-envelopes is made on a PIN-printer connected directly with the M-529A device. Thus, the key information and passwords generated by the M-529A device with the use of hardware certified random numbers generator, cannot appear in an open form and may be
accessed only by the final user when either entering from the PIN-envelopes or after having entered a cryptogram and an appropriate password.

FUNCTIONING OF THE CVRK WORKSTATION IN THE MOBIBANK SYSTEM

Dispatching of personal parameters to users of the MobiBank system is conducted in the form of the protected SMS messages. The function of SMS composition is called into play by the gateway of preparation and dispatching of protected SMS; encryption of SMS using algorithm
Russian National Standard (GOST) 28147-89 is brought into action by the M-529 device connected to the gateway.
The gateway of preparation and dispatching SMS carries out composition of SMS messages when the given list of events comes to the system (changing of the account of the payment card owner); encryption SMS using algorithm Russian National Standard (GOST) 28147-89 is brought into play by the M-529 device connected with the gateway, then dispatching of encrypted SMS is put into effect.
Decryption of the received SMS containing personal parameters and information is carried into effect on the mobile telephones of the system users with downloaded Java midlet or application MobiBank for processing protected SMS.

STRUCTURAL SCHEME OF THE SYSTEM OF CONFIDENTIAL SMS DISPATCHING


USE OF RMB UNDER EMISSION AND PROCESSING OF SMART-CARDS M/CHIP 2.1 LITE

In the process of emission and processing of smart-cards, RMB is used for execution of the following functional blocks of commands:

  1. Generation, secure storage and delivery of master keys;
  2. Generation of secret values for each card;
  3. Preparation of data for recording on the smart-card.

In the centre of development and distribution of keys (CVRK), generation of master keys of smart-cards emitter is brought into action:

  • Master key for authentication of cryptograms (MK-AC);
  • Master key for providing entirety of secret message (MK-SMI);
  • Master key for providing confidentiality of secret messages (MK-SMC);
  • Master key for generation of Data Authentication Code (MK-DAC);
  • Master key for encryption of Dynamic Number (MK-DN).

The developed master keys in the form cryptogram on the transportation key are delivered to the emission centre, re-encrypted, and entered to the database of the HOSTsystem for storage and further usage. Master keys are stored in the database of the HOSTsystem in the form of cryptograms on the corresponding local master keys.

STRUCTURAL SCHEME OF THE EMISSION SYSTEM



In the centre of emission the following preparatory actions are put in practice:

  • Generation of the keys' encryption key (KEK) and PIN encryption key (PEK) is carried into effect. The actual keys in open form are stored in RMB used in the centre of generation of secret values and in RMB used in electronic personalization of the owners' cards. The actual keys in the form cryptograms are stored in databases of the subsystems encrypted on the corresponding local master keys. The KEK is used for encryption diversified keys for their delivery from the centre of generation of secret values to the segment of electronic personification. The PEK is used for encryption of the developed values of PIN (formatted in the form of PIN blocks) for their
    delivery from the centre of generation of secret values to an electronic personification segment;
  • Generation of a set of RSA keys (secret and open keys) is called into play. The open RSA key of the emitter is utilized in all EMV applications whose personalization may be accomplished with the given parameters of production. Generation of RSA keys is brought into action with use of the RMB device. The open key of the emitter obtained as a result of generation is sent out for certification to the certification centre of the international payment system where the certificate of the emitter's key is issued. The certified open key of the emitter is entered into the database of the centre of emission and can be used during all operations on personalization of applications. All operations on verification of the certificate of the open key and its downloading can be put into practice with use of the RMB device;
  • Downloading of the card-producer maser key (CMK) used for recording of the data on the smart-card.


In the centre of emission on the segment of generation of secret values for each smartcard of the EMV standard with use of RMB, the following range operation is brought into play:

  • generation of PIN values and PIN blocks;
  • generation of PVV;
  • generation of CVV;
  • generation of derivative keys (DK-AC, DK-SMC, DK-SMI);
  • generation of static DAS.

In the centre of emission on the segment of electronic personalization for each smart-card M/Chip 2.1 Lite with use of RMB, the following range of operation is executed:

  • diversification DK-AC for recording to the keys file on the smart-card;
  • diversification DK-SMI for recording to the keys file on the smart-card;
  • diversification DK-SMC for recording to the keys file on the smart-card;
  • transformation to the EMV standard and preparation of the PIN-block for recording on the smart-card to the pin file;
  • the DN encryption to conduct the authentification operations before recording new files on the smart-card.


The version of RMB software for use in the centre of emission of smart-cards of the EMV standard provides:

  1. Generation of a set of RSA keys of length of 2040 bits. Open key in the ASN.1 format;
  2. Generation and verification of the digital signature on the RSA keys with use of algorithm HASH SHA-1;
  3. Encryption and decryption of the data on the RSA keys;
  4. Issuing and verification of certificates of open keys, generation and verification of MAC for an open key;
  5. The RSA keys management. Exporting and importing of TDES keys with use of the RSA encryption;
  6. Execution of commands for work with smart-cards::
    • verification of authenticity of ARQC and generation of ARPC;
    • verification of DAC and DN values;
    • generation of the Secure Message with verification of entirety and provision of confidentiality.
  7. Execution of commands for use in the centre of emission for cards E-Galleon MChip 2.1 Lite:
  • generation of components of master-keys (MK-AC, MK-SMI, MK-SMC, MK-DAC, MK-DN, TK) and KEK components;
  • generation of keys from components;
  • diversification of master-keys and work with derivative keys (DK-AC, DK-SMI, DK-SMC, DK-DN);
  • transformation into the EMV standard and preparation of the PIN-block for recording on the smart-card in the pin file;
  • diversification of derivative keys for recording on the smart-card into the secret key file;
  • generation of the data signature of static authentication;
  • generation of cryptogram DN for submitting to the smart-card when conducting authentication.


The version of RMB software for use in the centre of emission of the smart-cards of the EMV standard provides security of operations with the data of the card owner during the whole technological process of the card production, starting from generation of the secret values and
ending with the secure recording of the data on the smart-card. It is possible to increase functional capacity of the version for various types of smart-cards.