TS890 User Manual Rev A.2.pdf

7/24/2019 TS890 User Manual Rev A.2.pdf

1/46

UIC Confidential

Uniform Industrial Corporation

TS890 USER MANUAL

REV A.2


2/46

TS890 User Manual Rev. A.2 UIC Confidential

Copyright 2011 All rights reserved. Page 2

Revision History

Revision Date Remarks

A.1 June 13, 2011 Initial release

A.2 Dec. 16, 2011 Update BootROM usages


3/46



Disclaimer

This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication. Themanufacturer may make improvements and/or changes to the product(s) and/or the program(s) describedin this publication at any time without notice.

Terms and conditions

Permission for the use of these publications is granted subject to the following terms and conditions.

Personal Use: You may reproduce these publications for your personal, noncommercial use provided

that all proprietary notices are preserved. You may not distribute, display or make derivative works of

these publications, or any portion thereof, without the express written consent of the manufacturer.

Commercial Use: You may reproduce, distribute and display these publications solely within your

enterprise provided that all proprietary notices are preserved. You may not make derivative works of

these publications, or reproduce, distribute or display these publications or any portion outside your

enterprise, without the express written consent of the manufacturer. Except as expressly granted in this

permission, no other permissions, licenses or rights are granted, either express or implied, to the

publications or any data, software or other intellectual property contained therein. The manufacturer

reserves the right to withdraw the permissions granted herein whenever, in its discretion, the use of the

publications is detrimental to its interest or, as determined by the manufacturer, the above instructions are

not being properly followed. You may not download, export or re-export this information except in full

compliance with all applicable laws and regulations, including all United States export laws, copyright

laws and regulations.

THE MANUFACTURER MAKES NO GUARANTEE REGARDING THE CONTENT OF THESE PUBLICATIONS. THESE

PUBLICATIONSARE PROVIDED AS-ISAND WITHOUT WARRANTY OFANY KIND, EITHER EXPRESSED OR IMPLIED,

INCLUDINGBUTNOTLIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITY, NON-INFRINGEMENT,ANDFITNESSFOR

APARTICULARPURPOSE.

UNDER NO CIRCUMSTANCES IS THE MANUFACTURER, ITS PROGRAM DEVELOPERS OR SUPPLIERS LIABLE FOR ANY

OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY:

1. LOSS OF, OR DAMAGE TO, DATA;2. SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL

DAMAGES; OR3. LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS. SOME JURISDICTIONS

DO NOT ALLOW THE EXCLUSION OR LIMITATION OF DIRECT, INCIDENTAL, OR CONSEQUENTIALDAMAGES, SO SOME OR ALL OF THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY


4/46



Table of Contents

Introduction .................................................................................................................................................. 7

General Functions ......................................................................................................................................... 8

TS890 Hardware Specification ...................................................................................................................... 9

Terminal front view ................................................................................................................................... 9

Terminal IO port view ............................................................................................................................. 10

TS890 Specifications ................................................................................................................................... 11

System Foundation ..................................................................................................................................... 12

Hardware Block Diagram ........................................................................................................................ 12

Flash Memory Map ................................................................................................................................. 13

Software Architecture ............................................................................................................................. 14

Software and Firmware components ................................................................................................. 15

BootROM: the system manager .................................................................................................................. 16

BootROM Background ............................................................................................................................ 16

RunAppl ................................................................................................................................................... 17

Program................................................................................................................................................... 17

Load ..................................................................................................................................................... 18

Remote Sync ....................................................................................................................................... 18

Erase IPP .............................................................................................................................................. 20

Upgrade ............................................................................................................................................... 21

USB Disk Setup .................................................................................................................................... 23


5/46



Load Dukpt Key ................................................................................................................................... 23

Date & Time ............................................................................................................................................ 25

Setting ..................................................................................................................................................... 26

Version .................................................................................................................................................... 27

Selftest .................................................................................................................................................... 27

File System .............................................................................................................................................. 29

Development Environment ......................................................................................................................... 30

System Requirement ............................................................................................................................... 30

Linux Host (Virtual Machine) .................................................................................................................. 30

Starting up ........................................................................................................................................... 30

Sharing resources with Windows host ................................................................................................ 31

User accounts ...................................................................................................................................... 33

Eclipse: the IDE .................................................................................................................................... 33

Important Directories in Linux VM...................................................................................................... 34

Network Services ................................................................................................................................ 35

TS890: the target device ......................................................................................................................... 36

Debug Console .................................................................................................................................... 36

Root file system (RFS) ......................................................................................................................... 37

Mounting NFS from Linux host ........................................................................................................... 38

Updating User Application .................................................................................................................. 39

USB Disk Setup .................................................................................................................................... 40


6/46



Security Management ................................................................................................................................. 43

IPP Security ............................................................................................................................................. 43

Key Storage and Protection .................................................................................................................... 43

Tamper detection / response ................................................................................................................. 43

Self-test ................................................................................................................................................... 43

Timeout control ...................................................................................................................................... 44

PIN attack protection .............................................................................................................................. 45

Tamper Recovery .................................................................................................................................... 45

IPP Key Loading ....................................................................................................................................... 45

IPP Key Loading ................................................................................................................................... 45

BootROM Key loading user interface .................................................................................................. 46


7/46



Introduction

This document provides operating information of TS890 as well as how to set up a development

environment. It starts with the specification of the terminal. Then it follows a chapter introducing

the terminals hardware and software architecture, and a chapter regarding how to operate the

terminals system manager BootROM. Then there is one whole chapter regarding how to set up

the development environment and how to write, build, and install user applications to TS890.

Finally is a chapter describing the security functions, and including how to inject clear-text

master/session keys or DUKPT keys.

This document is intended for both system integrators and programmers. For more information

about API and SDK, please refer to TS890 Programmers manual.


8/46



General Functions

TS890 is ideal for any level of merchant across multiple industries. It is designed for handling

transactions ranging from credit and debit card transactions, smart card transactions to

customer loyalty programs. TS890 is currently at the forefront of POS terminal distribution by

providing an access to the global smart card solutions.

Features

High Performance and High Security Integrated Magnetic Strip and IC card reader and Printer Conforms to EMV Level 1 & Level 2 requirement Conforms to PCI PED online & offline PIN verification Supports DES/TEDS, MAC, DUKPT or M/S key, RSA, AES, SHA encryption 32 bits fast processor Tamper Evidence Resistant and Responsive Privacy Shield Option GPRS


9/46



TS890 Hardware Specification

Terminal fron t view

Smart card reader

Magstripe reader

Graphic LCD display

Integrated thermal

printer

Keyboard

in BootROM

in BootROM

in BootROM


10/46


11/46


12/46



System Foundation

Hardware Block Diagram


13/46



Flash Memo ry Map


14/46



Software Arc hi tecture

TS890 consists of two processors. One is an ARM7-cored security chip, and a non-OS firmware

IPP is running on it. IPP handles all security-related functions. The other processor is an ARM9

SOC with embedded Linux as the operating system. User application is running on this Linux

platform.

Theoretically the user application can control hardware devices and communicate with IPP

directly. However, due to security concerns and the purpose to minimize the development effort,


15/46



UIC wraps these hardware details into an API: the oslib. User application statically links to this

library and thus accesses the underlying hardware devices and security functions in a managed

way. Although it is possible for the user application to call standard Linux APIs directly, this is

not encouraged and is even prohibited. The reason is that the Linux kernel and/or the runtime

environment might be changed (e.g., due to some security breach found in the future), and the

direct link between user application and Linux library might be broken then.

Software and Firmware components

There are four major components provided by UIC:

ARM7-IPP firmware: can be updated using bootROM. ARM9-Linux kernel: seldom needs to be updated. ARM9-RFS (Root File System): device drivers, Linux system libraries and utilities, and can

be updated using bootROM.

ARM9-oslib: A static library that a user application links with. oslib is released by UIC aspart of the SDK, and is installed to the Linux VM (please refer to DevelopmentEnvironmentchapter).


16/46



BootROM: the system manager

BootROM B ackground

When TS890 Linux boots up, initwill invoke the first system mode program called "BootROM."BootROM is responsible for all the system management such as invoking/downloadingapplication(s), checking application certificate(s), maintaining all background processes.

To enter BootROM's service menu, it is required to press () key when the display

show the prompt BootROM Selftest during boot up.

In general, BootROM will prompt for the access code.

Enter access code:

* will appear on screen as you enter access code. Enter the BootROM access code (Default is896345). The following menu will display. Press and key to scroll through themenu.

BootROM selftest


17/46



RunAppl

Press 1 on the keypad to run the user applications (i.e., /home/usr1/appl.out). If the TS890contains an application when choosing this option, BootROM will check the authenticity of thisuser application and run it.

If the application has not been downloaded to TS890, the screen below will display.

The word Productionin the message above means this terminal is of Productionmodeinstead of Developmentmode. A development mode terminal is a terminal which uses atemporary certification for authenticating user applications. Such a development mode terminalis supposed to serve as a development platform only.

If the application signature verification fails, the screen below will display.

IPP=Pmeans this terminal is of Production mode. If this terminal is of Development mode, itwould be IPP=Din the message. The following APP=Error 2means the user applicationdoes not pass the authentication test and the error code (reason) is 2.

Program

This menu is used for downloading application(s) and updating OS/RootFS. Press 2 on thekeypad to enter Program menu. When selected, the screen will display. Press the up or down

button to switch menus.


18/46



The functions in Programmenu are listed and described below:

Load

Load function is for the developer to start the application download from the VMWare Linux tothe terminal through the standard TFTP protocol. The TFTP service is running in thebackground on the VMWare Linux and is always ready for download requests. The downloaddirectory is set to VMWare Linux's/tftpboot.

Note: Before the application download, the terminal must configure the proper IP values. Referto the Setting section for detailed information.

Enter Load Access Code (Default "896345"). The screen prompts for the code once.

Download is complete and TS890 will return to BootROM's main menu.

Note: If an error message appears (see below), in most cases it is because the Linux VMWaretftp server is not available or the "ServerIP" is not set properly in the TS890. Or, the settingdoes not match the server IP.

Remote Sync

Besides using TFTP to download from the developer's VM, the TS890 is equipped with an FTPclient that can retrieve applications from an existing FTP server.

Note 1: The network parameters of TS890 must be properly set up, including "Server IP","Gateway", "NetMask" in BootROM's menu 4 - Setting. "Server IP" should be pointed to the FTPserver.


19/46



Note 2: It is also necessary to tell the BootROM where to download by setting up "Bank ID","Appl ID" and "Version ID" in BootROM's menu 4Setting.

Input FTP user password or just press () to use default password "ts890"

It will immediately start FTP task. In the example below, the server IP is set to 192.168.0.102

If the FTP server can not be reached, the TS890 will display the following.

If the Download is successful t will return to BootROM's main menu.

USB Sync

USB Sync is used for upgrading the developers application by USK disk. Be sure the "Bank ID",

"Appl ID", and "Version ID" have been setup and USB disk has inserted. This function is in

single control and it is needed to input one access codes, the default load access code is

"896345".


20/46



Erase Appl

Erase Appl is used for erasing all files in the application slot. This function is in single control

and it is needed to input one access code, the default load access code is "896345 .

USB Sync IPP

Erase IPP is used for upgrading the IPP firmware. The first step is to erase the IPP and you can

download a new version after the terminal reboot. This function is in dual control and it is

needed to input two access codes. Input default "24652011" and 66085202 for the access

code.

Press "0" if you really want to proceed

Searching for

USB storage

Copying

Completed!!

App erased!!


21/46



Erasing the IPP only takes 2s and you will see this screen very soon. Now you need to reboot

the EDC.

After reboot, you can start the PC side after you see this screen. Contact UIC to get the

download utility at PC side.

Upgrade

Upgrade is used for updating the Linux root file system (ROOTFS), including the /bin /etc /usr/etc /lib. It is for enhancing the original Linux capability such as adding new Linux tools andconfiguration files.

The root file system patch is in the form of a tar ball named "appl.tar.gz" and each is assigned aversion number. The application already loaded will not be erased or impacted by the upgrade.

After the system upgrade, the original application can be executed normally.

To upgrade the root file system, insert a USB Flash drive to plug into the USB host port ofTS890 first. A specific file path of the file system is needed for the system upgrade. Refer toUSB Disk Setup section for more information.

Then input two access codes, Input default "24652011" and 66085202 for the accesscode.

Input the ROOTFS version you intend to upgrade, such as "007"


22/46



TS890 will now load the USB module and detect the USB Flash drive. This normally takes 5-8seconds.

If the USB has a problem and cannot be mounted in 15 seconds, screen will display thismessage.

If the USB driver mount is successful, the TS890 will prompt to press "0" to proceed.

Writing the ROOTFS may takes 20-30 seconds. Important, please do not power off theterminal until the update successful message displays.

Done. Reboot the system.


23/46


24/46



Then start the key injection tool to load the key. If the loading process is successful, the displaywill prompt Successful message. Otherwise, it shows failed message. Note. The dual controlto access key loading process is needed in the production version. For the detail operation,please contact UIC Sales or tech support.


25/46



Load M/S Key

This function is for M/S key injection purpose. Press 8 will enable the pass-through path toconnect IPP to the key injection equipment via RS232 port A. The user has to enter dual control

password: "24652011" and 66085202.

After the password being accepted, the terminal will wait for the new key loading.

Loading key

Press CAN to exit

or wait for time out

User can use Key Injection Tool to load M/S Keys to terminal. If user want to exit this function,

please press () to return, or wait for time out to exit.

Start Downldr

This function is for firmware purpose. Press 9 will enable download RFS IPP or User APP toterminal by FTP.

UIC Downloader 1.0

SELECT TYPE1=RFS2=IPP3=User APP

Date & Time

This function is used for changing the systems internal real time clock. Press 3 to enter themenu. To change the date and time, press 0. Follow the YYMMDDhhmmss format to enter

date/time. Or, press ()to return to main menu without making any changes.


26/46



Sett ing

This menu is used for setting up system-wide parameters and environmental variables for theapplication to read later. When selected, the following screen will display. Use the up or downbuttons to scroll through the menu. The network setup is critical because application downloadsduring the development phase rely extensively on TCP/IP.

Press (), () to enable/disable DHCP or / to next setting.

Enter 12 digit number for IP address or / tonext setting.


27/46


28/46




29/46



Example: ICC diagnostic

This screen shows the ATR status of all the SAM cards. If a SAM is installed, the correspondingline will show (1, 80, 10). The system detects the presence of SAM during power up.

or

If you insert a card into Reader#1, this screen will show the analysis of ATR. This is useful whenyou want to get ATR info from any card. Press the number of the card slot. For example, press would get this prompt:

Example: Keyboard diagnostic

Fi le System

This screen shows all files under user application's folder - /home/usr1. It provides usefultrouble-shooting for checking file availability and file size in case the application programmercannot access the debug console. Here are the function keys:

/ to navigate files

() will delete the file under the cursor

will delete all files in cfg/. Useful for testing partial downloads.


30/46



Development Environment

Usually, to set up a development environment for embedded devices involves installing cross-

compile tool chains on a build host and setting up tools for downloading software/firmware to thetarget devices. In order to simplify this procedure, UIC decides to leverage the virtual machinetechnology. UIC builds a VMWare Linux virtual machine (VM) with cross-compile tool chainsand necessary tools installed. Developers can immediately start programming without installinga Linux and tools from scratch.

System Requi rement

Minimum 2GB RAM Minimum 30GB free hard disk space Windows XP or higher

VMWare Playerversion 3.1.4 for Windows Linux VM image from UIC

Linu x Hos t (Vir tual Machine)

Starting up

First install VMWare Player. Then copy the Linux VM image to the hard disk.

Launch VMWare Playerapplication, click Open a Virtual Machinefrom the right panel, then

choose the VM image from the file dialog box. Double-click TS890_STDat the left panel of

VMWare Playerwindow.


31/46


32/46



Note: If your LAN has DHCP server, and if you want to have your PC, Linux VM, and TS890 terminal all in

the same LAN, it is recommended that you choose bridgemode for Linux VM.

To share removable devices, click Virtual Machinethen Removable Deviceson the top menu.

Then choose the removable device to be shared.

To know more details about using VMWare Player, please refer to the help document of VMware Player,

or visit http://www.vmware.com.


33/46



User accounts

There are two user accounts created in TS890 Linux VM:

User ts890, and password 111111.

User root(the super user), and password tong1xun4.

You should always log in and do development as ts890, not as root. The root account is just for you to

do administrative jobs like starting services, change passwords, adding other user accounts, installing or

removing software packages, etc.

Eclipse: the IDE

UIC installs and customizes a version of Eclipse as the IDE (Integrated Development Environment). After

logging into Linux VM as ts890, you would see a icon UIC-Eclipseon the desktop.


34/46



Double-click the UIC-Eclipseicon, and click Okwhen prompting asking the workspace. A demo

project called CartesPariswill be opened.

Now you can edit, build, and clean the project using Eclipse.

Important Directories in Linux VM

Directory and files Description

/home/ts890 The home directory of user ts890.

/home/ts890/host_tools Containing two script files: instdistto install SDK, and setverto

change to a specific version of SDK.

/home/ts890/workspace The default workspace of Eclipse, and contains the demo project

CartesParis.

/opt/eldk The cross-compile tool chains, Linux system libraries, and header

files.

/usr/share/uicdev-s/ Containing UIC SDK (header files and libraries).

/usr/share/uicdev-s/current A symbolic link pointing to the current effective version of SDK.

/mnt/hgfs VMWare share folder locations.


35/46



Network Services

Several network services are quite handy or even necessary at the development stage, especially when

downloading programs from Linux VM to TS890.

NFS: TS890 has necessary drivers to mount a nfs share. Developers can transfer files easily via nfs.

TFTP: Download user application to TS890.

FTP: Download user application to TS890.

You can enable these network services from System/Administration/Services.

From the service dialog box, enable the service you need.


36/46



TS890: the target dev ice

Debug Console

TS890s console provides very useful features for debugging. You are able to:

1. Monitor all kernel messages during TS890 boot-up.

2. Monitor application's debug messages if it calls the debug APIs.

3. Access the shell to perform some tasks like mounting nfs share, observing current tasksstatus, killing a specific task, etc.

To access the console, follow these steps:

Step1:In BootROM 4.Setting, use (

)/(

)to scroll to this menu

Press ( ) to enable, () to disable, ()to exit.

Step2:Connect a download cable to 232B of TS890 with your PC. Run a terminalemulator program (e.g. teraterm or putty) with the following serial port setting: 115200bps, 8 data-bit, 1 stop bit, no parity, no hardware handshake.


37/46



Step3:Reboot TS890 to make it effective. If you kernel boot message after 8s, you didcorrectly in above steps.

Step4:Press [MENU] in BootROM's main menu and you will get the shell. The shell willnot be activated unless you press in the console. Enter rootin the user name,

and press enter.

Root file system (RFS)

TS890's file system runs on the Flash memory with industrial standard JFFS2 (Journaling Flash

File System Version2). This provides power fail resistance. In case of power failure during a

write, JFFS2 will roll back to the last good journal entry. JFFS2 provides real-time compression

to increase storage size and Flash life.

Flash writes are buffered in 4K size and Linux's command sync() is used to commit write to flash

immediately. JFFS typically have a large overhead for each journal entry (write) thus making

them very inefficient for writing small amounts of data.

TS890 also follows Linux's directory tree structure. The entire tree is placed on flash (JFFS2)

except for /tmp. /tmp runs on volatile RAM which serves as a big file buffer for someapplications, such as remote download.

Directory Meaning

/binContains executable programs that are required for system repair, for instance, tar, grep, kill,

ps..etc

/dev Contains device files required for interfacing with hardware.

/etcThe configuration files for the Linux system. Most of these files are text files and can be edited

by hand.

/home /home/usr1 is where the user application is.


38/46



/lib

Contains shared object library files that are necessary to boot the system as well as containing

files required by various programs. This directory also contains modules (located in

/lib/modules) which can be loaded into the kernel.

/mntUsed for mounting temporary file systems. USB storage will be mounted at /mnt/usb. NFS

share will be mounted at /mnt/nfs.

/proc

Provides information about running processes and the kernel. A directory is provided for each

running process. Useful system information such as the amount of memory available on the

system as well as CPU speed can be found within the /proc directory.

/sbin

Similar to /bin, this directory contains executable programs needed to boot the system,

however the programs within /sbin are executed by the root user. Contains system

maintenance programs, for example, ifconfig

/sys -

/tmp

This directory is used for temporary storage space. Files within this directory are often cleaned

out at boot time. By using /tmp directory, the user can be assured the files will be wiped off the

system the next time the machine reboots.

/usr

/usr/bin - Executable programs that are not required for booting or repairing the system.

/usr/local -

/var

This directory contains files of variable file storage. Files in /var are dynamic and are constantlybeing written to or changed. Some directories located within /var include:

/var/log - files containing logging information

/var/run - files containing the process ID's for each current process.

Mounting NFS from Linux host

Suppose you want to share /home/ts890/nfs on the Linux VM with TS890 terminal, and assume

Linux VM has IP 192.168.2.96. First you need to edit (log in as root) /etc/exportsto export thedirectory.


39/46



Then start up NFS service (log in as root).

And finally mount nfs from TS890.

Updating User Application

BootROM/Program/Load

Loadfunction is for the developer to start the application download from the Linux VM to theterminal through the standard TFTP protocol. The TFTP service is running in the background on


40/46



the VM and is always ready for download request. The download directory is set to Linux VM's/tftpboot.

Every time when an application is built, the resulting executable package appl.tar.gzwill be

copied to Linux VMs /tftpboot automatically. If you set the Server IPto Linux VM correctly, youcan operate TS890 BootROM/Programs/Load to update the application.

USB Sync

USB Sync uses TS890's USB HOST to update applications. The application should be in theform of appl.gar.gz and should be put in a well-structured directory in a USB flash drive. Aseach PackageKit is around 200-300K, a 2G USB Flash can hold 5,000+ applications.

USB Disk Setup

Must have a directory called applpool/, in lower capital letters All application PackageKits should in this filename appl.tar.gz All applications should be located in following path.

Example: If the flash drive is at F:/. The path mush be F:/applpool/ / / /appl.tar.gz

Note that , , should not contain lower case letters

Applpool

CTB

CPC

20051122

appl.tar.gz

20051123

appl.tar.gz

EMV

20080101

CUB


41/46



USB Disk download from BootROM

1. Setup "Bank ID", "Appl ID" and "Version ID" in BootROMs 4.Setting (please scrollup/down to look for them )

2. Plug a USB disk on HOST port3. Go to 2.Program -> 4.USB Sync. Mounting a USB drive will takes 8s. If no USB is found,

this sync function will timeout and return to main menu in 30s4. Done.

Remote Sync via FTP

Besides using TFTP to download from the developer's VM, TS890 is equipped with an easy touse remote download protocol that can retrieve applications from the Application Server (AS)

supporting an existing robust FTP.

Setup of Application Server (AS)

Application Server is a normal FTP server with

FTP user name must be "ts890", FTP password can be assigned to any string, prefer to use "ts890" Must have a directory called applpool/, in lower capital letters All application PackageKit should in this filename appl.tar.gz All applications should be located in following path.

applpool/ / / /appl.tar.gz

Note that , , should not contain lower

capital letters

applpool

CTB

CPC

20051122

appl.tar.gz

20051123


42/46



appl.tar.gz

EMV

20080101

CUB

Remote download from BootROM

Setup the network including "Server IP", "Gateway", "NetMask" in BootROM's 4.Setting Setup "Bank ID", "Appl ID" and "Version ID"

Go to 2.Program -> 2.Remote Synch. Input password or just press ( ) to use

default password "ts890". Done.


43/46



Security Management

IPP Security

This chapter will describe the operation of the internal PIN Pad.

TS890 has a built in PIN Pad, which runs on a dedicated ARM7 SOC to provide maximumsensitive data separation and protection. All the security related functions and sensitive data arelocated on this SOC and are invoked via remote procedure call.

Key Storage and Protect ion

The cryptography processor has 16-bytes special registers where it stores a "Key Storage Key".20 User keys are stored in on-chip EEPROM and are 3DES encrypted with it. User keys arealso protected by a CRC which is verified every time user keys are accessed.

This "Key Storage key" will be erased if:

Wire mesh is shortened or cut Switches are open 3V backup battery is too low or too high temperature is out of range metal layer is tampered RTC is out of range

The erasure is always activated even when powered down and can not be disabled by software.

Tamper detect ion / response

System Tampered System Halted will be displayed on screen in the event of tampering.Moreover, the ARM7 SOC will check the keys integrity at every power-on process. It will treat awrong checksum as a tamper action and cause key erasure.

Self-test

The IPP will carry out following the integrity tests:

IPP startup ROM integrity test

At chip reset, the boot loader of ARM7 SOC will check the integrity of the IPP (internal PINpad) firmware before activating it. If the integrity check fails, the boot loader will not pass thecontrol to IPP firmware, and will erase the IPP firmware. In this case, the PED will prompt"IPP Download Needed" and halt. The PED needs to be returned to the manufacturer forrepair and re-install IPP fimrware.


44/46



IPP periodic ROM integrity test

When the IPP is running, it will automatically check the self-integrity every hour. The

checking algorithm is same as that of the boot loader of ARM7 SOC. If the integrity checkfails, the IPP will erase the "Key storage key" and generate a tamper event. The PED willprompt "System Tampered" "System Halted" immediately and halt. If the PED is restarted,self-test mentioned in previous paragraph will be executed. The PED needs to be returnedto the manufacturer for repair.

IPP periodic KEY integrity test

When the IPP is running, it will also check key array integrity every hour. If the integritycheck fails, the IPP will erase the "Key storage key" and generate a tamper event. The PEDwill prompt "System Tampered (K) System halt" immediately and halt.

IPP on-demand KEY integrity test

Key array integrity check is also performed every time the key array is accessed, such asduring MAC/Pin Block calculation or restore keys. If the integrity check fails, the IPP willerase the "Key storage key" and generate a tamper event. The PED will prompt "SystemTampered System halted" immediately and halt.

PED BootROM startup test

The BootROM contains a certificate at the end of the whole binary image. The certificate isthe same format as the application certificate which contains BootROMs SHA-1s checksumand is signed by vendors private key. Any illegal modification of the BootROM content,either the download image or Flash chip content will cause a mismatch of the SHA1checksum.

Timeout co nt ro l

The BootROM implements two types of timeout controls: 1 minute inactive timeout and 10minute session timeout.

The inactive timeout defaults to 1 minute. If the BootROM is inside any sensitive functions suchas:

"(1) Load application",

"(8) Load File,"

"(3) Load Dukpt Key", and Load M/S Key


45/46



Without any data being sent from the PC com port over a period of 1 minute, the inactive timerwill exit the BootROM. System Mode, Access code? will be display on the screen. If theaccess code is correct, BootROM will be re-entered.

If the BootROM is inside a non-sensitive function, and is idle 1 minute without any key press, itwill quit the current function and BootROM will go to one upper menu.

There is also a 10 minute session timeout for BootROM. TS890 will deliberately exit theBootROM and bring the user to the access code entry prompt after this timeout.

PIN attack protect ion

PIN encryption is limited to once per 30 seconds on average to deter an exhaustive PIN search.The algorithm is best explained in terms of tokens in a bucket. A PIN encryption request is onlyaccepted if there is a token in a bucket. A token is placed in the bucket every 30 seconds, with a

maximum of 60 tokens allowed in the bucket. Note: The number of tokens in the bucket ismaintained across power cycles.

Every time a PIN is entered, a token is removed. If there is no token available, the PIN entryrequest returns an error. This allows an average of one PIN encryption per 30 seconds, but overa long period of time.

This control also applies to entering BootROM's access code.

Tamper Recov ery

Upon tamper, the terminal is disabled and will not accept any keystroke. All peripherals areclosed. In order to recover it:

Press Cancel key to enter the unlock procedure. For development mode terminals, enter the 1staccess code (default: 1412021528). For

production mode terminals, the terminal will prompt you to enter the 2ndaccess code(default: 8816606415).

The terminal is now unlocked and will show the tamper reason. Please keep thisinformation for further inspection.

Reboot the machine.

IPP Key Loading

IPP Key Loading

BootROM is responsible for key loading. It provides a pass-through connection from thedownload port (232A port) to the internal PIN pad. It does not interpret or cache any incomingdata. Every time the Key load function is invoked, all the keys inside IPP are erased. Thismeans that all keys should be loaded in the same session.


46/46


BootROM Key loading user interface

Follow this procedure to load master keys:

1. Enter BootROM by pressing (

) and entering an access code.

2. Selects (2)Program and (7)LOAD Dukpt Key or (8)Load M/S Key form menu3. Input dual access code. It is factory defaulted to "24652011" and "66085202". These can

be altered if required. The entry of access code is protected against brute force attack.4. Keys in IPP are erased and BootROM waits for new keys.

The communication is 9600,8,N,1 without hardware flow control.

Note: The protocol of key loading and detailed key management information is specified inanother document TS890 Key Management. Please contact UIC to get this document.

~ End of the Document ~

Documents

TS890 User Manual Rev A.2.pdf