manualshive.com logo in svg

Magtek DynaGlass, Инструкция по эксплуатации

Поделиться
Скачать
Magtek DynaGlass Скачать руководство пользователя страница 20

5 - Security 

DynaGlass| Payment Terminal | PCI PTS POI Security Policy 

 

Page 20 of 22 (

D998200455-10

5.5

 

Key Loading 

The device does not support manual cryptographic key entry.  Only a specialized Key Loading Device, 
compliant with key management requirements and cryptographic methods, specifically 

TR-31

, can be 

used for key loading.  Use of any other methods will invalidate PCI approval. 

5.6

 

Key Replacement 

Keys should be replaced with new keys whenever the original key is known or suspected to have been 
compromised, and whenever the time deemed feasible to determine the key by exhaustive attack has 
elapsed, as defined in 

NIST SP 800-57-1

.  If a tamper event has occurred, the device must be returned to 

MagTek for security inspection and secure re-injection of new keys. 

5.7

 

Key Removal 

After keys are successfully injected into the device, there are two ways to remove them: 

 

Passively erasing keys, performed by firmware or hardware, such as when a tamper event occurs. 

 

Actively erasing keys, performed by an authorized user with a dedicated software tool, for example 
during manufacturer repair or decommissioning. 

5.8

 

Signature 

The device uses asymmetric cryptographic algorithms for software signature verification: 

 

SHA256 and RSA 2048 are used for Application Processor (AP) firmware signature verification. 

 

SHA256 and ECDSA-P256 are used for Secure Processor (SP) firmware signature verification. 

 

SHA256 and ECDSA-P384 are used for Application Processor (AP) application signature 
verification. 

 
The signing keys are controlled only by MagTek.  Software authentication is performed within the device 
by signature verification using the corresponding public key. 

5.9

 

Open Protocols 

The following describes the communication methods and protocols available in the device: 
 

Communication 

Interface 

Protocols 

802.11 Wireless LAN 
(WLAN) 

TLS, IP, TCP, UDP, ARP, DHCP, ICMP 

Bluetooth 

SMP, GATT, ATT, L2CAP, HCI, LL 

 
Data transferred between the device and remote hosts via the 802.11 Wireless LAN (WLAN) connection 
is encrypted with security protocol 

TLS1.2

.  Application developers can use TLS by calling a library 

available on the device.  During the TLS connection phase, the private key of the device is needed.  The 
private key is pre-embedded in the Application Processor’s firmware. 
 
The device also supports Bluetooth 4.2 protocol for Bluetooth secure communication.  In Bluetooth Low 
Energy mode, the device uses low energy security mode 1 level 4.  The Bluetooth “Just Works” pairing 
mode is disabled. 
 
Support version: openssl-1.0.2g TLSv1.2 
SSL has inherent vulnerabilities.  DynaGlass does not support SSL. 
 

 

Содержание DynaGlass

Страница 1: ...Court I Seal Beach CA 90740 I Phone 562 546 6400 I Technical Support 888 624 8350 www magtek com DynaGlass Payment Terminal PCI PTS POI Security Policy June 2021 Document Number D998200455 10 REGISTE...

Страница 2: ...trademarks of UL LLC PCI Security Standards Council is a registered trademark of the PCI Security Standards Council LLC EMV is a registered trademark in the U S and other countries and an unregistere...

Страница 3: ...DynaGlass Payment Terminal PCI PTS POI Security Policy Page 3 of 22 D998200455 10 Table 0 1 Revisions Rev Number Date Notes 10 Jun 10 2021 Initial Release...

Страница 4: ...tions and Security Protocols 13 3 5 Configuration Settings 13 4 Operation and Maintenance 14 4 1 Periodic Inspection 14 4 1 1 How to Inspect the ICC Card Insertion Slot 14 4 1 2 How to Inspect the Mag...

Страница 5: ...nteraction POI allowing merchants to accept banking cards for processing transactions It is equipped with three card readers A 3 track magnetic stripe card reader a contact chip card reader a contactl...

Страница 6: ...ss Payment Terminal PCI PTS POI Security Policy Page 6 of 22 D998200455 10 2 General Description 2 1 Product Name and Appearance DynaGlass looks like Figure 2 1 below and Figure 2 2 below Figure 2 1 D...

Страница 7: ...2 General Description DynaGlass Payment Terminal PCI PTS POI Security Policy Page 7 of 22 D998200455 10 Figure 2 2 DynaGlass Left Side DynaGlass Right Side...

Страница 8: ...d and electronic device reader CTLS It also includes an LCD touchscreen display with PIN entry capability It is intended to be used as an attended desktop device This device is approved as a Point Of...

Страница 9: ...ok on the printed product label on the bottom of the device as shown in Figure 2 3 below Do not remove alter or cover this label Figure 2 3 DynaGlass Device Label Location Figure 2 4 DynaGlass Device...

Страница 10: ...n 1000007853 Ax xx PCI AP System Version 1000007852 Ax xx PCI Each lowercase x indicates minor non security related changes Users should check to make sure the firmware versions are consistent with ve...

Страница 11: ...the labels on shipping materials and documentation 4 Visually inspect the device per D998200442 DYNAGLASS DEVICE INSPECTION which is included in the package with the device 5 Power on the device and m...

Страница 12: ...r 5V 1A Operating Temperature 0 to 50 Storage Temperature 10 to 60 Humidity 10 RH 90 40 The security of the device is not compromised by altering the environmental conditions outside the stated operat...

Страница 13: ...USB 802 11 Wireless LAN WLAN Bluetooth Communication protocols TLS v1 2 USB protocol DHCP ICMP ARP TCP UDP IP Physical interface functions and data The USB C interface is used to transfer non sensiti...

Страница 14: ...Secure Processor shows a notification message and locks the device making further use of the device impossible If you observe a tamper notification message contact your representative for assistance 4...

Страница 15: ...zed service center to arrange for repairs 4 3 Roles and Responsibilities MagTek generally sells directly to merchants or indirectly to merchants via Value Added Resellers VARs and acquirers MagTek pro...

Страница 16: ...are files can also be loaded via a secure remote updating process using Open Protocol HTTPS with TLS1 2 The device verifies that each update is newer than the installed version and cryptographically a...

Страница 17: ...t cardholders in ensuring that others are not looking while they are entering their PINs The following table shows the combinations of PIN privacy methods that must be put in place when installing the...

Страница 18: ...d 5 2 Algorithms Supported The device includes the following algorithms Triple DES 128 bits AES 128 bits 256 bits RSA Signature verification 2048 bits SHA256 Signature digest ECC P 256 P 384 P 521 5 3...

Страница 19: ...keys can only be used for their intended purposes via the interfaces or commands provided by the device Key Name Purpose Usage Algorithm s Size Bits SKEK Encryption of working keys downloaded into th...

Страница 20: ...are signature verification SHA256 and RSA 2048 are used for Application Processor AP firmware signature verification SHA256 and ECDSA P256 are used for Secure Processor SP firmware signature verificat...

Страница 21: ...APIs ensures the application will be compliant with PCI PTS security requirements 7 Acronyms Acronym Definition AES Advanced Encryption Standard AP Application Processor the processor in the device t...

Страница 22: ...2 of 22 D998200455 10 Appendix A References The following documents may be used to provide additional details about the device and this security policy 1 Software API Development Guide 2 D998200439 Dy...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды