Refresher Course Day 1 Agenda

• Review of X9.8 PIN Management
• Review X9.24 standard on Retail Banking Key Management
• Management of encryption Keys throughout their entire lifecycle, covering:
  - Key Generation,
  - Key Distribution,
  - Key Usage,
  - Key Loading,
  - Key Storage, and
  - Key Destruction.
• Principles of Dual Custody and Split Knowledge
• Roles and Responsibilities of Key Management team
• Use of proper Cryptographic modules; i.e. Tamper Resistant Security Modules for processing PINs
• Secured Environments
• Key Bundling - e.g. AKB per ANSI Technical Requirement #31 (TR-31)
• Required Audit Trails
• Review of all the Controls in Sec 4 of TR 39
• Class project
• Review of class project, Questions-Answers

Refresher Course Day 2 (Morning) Agenda

• Review of Public-Private Key algorithm (also known as asymmetric encryption algorithm) to perform 'Remote Key Loading' in ATMs.
• Review of digital signatures used to provide for integrity of Keys transferred between ATMs/HSMs, where remote key loading is deployed.
• Use of digital certificates, in conjunction Public Key algorithms, to provide for authentication of ATMs and Host processors.
• Role and operation of a 'Certificate Authority' as a third party, offering digital certificates used in 'Remote Key Loading' process.
• General guidelines on the lifetime of digital certificates on their issuance and revocation.
• Review of all the Controls in section 5 of TR 39
• Latest updates with the major EFT networks; e.g. Star, Pulse and NYCE requirements, as it relates to TG-3 audits.
• Class Exercise
• Review of class exercise, Questions-Answers

Refresher Course Day 2 (Afternoon) Agenda

• Network CTGA Exam (mandatory for auditors seeking "network" certification), from 1pm-5pm)

Please Note: The exam will be submitted to the networks for grading!