IQKeyload solution adds the security modules utilization, in which all cryptographical calculations are processed in a secure memory. This endows the system with a remote key load that encapsulates confidentiality, integrity, and non-rejection warranties.
An agent type component will be inside each one of the self-services, which will be launched by the self-service application if its determined by the EPP’s operativity condition -proving if the corresponding key hierarchy is initializing. Once the application-side activation is received, the agent will automatically iniciate a load petition for the initial key of the self-service towards the Remote Key Load Management solution.
In the proposed operative module, the IQKeyload agent is dependent of the Financial Application that will be executed in the self-service, it is the application the one that will communicate with the external entities such as the Host and the Web Management Solution. Therefore, the agent, at it’s discretion, will not have the power to trigger and IQKeyload operation, it’ll only be able to make a petition to the Financial Application.
The Financial Application will control, if fulfilled, some of the conditions that could be registered in the ATM and could make a way to an automatic load petition or key renovation:
- The EPP is not initialized with an Initial Key
- Launched manually by an opetator through the SPV Menu
- The key validation period has expired (if this control is located in
the Application and not in the Host)