manualshive.com logo in svg

Clover Mini, Security Policy

The HP Mini is a user-friendly and compact device designed to provide convenience on-the-go. Easily access its complete set of instructions and guidelines through a free user manual available for download from manualshive.com. Get the most out of your HP Mini with this comprehensive manual, ensuring a smooth and hassle-free experience.

Share
Download
background image

Clover Mobile Security Policy 

 

Clover Mini Security Policy 

Summary of Contents for Mini

Page 1: ...Clover Mobile Security Policy 1 Clover Mini Security Policy ...

Page 2: ...er Mobile Security Policy 2 Table of Contents INTRODUCTION 3 GENERAL DESCRIPTION 3 INSTALLATION GUIDANCE 7 VISUAL SHIELDING 9 DEVICE SECURITY 10 DECOMMISSIONING 11 KEY MANAGEMENT 15 SYSTEM ADMINISTRATION 19 ...

Page 3: ...rements listed in DTR B20 of the PCI PTS POI Version 4 0 document This device is vendor controlled and it is required that the vendor manage all payment security related functions General description 1 Product overview a Clover Mini see image 1 is designed as a pin entry device PED to facilitate credit and debit based transaction The device is only approved for use in an attended environment This ...

Page 4: ...cations NFC b This device uses a Remote Key Injection RKI process to distribute symmetric keys used to secure transactions There are no administrative modes available to the end user c This device uses cryptologic authentication on all code before execution 3 Device Identification a Identifying information is presented on the label inside the printer as seen in Image 2 and 3 ...

Page 5: ...olicy 5 4 Version Information a Software and firmware are displayed on the settings section on the device The user should regularly check the software and firmware version of the device b From the main screen click on Settings ...

Page 6: ...Clover Mobile Security Policy 6 c Click on About tablet d View version numbers ...

Page 7: ...ivity secure at a level equal or greater than WPA or WPA2 c Once connected the end user must enter a one time security code provided by Clover This code is communicated via a different communication channel than the device itself d Once the code is verified against the requesting device the device shall perform security updates including injection of security keys The end user is not required to p...

Page 8: ...tion Keypair A hash of the each APK is also included in the system files list checked at boot The app that controls payments is a System Image APK ii Data Image APKs are submitted by the developer and if approved by the vendor are signed by the source developer s key Each APK has a whole file signature added and the APK is signed with the Clover App Validation Keypair No data image APK has access ...

Page 9: ...following Open Protocols were considered during the PTS evaluation a Interfaces i HSPA ii USB iii WiFi iv Bluetooth Disabled in Firmware and therefore excluded from PCI PTS Review b Protocols i USB HID keyboard mouse Serial 3G modem driver Ethernet ii ICMP iii TCP iv UDP v HTTPS client vi DNS client vii DHCP client viii Bluetooth L2CAP ATT AVCTP AV Remote AVDTP Advanced Audio AV Remote Disabled in...

Page 10: ...al guidance instructing cardholders to shield their entry of a PIN number by covering the number pad with their hand B Any other customers who are shoulder surfing or standing too close to the cardholder must be directed far enough away from a cardholder to obstruct viewing during PIN entry C Surveillance cameras sited around the POS PED device must be positioned such that they cannot record the P...

Page 11: ...echanism b After a tamper event all payment related keys are permanently erased Payments will not be processed in this state c The device must be returned upon a tamper event and will not be reused 4 Visual inspection a Before using the device the user must conduct a regular inspection to check for evidence of tampering The following is a partial list of procedures Check the PCI website for the la...

Page 12: ...Clover Mobile Security Policy 12 a From the main screen select Settings b Select the Backup reset option ...

Page 13: ...Clover Mobile Security Policy 13 c Select Factory data reset d Select Reset device ...

Page 14: ...Clover Mobile Security Policy 14 e Enter your assigned employee pin f Select Erase everything ...

Page 15: ...is an abbreviation for Initial Pin Encryption Key it is used to refer to any initial symmetric key in a DUKPT key management system d The RKI process uses ANSI X9 TR 31 to distribute symmetric keys Under TR 31 the key to be authenticated is both encrypted and authenticated via a symmetric Key Encryption Key KEK e Before a device is delivered to a merchant the device generates an RSA key pair The p...

Page 16: ...is authenticated via the MB secure boot key MB SBK The bootloader cannot execute unless it is validated by the MB SBK ii Secure Board SB the secure board uses 256 bit ECDSA to validate code The secure board is protected by the Clover Root Key CRK The CRK is validated by the Maxim Root Key MRK At boot the CRK is validated with the MRK The CRK is then used to validate code 7 Key Invalidation a In th...

Page 17: ...pted under SSK Public Key Certificate MB Device Root Keypair Signs Device Intermediate Keypair RSA 2048 MB ROM PED Root Keypair Signs PED Intermediate cert RSA 2048 SB ROM FD Manufacturer Root Keypair Sign Manufacturer_Provisioning_CA RSA 2048 SB ROM RKI TMK Symmetric key used to encrypt TR31 formatted IPEKs during remote key injection process TDES 112 Maxim 32550 NVS RAM KDH Root Keypair Validati...

Page 18: ... sent to SB RSA 2048 SB Code Time Server Keypair Verify time update message sent to SB RSA 2048 SB Code MB Secure Storage Key SSK Protect data on MB msc partition AES 128 Derived using SBK and dev key upon boot MB SBK SSK generation AES 128 Tegra 4 efuse unreadable MB Dev Key SSK generation IV for AES key derivation 32 Tegra 4 efuse unreadable Flashing Server Keypair Encrypting MB SBK MB Dev Key R...

Page 19: ...OM Clover Server Keypair Identifies Clover s servers to device RSA 2048 MB ROM Clover Offline Keypair Signs CAPKs Revoked CAPKs and bin whitelist RSA 2048 SB ROM System Administration There are no permissions granted to users regarding device security The only action a user may take is to factory reset the device which will erase all payment keys from the device and require it to be re provisioned...

Reviews:

No comments

Related manuals for Mini

Safran MorphoAccess SIGMA Series Quick User Manual preview
MorphoAccess SIGMA Series
Brand: Safran Pages: 32
ACD MFT920 Brief Overview preview
MFT920
Brand: ACD Pages: 12
Caimore CM510-62G User Manual preview
CM510-62G
Brand: Caimore Pages: 16
Partner PT-6910 Series Unpacking And Setup Instructions preview
PT-6910 Series
Brand: Partner Pages: 2
TeleVideo TeleCLIENT TC7370 Manual preview
TeleCLIENT TC7370
Brand: TeleVideo Pages: 68
Teltronika FMC225 Quick Manual preview
FMC225
Brand: Teltronika Pages: 18
ELTEX NTU-1 User Manual preview
NTU-1
Brand: ELTEX Pages: 18
Pax Technology D180RF Manual preview
D180RF
Brand: Pax Technology Pages: 9
Pax Technology D220 Quick Setup Manual preview
D220
Brand: Pax Technology Pages: 12
Omron NS - HOST Connection Manual preview
NS - HOST
Brand: Omron Pages: 63
Datafox Evo 4.3 Manual preview
Evo 4.3
Brand: Datafox Pages: 146
OEZ OD-BH-KS43 Instructions For Use preview
OD-BH-KS43
Brand: OEZ Pages: 4
Tailwind Ingenico IPP320 PEDPack Quick Installation Manual preview
Ingenico IPP320 PEDPack
Brand: Tailwind Pages: 2
IBM SurePOS 700 Series Hardware Service Manual preview
SurePOS 700 Series
Brand: IBM Pages: 132
National Instruments SCXI -1314 Installation Manual preview
SCXI -1314
Brand: National Instruments Pages: 7
Lipman Nurit 3010 User Manual preview
Nurit 3010
Brand: Lipman Pages: 94
feedback TR-1000 Installation And Maintenance Manual preview
TR-1000
Brand: feedback Pages: 24
Opzoon OFR-T1-G Manual preview
OFR-T1-G
Brand: Opzoon Pages: 2

Brands by name

Popular brands

Load more brands