Technical Manual ICT220 • 8/36
Copyright © 2009 Ingenico All rights reserved
1.2.2. Data security
1.2.2.1. Equipment design
The terminal was designed with the goal of resisting tampering, in order to keep the
confidential character of sensitive data (keys or confidential code), and to delete this data as
soon as a tamper attempt is detected.
• All the data are inside the cryptoprocessor and are thus physically protected by the chip.
This prevents the reading of secret bank keys and confidential codes.
• The display, keypad and smart card readers are controlled by the cryptoprocessor.
Tamper resistance
• Check of lid opening;
• Check of keypad tampering;
• Check of temperature;
• Check of voltage;
• Protection against drilling;
• Magnetic head protection;
• CAM (Smart Card reader) connector protection.
Tamper detection
When tampering occurs, the terminal reacts:
• The cryptoprocessor deletes sensitive data,
• The keypad locks.
Tamper evidence
• A message is displayed to alert the user.
1.2.2.2. Software design
Software download is made secure. Only authentic, signed and certified software can be
downloaded into the terminal.
• The software identification scheme is based on:
− Asymmetric encryption algorithm with public and private keys;
− Certified RSA cards;
− Software Signature Tool (SST).
• Application intended to be downloaded into the secure terminal must first be signed by a
Software Signature Tool (SST). They can then be remotely downloaded using a TMS
(Remote downloading tool) or locally using a LLT (Local Loading Tool).
• Once the application is downloaded, the cryptoprocessor checks the downloaded
application's certificate and signature. This operation constitutes the authentication.
If the downloaded application is authentic, it is accepted.
To Next Page
Loading...
