Manualshelf

User's Manual

ManualsBrandsUniform Industrial ManualsElectronicsPIN Pad 791
11121314151617181920
PIN Pad 791 Programmer’s Manual (PCI POS-A) UDN PM0103-U Rev. 06
Section 2 –System Manager 2015-04-20
Page14
Uniform Industrial Corp. Proprietary and Confidential Total 342 pages
Section 2 System Manager
Introduction
The system manager is a resident process launched automatically when PP791 boot up. It will manage
the download and execution of other application, do basic settings, and self tests.
After system booted up and the startup application is launched, user can press “ENT + 1” (press ENT
key and ‘1’ at the same time), then input dual passwords of system manager to enter system manager
menu. (The default password will be sent to legal user by secure method).
NOTE 1: Enter system manager will terminate the current application.
NOTE 2: System manager will exit and re-launch startup application if no input over 60 seconds.
Security management
1. Personalization and tamper detection
Each PP791 is “personalized” (create an AES key randomly for sensitive data protection) before
delivery. Every time PP791 boot up, system manager will check the personalization status and
existence of this AES key. If device is tampered, security mechanism will erase the AES key and
invalid personalization status, then reboot. After reboot, system manager will see the change and
show following message (tamper evidence mode):
System has tampered, you shall release it before you can normally use.
In this situation, user can press “ENT + 1” (press ENT key and ‘1’ at the same time), then input
dual passwords of system manager to exit tamper evidence mode.
When exiting tamper evidence mode, PP791 will be re-personalized. All keys will be erased.
2. Certificate management
Every application in the PP791 should have digital signature (sha256 hash encrypted by 2048bit
RSA key) The system process (system manager and PP791 appl.,) will be verified by a fixed
system certificate resident in system kernel, and user applications will be verified by user-loaded
certificates, which is managed by system manager.
The certificate hierarchy of PP791 contains:
Vendor certificate: This certificate is created by user (i.e. system integrator or bank), it verifies user
applications when downloading application and launching application.
Intermediate certificate: This certificate is issued by intermediate CA, it verifies vendor certificate
every time when system manager starts.
Root certificate: This certificate is issued by root CA, by default, PP791 have a root certificate
resident in system kernel. But users can load their own root certificate along with intermediate and
vendor certificate in the same trust chain. It verifies intermediate certificate every time when
system manager starts.