SSP7000
The SSP7000 is a FIPS 140-2 Level 3 hardware security module manufactured by Futurex. The most common applications for these units are PIN and Offset generation and verification, MACs generation and validation, and card security validation, however, they can perform other data encryption and key management functions.
The SSP is composed of a metal case with interlocking components. When the unit is keyed shut with the two front barrel locks, it is not possible to open it without unlocking or destroying the case. The SSP's processor and its system memory are wrapped in sensor wires which are covered in an opaque, hard epoxy. Any attempt to gain access to the keys stored in the SSP memory will erase the data.
The SSP7000 uses the Excrypt UI command set. In most cases, Host Application Software used in the financial transaction security communicates directly with the Excrypt by sending commands and receiving responses. Excrypt UI supports three primary syntaxes, or formatting options, receives requests and intelligently responds back in the expected format based on the syntax used to send the request.
Excrypt UI
Format A – uses four alpha character commands, a semicolon ";" to separate fields, and two alpha character tokens at the start of each field. Messages must start with open square bracket "[" and end with close square bracket "]", and the parameter order is not set.
Field |
Format |
Length |
Description |
|---|---|---|---|
1 |
[ |
1 |
Open Square bracket to start command |
2 |
A-Z |
4 |
Command ID |
3 |
; |
1 |
Field separator |
4 |
A-Z |
2 |
Two character field identifier token |
5 |
0-9, A-Z |
Variable |
Variable length data for the command, using field separators and tokens between each field |
n-1 |
; |
1 |
Field Separator |
n |
] |
1 |
Close square bracket to end command |
Request: [2 byte token + 4 byte command; 2 byte token +function fields;]
Response: [2 byte token + 4 byte command; 2 byte token +function fields;]
Request: [AOGCVV;AVxxxx....xxxx;CAxxxxXXXXxxxxXXXX;CBxxxxXXXXxxxxXXXX;FAxxxx;FBxxx;]
Response: [AOGCVV;FCxxx;]
Format B – uses two or three character numeric commands and a pound sign "# " to separate fields. Messages must start with "<" symbol and end with ">" symbol, and the parameter order is set for each command.
Field |
Format |
Length |
Description |
|---|---|---|---|
1 |
< |
1 |
Less than symbol to start command |
2 |
0-9 |
2 or 3 |
Command number |
3 |
# |
1 |
Field separator |
4 |
0-9, A-Z |
Variable |
Variable length data for the command, using field separators and tokens between each field |
n-1 |
# |
1 |
Field separator |
n |
> |
1 |
Greater than symbol to end command |
Request: <2 byte command#function fields#>
Response: <2 byte command#function fields#>
Request: <5D#3#xxxxXXXXxxxxXXXX#xxxxXXXXxxxxXXXX#xxxxXXXX...XXXX#>
Response: <6D#[...]#xxxx#xxxx#>
Format C – uses two character alpha commands without a field separator. Each command begins after the header with a two character command and closes with an end of message flag.
Field |
Format |
Length |
Description |
|---|---|---|---|
1 |
0-9, A-Z |
1-255 |
Message header. Any value. |
2 |
0-9, A-Z, 0-F |
Variable |
Data elements that vary depending on the command. |
3 |
0-9, A-Z |
2-32 |
End of message flag – must start with “EM” and can contain up to 32 characters |
Request: 2 byte command+function fields
Response: 2 byte command+response
Request: CW123456789012345678901234567890123456
Response: CX00999
See also
- Hardware Security Module
- Electronic Funds Transfer