Abstract: An apparatus and method is disclosed for securely establishing a unique cryptographic key in a first cryptographic device, for example an Automated Teller Machine (ATM). In a preferred embodiment, the ATM includes means for entering a key component and an ATM processor board, and the apparatus includes a microprocessor and a persistent, non-volatile memory device electrically disposed between the key component entry means and the ATM processor board. In a preferred embodiment of the method, the microprocessor detects and captures a key component entered by a key custodian. The microprocessor then determines whether a first key component is present in the non-volatile memory device. If not, the key component is stored in the non-volatile memory device as the persistent key component (PKC). If a PKC is present in the non-volatile memory device, the key component is temporarily stored as a second key component.

Abstract: A system and method are disclosed for securely establishing a cryptographic key between a first cryptographic device, for example a host cryptographic security module, and a second cryptographic device, for example a bank Automated Teller Machine (ATM). A plurality of key components is generated from a pool of random numbers and a unique reference number indexes each of the key components. The key components are encrypted, stored and indexed in the host security module by the corresponding reference numbers. The key components are arbitrarily distributed to field personnel in tamper evident envelopes to be entered into the ATM. Each of the tamper evident envelopes is marked with the reference number corresponding to the key component contained in the envelope. At least two field personnel each enter a different key component into the ATM to form the cryptographic key.