Secure establishment of cryptographic keys

Abstract

A system and method are disclosed for securely establishing a cryptographic key between a first cryptographic device, for example a host cryptographic security module, and a second cryptographic device, for example a bank Automated Teller Machine (ATM). A plurality of key components is generated from a pool of random numbers and a unique reference number indexes each of the key components. The key components are encrypted, stored and indexed in the host security module by the corresponding reference numbers. The key components are arbitrarily distributed to field personnel in tamper evident envelopes to be entered into the ATM. Each of the tamper evident envelopes is marked with the reference number corresponding to the key component contained in the envelope. At least two field personnel each enter a different key component into the ATM to form the cryptographic key. Each then communicates the reference number corresponding to the key component and the identification number of the ATM to the host security module. The host security module retrieves the encrypted key components corresponding to the reference numbers provided by the field personnel, decrypts them, and combines the two decrypted key components to recreate the cryptographic key created in the ATM. The encrypted cryptographic key may be transmitted to a third cryptographic device by means of a previously established cryptographic key.