Contact | Site Map | Home
Products Solutions Support News & Info Company  
 
   
• Overview
• Contact Us/
   Request Trial
• Bank Card
      Security System
Overview
BCSS vs.
Custom Code
Creating Security Codes & PINs
Secure Card Issuing
Secure Card
Processing
BCSS & Thales HSMs
EMV Compliance
Key Management
Card Utility
Who Uses BCSS
Available Platforms
Q & A
• EncryptRIGHT
• Psypher Security
   Suite
• STK Toolkit

BCSS & Thales HSMs

BCSS Reduces The Programming That Makes The Thales HSM Work

If you have a Thales Hardware Security Module (HSM), you may need Prime Factors' Bank Card Security System. BCSS reduces programming necessary to facilitate the use of Thales HSMs in secure card manufacturing and card transaction processing environments.

BCSS builds host commands necessary for the Thales HSM to create encrypted keys, manages Ethernet (TCP/IP) communication and stores a database of encrypted keys created by the HSM. Together, the two provide the most secure environment for manufacturing secure cards and verifying security codes and PINs.

With BCSS, you no longer need to constantly upgrade your custom code to take advantage of new functionality in the Thales HSM firmware.

Subroutines Do The Work For You

BCSS has a library of subroutines that handles more than 100 functions that access the BCSS database and a Thales HSM. Therefore, BCSS eliminates the need to know Thales' proprietary host commands and makes it easier to issue calls from popular programming languages such as C, C++, C#, COBOL, Java and Visual Basic. The subroutines include those that call the HSM to create and verify security codes (CVVs, CVCs, CSCs, PVVs, PINs, etc.).

BCSS also provides subroutines that work with the Thales HSM for printing PIN mailers. This provides a secure environment for the generation of PIN mailers directly from a tamper resistant device.

Typical Card-Issuing And Processing Environments

A typical environment includes a company's custom application and cardholder database, the BCSS database of cryptographic keys and security options, the BCSS library of subroutines, and one or more Thales HSMs. BCSS passes information to the Thales HSM during the secure card manufacturing process. BCSS and the HSM process data from cardholder databases using the cryptographic keys created in the HSM and stored in the BCSS database.

BCSS includes subroutines that support transaction switching and verification environments. For these applications, BCSS can perform functions such as PIN translation, PIN changes, verification of PINs and card security codes, and EMV transaction processing, including secure messaging to modify active cards.

BCSS also supports environments with multiple HSMs and provides load balancing and automatic backup in case an HSM fails.

Key Management Simplified

A key benefit of BCSS is that it provides complete key management and secure storage of all the keys required for secure issuing and authorization processes. BCSS and the Thales HSM work together to deliver important key management functionality that includes key generation, key distribution, key loading, key storage and key usage. Keys are encrypted by the HSM and stored in BCSS.

EMV Support

BCSS works with Thales HSMs to support EMV smart card on-line authentication and issuance. Authentication functions include ARQC verification and ARPC generation that comply with EMV96, EMV2000, and EMV 4.1 standards. BCSS provides subroutines to support Thales HSM commands that cryptographically prepare data for issuing smart cards. These data preparation functions include generating and managing card issuer public key certificates, and generating unique card keys and certificates. Also available with BCSS and Thales HSMs are dynamic CVV/CVC3 verification, and CVC3 generation for contactless cards.

Next Steps:
Request Product Trial
PrimeFactors PrimeFactors