Secure establishment of cryptographic keys using persistent key component

Abstract

An apparatus and method is disclosed for securely establishing a unique cryptographic key in a first cryptographic device, for example an Automated Teller Machine (ATM). In a preferred embodiment, the ATM includes means for entering a key component and an ATM processor board, and the apparatus includes a microprocessor and a persistent, non-volatile memory device electrically disposed between the key component entry means and the ATM processor board. In a preferred embodiment of the method, the microprocessor detects and captures a key component entered by a key custodian. The microprocessor then determines whether a first key component is present in the non-volatile memory device. If not, the key component is stored in the non-volatile memory device as the persistent key component (PKC). If a PKC is present in the non-volatile memory device, the key component is temporarily stored as a second key component. Each byte of the second key component is then combined with the corresponding byte of the PKC to form the unique cryptographic key. The same unique cryptographic key is securely established in a second cryptographic device to facilitate secure electronic communications. Preferably, the PKC is entered by a first key custodian at a convenient location and time and the second key component is entered by a second key custodian at a subsequent time in the field. Thus, a unique cryptographic key is securely established in the ATM in compliance with network operating rules and voluntary ANSI Standards while utilizing only a single key custodian in the field.