T-GKIT

Inject your financial

and encryption keys
securely & easily

• Store your keys in a PCI certified

TRSM device.

• Generate, manage, distribute

your keys in full compliance with
security standards.
T-GKIT
• Maximize efficiency with
local or remote injection.
With the Ingenico T-GKIT solution, manage your financial & encryption keys distribution securely
in local or remote mode.

Highest security
Local Key Injection Yes
T-GKIT stores financial and encryption keys in a key safe in order to process
key injection. Based on a PCI certified Tamper-Resistant Security Module, Remote Key Injection Yes
it ensures integrity and no compromising of secrets for retailers, banks,
Activity File reporting Yes
acquirers who require to distribute their encryption keys into TELIUM
terminals. Supported algorithms DES, TDES, TDES diversified per terminal
TDES DUKPT, TDES DUKPT P2PE
Easy key management
Supported Keys and data to inject Master Session keys
T-GKIT gives to key managers flexibility in key definition and life cycle. Encryption keys (Data, key, PIN)
It allows configuration of the keys to inject into Pin Entry Devices (PED). HMAC keys
Interoperable with other secure equipment such as a decryption appliance, DUKPT keys
DUKPT P2PE keys
T-GKIT also provides ability to securely export or import keys.. Secret Data
Non Secret Data
Convenient & secured local key injection
Easy to use, T-GKIT enables to operate key injection in local mode in a T-GKIT Key provisioning -m anually entered as components
or cryptogram
controlled environment. T-GKIT tool terminal and PED terminals remain - randomly generated
physically present in the injection facility. Once configured with keys, - imported from a TR31 format file
- stored encrypted in a key file
terminals are ready for fast deployment.
Key extraction Key can be extracted from T-GKIT
Convenient & secured remote key injection
to be shared with server:
In remote access, key injection is managed during the entire terminal’s
lifetime through IngEstate, the Ingenico’s centralized estate management. Key Manually exported as components
or cryptogram
distribution is secured by Ingenico Public Key Infrastructure between the
T-GKIT’s key safe and the secure area of the terminal to inject. Exported into a TR31 format file

Optimized TCO through remote key injection Targeted terminals Ingenico PCI v1 and PCI v2 terminals

CORP-BR-TGkit-SEPT2014. All rights reserved. This document is not binding and the specifications above can be modified without prior consent. ©2014
By avoiding manual intervention, device shipping in a secure with IngeTrust key pairs
location and business disruptions, remote mode contributes to Ingenico PCI v3
reduce maintenance costs and the overall cost of ownership.
Standards PCI PIN Security Requirements
Latest security standards compliancy PCI PTS
ANS X9. 24-1: 2009
Sensitive actions such as keys storage and distribution are operated
ANS X9 TR – 31 2010
exclusively by authenticated and authorized operators under dual control, in NIST SP 800-22
accordance with PCI PIN security requirements.

Local key injection

Local key injection

T-GKIT USB link

PED terminal
Operators Supervisors
T-GKIT USB link in controlled environnement

PED terminal
Operators Supervisors in controlled environnement

Remote key injection

Remote key injection

IP Ingestate IP
T-GKIT Server

Ingestate PED terminal

IP IP
T-GKIT
Supervisors Server on-field

PED terminal
Supervisors on-field

www.ingenico.com