Upload
hadien
View
225
Download
0
Embed Size (px)
Citation preview
PCI 3.0 EPP WIN ATMs (XP & WIN7) VISA2 Setup
Version 1.00
April 24, 2014
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 2
Index 1. Overview .............................................................................................................................................. 3 2. PCI 3.0 EPP WIN ATMs VISA2 Setup .......................................................................................................... 4 3. Appendix A .......................................................................................................................................... 8
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 3
Overview
Compared to the PCI 1.0 EPP, the primary benefit of the PCI 3.0 EPP includes a number of
security features that make the device more difficult to compromise during ATM operations.
The most significant change to the EPP is the addition of physical tamper switches and the
inclusion of four different “states” in the EPP firmware. Separate security IDs and Passwords
have also been added in order to access the software to change these “states”.
EPP States
1) Installation State
The Installation State is the default operational state for the EPP. This state is required for the
EPP to accept a Master Key and for transactions to be processed. This state is the same as the
default for the PCI 1.0 EPP.
2) Authorized Removal State
This state allows the removal of the EPP, while retaining the EPP configuration (Passwords and
Encryption Keys). This allows the device to be removed and inspected without losing
configuration information.
3) Unauthorized Removal State
This condition occurs when an EPP physical tamper has been detected. When a tamper occurs,
a NVRAM clear must be performed on the EPP (not to be confused with the ATM CLEAR
NVRAM function). This condition may occur during transport in some cases, and should be able
to be recovered using the NVRAM clear function.
4) Initialization State
This is the default state of the EPP after performing a physical NVRAM clear on the EPP. All
passwords and accounts are reset to default zeroes (000000) and must be reconfigured prior to
key entry / normal ATM operations. You must change the EPP State accounts and passwords from
default, and log in successfully to change from this state.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 4
PCI 3.0 EPP WIN ATMs VISA2 Setup
PLEASE NOTE THE FOLLOWING:
After physically installing the new EPP Keypad on the ATM, you must perform a series of steps to
set the EPP to the “Installation State” so that you can enter encryption “keys” on the terminal.
The Key Management passwords that you are familiar with (000000 / 000000) are now set to the
following defaults (111111 / 222222).
There are also an additional set of IDs and Passwords that you must enter in order to access the
software to allow you to configure the “state” of the EPP. These values are (111111 / 111111) and
(222222 / 222222). Please enter these when prompted during the setup procedures.
1) From the Diagnostics Main Menu, select “Key Manager” and press Execute.
2) Next, select “Enter password” and press Execute.
3) The Key Manager Enter password screen will display.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 5
4) Press Execute and enter Password #1 (111111). Press Execute again, and enter Password #2
(222222).
5) At the Key Manager Main screen select “Set pinpad state” and press Execute.
6) The Key Manager Enter ID / Password screen will display. Press Execute and enter ID (111111) and
Password #1 (111111). Press Execute again. Enter ID (222222) and enter Password #2 (222222).
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 6
7) The Key Manager Set state main screen will display. Select “Set state” and press Execute.
8) The Key Manager Set pinpad state screen displays with the Current state of the EPP. There are four
different possible EPP states:
INITIALIZATION STATE
AUTHORIZED REMOVAL STATE
INSTALLATION STATE
UNAUTHORIZED REMOVAL STATE
The EPP should be in the Initialization State. If so, continue at Step 9 below.
If the EPP is in the Authorized Removal State, also continue at Step 9 below.
If the EPP is already in the Installation State, continue at Step 11 below.
If the EPP is in the Unauthorized Removal State, a problem may have occurred during shipment.
You will need to perform a NVRAM Clear on the EPP. (NOTE: This is different than the ATM CLEAR
NVRAM function). Go to Appendix A.
9) If the Current state is Initialization State or Authorized Removal State, press Execute. The state will
change to Installation State.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 7
10) Check the current state on screen (if it is still in Initialization State, the EPP may not be installed
correctly).
11) Press Previous to return to the Key Manager Main screen. PCI 3.0 EPP setup is completed.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 8
Appendix A
If the EPP is in the UNAUTHORIZED REMOVAL STATE
PLEASE NOTE THE FOLLOWING:
You will be required to clear NVRAM on the EPP.
This will reset the passwords back to factory default values. You will be required to configure new
values for Key Management passwords, and for security IDs and Passwords.
Perform the steps as shown below, entering the exact values listed.
1) Perform the following steps to clear NVRAM on the EPP:
1. Remove power to the EPP by disconnecting the power cable shown by the arrow below.
2. Turn Switch 1 on the EPP to the ON position.
3. Reconnect the power cable to the EPP – wait 5 seconds.
4. Disconnect the power cable to the EPP.
5. Reset Switch 1 to the OFF position.
6. Reconnect the power cable to the EPP.
2) From the Diagnostics Main Menu, select “Key Manager” and press Execute.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 9
3) Next, select “Enter password” and press Execute.
4) At the Key Manager Enter Password screen, press Execute and enter Password #1 (000000). Press
Execute again, and enter Password #2 (000000).
5) The Key Manager Main screen displays. The first requirement is to change the Key Manager
Password #1 and Key Manager Password #2 from the factory default settings of 000000 to
new values. Select “Change password” and press Execute.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 10
6) At the Change password screen select “Password #1” and press Execute.
7) Next, enter the new password. Press Execute. Enter the new password (111111). To verify, press
Execute again and re-enter the password (111111).
8) You return to the Change password screen. Select “Password #2” and press Execute. Next, enter the
new password (222222). To verify, press Execute again and re-enter the password (222222).
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 11
9) Next, press the Previous button until you return to the Diagnostics Main Menu. You will now need to
re-enter Key Manager using the passwords that you just created.
10) From the Diagnostics Main Menu, select “Key Manager” and press Execute.
11) Next, select “Enter password” and press Execute.
12) At the Key Manager Enter Password screen, press Execute and enter Password #1 (111111). Press
Execute again, and enter Password #2 (222222).
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 12
13) At the Key Manager Main screen select “Set pinpad state” and press Execute.
14) The Key Manager Enter ID / Password screen will display. (NOTE: There is a separate set of ID and
Passwords required for making any changes to the EPP State. The first step will be to input the factory
default values, and then you will be instructed to add new ID and Passwords.)
15) Press Execute and enter ID (000000) and Password #1 (000000). Press Execute again. Enter ID (000000)
and enter Password #2 (000000).
16) You are now required to change the ID / Passwords from the factory default settings of 000000 to
new values. Select “Add ID / Password” and press Execute.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 13
17) At the Key Manager Add ID / Password screen, press Execute. Enter the new ID (111111) and
password (111111). To verify, press Execute again and re-enter the new ID (111111) and password
(111111).
18) Repeat Steps 15 and 16 by creating another new ID (222222) and password (222222).
19) After completing the second new ID / Password, press the Previous button until you return to the Key
Manager Main screen.
20) At the Key Manager Main screen select “Set pinpad state” and press Execute.
21) The Key Manager Enter ID / Password screen will display. (NOTE: You will now enter the new ID /
Passwords that you just created). Press Execute and enter ID (111111) and Password #1 (111111).
Press Execute again. Enter ID (222222) and enter Password #2 (222222).
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 14
22) The Key Manager Set state main screen displays. Select “Set state” and press Execute.
23) Check that the Current state is “Initialization state”. Press Execute. The state will change to “Installation
state”.
24) Press Previous to return to the Key Manager Main screen. PCI 3.0 EPP setup is completed.