How to Remotely Inject Test Keys (Master Key or DUKPT Key) into a Terminal

Purpose

This procedure is intended for testing terminals only and outlines the steps for remotely injecting a test key.

Steps for Key Injection

1. Provide Terminal Serial Number:
   • Send the serial number of the terminal that requires key injection to our team.
2. Send Key File or Key Information:
   • Option 1: Key File Submission
     • Send us the key file to be configured on our demo server.
   • Option 2: Key Information Submission
     • Alternatively, provide key information including the key index and key value. For DUKPT keys, also include the Key Serial Number (KSN) and the Initial Pin Encryption Key (IPEK).
3. Download and Install the Initialize Certificate APK:
   • Download the initialize certificate APK to the terminal.
   • Important Note: This step will change the terminal's ownership to a test owner. To revert to your original ownership after testing, additional steps are required (see below).
4. Certificate Clearing Process (Post-Testing):
   • After concluding the testing phase, to reapply your owner certificate, all test certificates must be cleared.
   • The clearing process requires our approval. It involves generating a token file in an inserted TF (TransFlash) card.
   • Send us the generated token file. We will sign it and return a '.sig' file to you.
   • Once you verify this '.sig' file on the terminal, the test certificates will be removed, allowing you to reinstall your owner certificate.
5. Key Loader Client Agent Installation:
   • Obtain and install the key loader client agent on your terminal.
   • Run the agent to inject the keys into the terminal.

Note:

• Ensure that all steps are followed meticulously, especially when handling key files and terminal ownership, to maintain security and functionality.
• The process of changing terminal ownership and clearing certificates is crucial for maintaining the integrity and security of the terminal post-testing.