Supplementary to Presentation on Kiosk Services ATM System

Supplementary to Presentation on Kiosk Services ATM System Overview Trig. Max Enterprise Solutions Mason Liu, Ph. D.

Case Study – Wall Mount ATM 9/28/2006 Trig. Max Enterprise Solutions

System Overview ® Capacity ® ® Software environment ® ® Linux Infor. Mix or Oracle Database ISO 8583 Financial Data Exchange Protocol Security ® ® ® Operate up to 1, 000 ATM terminals in parallel DES-ANSI X 3. 92: 1981 data encryption Public-Key based ISO 7816 security infrastructure Message Authentication Code (MAC) deployment ISO 9564： 1991 for Personal PIN protection EMV certified Multi-level TCP/IP networks with VLAN 9/28/2006 Trig. Max Enterprise Solutions

Architecture Partitions ® System Topology ® Network Structure ® Kiosk Terminal ® Edge Server ® Main Server ® Security 9/28/2006 Trig. Max Enterprise Solutions

Technology Overview > System Topology Kiosk Sub-net LAN ADSL CDMA MODE M Virtual LAN Kiosk Edge Server Main Network 3 rd Party Edge Server Bank Main Server 9/28/2006 3 rd Party Network Trig. Max Enterprise Solutions

Architecture > Network Structure Network architecture defines following components: Multi-layer network topology ® Terminal – server connection scheme ® ® ® Run-Time environment ® ® TCP/IP Client/Server interaction Web based secured https access Data distribution ® ® Web based applications SQL database 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Kiosk Terminal Following considerations are needed in designing the kiosk terminal: ® Hardware and peripheral modules ® Software and environment ® Human-machine interface ® Network interface 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Kiosk Terminal > Hardware ® LCD and touch-screen display ® Secured metal keypad, YDT 220 ® CDMA 2000 -1 X / GPRS, sync/async Modem, LAN(RJ 45), RS 232 ® Printer ® ISO 7812 standard 1, 2, or 3 track reader ® ISO 7816 IC card（APDU I/O) ® Network NIC ® Power 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Kiosk Terminal > Parts List Modules Main Controller Items Descriptions Parts Remark Microprocessor 32 bit ARM Mamory 128 M Motherboard Embedded system board Display I/F On board Network I/F On Board Flash Compact Flash IO Ethernet RJ 45 Cellula Wireless CDMA 2000 -1 or GPRS Credit Card Reader Manual card reader LKE 750 Standard IC card/RFID Custom Optional Keypad Metal keypad, YDT 220 16 keypad, 2 x 4 function keys PCB security optional Display 10. 4 inch LCD Bullet-proof glass Sound Custom 　 Printer Epson, EUT 532+MB 500 Main power LW 2145 　Regulator, Filter, ATX standard 4 serial ports on board 　 Network I/F Input Devices Output Devices Power 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Kiosk Terminal > Software ® ® ® Basic requirement - Remote upgradeable Security drivers EMV standard card driver ® ® ISO 7816 IC card interface ISO 8583 card-based transaction protocol Keypad driver, touch screen driver Printer driver Unified Network driver for broadband, wireless, and serial port connections ® Multimedia display drivers ® ® ® Image and video (MPG, JPG, GIF, Flash) Audio (mp 3, au) 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Kiosk Terminal > Human-Machine Interface ® Support commercial applications ® Support multimedia A / V display ® Support image processing ® Value-added advertisement – online remote update ® User friendly interactive interface 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Kiosk Terminal > Network Interface ® Support variety of TCP/IP based communication methods ® Wireless ® Cellular ® Wired – Ethernet, Serial, DSL, modem ® Generic driver interface ® ISO 8583 – Standard for Financial Transaction Card Originated Messages 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Edge Server ® Major functionalities ® Kiosk terminal management ® Transaction status tracking ® Software environment ® Network interface 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Edge Server > Software Environment ® Security Measures ® Security key manager ® Dynamic key generation and distribution ® Security monitoring ® Data Transaction Measures ® Transaction recording and dispatch ® Error handling, recovery ® Operation monitoring 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Edge Server > Software Components The software package consists of following components: ® Kiosk (ATM side) interface module ® Main server (bank side) interface module ® Database (Oracle) management module ® Security management module 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Security ® Support the Public-Key based ISO 7816 security infrastructure ® Support EMV protocol ® Security measurements: Access control, Identification, Authentication, Data integrity, Data protection, Channel monitoring, error concealment. 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Security > Keys Distributed by the edge server to generate the Terminal Key Use the Terminal ID as the formation factor Terminal Key Scramble the Work Key ①Terminal：Decrypt and retrieve the Work Key at reception ②Edge Server：Generate and encrypt the Work Key Encrypt the payload, generate the MAC code for data integrity checking. ①Terminal：encrypt/decrypt the transaction payload ②Edge Server： encrypt/decrypt the transaction payload Terminal ID Unique ID for each terminal Combined with Main Key to track the transaction per terminal To determine the legality of personal PIN ① Terminal: Collect and encrypt the data and personal key using the Work Key, deliver the payload to the Main Server through the Edge Server. ② Main Server (bank): Validate and authorize the transaction Main key Personal Key PSAM (Payment Secure Application Module) MAC (Message Authentication Code) 9/28/2006 Trig. Max Enterprise Solutions

Architecture > Security > Data Safety ® Network safety ® Firewalls in routers ® Virtual sub-net (VLAN) partitions ® Safety in data transfer ® Deployment of MAC for data integrity ® Encryption for data protection ® Safety in data storage ® Identification (access, owner, transaction) ® Encryption 9/28/2006 Trig. Max Enterprise Solutions