free web maker

Remote Key Loading

Remote Key Loading for eft/pos and ATM terminals is a mechanism for transferring, securely, a Terminal Master Key from a centralized cryptographic device to the eft/pos cryptographic device - Pin Pad.

ANSI Standard X9.24, Retail Key Management, VISA and MasterCard PIN security mandates and PCI require each PIN encryption device to contain a unique key.


Over the past years VISA and MasterCard security regulations indicate that Terminal Master Keys in any ATM and/or eft/pos fleet has to be: 

 (a) unique and 

 (b) change frequently 

Although the "frequency" of updating TMKs it is not clearly defined, changing TMKs once per year would be considered an appropriate TMK update frequency. 

On relatively small terminal fleets consisted of 100 ... 500 and up to 1.000 terminals (ATMs or eft/pos) updating manually the TMK could be feasible within one year period. In reality very few eft-pos fleets are consisted of less than 1.000 terminals. Most of eft-pos fleets (owned by a single legal entity or authorizing transactions to the same acquirer) are consisted of thousands, ten of thousands or even hundreds of thousands of terminals. 

When organizations have to manage thousands of eft/pos terminals (as well as thousands of ATMs) it is not possible to update its TMK "frequently" within reasonable business time using the traditional methods and remaining PCI compliant. Moreover the cost of traditional methods is prohibiting of updating TMKs with a frequency that would cover VISA and MasterCard security regulations.  

An automated, secure and PCI compliant TMK update technology should be introduced.

This technology is implemeted in CubeIQ's CIQ/RKL™ system.


CubeIQ in association with Trusted Security Solutions is using PKI technology to ecrypt and transfer the new TMK to eft/pos and ATM terminals with CIQ/RKL™ and A98™ systems..

TMKs are random numbers generated inside a crypto device (HSM), encrypted with a public key, inserted into a financial message and then tranfered to eft/pos terminals.

Eft/pos and ATM terminals purge the message, extract TMK encrypted value and decrypt the TMK using their own private key.

TMK is then stored inside eft/pos or ATM terminals crypto device (secure chip).


Vendor Neutral 

CIQ/RKL™ and A98™ is the only device vendor neutral key loading platform in the marker.

Different Device Type Keying

CIQ/RKL™ and A98™ is the only key loading platform in the marker that can load keys to both eft/pos and ATM devices.

Different Device Brands 

CIQ/RKL™ and A98™ is the only key loading platform that supports all Tier-I ATM vendors such as NCR, Deibold, Wincor-Nixdorf, Hyosung – Nautilus and GRG International along with a number of international brands such as Tranax and Triton and a number of ATM and Serf-Service dial-up terminal manufacturers. .

Different Technologies

CIQ/RKL™ and A98™ is the only key loading platform that supports Manual Keying terminals and Remote Key Loading - RKL capable terminals. .