Dynamic Key Exchange
Some networks and institutions increase their security level by exchanging the working key used on a regular basis. EFT SWITCH may be configured to allow dynamic key changes between itself and networks or devices. When exchanging a working key, it is necessary to store the new key in a “spare” location until the key exchange has been confirmed.
Having two fields for storing key cryptograms generally does this with a flag to indicate which cryptogram is active. Thus, during an exchange, the new key is written to the inactive field. Once the exchange has completed, the inactive and active fields have their roles switched.
The process of key exchange (where the remote system initiates a key exchange) is as follows:
1. The other system encrypts the new working key under the Key Encryption Key (KEK) and transmits it to EFT SWITCH.
2. EFT SWITCH collects the encrypted KEK and sends it, and the encrypted working key, to the Hardware Security Module (HSM) for processing.
3. The HSM processes the new key by:
3.1 decrypting the KEK cryptogram under its MFK
3.2 decrypting the new working key cryptogram under the KEK
3.3 encrypting the clear working key under its MFK
4. The HSM returns the new working key cryptogram to EFT SWITCH where it is written to the appropriate database table.
At a given time, only one key exchange message is processed.
For the financial messages, the dynamic key exchange is triggered under different conditions, e.g.
- After given number of times the KPE, the KMAC or the KME keys are used,
- Whenever a synchronization error between these keys occur,
After given number of times an invalid PIN block error may occur
