Watchdata W9110 Security Policy

Similar documents
Advanced Mobile Payment Inc. AMP 6500

AMP 8200 Security Policy

AMP 8000 Security Policy V 1.0.0

NEW9210 Security Policy

DynaPro Go. Secure PIN Entry Device PCI PTS POI Security Policy. September Document Number: D REGISTERED TO ISO 9001:2008

Ezetap V3 Security policy

Clover Flex Security Policy

Version 2.3 March 2, WisePad 2 Security Policy

MX900 SERIES PCI PTS POI SECURITY POLICY

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.

Payment Card Industry (PCI) PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire Version 3.

PIN Security Requirements

Payment Card Industry (PCI) PIN Transaction Security (PTS) Point of Interaction (POI) Modular Evaluation Vendor Questionnaire Version 4.

Payment Card Industry (PCI) PTS PIN Security Requirements. Technical FAQs for use with Version 2

Power on/off Button. Secure PIN Pad. Mswipe Technologies Pvt. Ltd.

Q2. Why is there an Australian specific device approval process?

Overview. SSL Cryptography Overview CHAPTER 1

With the edition of this document, all previous editions become void. Indications made in this document may be changed without previous notice.

CoSign Hardware version 7.0 Firmware version 5.2

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

This Security Policy describes how this module complies with the eleven sections of the Standard:

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.

ucube USER MANUAL VERSION 1.2

PCI PA-DSS Implementation Guide Onslip PAYAPP V2.1.x for Onslip S80, Onslip S90

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

GlobeSurfer III. Quick Start Guide

Payment Card Industry (PCI) PTS PIN Security Requirements. Technical FAQs for use with Version 2

Technical Specification & Warranty mypos Europe Ltd. mypos Mini Ice EN

Lexmark PrintCryption TM (Firmware Version 1.3.1)

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

ACR880 GPRS Portable Smart Card Terminal

Payment Card Industry (PCI) PIN Security. Requirements and Testing Procedures. Version 2.0. December 2014

INFORMATION SUPPLEMENT. Use of SSL/Early TLS for POS POI Terminal Connections. Date: June 2018 Author: PCI Security Standards Council

Security in NFC Readers

Chapter 8 Web Security

PCI PA-DSS Implementation Guide

AMP Product Review. Smart Mobility POS 2015

Sony Security Module. Security Policy

econet smart grid gateways: econet SL and econet MSA FIPS Security Policy

Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets

PCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC)

ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1

Point PA-DSS. Implementation Guide. Banksys Yomani VeriFone & PAX VPFIPA0201

Payment Card Industry (PCI) PTS PIN Security Requirements. Technical FAQs for use with Version 2

FIPS Non-Proprietary Security Policy

One Touch W800 Quick Guide

SafeNet LUNA EFT FIPS LEVEL 3 SECURITY POLICY

Configuring SSL. SSL Overview CHAPTER

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

User Manual. Spectrum Pro

Remote Key Loading. Decoding RKL

Dolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC

WHITE PAPER. Authentication and Encryption Design

Datenblatt / Specifications. ACR880 GPRS Portable Smart Card Terminal. idvation GmbH

KEY-UP Cryptographic Module Security Policy Document Version 0.5. Ian Donnelly Systems (IDS)

Configuring SSL CHAPTER

Cennox. The Global Brand in ATM Services THE CENNOX EPOS TERMINAL RANGE TAKING PAYMENTS AS EASY AS 1,2,3

Security Policy for FIPS KVL 3000 Plus

eh880 Secure Smart Card Terminal

Integral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy

SoftPay Quick Reference Card RETAIL (v 4.0 or later) Refund

Cisco VPN 3002 Hardware Client Security Policy

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

SEL-3021 Serial Encrypting Transceiver Security Policy Document Version 1.9

VX820 User Manual. Date: 07/11/17 Version Copyright Adyen B.V Simon Carmiggeltstraat DJ Amsterdam The Netherlands.

FIPS SECURITY POLICY FOR

Secure Card Reading and PIN Solutions

UniGuard-V34. Cryptographic Module Security Policy

PIN Entry & Management

Point-to-Point Encryption (P2PE) Implementation Manual. Mobile / Mini / Flex. Version 1.0

Most Common Security Threats (cont.)

Configuring SSL. SSL Overview CHAPTER

e-pg Pathshala Subject: Computer Science Paper: Embedded System Module: Embedded System Design Case Study-Part I Module No: CS/ES/39 Quadrant 1 e-text

WatchKey USB Token Cryptographic Module Model Number: K6 Smart Card Chip: Z32L256D32U PCB: K003010A Firmware Version: 360C6702

Technical Specification & Warranty mypos Europe Ltd. mypos Mini EN

AirMagnet SmartEdge Sensor A5200, A5205, A5220, and A5225 Security Policy

Configuring the Client Adapter through the Windows XP Operating System

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009

Connecting Securely to the Cloud

REMOTE KEY LOADING DECODING RKL

mpos Merchant User Guide

E-commerce security: SSL/TLS, SET and others. 4.1

ACOS5-64. Functional Specifications V1.04. Subject to change without prior notice.

Security Setup CHAPTER

Ready Theatre Systems RTS POS

Hewlett-Packard Development Company, L.P. NonStop Volume Level Encryption (NSVLE) Product No: T0867 SW Version: 2.0

CTIA Cybersecurity Certification Test Plan for IoT Devices

PA-DSS Implementation Guide For

Dolby IMS-SM FIPS Level 2 Validation. Nonproprietary Security Policy Version: 4

Cisco Desktop Collaboration Experience DX650 Security Overview

ACOS 3 Contact Card. Functional Specification. Subject to change without prior notice

CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy. Version 3 June 30, 2010

Stripe Terminal Implementation Guide

Verteilte Systeme (Distributed Systems)

HP Instant Support Enterprise Edition (ISEE) Security overview

FIPS Non-Proprietary Security Policy

Transcription:

Watchdata W9110 Security Policy Production Name: W9110 Production Version: 0.9

2/18 Table of Contents TABLE OF CONTENTS... 2 1. DOCUMENT INFORMATION...3 1.1 EVOLUTION FOLLOW-UP...3 1.2 ACRONYMS & TERMS... 3 1.3 REFERENCE... 3 2. INTRODUCTION... 5 3. GENERAL DESCRIPTION... 6 3.1 PRODUCTION OVERVIEW...6 3.2 PRODUCTION IDENTIFICATION... 7 3.3 COMMUNICATION METHODS AND PROTOCOLS... 7 4. GUIDANCE...8 4.1 INSTALLATION AND ENVIRONMENT... 8 4.2 EQUIPMENT... 8 4.2.1 USB Cable... 8 4.2.2 Power... 8 4.2.3 Equipment debugging and operation... 8 4.2.4 Environment Conditions and Environmental Failure Protection...9 4.2.5 Self-Tests... 9 4.3 DECOMMISSIONING/REMOVAL...9 4.4 PIN CONFIDENTIALITY... 9 4.5 PERIODIC INSPECTION... 10 5. PRODUCT HARDWARE SECURITY...11 5.1 TAMPER RESPONSE EVENT... 11 5.2 ENVIRONMENT CONDITIONS AND ENVIRONMENTAL FAILURE PROTECTION...11 6. PRODUCT SOFTWARE SECURITY...12 6.1 SOFTWARE DEVELOPMENT GUIDANCE...12 6.2 FIRMWARE, SOFTWARE AND CONFIGURATION PARAMETERS UPDATE... 12 6.3 SOFTWARE AUTHENTICATION...12 6.4 UPDATE AND PATCH MANAGEMENT... 13 6.5 SELF-TESTS... 13 7. SYSTEM ADMINISTRATION... 14 7.1 CONFIGURATION SETTINGS... 14 7.2 DEFAULT VALUE UPDATE... 14 8. KEY MANAGEMENT... 15 8.1 KEY MANAGEMENT TECHNIQUES...15 8.2 TRANSFER KEY/MASTER KEY/SESSION KEY...15 8.3 DUKPT KEY... 15 8.4 CRYPTOGRAPHIC ALGORITHMS... 15 8.5 KEY TABLE... 15 8.6 KEY REPLACEMENT...16 8.7 KEY LOADING POLICY...16 8.8 KEY LIFETIME... 17 9. ROLES AND SERVICES... 18

3/18 1. Document Information 1.1 Evolution follow-up Revision Type of modification Date 0.1 Document creation 2017-1-9 0.2 Update Key Table Remove fixed key description 2017-3-19 0.3 Update reference Update section 6.1, 6.2, 7.2 & 8.7 2017-4-3 0.4 Update section 3.2 2017-4-17 0.5 Update section 7 2017-5-5 0.6 Update section 6.1 2017-5-27 0.7 Update section 3.2 Update section 6.2 2017-6-8 0.8 Update section 3.3 Update section 6.1 2017-6-9 0.9 Update section 3.1 2017-7-13 1.2 Acronyms & Terms Abbreviation DUKPT N/A PED PIN RSA SHA TDES IC Card RF Card SK Description Derived Unique Key Per Transaction Not Applicable PIN Entry Device Personal Identification Number Rivest Shamir Adelman Algorithm Secure Hash Algorithm Triple Data Encryption Standard Integrate Circuit Card Radio Frequency Card Session Key 1.3 Reference [1] ANS X9.24 1:2009, Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques [2] ANS X9.24 Part 2: 2006, Retail Financial Services Symmetric Key Management Part 2: Using Asymmetric Techniques for the Distribution of Symmetric Keys [3] X9 TR-31 2010, Interoperable Secure Key Exchange Key Block Specification for Symmetric Algorithms [4] ISO 9564-1, Financial services-personal Identification Number (PIN) management and security Part 1: Basic principles and requirements for PINs in card based systems

4/18 [5] ISO 9564-2, Banking-Personal Identification Number management and security Part 2: Approved algorithms for PIN encipherment [6] Device Default Settings Overview [7] Firmware Update User Manual

5/18 2. Introduction This document addresses the proper use of the POI in a secure manner including information about keymanagement responsibilities, administrative responsibilities, device functionality, identification and environmental requirements. The use of the device in an unapproved method, as describe on the security policy, will violate the PCI PTS approval of the device.

6/18 3. General description 3.1 Production Overview W9110 is a new generation of intelligent wireless POS with touch screen and high-speed communications. This product is mainly for indoor usage, its target merchant are the restaurants, entertainment, chain stores, supermarkets, E-commerce and so on. W9110 is configured with ARM Cortex-A53 quad-core processor to provide powerful processing capabilities. This product integrates MSR Card Reader, IC Card Reader, Contactless Card Reader, SAM Card Reader and high performance thermal printer. And it can deal with diversified financial transactions. W9110 supports various wireless communication such as GSM, CDMA, CDMA2000, TDSCDMA, WCDMA, LTE, WIFI, Bluetooth and GPS. Figure 1 W9110 Appearance W9110 Configuration Configuration Barcode Function 1D barcode 2D barcode Camera 2M Pixels 2G/3G/4G Wireless communication GPS WIFI + BT

7/18 3.2 Production Identification The product name and hardware version are printed on a label on the device. Figure 2 Device Label The merchant or acquirer must visually inspect the terminal when received via shipping, as it is described in the user manual. For example, the merchant or acquirer should inspect the terminal to ensure that: There is no evidence of unusual wires that have been connected to any ports of the terminal, There is no shim device in the of the ICC acceptor To examine the firmware version, after POS boot up, enter into Settings - About terminal - Firmware version. 3.3 Communication methods and protocols Communication methods: USB, 2G/3G/4G, WIFI, GPS, BLUETOOTH Communication protocols: TCP/IP stack, SSL/TLS, PPP

8/18 4. Guidance 4.1 Installation and Environment Please ensure the terminal installation in favor of merchants and cardholders have very convenient level, as close as possible to the power socket. Terminal should stay away from all sources of heat, to prevent vibration, dust, moisture and electromagnetic radiation (such as a computer screen, motor, security facilities etc.). The wireless terminal please pays attention away from electromagnetic radiation complex place when in use. Be sure that terminal is used in an attended way. 4.2 Equipment 4.2.1 USB Cable The USB of W9110 for the Micro USB interface, with the need to use USB cable suitable. The cable specifications and methods of use, can consult the WATCHDATA customer service, in order to get professional help. 4.2.2 Power Take out the power supply in a packaging box, the DC plug into the power socket, as shown in figure 2: Figure 3 Power Socket Specification of power supply: Input: 100 to 240V AC, 50 Hz /60Hz Output: 10V 1A 4.2.3 Equipment debugging and operation (1) Power supply socket terminal is connected; check the line of communication, SAM card, SIM card is connected. (2) Press the power button, to observe whether the terminal starts. (3) Do test run after the equipment installed to ensure the device installed successfully.

9/18 4.2.4 Environment Conditions and Environmental Failure Protection The environmental conditions to operate the device are specified in the user manual. The security of the device is not compromised by altering the environmental conditions (e.g. subjecting the device to temperature or operating voltages outside the stated operating ranges does not alter the security). 4.2.5 Self-Tests Self tests are performed upon start up/reset. In order to reinitialize memory, the device will reboot in 24 hours after it starts up. Self-tests are not initiated by an operator. 4.3 Decommissioning/Removal When the device is no longer used for permanent decommissioning reason, the administrator of the device needs to gather the device and then erase all the key materials on it. It can be done by directly dis-assemble the device to make it tampered. For the temporary removal, there is no need to change the state of the device, as all the keys are still protected safely by the main board hardware tamper mechanism. 4.4 PIN Confidentiality W9110 is a hand-held device; it is required to provide cardholders with the necessary privacy during PIN entry. For example, the device will demonstrate a safe PIN-entry process how to entry PIN. This message reminds cardholder that he can use his own body or their free hand to block the view of keypad. Figure 4 Safe PIN Entry Logo Example

10/18 4.5 Periodic Inspection The merchant or acquirer should daily check that the keypad is firmly in place. Such checks would provide warning of any unauthorized modification to the terminal, and other suspicious behavior of the terminal. The merchant or acquirer should also check that the installation/maintenance operations are performed by a trusted person. Especially check if the ICC reader slot is damaged, such as abrasion, painting and other machining marks, and if there is any suspicious object like lead wire over ICC reader slot, or any unknown object inside IC card. If you find these suspicious circumstances, please stop using the device immediately and contact the customer service to confirm if the device has been tampered with.

11/18 5. Product Hardware Security 5.1 Tamper Response Event The device contains tamper mechanisms that will trigger when a physical penetration attempt of the device is detected. A merchant or acquirer can easily detect a tampered terminal: Device shows a dialog to notify that PED TAMPERD!, after close it,then turn to Non-activated mode. Any physical penetration will result in a tamper event. This event causes the activation of tamper mechanisms that make the device out of service. There are two separate modes in which the device can be: Activated mode: the device is fully operational. Non-activated mode: the device is tampered, not operating and needs reactivation after maintenance and security checks. 5.2 Environment Conditions and Environmental Failure Protection The environmental conditions to operate the device are specified in the user manual. The security of the device is not compromised by altering the environmental conditions (e.g. subjecting the device to temperature or operating voltages outside the stated operating ranges does not alter the security).

12/18 6. Product Software Security 6.1 Software Development Guidance During the software development, the following steps must be implemented: 1. Code Review. 2. Security review and audit 3. Module test 4. Source code management and version control 5. Software test 6. Signature For SSL application, the developer must respect the SSL security guidance, it is important to note SSL is inherently weak and should be removed, but considering the SSL server still exist in the world, in order to compatible, we temporarily keep SSL as non-financial applications use. In addition, Our SSL only as the client, so we strongly recommend a server disables SSL protocol, select TLS1.2 or higher. For more secure, mutual authentication is recommended. The SSL/TLS version supported in this device shown as following table: SSL/TLS Capability Version SSL v3 TLS v1.0, v1.1, v1,2 Refer to the document Software Development Guidance. 6.2 Firmware, Software and Configuration Parameters Update Updates and patches can be loaded in the device. They are cryptographically authenticated by the device. If the authenticity is not confirmed, the update or patch is rejected. Prompts updates are security related and any security related firmware changes will cause firmware version update. The update package transfer over-the-air (OTA) via the HTTPS protocol. Refer to the document Firmware Update User Manual. 6.3 Software Authentication Application code is authenticated before being allowed to run. The certificate and signature of the application code is verified. The certificate and signature are based on couples of RSA keys. The authenticity is guaranteed by a certificate emitted by WATCHDATA. SHA256 is used to compute the digest of software. RSA 2048 bit key is used for signature verification. The application managers must implement a full source code review to make sure that the application does not have one of following behaviors: PIN entry prompt while the keypad digit is displayed in plain-text. Not using the correct security mechanism and APIs recommended in the user guidance for PIN entry. Storing or outputting any card holder s account data without his/her authorization.

13/18 It is recommended that the application source code review and signing process is executed by at least two persons and that an audit log is recorded for future trace back. 6.4 Update and patch management The device supports both local and remote methods for updating or patching the software, the firmware, and the configuration parameters. 1. The patch must be Security reviewed and audited before releasing. 2. The patch must be tested before releasing. 3. The patch must be digital signed before releasing. 4. The downloaded patch is stored in the temporary directory of the device, then the device uses digital signature to authenticate the patch. If the patch is illegal, the device will delete it. 6.5 Self-Tests Self tests are performed upon start up/reset. In order to reinitialize memory, the device will reboot in 24 hours after it starts up. Self-tests are not initiated by an operator.

14/18 7. System Administration 7.1 Configuration Settings The device need to configure when received by key-loading facility. About the configuration settings of admin and key-loading operator password, please refer to the Device_Default_Settings_Overview. The device is functional when received by the merchant or acquirer. No security sensitive configuration settings are necessary to be tuned by the end user to meet security requirements. 7.2 Default Value Update The device default value (e.g. admin password, key loading operator passwords) should be updated before load keys or activate device. About the default value update flow, please refer to the document Device_Default_Settings_Overview. The device is functional when received by the merchant or acquirer and there is no security sensitive default value (e.g. admin password) that needs to be changed before operating the device.

15/18 8. Key Management Device support multi acquirers, each acquirer is assigned a separate key store area (KAP) by the owner of device. Each KAP supports key management techniques described below. 8.1 Key Management Techniques The device implements different types of key management techniques: TLK/Master Key/Session Key: a method using a hierarchy of keys. The session keys are unique per transaction as specified in [2]. DUKPT: a key management technique based on a unique key for each transaction as specified in [2]. Use of the terminal with a key-management system other than these two above will invalidate any PCI approval of the terminal. 8.2 Transfer Key/Master Key/Session Key A acquirer s TLK/MK/SK hierarchy can be used in a KAP. MK also named TMK in this device. SK is session key, including TPK/TAK/TEK/TDK/TTK commonly. SEK is used to encrypt/decrypt MK and SK stored in FLASH. MK is used to encrypt session keys transferred. TLK is used to encrypt MK transferred. The session keys can be divided into three types: TPK (Terminal Pin Encryption Key), TAK (Terminal MAC Calculating Key) and TDK(Terminal Data encryption Key). 8.3 Dukpt Key Acquirer downloads initial key in the secure room. Then it will generate 21 future keys under the ANSI X9.24 future key generate algorithm. Every future key can be divided into two parts: One part is used as TPK (Pin Encryption Key); the other part is used as TAK (MAC Calculating Key). 8.4 Cryptographic Algorithms The device includes the following algorithms: 1. RSA(Signature verification, 2048 bits) 2. SHA-256 3. Triple DES 8.5 Key Table Key Name Purpose/Usage Algorithm Size (bits) Storage TLK Terminal load Key. TDES 128/192 Flash

16/18 TMK Terminal Master Key. TDES 128/192 Flash TPK in MK/SK System Terminal PIN Key TDES 128/192 Flash TAK in MK/SK System Terminal MAC Key TDES 128/192 Flash TEK in MK/SK System Terminal Encrypt Data Key TDES 128/192 Flash TDK in MK/SK System Terminal Decrypt Data Key TDES 128/192 Flash TTK in MK/SK System Terminal Track Encrypt Key TDES 128/192 Flash TIK in DUKPT DUKPT Initial Key TDES 128/192 Flash DUKPT Future Key DUKPT Future Key TDES 128/192 Flash Table 1 Triple DES keys 8.6 Key Replacement Any key should be replaced with a new key whenever the compromise of the original key is known or suspected, and whenever the time deemed feasible to determine the key by exhaustive attack elapses. 8.7 Key Loading Policy The device does not propose manual cryptographic key entry. Specific tools, compliant with key management requirements, shall be used for key loading. The plain-text key (including TLK, TMK and DUKPT Initial Key) loading process must be implemented in a secure room of acquirer and strictly protected under the following dual control and split knowledge techniques. Dual control: The key loading process is strictly authorized and controlled by at least two persons. An identification and authentication is performed first to make sure they are the right operator for the key loading. Eight bytes of password is used in the key loader to authenticate the operator. Split knowledge: The initial plain-text key can never be mastered by only one person. It is divided into two full-length key components and controlled by two different persons. Each person is required to input his key component into the key loader separately.

17/18 The encrypted key loading is controlled by the acquirer through remote network. For DUKPT method, transaction keys are automatically generated, so no encrypted keys are needed to load. Refer to Device_Default_Settings_Overview, the Default TLK example should not be load. 8.8 key lifetime The key lifetime is controlled by Acquirer. Suggestions from the Manufacturer are: The maximum lifetime of TLK is suggested to be 2 years. The maximum lifetime of TMK is suggested to be 2 years. The maximum lifetime of SK (TPK/TAK/TEK/TDK/TTK) is suggested to be 1 day. The maximum lifetime of DUKPT cannot exceed 1million transactions.

18/18 9. Roles and services The device has no functionality that gives access to security sensitive services, based on roles. Such services are managed through dedicated tools, using cryptographic authentication.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback