CCE Theses and Dissertations

Design, Development, and Implementation of a Public Key Crytosystem for Automated Teller Machines: The Toronto Dominion Bank Case Study

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Computing Technology in Education (DCTE)


Graduate School of Computer and Information Sciences


Marlyn Kemper Littman

Committee Member

Easwar Nyshadham

Committee Member

Sumitra Mukherjee


The current method of distributing Automated Teller Machine (ATM) Data Encryption Standard (DES) keys involves manual distribution of the same DES key in component form to all A TMs in a banks network. The components are entered into the ATM keyboard and combined to form the ATM Terminal Master Key (TMK) used for all ATM transactions. Public key cryptosystems can be used to distribute and manage A TM TMKs.

However, existing cryptosystem implementations have numerous problems. Moreover, little research has targeted cryptosystem implementations that use tamper-resistant security modules (TRSMs). Almost all security attacks of cryptosystems utilizing security processors and cryptography are the result of weak implementation and deployment.

This case study describes how a public key cryptosystem for distribution and management of A TM Triple Data Encryption Standard (3DES) TMKs may be successfully implemented. This case study was developed to offer a repeatable approach, design, and implementation for a public key cryptosystem for A TM 3DES TMK distribution and management. The study's design was based on a single case, using multiple sources of evidence and propositions. Using Toronto Dominion (TD) Bank as the unit of analysis, the study focuses on four main propositions relating to (a) system development processes (SDPs), (b) electronic data assurances, (c) key and certificate life cycle management, and (d) ATM key hierarchies.

Results of the study show that SDPs provided a general framework for system development and were not tailored to specific needs of an A TM cryptosystem. Evidence shows that the ATM public key cryptosystem met all CAIN digital assurance and ATM key hierarchy requirements but did not meet all key and certificate life cycle requirements.

The author recommends a modified SDP framework for A TM public key cryptosystems called cryptosystem SDPs. These consist of SDPs, an integration of A TM cryptosystem requirements, and software security best practices. This framework utilizes existing SDPs but adds four new phases to take into account ATM public key cryptosystem requirements.

This document is currently not available here.

  Link to NovaCat