Key terms:
HSM- Hardware security Module- A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions These modules traditionally come in the form of a plug-in card (so called internal HSM) or an external device that attaches directly to a computer or network server (so called network HSM). A hardware security module contains one or more secure cryptoprocessor chips
LMK: Local Master key- A special key, called a Local Master Key (LMK), and known only to the security module, is used to encrypt keys while they are stored outside the module. Different variants of the LMK are used to store different key types.
ZMK ; Zone Master Key - A Zone Master Key (ZMK) is a key-encrypting key which is distributed manually between two (or more) communicating sites, within a shared network, in order that further keys can be exchanged automatically (without the need for manual intervention). The ZMK is used to encrypt keys of a lower level for transmission.
ZPK: Zone pin key - Zone PIN Key (ZPK) also known as a A PIN Protection Key (PPK), is a data encrypting key which is distributed automatically and is used to encrypt PINs. For security and protocol reasons the HSM where this key generated, never exposes the ZPK in clear.
Sample key exchange flow
...
Recording link for key exchange KSS: https://drive.google.com/file/d/1gfFH0oTAXdluAYvMAwL86b1sBg3LVaoJ/view?usp=sharing