How to Understand Remote Key Injection: Difference between revisions

From wizarPOS
No edit summary
Line 1: Line 1:
== PCI PIN 3.1 Certified OTA Remote Key Injection Anywhere ==
== PCI PIN 3.1 Certified OTA Remote Key Injection Anywhere ==
  In order to meet the needs of customers for remote key injection, we have developed a remote key injection system and passed PCI authentication. Customers can directly use this system to inject keys into their terminals. For customers who do not have their own key injection system and do not have a secure environment for key injection, we recommend using WizarPOS RKI.
=== Overview ===
  The WizarPOS Remote Key Injection (RKI) solution turbocharges data encryption in a hassle-free and cost-effective manner. Remote Key Injection is a process for the secure transfer of encryption keys between a payment terminal and a remote server. Compared to its on-premises counterpart, RKI prevents keys or data from interception or manual manipulation. It is also scalable when a distributor or service provider injects keys to unlimited POS terminals in different locations. In addition, RKI eliminates personnel training and certification costs.
* WizarPOS has developed a Remote Key Injection (RKI) system that is PCI PIN 3.1 certified, meeting the needs for secure, remote key injection.
* WizarPOS RKMS allows you remote key injection of your devices.
* This system allows customers to inject keys into their terminals remotely and securely, particularly useful for those without their own key injection systems or a secure key injection environment.
* WizarPOS RKMS is PCI PIN 3.1 approved.
=== Benefits of WizarPOS RKI: ===
* All devices and servers are connected in mutual authenticated secure channel.
* '''Enhanced Security:''' Prevents interception or manual manipulation of keys and data.
* Support TR31 and TR34 key exchange block protocol.
* '''Cost-Effective:''' Reduces the need for personnel training and certification, lowering overall costs.
* Support all major key types.
* '''Scalability:''' Ideal for distributors or service providers needing to inject keys into multiple POS terminals at different locations.
* '''PCI PIN 3.1 Approval:''' Ensures compliance with industry security standards.
=== Key Features ===
* '''Mutual Authentication:''' Ensures a secure channel between devices and servers.
* '''Protocol Support:''' Complies with TR31 and TR34 key exchange block protocols.
* '''Key Type Support:''' Compatible with all major key types.
=== [http://ftp.wizarpos.com/advanceSDK/RemoteKeyManagementSystem.pdf Remote Key Injection (RKI) solution] ===
=== [http://ftp.wizarpos.com/advanceSDK/RemoteKeyManagementSystem.pdf Remote Key Injection (RKI) solution] ===
=== [http://ftp.wizarpos.com/advanceSDK/RKMSUserManual.pdf RKMS user manual] ===
=== [http://ftp.wizarpos.com/advanceSDK/RKMSUserManual.pdf RKMS user manual] ===
== Developing Remote Key Injection ==
== Developing Remote Key Injection ==
=== Integrating to existed host server ===
=== Integrating to Existing Host Server ===  
==== Agent Adaptor ====
* For integrating with an existing host server, provide documentation on how the server works with the terminal side for customized agent adaptor development.
  Please provide the document about how the host server works with terminal side. Then we can develop and provide the agent adaptor.
* AIDL Interface: WizarPOS offers two terminal AIDL interfaces, as demonstrated in ''''For Systems Without an Existing Host Server''''.
 
==== AIDL Interface====
  We have provided two terminal AIDL interfaces. Please refer to that demo system in [[No existed host server]], which provides detailed instructions on how to call these two interfaces.
<syntaxhighlight lang="java">
<syntaxhighlight lang="java">
     int importKeyInfo(in byte[] keyInfo);
     int importKeyInfo(in byte[] keyInfo);
     byte[] getAuthInfo();
     byte[] getAuthInfo();
</syntaxhighlight>
</syntaxhighlight>
 
=== For Systems Without an Existing Host Server: ===
=== No existed host server  ===
* Developing a remote key injection system from scratch is time-consuming and typically uncertified by PCI, making it suitable only for testing or internal use.
  If developing a remote injection key system from scratch, both the server and terminal injection applications need to be developed simultaneously, which will be a very time-consuming task. Moreover, the developed system has not been certified by PCI and can only be used for testing or internal use. Therefore, it is recommended to use a WizarPOS Remote Key Injection. But we also provide a [http://ftp.wizarpos.com/advanceSDK/remotekeyinjectiondemosystem_20220307.zip demo system] that can be used as a reference for development needs.
* WizarPOS offers a [http://ftp.wizarpos.com/advanceSDK/remotekeyinjectiondemosystem_20220307.zip demo system] for reference, including:
 
** ''Terminal APP'' and ''Server Application''.
In the demo system zip package includes:
** Documentation:  
 
*** ''wizarPOS_remote_key_injection_demo_system.docx'', it describes the whole demo system, and the detail information for the certificates, core process.  
''Terminal APP''
*** ''Remote_Key_Inject_Deployment.docx'', it describes how to deploy and run the keyinjection jar in server.
 
* The demo uses a certificate that replaces the original terminal certificate. Download the [http://ftp.wizarpos.com/advanceSDK/InitCertForRemotekeyInject_201903131833.apk initialize certificate APK] and run it to initialize the demo certificate. [http://sdkwiki.wizarpos.com/index.php?title=How_to_Clear_Terminal_Certificates Clearing the demo certificate] is necessary after use.
''Server Application''
'''Note:'''
 
While WizarPOS provides a comprehensive RKI solution, the demo system is for reference and testing purposes only. When deploying in a live environment, ensure to replace the demo certificate with a valid, secure certificate.
''Documents:''
 
''wizarPOS_remote_key_injection_demo_system.docx'', it describes the whole demo system, and the detail information for the certificates, core process.  
 
''Remote_Key_Inject_Deployment.docx'', it describes how to deploy and run the keyinjection jar in server.
 
* '''In the demo system, we use the demo certificate, so download the [http://ftp.wizarpos.com/advanceSDK/InitCertForRemotekeyInject_201903131833.apk initialize certificate APK] and run it to initialize the demo certificate.'''
Note: the demo above will replace the original certificate of the terminal. When you no longer need demo, you need to  [http://sdkwiki.wizarpos.com/index.php/How_to_clear_terminal_certificate clear the demo certificate].

Revision as of 02:15, 14 January 2024

PCI PIN 3.1 Certified OTA Remote Key Injection Anywhere

Overview

  • WizarPOS has developed a Remote Key Injection (RKI) system that is PCI PIN 3.1 certified, meeting the needs for secure, remote key injection.
  • This system allows customers to inject keys into their terminals remotely and securely, particularly useful for those without their own key injection systems or a secure key injection environment.

Benefits of WizarPOS RKI:

  • Enhanced Security: Prevents interception or manual manipulation of keys and data.
  • Cost-Effective: Reduces the need for personnel training and certification, lowering overall costs.
  • Scalability: Ideal for distributors or service providers needing to inject keys into multiple POS terminals at different locations.
  • PCI PIN 3.1 Approval: Ensures compliance with industry security standards.

Key Features

  • Mutual Authentication: Ensures a secure channel between devices and servers.
  • Protocol Support: Complies with TR31 and TR34 key exchange block protocols.
  • Key Type Support: Compatible with all major key types.

Remote Key Injection (RKI) solution

RKMS user manual

Developing Remote Key Injection

Integrating to Existing Host Server

  • For integrating with an existing host server, provide documentation on how the server works with the terminal side for customized agent adaptor development.
  • AIDL Interface: WizarPOS offers two terminal AIDL interfaces, as demonstrated in 'For Systems Without an Existing Host Server'.
    int importKeyInfo(in byte[] keyInfo);
    byte[] getAuthInfo();

For Systems Without an Existing Host Server:

  • Developing a remote key injection system from scratch is time-consuming and typically uncertified by PCI, making it suitable only for testing or internal use.
  • WizarPOS offers a demo system for reference, including:
    • Terminal APP and Server Application.
    • Documentation:
      • wizarPOS_remote_key_injection_demo_system.docx, it describes the whole demo system, and the detail information for the certificates, core process.
      • Remote_Key_Inject_Deployment.docx, it describes how to deploy and run the keyinjection jar in server.
  • The demo uses a certificate that replaces the original terminal certificate. Download the initialize certificate APK and run it to initialize the demo certificate. Clearing the demo certificate is necessary after use.

Note: While WizarPOS provides a comprehensive RKI solution, the demo system is for reference and testing purposes only. When deploying in a live environment, ensure to replace the demo certificate with a valid, secure certificate.

Retrieved from "http://sdkwiki.wizarpos.com/index.php?title=How_to_Understand_Remote_Key_Injection&oldid=4151"