TKM uses cryptography to allow Master Keys to be loaded remotely from a host to an ATM over a public network. This will allow the keys to be changed more often and will not require a site visit to load keys once TKM is enabled. The Host must support TKM, the ATM must have version 2.4.0 or later software, as well as a T5 PCI Keypad with Firmware R2B or later, or a T9, T10 PCI Keypad. In addition, the Host provides a Host ID, and TKM must be enabled on the ATM.
With upcoming PCI 5 keypads, the host must support SHA 2 in order to also support TKM. Check with your Host for support timelines. This allows ATM owners, especially those with large ATM portfolios or those that operate in markets that require that master keys be changed frequently, to save time and money while improving security.
TKM verifies the host ID that Triton issues to each host. This keeps impersonator or rogue hosts from loading the attacker’s keys to the ATM.