Ingenico 6500 manual System and Security Application, Maintenance Application

System and Security Application

The System and Security Application (SSA) has two modules.

The system module contains the terminal’s extended menu, where users can change options related to downloading, diagnostics, system parameters, and system configuration.

The security module implements all security requirements, such as key injection and key management. The cryptography functions of the operating system, including key storage areas, are only accessible to the security module. The security module provides a cryptography API to other applications. The SSA blocks any user applications from using the HMI peripheral of the operating system. Thus, all requests by the user application to display forms or receive touch or stylus input must go through the SSA. The SSA then rejects any improper insecure requests, such as:

—Activate more than 8 screen buttons (which could be used to create a false PIN pad).

—Activate PIN entry with a prompt that has no valid MAC (if the MACing option is on; this prevents the improper collection of the encryption results of known data).

—Activate clear text entry with a prompt that has no valid MAC (if the MACing option is on).

—Activate clear text entry with a prompt that contains words such as PIN, NIP, etc. (if the MACing option is off).

—Retrieve pixel coordinates of individual screen touches (which could be used to create a false PIN pad).

—Request more than 30 PIN encryptions within 15 seconds when using MASTER PIN KEY.

Maintenance Application

The maintenance application is in charge of system components and secure application download. It is an extension of the SSA and the SSA invokes it. It executes before other user applications in order to check version numbers and download new software if needed.

The maintenance application communicates with the user application through the peripheral application manager (PAM). The maintenance application has a downloader that communicates with the host in the specified download protocol to receive data and send responses. Each download protocol has its own download application.

The maintenance application sends the code files and application data files it receives to the data file system (DFS) first. At the end of download, it releases the COM port, and then requests an offline download from the SSA. The SSA maintenance module performs a security call back to decrypt, unzip, and authenticate the code before it writes the code file to the code file system (CFS). Also, it takes the data files from DFS, goes through the call back function to authenticate it, and puts them in the right place within the DFS.

The download port selection, download protocol, and port setting can be set in the supervisor menu (see Chapter 5, Supervisor Menu, on page 23).