TransKrypt Security Server – SECURITY OPTIMIZATION
TransKrypt Security Server is a hardware solution that provides Point to Point Encryption (P2PE) secure transaction transport between POS systems and host servers. TransKrypt works together with the NewNet’s AccessGuard and Total Control STG systems to enhance security for IP and dial-up POS systems.
Bi-directional encryption including authorization response from the Host server to the POS terminal ensures high security.
Key System Benefits
FIPS 140-2 secure key generation server
Generate multiple Base Derivation Keys (BDK)
Generate Initial Phase Encryption Key (IPEK) based on BDK
Generate IPEK based on BDK
Redundancy with a standby Server and HSM cloning
PCI Standards compliant
Integrated Server HW, HSM HW and Application SW
Future support of Certificate Authority application and Tokenization
BDK generation or upload per Acquirer/Merchant ID
IPEK generation based on Acquirer/Merchant ID
Storage of up to 4096 keys in HSM
Redundancy using Dual TransKrypt Security Server
Support 7500 RSA operations/sec and 50K concurrent sessions
Oracle Berkeley DB for internal storage
2U Rack Servers, redundant units
WxHxD : 445x86x749 mm
WxHxD : 17.5×3.4×29.5 in
WAN/LAN: RJ-45 (4 ports of 10/100/1000 Mbps)
Optional 2 ports of 1/10Gbps
OpenSSL and TurboSSL
Physical and logical Cryptographic boundaries
Secure and tamper evident enclosure
All keys are secured within cryptographic boundary
API libraries for Card and key management
3DES or AES crypto algorithm is used for encryption.
Based on DUKPT standards as specified by ANSI X9.24
Cavium HSM PCI-e card to generate and store keys securely.
Compliant to PCI Security standards for P2PE systems for the process of decrypting the transaction data and generation and storage mechanism for the keys used for obtaining unique keys per transaction.