Clover Mobile Security Policy 18
RAM
PIN DUKPT
Future
Encrypt payment data. Used to
derive DUKPT variants 3DES 112
Maxim 32550 NVS
RAM
SRED IPEK
Initialize DUKPT key table for SRED
DUKPT Future 3DES 112
Maxim 32550 NVS
RAM
SRED DUKPT
Future
Encrypt SRED data. Used to derive
DUKPT variants 3DES 112
Maxim 32550 NVS
RAM
MAC IPEK Initialize DUKPT key table 3DES 112
Maxim 32550 NVS
RAM
MAC DUKPT
Future
Encrypt payment data. Used to
derive DUKPT variants 3DES 112
Maxim 32550 NVS
RAM
Scheme
CAPKs Validate EMV card transactions RSA 2048
MB linux
filesystem; SB RAM
Merchant
configuration
signing keypair
Verify EMV parameters message
sent to SB RSA 2048 SB Code
Time Server
Keypair
Verify time update message sent
to SB RSA 2048 SB Code
MB Secure
Storage Key
(SSK) Protect data on MB (msc partition) AES 128
Derived using SBK
and dev key upon
boot
MB SBK SSK generation AES 128
Tegra 4 efuse
(unreadable)
MB Dev Key SSK generation
IV for AES
key
derivation 32
Tegra 4 efuse
(unreadable)
Flashing
Server Keypair Encrypting (MB SBK | MB Dev Key) RSA 2048
Public: MB
TrusteZone
MB
Bootloader
PKC
Integrity protection of MB
bootloader RSA 2048 MB ROM
MB Kernel
PKC Integrity protection of MB kernel RSA 2048 MB Bootloader
Debug block
Allows loading of signed debug
blob RSA 2048 MB ROM
Clover
Developer
Keypair
Validates authenticity of Clover-
developed non-system apps RSA 2048 MB ROM
Clover
Platform App
Validation
Keypair
Authenticity of Android platform
apps RSA 2048 MB ROM
To Next Page
Loading...
Need help?
General
