PCI-Secure Standard Software
Zambiri Zogulitsa: PCI-Secure Software Standard Vendor
Maupangiri Othandizira a Viking Terminal 2.00
Zofotokozera
Mtundu: 2.0
1. Chiyambi ndi Kuchuluka
1.1 Mawu Oyamba
The PCI-Secure Software Standard Vendor Implementation Guide
amapereka malangizo kwa kukhazikitsa mapulogalamu pa Viking
Terminal 2.00.
1.2 Software Security Framework (SSF)
Software Security Framework (SSF) imatsimikizira kulipira kotetezeka
ntchito pa Viking Terminal 2.00.
1.3 Maupangiri Othandizira Ogulitsa Mapulogalamu - Kugawa ndi
Zosintha
Bukuli likuphatikizapo zambiri za kugawa ndi zosintha
ya Maupangiri Othandizira Ogulitsa Mapulogalamu a Viking Terminal
2.00.
2. Kugwiritsa Ntchito Malipiro Otetezedwa
2.1 Kugwiritsa ntchito S/W
Pulogalamu yotetezedwa yolipira yolipira imatsimikizira kuti ndi yotetezeka
kuyankhulana ndi wolandira malipiro ndi ECR.
2.1.1 Malipiro Host kulankhulana TCP/IP parameter kukhazikitsa
Gawoli limapereka malangizo okhazikitsa TCP/IP
magawo olankhulirana ndi wolandila malipiro.
2.1.2 Kulumikizana kwa ECR
Gawoli limapereka malangizo olankhulirana ndi a
ECR (Electronic Cash Register).
2.1.3 Kulankhulana kuchititsa kudzera pa ECR
Gawoli likufotokoza momwe mungakhazikitsire kulumikizana ndi a
wogwiritsa ntchito ECR.
2.2 Zida zothandizira terminal
Ntchito yolipira yotetezedwa imathandizira Viking Terminal 2.00
hardware.
2.3 Ndondomeko Zachitetezo
Gawoli likufotokoza ndondomeko za chitetezo zomwe ziyenera kukhala
zimatsatiridwa mukamagwiritsa ntchito pulogalamu yolipira yotetezeka.
3. Sungani Mapulogalamu Akutali
3.1 Kugwiritsa Ntchito Malonda
Gawoli limapereka chidziwitso pakugwiritsa ntchito chitetezo
zosintha zakutali za amalonda.
3.2 Ndondomeko Yovomerezeka Yogwiritsa Ntchito
Gawoli likuwonetsa ndondomeko yovomerezeka yogwiritsira ntchito chitetezo
zosintha zamapulogalamu akutali.
3.3 Zozimitsa Pawekha
Malangizo okonzekera ma firewall kuti alole
zosintha zotetezedwa za pulogalamu yakutali zikuperekedwa mu gawoli.
3.4 Njira Zosinthira Zakutali
Gawo ili likufotokoza njira zoyendetsera chitetezo
zosintha zamapulogalamu akutali.
4. Kuchotsa Motetezedwa kwa Sensitive Data ndi Chitetezo cha Zosungidwa
Zosunga Khadi
4.1 Kugwiritsa Ntchito Malonda
Gawoli limapereka chidziwitso pakugwiritsa ntchito chitetezo
kufufutidwa kwa data tcheru ndi kuteteza deta yosungidwa ya makhadi
kwa amalonda.
4.2 Chitetezo Chotsani Malangizo
Malangizo ochotsa mosamala deta yachinsinsi amaperekedwa
mu gawo ili.
4.3 Malo Osungira Makhadi Osungidwa
Gawoli limatchula malo omwe ali ndi makhadi amasungidwa
ndipo amapereka chitsogozo pochiteteza.
Gawoli likufotokoza ndondomeko zoyendetsera zinthu zomwe zachedwetsedwa
chilolezo chochita motetezedwa.
4.5 Njira Zothetsera Mavuto
Malangizo othana ndi mavuto okhudzana ndi chitetezo
kufufutidwa ndi kuteteza deta yosungidwa ya khadi imaperekedwa
gawo ili.
Malo a 4.6 PAN - Owonetsedwa kapena Osindikizidwa
Gawoli likuwonetsa malo omwe PAN (Primary Account
Number) imawonetsedwa kapena kusindikizidwa ndipo imapereka chitsogozo pakutetezedwa
izo.
4.7 Yambitsani files
Malangizo pakuwongolera mwachangu files amaperekedwa motetezedwa
gawo ili.
4.8 Kasamalidwe kofunikira
Gawoli likufotokoza njira zazikulu zoyendetsera ntchitoyi
chitetezo cha data yosungidwa yamwini makhadi.
4.9 '24 HR' Yambitsaninso
Malangizo opangira '24 HR' kuyambiranso kuti muwonetsetse dongosolo
chitetezo chaperekedwa mu gawoli.
4.10 Kulembetsa
Gawoli limapereka chidziwitso cha whitelisting ndi zake
kufunikira kosunga chitetezo chadongosolo.
5. Kutsimikizira ndi Kufikira Amawongolera
Gawoli likukhudzana ndi kutsimikizika ndi njira zowongolera
kuonetsetsa chitetezo cha dongosolo.
Mafunso Ofunsidwa Kawirikawiri (FAQ)
Q: Kodi cholinga cha PCI-Secure Software Standard ndi chiyani
Maupangiri Othandizira Ogulitsa?
A: Bukuli limapereka malangizo oyendetsera malipiro otetezeka
mapulogalamu ogwiritsira ntchito pa Viking Terminal 2.00.
Q: Ndi zida ziti zomwe zimathandizidwa ndi malipiro otetezedwa
ntchito?
A: Ntchito yolipira yotetezedwa imathandizira Viking Terminal
2.00 hardware.
Q: Kodi ine motetezeka kufufuta tcheru deta?
A: Malangizo ochotsa mosamala deta yachinsinsi ndi
zoperekedwa mu gawo 4.2 la bukhuli.
Q: Kodi kufunika kwa whitelisting ndi kotani?
Yankho: Kulemba zovomerezeka kumatenga gawo lofunikira pakusunga dongosolo
chitetezo polola kuti mapulogalamu ovomerezeka okha azigwira ntchito.
Izi zili m'gulu la Zamkati
Malingaliro a kampani Nets Denmark A/S
PCI-Secure Software Standard Software Vendor Implementation Guide kwa Viking terminal 2.00
Mtundu wa 2.0
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00 1 1
Zamkatimu
1. Chiyambi ndi Zochita …………………………………………………………………………. 3
1.1
Introduction …………………………………………………………………………………………. 3
1.2
Software Security Framework (SSF)……………………………………………………. 3
1.3
Maupangiri Othandizira Ogulitsa Mapulogalamu - Kugawa ndi Zosintha …… 3
2. Secure Payment Application………………………………………………………………………… 4
2.1
Ntchito S/W …………………………………………………………………………………. 4
2.1.1 Malipiro Host kulankhulana TCP/IP parameter kukhazikitsa …………………….. 4
2.1.2 Kulumikizana ndi ECR……………………………………………………………………………. 5
2.1.3 Kulankhulana kwa wolandira kudzera pa ECR…………………………………………………………. 5
2.2
6
2.3
Ndondomeko Zachitetezo ……………………………………………………………………………………. 7
3. Sungani Zosintha Zapakompyuta Zakutali …………………………………………………………. 8
3.1
Merchant Applicability………………………………………………………………………… 8
3.2
Ndondomeko Yovomerezeka Yogwiritsira Ntchito ………………………………………………………………………. 8
3.3
Personal Firewall………………………………………………………………………………… 8
3.4
Njira Zosinthira Remote ………………………………………………………………………
4. Kuchotsa Motetezedwa kwa Sensitive Data ndi Chitetezo cha Database Yosungidwa ya Khadi9
4.1
Merchant Applicability………………………………………………………………………… 9
4.2
Chitetezo Chotsani Malangizo…………………………………………………………………………
4.3
Malo Osungira Makhadi Osungidwa………………………………………………….. 9
4.4
Deferred Authorization Transaction …………………………………………………. 10
4.5
Njira Zothetsera Mavuto ……………………………………………………………………… 10
4.6
Malo a PAN - Owonetsedwa kapena Osindikizidwa …………………………………………………… 10
4.7
Mwachangu files ……………………………………………………………………………………….. 11
4.8
Key Management …………………………………………………………………………………… 11
4.9
`24 HR' Reboot …………………………………………………………………………………. 12
4.10 Kulembetsa mwalamulo ………………………………………………………………………………………
5. Authentication and Access Controls ……………………………………………………. 13
5.1
Access Control ……………………………………………………………………………. 13
5.2
Kuwongolera mawu achinsinsi ………………………………………………………………………… 15
6. Kudula mitengo ………………………………………………………………………………………….. 15.
6.1
Merchant Applicability……………………………………………………………………. 15
6.2
Konzani Zikhazikiko za Logi ………………………………………………………………………. 15
6.3
Central Logging …………………………………………………………………………………… 15
6.3.1 Yambitsani kufufuza Logging pa terminal …………………………………………………………… 15
6.3.2 Tumizani ma trace Logs kwa ochititsa …………………………………………………………………………
6.3.3 Kudula mitengo yakutali…………………………………………………………………………………. 16
6.3.4 Kulowetsa zolakwika zakutali………………………………………………………………………………. 16
7. Ma Wireless Networks ………………………………………………………………………………… 16
7.1
Merchant Applicability……………………………………………………………………. 16
7.2
Kusinthidwa Kopanda Mawaya Kovomerezeka ………………………………………………… 16
8. Network Segmentation ……………………………………………………………………….. 17
8.1
Merchant Applicability……………………………………………………………………. 17
9. Kufikira Kutali ………………………………………………………………………………………
9.1
Merchant Applicability……………………………………………………………………. 17
10.
Kutumiza kwa Sensitive Data ……………………………………………………….. 17
10.1 Kutumiza kwa Sensitive Data ………………………………………………………………… 17
10.2 Kugawana Zomwe Zili Zachidziwitso ku mapulogalamu ena ……………………………………….. 17
10.3 Imelo ndi Sensitive data ………………………………………………………………………. 17
10.4 Non-Console Administrative Access ……………………………………………………. 17
11.
Viking Versioning Methodology………………………………………………………. 18
12.
Malangizo okhudza Kuyika Motetezedwa kwa Zigamba ndi Zosintha. …………. 18
13.
Zosintha za Viking …………………………………………………………………. 19
14.
Zofunikira Zosavomerezeka ……………………………………………………………. 19
15.
PCI Secure Software Standard Requirements Reference ……………………… 23
16.
Glossary of Terms ……………………………………………………………………………. 24
17.
Document Control …………………………………………………………………………… 25
2
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
1. Chiyambi ndi Kuchuluka
1.1 Mawu Oyamba
Cholinga cha Bukhuli la PCI-Secure Software Standard Software Vendor Implementation Guide ndikupereka malangizo omveka bwino komanso omveka bwino a pulogalamu ya Viking yotetezedwa, kasinthidwe, ndi kagwiritsidwe ntchito ka pulogalamu ya Viking. Bukuli limalangiza Ogulitsa momwe angagwiritsire ntchito ma Nets 'Viking m'malo awo motsatira PCI Secure Software Standard. Ngakhale, sichinapangidwe kukhala chiwongolero chokwanira chokhazikitsa. Kugwiritsa ntchito kwa Viking, ngati kuyikidwa molingana ndi malangizo omwe alembedwa pano, kuyenera kuthandizira, ndikuthandizira kutsata kwa PCI kwa wamalonda.
1.2 Software Security Framework (SSF)
PCI Software Security Framework (SSF) ndi mndandanda wamiyezo ndi mapulogalamu amapangidwe otetezedwa ndikukhazikitsa mapulogalamu olipira. SSF ilowa m'malo mwa Payment Application Data Security Standard (PA-DSS) ndi zofunikira zamakono zomwe zimathandizira mndandanda wamitundu yolipira ya mapulogalamu, umisiri, ndi njira zotukula. Amapereka mavenda miyezo yachitetezo monga PCI Secure Software Standard popanga ndi kusunga mapulogalamu olipira kuti ateteze zomwe amalipira ndi data, amachepetsa chiopsezo, ndikuteteza ku ziwopsezo.
1.3 Maupangiri Othandizira Ogulitsa Mapulogalamu - Kugawa ndi Zosintha
Bukuli la PCI Secure Software Standard Implementation Guide liyenera kufalitsidwa kwa ogwiritsa ntchito onse oyenerera kuphatikiza amalonda. Iyenera kusinthidwa chaka ndi chaka komanso pambuyo pa kusintha kwa mapulogalamu. The pachaka review ndipo zosintha ziyenera kuphatikizapo kusintha kwa mapulogalamu atsopano komanso kusintha kwa Secure Software Standard.
Nets imasindikiza zambiri pazomwe zalembedwa webtsamba ngati pali zosintha mu kalozera wokhazikitsa.
Webtsamba: https://support.nets.eu/
Za Eksample: Nets PCI-Secure Software Standard Software Vendor Implementation Guide idzagawidwa kwa makasitomala onse, ogulitsa, ndi ophatikiza. Makasitomala, Ogulitsanso, ndi Ophatikiza adzadziwitsidwa kuchokera ku reviews ndi zosintha.
Zosintha pa PCI-Secure Software Standard Software Vendor Implementation Guide zitha kupezeka polumikizana ndi Nets mwachindunji, komanso.
PCI-Secure Software Standard Software Vendor Implementation Guide imatchula zonse zofunika pa PCI-Secure Software Standard ndi PCI. Mabaibulo otsatirawa adatchulidwa mu bukhuli.
· PCI-Secure-Software-Standard-v1_2_1
3
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
2. Kugwiritsa Ntchito Malipiro Otetezedwa
2.1 Kugwiritsa ntchito S/W
Mapulogalamu olipira a Viking sagwiritsa ntchito pulogalamu yakunja kapena zida zomwe sizili za pulogalamu ya Viking. Zochita zonse za S/W za pulogalamu yolipira ya Viking zimasainidwa ndi digito ndi zida zosayina za Tetra zoperekedwa ndi Ingenico.
· Malo ochezera amalumikizana ndi Nets Host pogwiritsa ntchito TCP/IP, mwina kudzera pa Ethernet, GPRS, Wi-Fi, kapena kudzera pa PC-LAN yomwe ikuyendetsa pulogalamu ya POS. Komanso, terminal imatha kulumikizana ndi wolandirayo kudzera pa foni yam'manja ndi Wi-Fi kapena GPRS yolumikizira.
Ma terminal a Viking amayendetsa kulumikizana konse pogwiritsa ntchito gawo la Ingenico link layer. Chigawo ichi ndi pulogalamu yoyikidwa mu terminal. Link Layer imatha kuyang'anira mauthenga angapo nthawi imodzi pogwiritsa ntchito zotumphukira zosiyanasiyana (modemu ndi serial port for ex.ample).
Pakali pano imathandizira ma protocol awa:
+ Zakuthupi: RS232, modemu yamkati, modemu yakunja (kudzera RS232), USB, Efaneti, Wi-Fi, Bluetooth, GSM, GPRS, 3G ndi 4G.
Ulalo wa data: SDLC, PPP. · Network: IP. · Transport: TCP.
Ma terminal nthawi zonse amatengapo gawo pakukhazikitsa kulumikizana kwa Nets Host. Palibe TCP/IP seva S/W mu terminal, ndipo terminal S/W simayankha mafoni obwera.
Mukaphatikizidwa ndi pulogalamu ya POS pa PC, terminal imatha kukhazikitsidwa kuti ilumikizane kudzera pa PC-LAN yomwe ikuyendetsa pulogalamu ya POS pogwiritsa ntchito RS232, USB, kapena Bluetooth. Komabe magwiridwe antchito onse a pulogalamu yolipira akugwira ntchito mu terminal S/W.
Protocol yogwiritsira ntchito (ndi encryption yogwiritsidwa ntchito) imakhala yowonekera komanso yodziyimira pawokha pamtundu wa kulumikizana.
2.2 Malipiro Host kulankhulana TCP/IP parameter kukhazikitsa
4
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
2.3 Kulumikizana kwa ECR
· RS232 seri · USB Connection · TCP/IP parameter setup, yomwe imadziwikanso kuti ECR over IP
· Njira zoyankhulirana za Host/ECR mu Viking Payment Application
+ Kusintha kwa magawo a Nets Cloud ECR (Connect@Cloud).
2.4 Kulankhulana kuchititsa kudzera pa ECR
Zindikirani: Onaninso "2.1.1- Payment Host communication TCP/IP parameter set" pamadoko a TCP/IP akumayiko ena.
5
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
2.5 Zida zothandizira terminal
Kugwiritsa ntchito kulipira kwa Viking kumathandizidwa pazida zosiyanasiyana za PTS (PIN transaction security) zida zovomerezeka za Ingenico. Mndandanda wa zida zomaliza pamodzi ndi nambala yawo yovomerezeka ya PTS zaperekedwa pansipa.
Mitundu ya Tetra Terminal
Zida zamakina
Njira ya 3000
Zithunzi za PTS
PTS chilolezo
nambala ya version
5.x
4-30310
PTS Hardware Version
Chithunzi cha LAN30EA LAN30AA
Desk 3500
5.x
4-20321
Chithunzi cha DES35BB
Kusuntha 3500
5.x
4-20320
Zithunzi za MOV35BB MOV35BC MOV35BQ MOV35BR
Link2500
Link2500 Self4000
4.x
4-30230
5.x
4-30326
5.x
4-30393
Mtengo wa LIN25BA LIN25JA
Mtengo wa LIN25BA LIN25JA SEL40BA
PTS Firmware Version
820547v01.xx 820561v01.xx 820376v01.xx 820376v02.xx 820549v01.xx 820555v01.xx 820556v01.xx 820565v01.xx 820547v01.xx 820376v01.xx 820376v02.xx 820547v01.xx 820549v01.xx 820555v01.xx 820556v01.xx 820565v01.xx 820547v01.xx 820565v01.xx 820548v02.xx 820555v01.xx 820556v01.xx 820547v01.xx
820547v01.xx
820547v01.xx
6
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
2.6 Ndondomeko Zachitetezo
Kufunsira kulipira kwa Viking kumatsatira mfundo zonse zachitetezo zomwe zafotokozedwa ndi Ingenico. Kuti mumve zambiri, awa ndi maulalo a mfundo zachitetezo pamateshoni osiyanasiyana a Tetra:
Mtundu wa Terminal
Link2500 (v4)
Chikalata cha Security Policy Link/2500 PCI PTS Security Policy (pcisecuritystandards.org)
Link2500 (v5)
PCI PTS Security Policy (pcisecuritystandards.org)
Desk3500
https://listings.pcisecuritystandards.org/ptsdocs/4-20321ICO-OPE-04972-ENV12_PCI_PTS_Security_Policy_Desk_3200_Desk_3500-1650663092.33407.pdf
Sungani 3500
https://listings.pcisecuritystandards.org/ptsdocs/4-20320ICO-OPE-04848-ENV11_PCI_PTS_Security_Policy_Move_3500-1647635765.37606.pdf
Njira 3000
https://listings.pcisecuritystandards.org/ptsdocs/4-30310SP_ICO-OPE-04818-ENV16_PCI_PTS_Security_Policy_Lane_3000-1648830172.34526.pdf
Mwini4000
Self/4000 PCI PTS Security Policy (pcisecuritystandards.org)
7
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
3. Sungani Mapulogalamu Akutali
3.1 Kugwiritsa Ntchito Malonda
Nets imapereka zosintha zamapulogalamu a Viking mosatetezeka patali. Zosinthazi zimachitika panjira yolumikizirana yofanana ndi njira zolipirira zotetezedwa, ndipo wamalonda sakufunika kuti asinthe njira iyi yolumikizirana kuti atsatire.
Kuti mudziwe zambiri, amalonda ayenera kupanga ndondomeko yovomerezeka yogwiritsira ntchito matekinoloje ovuta kwambiri ogwira ntchito, malinga ndi malangizo omwe ali pansipa a VPN, kapena maulumikizidwe ena othamanga kwambiri, zosintha zimalandiridwa kudzera pa firewall kapena firewall.
3.2 Ndondomeko Yovomerezeka Yogwiritsa Ntchito
Wogulitsa akuyenera kupanga mfundo zogwiritsira ntchito matekinoloje ofunikira kwambiri ogwira ntchito, monga ma modemu ndi zida zopanda zingwe. Ndondomeko zogwiritsira ntchito izi ziyenera kuphatikizapo:
· Chivomerezo cha kasamalidwe komveka bwino kuti mugwiritse ntchito. · Kutsimikizika kuti mugwiritse ntchito. · Mndandanda wa zida zonse ndi ogwira ntchito omwe ali ndi mwayi. · Kulemba zida ndi eni ake. · Zambiri ndi cholinga. · Kugwiritsa ntchito luso lovomerezeka. · Malo ovomerezeka a netiweki aukadaulo. · Mndandanda wazinthu zovomerezeka ndi kampani. · Kulola kugwiritsa ntchito ma modemu kwa ogulitsa pokhapokha pakufunika ndikuzimitsa pambuyo pa ntchito. · Kuletsa kusungidwa kwa data yamwini makhadi pamawayilesi akumaloko mukalumikizidwa patali.
3.3 Zozimitsa Pawekha
Malumikizidwe aliwonse "okhazikika" kuchokera pakompyuta kupita ku VPN kapena kulumikizana kwina kothamanga kwambiri kuyenera kutetezedwa pogwiritsa ntchito chozimitsa moto. Firewall imapangidwa ndi bungwe kuti likwaniritse miyezo yeniyeni komanso yosasinthika ndi wogwira ntchito.
3.4 Njira Zosinthira Zakutali
Pali njira ziwiri zoyambitsira terminal kuti ilumikizane ndi pulogalamu ya Nets kuti isinthe:
1. Kapena pamanja pogwiritsa ntchito menyu mu terminal ( swipe merchant khadi, sankhani menyu 8 "Mapulogalamu", 1 "Tengani mapulogalamu"), kapena Host yayambitsa.
2. Kugwiritsa ntchito njira yoyambira ya Host; terminal imangolandira lamulo kuchokera kwa Host pambuyo pochita malonda azachuma. Lamulo limauza terminal kuti ilumikizane ndi pulogalamu ya Nets kuti muwone zosintha.
Pambuyo pakusintha kwabwino kwa mapulogalamu, terminal yokhala ndi chosindikizira chokhazikika imasindikiza risiti yokhala ndi chidziwitso cha mtundu watsopano.
Ophatikiza ma terminal, othandizana nawo komanso/kapena gulu lothandizira zaukadaulo la Nets adzakhala ndi udindo wodziwitsa amalonda zakusintha, kuphatikiza ulalo wa kalozera kakukhazikitsidwa kosinthidwa ndi zolemba zotulutsidwa.
Kuphatikiza pa kulandila pambuyo pakusintha kwa pulogalamu, ntchito yolipira ya Viking imathanso kutsimikiziridwa kudzera pa Terminal Info pakukanikiza `F3'kiyi pa terminal.
8
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
4. Kuchotsa Motetezedwa kwa Sensitive Data ndi Chitetezo cha Makhadi Osungidwa
4.1 Kugwiritsa Ntchito Malonda
Kulipira kwa Viking sikumasunga zidziwitso zilizonse zamaginito, makhadi otsimikizira kapena ma code, ma PIN kapena PIN block block, cryptographic key material, kapena cryptograms kuchokera kumitundu yake yakale.
Kuti agwirizane ndi PCI, wamalonda ayenera kukhala ndi mfundo yosunga deta yomwe imatanthawuza kuti deta ya mwini makhadi idzasungidwa nthawi yayitali bwanji. Ntchito yolipira ya Viking imasunga zambiri za omwe ali ndi makhadi komanso / kapena chidziwitso chotsimikizika cha zomwe wachitika komaliza kwambiri ndipo ngati pali zololeza zomwe zachitika pa intaneti kapena zomwe zachedwetsedwa ndikutsata kutsata kwa PCI-Secure Software Standard nthawi imodzi, chifukwa chake ikhoza kumasulidwa. ndondomeko yosunga deta ya wamalonda.
4.2 Chitetezo Chotsani Malangizo
The terminal sikusunga deta yotsimikizika yotsimikizika; track2 yathunthu, CVC, CVV kapena PIN, osati kale kapena pambuyo pa chilolezo; Kupatulapo zochitika za Deferred Authorization pomwe data yachinsinsi yotsimikizira (zonse za track2) imasungidwa mpaka chilolezo chitatha. Post chilolezo deta zichotsedwa motetezedwa.
Chitsanzo chilichonse cha mbiri yakale yoletsedwa yomwe ilipo mu terminal idzachotsedwa pokhapokha pulogalamu yolipira ya Viking ikasinthidwa. Kuchotsa kwa data yoletsedwa ndi data yomwe idasungidwa m'mbuyomu kudzachitika zokha.
4.3 Malo Osungira Makhadi Osungidwa
Zomwe zili ndi khadi zimasungidwa mu Flash DFS (Data File System) ya terminal. Deta siipezeka mwachindunji ndi wamalonda.
Data Store (file, table, etc.)
Cardholder Data Elements zosungidwa (PAN, kutha ntchito, zinthu zilizonse za SAD)
Momwe sitolo ya data imatetezedwa (mwachitsanzoample, encryption, zowongolera zolowera, kudumpha, etc.)
File: trans.rsd
PAN, Tsiku Lomaliza Ntchito, Khodi Yautumiki
PAN: Encrypted 3DES-DUKPT (112 bits)
File: storefwd.rsd PAN, Tsiku Lomaliza Ntchito, Khodi Yautumiki
PAN: Encrypted 3DES-DUKPT (112 bits)
File: transoff.rsd PAN, Tsiku Lomaliza Ntchito, Khodi Yautumiki
PAN: Encrypted 3DES-DUKPT (112 bits)
File: transorr.rsd Truncated PAN
Kudulidwa (Oyamba 6, Otsiriza 4)
File: offlrep.dat
PAN yodulidwa
Kudulidwa (Oyamba 6, Otsiriza 4)
File: defauth.rsd PAN, Tsiku Lomaliza Ntchito, Khodi Yautumiki
PAN: Encrypted 3DES-DUKPT (112 bits)
File: defauth.rsd data yonse ya track2
Zambiri za Track2: 3DES-DUKPT Yosungidwa kale (112 bits)
9
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
4.4 Kuyimitsidwa Kwachilolezo Choyimitsidwa
Chilolezo Choyimitsidwa chimachitika pamene wamalonda sangathe kumaliza chilolezo panthawi yomwe akugulitsa ndi mwini makhadi chifukwa cha kulumikizana, zovuta zamakina, kapena zolepheretsa zina, ndiyeno pambuyo pake amamaliza chilolezo akatha kutero.
Izi zikutanthauza kuti chilolezo chochedwetsedwa chimachitika pomwe chilolezo chapaintaneti chachitika khadi ikasowa. Pomwe chilolezo chapaintaneti chololeza chilolezo chochedwetsedwa chikuchedwetsedwa, zochitikazo zimasungidwa pa terminal mpaka zomwe zachitikazo zitavomerezedwa bwino pambuyo pake netiweki ikapezeka.
Zochitazo zimasungidwa ndikutumizidwa pambuyo pake kwa wolandirayo, monga momwe ma Offline amasungidwira masiku ano muzolipira za Viking.
Merchant atha kuyambitsa malondawo ngati `Deferred Authorization' kuchokera ku Electronic Cash Register (ECR) kapena kudzera pa menyu yoyambira.
Zochita zoyimitsidwa zoyimitsidwa zitha kukwezedwa ku Nets host ndi wamalonda pogwiritsa ntchito zosankha pansipa: 1. ECR - Admin command - Send offline (0x3138) 2. Terminal - Merchant ->2 EOT -> 2 yotumizidwa kwa olandira
4.5 Njira Zothetsera Mavuto
Thandizo la ma nets silingapemphe kutsimikizika kwachinsinsi kapena data yamwini makhadi pazifukwa zothetsera mavuto. Kugwiritsa ntchito kulipira kwa Viking sikungathe kusonkhanitsa kapena kuthetsa vuto lililonse.
Malo a 4.6 PAN - Owonetsedwa kapena Osindikizidwa
PAN Yophimbidwa:
· Malisiti a Transaction Financial: Masked PAN imasindikizidwa nthawi zonse pa risiti yamalonda ya omwe ali ndi makhadi komanso wamalonda. PAN yobisika nthawi zambiri imakhala ndi * pomwe manambala 6 oyamba ndi manambala 4 omaliza amakhala omveka bwino.
· Lipoti la mndandanda wa zochitika: Lipoti la mndandanda wa zochitika limasonyeza zomwe zachitika mu gawo. Zambiri zomwe zachitika zikuphatikiza Masked PAN, dzina lopereka khadi ndi ndalama zomwe mwachita.
· Chiphaso chomaliza chamakasitomala: Kope la risiti lomaliza lamakasitomala litha kupangidwa kuchokera ku menyu omwe amakopera. Lisiti yamakasitomala ili ndi PAN yobisika ngati risiti yoyambirira yamakasitomala. Ntchito yomwe wapatsidwa imagwiritsidwa ntchito ngati terminal ikulephera kupanga risiti yamakasitomala panthawi yamalonda pazifukwa zilizonse.
PAN Yosungidwa:
· Chiphaso chamsika wapaintaneti: Mtundu wa risiti wa ogulitsa osagwiritsa ntchito intaneti umaphatikizapo data yobisika ya Triple DES 112-bit DUKPT (PAN, tsiku lotha ntchito ndi nambala ya Service).
BAX: 71448400-714484 12/08/2022 10:39
Visa Contactless ************3439-0 107A47458AE773F3A84DF977 553E3D93FFFF9876543210E0 15F3 AID: A0000000031010 TVR: 0000000000 123461 kc000004 pa
10
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
Resp.: Gawo la Y1: 782
GULUTSA
NOK
12,00
ZOVOMEREZEKA
RETAILER KOPI
Chitsimikizo:
Ntchito yolipira ya Viking nthawi zonse imabisa zomwe zili ndi makhadi mwachisawawa kuti zisungidwe popanda intaneti, kutumiza kwa olandila a NETS ndikusindikiza zidziwitso zamakhadi obisika pa risiti ya ogulitsa kuti achitepo pa intaneti.
Komanso, kuwonetsa kapena kusindikiza khadi PAN, ntchito yolipira ya Viking nthawi zonse imaphimba manambala a PAN okhala ndi asterisk `*' yokhala ndi manambala 6 + Omaliza 4 momveka bwino ngati osasintha. Makhadi osindikizira a nambala amawongoleredwa ndi kasamalidwe ka terminal komwe mawonekedwe osindikizira angasinthidwe popempha kudzera panjira yoyenera ndikupereka chosowa chovomerezeka chabizinesi, komabe pakugwiritsa ntchito kulipira kwa Viking, palibe choncho.
Example ya PAN yophimba: PAN: 957852181428133823-2
Zambiri: **************3823-2
Zambiri: 957852******** 3823-2
4.7 Yambitsani files
Kufunsira kulipira kwa Viking sikumapereka chidziwitso chosiyana files.
Kufunsira kwa ma Viking kufunsira zolowetsa omwe ali ndi makhadi kudzera pazowonetsa zomwe ndi gawo la mauthenga omwe ali mkati mwa pulogalamu yolipira ya Viking yosainidwa.
Zidziwitso za PIN, kuchuluka, ndi zina zambiri zimawonetsedwa pa terminal, ndipo zolowa zamwini makhadi zikuyembekezeredwa. Zolowa kuchokera kwa mwini makhadi sizisungidwa.
4.8 Kasamalidwe kofunikira
Pamitundu yosiyanasiyana ya Tetra, magwiridwe antchito onse achitetezo amachitidwa pamalo otetezeka a chipangizo cha PTS chotetezedwa ku pulogalamu yolipira.
Kubisa kumachitidwa mkati mwa malo otetezedwa pomwe kumasulira kwa data yosungidwa kumatha kuchitidwa ndi makina a Nets Host. Kusinthana konse kofunikira pakati pa Nets host, Key/Inject tool (kwa ma terminals a Tetra) ndi PED zimachitika mwachinsinsi.
Njira za Key Management zimayendetsedwa ndi Nets malinga ndi dongosolo la DUKPT pogwiritsa ntchito 3DES encryption.
Makiyi onse ndi zigawo zikuluzikulu zomwe zimagwiritsidwa ntchito ndi ma Nets terminals amapangidwa pogwiritsa ntchito njira zovomerezeka mwachisawawa kapena zabodza. Makiyi ndi zigawo zikuluzikulu zomwe zimagwiritsidwa ntchito ndi ma Nets terminals amapangidwa ndi Nets key management system, yomwe imagwiritsa ntchito mayunitsi ovomerezeka a Thales Payshield HSM kuti apange makiyi a cryptographic.
11
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
Kuwongolera kofunikira sikudalira magwiridwe antchito. Kutsegula pulogalamu yatsopano sikufuna kusintha kwa makiyi. Malo opangira ma terminal adzathandizira kuzungulira 2,097,152 zochitika. Malo achinsinsi akatha, Viking terminal imasiya kugwira ntchito ndikuwonetsa uthenga wolakwika, kenako terminal iyenera kusinthidwa.
4.9 `24 HR' Yambitsaninso
Malo onse a Viking ndi PCI-PTS 4.x ndi pamwambapa ndipo amatsatira lamulo loti PCI-PTS 4.x terminal iyambitsenso osachepera kamodzi maola 24 aliwonse kuti afufute RAM ndi kutetezedwa kopitilira muyeso HW kuti asagwiritsidwe ntchito kuti alandire malipiro. data kadi.
Ubwino winanso wa '24hr' woyambitsanso boot ndikuti kutsika kwa kukumbukira kumachepetsedwa komanso kukhala ndi zotsatira zochepa kwa wamalonda (osati kuti tiyenera kuvomereza zovuta zokumbukira.
Wogulitsa amatha kukhazikitsa nthawi yoyambiranso kuchokera pamenyu yomaliza kupita ku `Reboot Time'. Nthawi yoyambitsanso imakhazikitsidwa pa wotchi ya `24hr' ndipo itenga mtundu wa HH:MM.
Makina a Reset adapangidwa kuti atsimikizire kukhazikitsidwanso kamodzi pa maola 24 akuthamanga. Kuti mukwaniritse chofunikira ichi, nthawi, yotchedwa "reset interval" yoimiridwa ndi Tmin ndi Tmax yafotokozedwa. Nthawiyi ikuyimira nthawi yomwe kukonzanso kumaloledwa. Kutengera bizinesi, "nthawi yokonzanso" imasinthidwa nthawi yoyika terminal. Mwa kupanga, nthawi iyi singakhale yochepera mphindi 30. Panthawiyi, kukonzanso kumachitika tsiku lililonse mphindi 5 m'mbuyomo (pa T3) monga momwe tafotokozera m'chithunzichi:
4.10 Kulembetsa
Whitelisting ndi njira yodziwira kuti ma PAN omwe adalembedwa ngati ovomerezeka amaloledwa kuwonetsedwa m'mawu omveka bwino. Viking imagwiritsa ntchito minda itatu kuti idziwe ma PAN ovomerezeka omwe amawerengedwa kuchokera pamasinthidwe omwe adatsitsidwa kuchokera kumakina oyang'anira ma terminal.
Pamene `Mbendera ya Compliance' mu Nets host ikayikidwa ku Y, uthenga wochokera ku Nets Host kapena Terminal management system amatsitsidwa ku terminal, poyambira kukayamba. Mbendera ya Kutsatira iyi ikugwiritsidwa ntchito pozindikira ma PAN ovomerezeka omwe amawerengedwa kuchokera mu dataset.
Mbendera ya `Track2ECR' imatsimikizira ngati deta ya Track2 ikuloledwa kugwiridwa (kutumizidwa/kulandiridwa) ndi ECR kwa wopereka wina. Kutengera mtengo wa mbendera iyi, zimadziwikiratu ngati track2 ikuyenera kuwonetsedwa mumayendedwe amderali pa ECR.
`Sindikiza mawonekedwe amtundu' amatsimikizira momwe PAN idzawonetsedwera. Makhadi omwe ali mu PCI onse adzakhala ndi mawonekedwe osindikizira kuti awonetse PAN mu mawonekedwe odulidwa / ophimbidwa.
12
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
5. Kutsimikizira ndi Kufikira Amawongolera
5.1 Kulamulira
Ntchito yolipira ya Viking ilibe maakaunti a ogwiritsa ntchito kapena mapasiwedi ofananira chifukwa chake, ntchito yolipira ya Viking ilibe zofunikira izi.
Kukhazikitsa Kophatikizana kwa ECR: Sizingatheke kupeza mitundu yamalonda monga Kubweza, Deposit ndi Kusintha kuchokera ku menyu yama terminal kuti izi zitetezeke kuti zisagwiritsidwe ntchito molakwika. Izi ndi mitundu yamalonda pomwe ndalama zimachokera ku akaunti yamalonda kupita ku akaunti ya mwini makhadi. Ndi udindo wa wamalonda kuonetsetsa kuti ECR ikugwiritsidwa ntchito ndi anthu ovomerezeka okha.
· Kukhazikitsa koyimirira: Kuwongolera kwamakhadi amalonda ndikokhazikika kuti athe kupeza mitundu yamalonda monga Kubweza, Deposit ndi Kusintha kuchokera ku menyu yama terminal kuti izi zitetezeke kuti zisagwiritsidwe ntchito molakwika. The Viking terminal imapangidwa mwachisawawa kuti iteteze zosankha za menyu, kuteteza mwayi wosaloleka. Magawo okonzekera chitetezo cha menyu akugwera pansi pa Merchant Menu (yopezeka ndi Merchant card) -> Parameters -> Security
Tetezani menyu Khazikitsani ku `Inde' mwachisawawa. Batani la menyu pa terminal limatetezedwa pogwiritsa ntchito Kuteteza menyu kasinthidwe. Menyu imatha kupezeka kokha ndi Wamalonda pogwiritsa ntchito khadi lamalonda.
13
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
Tetezani kubwereranso Khazikitsani ku `Inde' mwachisawawa. Kusintha kwamalonda kungatheke kokha ndi wamalonda pogwiritsa ntchito khadi lamalonda kuti apeze menyu yobwerera.
Tetezani chiyanjanitso Chokhazikitsidwa ku `Inde' mwachisawawa Njira Yoyanjanitsa ingapezeke ndi wamalonda yekha ndi khadi lamalonda pamene chitetezo ichi chakhazikitsidwa kukhala chowona.
Tetezani Njira Yachidule Yakhazikitsidwa ku `Inde' mwachidule Chachidule menyu ndi zosankha za viewing Terminal Info ndi njira yosinthira magawo a Bluetooth ipezeka kwa wamalonda pokhapokha khadi lamalonda lasinthidwa.
14
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
5.2 Kuwongolera mawu achinsinsi
Ntchito yolipira ya Viking ilibe maakaunti a ogwiritsa ntchito kapena mapasiwedi ofanana; chifukwa chake, kugwiritsa ntchito Viking sikumafunikira izi.
6. Kudula mitengo
6.1 Kugwiritsa Ntchito Malonda
Pakadali pano, pakulipira kwa Nets Viking, palibe wogwiritsa ntchito, zosintha zosinthika za PCI.
6.2 Konzani makonda a Log
Ntchito yolipira ya Viking ilibe maakaunti a ogwiritsa ntchito, chifukwa chake kudula mitengo motsatana ndi PCI sikugwira ntchito. Ngakhale pakudula mitengo ya verbose kwambiri, ntchito yolipira ya Viking siyimalemba zidziwitso zilizonse zotsimikizika kapena zosunga makhadi.
6.3 Kudula mitengo yapakati
The terminal ili ndi generic log mechanism. Makinawa amaphatikizanso kudula mitengo ndikupanga ndikuchotsa kwa S/W komwe kungathe kuchitika.
Zochita zotsitsa za S/W zalowetsedwa ndipo zitha kusamutsidwa ku Host pamanja posankha menyu mu terminal kapena ngati mwapempha kuchokera kwa wolandirayo yemwe ali ndi mbiri yamagalimoto wamba. Ngati kutsitsa kwa S/W kukanika chifukwa cha siginecha yolakwika ya digito pa zomwe mwalandira files, chochitikacho chimalowetsedwa ndikusamutsidwa ku Host basi ndipo nthawi yomweyo.
6.4 6.3.1 Yambitsani kutsatira Kudula mitengo pa terminal
Kuti mutsegule trace logging:
1 Swipe Merchant khadi. 2 Kenako sankhani "9 System menyu". 3 Kenako pitani ku menyu "2 System chipika". 4 Lembani nambala yaukadaulo, yomwe mungapeze poyimbira thandizo la Nets Merchant Service. 5 Sankhani "8 Parameters". 6 Kenako yambitsani "Kudula mitengo" kuti "Inde".
6.5 6.3.2 Tumizani zipika kwa wolandira
Kutumiza zipika:
1 Dinani batani la Menyu pa terminal kenako Swipe Merchant khadi. 2 Kenako sankhani "7 Operator menyu". 3 Kenako sankhani "5 Send Trace Logs" kuti mutumize zipika kuti mulandire.
15
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
6.6 6.3.3 Kudula mitengo yakutali
Parameter imayikidwa mu Nets Host (PSP) yomwe imathandizira / kuletsa ntchito yodula mitengo ya Terminal patali. Nets Host idzatumiza Trace yambitsani / kuletsa zodula mitengo ku Terminal mu Data yokhazikitsidwa pamodzi ndi nthawi yomwe Terminal idzakwezera zolemba za Trace. Terminal ikalandira chizindikiro cha Trace monga momwe yayatsira, imayamba kugwira zipika za Trace ndipo panthawi yomwe idakonzedwa idzakweza zipika zonse ndikuyimitsa ntchito yodula mitengo pambuyo pake.
6.7 6.3.4 Kudula zolakwika patali
Zolemba zolakwika nthawi zonse zimayatsidwa pa terminal. Monga kusaka mitengo, parameter imayikidwa mu Nets Host yomwe imathandizira / kuletsa ntchito yodula mitengo ya Terminal kutali. Nets Host idzatumiza Trace yambitsani / kuletsa zodula mitengo ku Terminal mu Data yokhazikitsidwa pamodzi ndi nthawi yomwe Terminal idzakwezera zolemba Zolakwika. Terminal ikalandira zolakwitsa zodula mitengo monga momwe zathandizira, imayamba kujambula zolemba Zolakwika ndipo panthawi yomwe idakonzedwa idzakweza zipika zonse ndikuletsa ntchito yodula mitengo pambuyo pake.
7. Ma Wireless Networks
7.1 Kugwiritsa Ntchito Malonda
Malo olipira a Viking - MOVE 3500 ndi Link2500 ali ndi kuthekera kolumikizana ndi netiweki ya Wi-Fi. Chifukwa chake, kuti Wireless akhazikitsidwe motetezeka, kuyenera kuganiziridwa pakukhazikitsa ndikusintha ma netiweki opanda zingwe monga tafotokozera pansipa.
7.2 Analimbikitsa Opanda zingwe Zosintha
Pali malingaliro ambiri ndi masitepe oti mutenge pokonza ma netiweki opanda zingwe omwe amalumikizidwa ndi netiweki yamkati.
Pang'ono ndi pang'ono, makonda ndi masinthidwe otsatirawa ayenera kukhalapo:
· Ma netiweki onse opanda zingwe ayenera kugawidwa pogwiritsa ntchito chotchingira moto; ngati kulumikizana pakati pa ma netiweki opanda zingwe ndi malo a data omwe ali ndi makhadi akufunika, mwayiwo uyenera kuyendetsedwa ndikutetezedwa ndi firewall.
· Sinthani SSID yokhazikika ndikuyimitsa kuwulutsa kwa SSID · Sinthani mawu achinsinsi olumikizana opanda zingwe komanso malo olowera opanda zingwe, izi zikuphatikizapo con-
kupeza kokha komanso zingwe zamagulu a SNMP · Sinthani zosintha zina zilizonse zachitetezo zoperekedwa kapena zokhazikitsidwa ndi ogulitsa · Onetsetsani kuti malo olowera opanda zingwe akusinthidwa kukhala firmware yatsopano · Gwiritsani ntchito WPA kapena WPA2 yokhala ndi makiyi amphamvu kokha, WEP ndiyoletsedwa ndipo sayenera kugwiritsidwa ntchito. · Sinthani makiyi a WPA/WPA2 pakukhazikitsa komanso pafupipafupi komanso nthawi iliyonse yomwe munthu ali nayo
kudziwa makiyi kusiya kampani
16
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
8. Network Segmentation
8.1 Kugwiritsa Ntchito Malonda
Ntchito yolipira ya Viking si ntchito yolipira yochokera pa seva ndipo imakhala pa terminal. Pachifukwa ichi, ntchito yolipira sifunikira kusintha kulikonse kuti ikwaniritse izi. Kuti mudziwe zambiri zamalonda, data ya kirediti kadi sichingasungidwe pamakina olumikizidwa mwachindunji ndi intaneti. Za example, web ma seva ndi ma seva a database sayenera kuyikidwa pa seva yomweyo. Demilitarized zone (DMZ) iyenera kukhazikitsidwa kuti igawane netiweki kuti makina a DMZ okha ndi omwe amapezeka pa intaneti.
9. Kufikira Kwakutali
9.1 Kugwiritsa Ntchito Malonda
Ntchito yolipirira ya Viking siyingapezeke patali. Thandizo lakutali limapezeka kokha pakati pa wogwira ntchito pa Nets ndi wogulitsa pa foni kapena ndi ma Nets omwe ali pafupi ndi wamalonda.
10.Kutumiza kwa Sensitive data
10.1 Kutumiza kwa Sensitive Data
Ntchito yolipira ya Viking imateteza deta yodziwika bwino komanso/kapena zosunga makhadi podutsa pogwiritsa ntchito kubisa kwamtundu wa uthenga pogwiritsa ntchito 3DES-DUKPT (112 bits) potumiza zonse (kuphatikiza ma network a anthu onse). Ma Protocol achitetezo a mauthenga a IP kuchokera ku pulogalamu ya Viking kupita ku Host sifunikanso chifukwa kubisa kwa mulingo wa uthenga kumakhazikitsidwa pogwiritsa ntchito 3DES-DUKPT (112-bits) monga tafotokozera pamwambapa. Ndondomeko ya encryption iyi imatsimikizira kuti ngakhale malonda atsekedwa, sangathe kusinthidwa kapena kusokonezedwa mwanjira ina iliyonse ngati 3DES-DUKPT (112-bits) ikadali kuonedwa ngati kubisa kolimba. Monga pa chiwembu choyang'anira makiyi a DUKPT, kiyi ya 3DES yomwe imagwiritsidwa ntchito ndi yapadera pazochitika zilizonse.
10.2 Kugawana zomvera pa mapulogalamu ena
Ntchito yolipira ya Viking siyimapereka mawonekedwe/ma API omveka bwino kuti athe kugawana deta ya akaunti ya cleartext mwachindunji ndi mapulogalamu ena. Palibe chidziwitso chachinsinsi kapena data ya akaunti ya cleartext yomwe imagawidwa ndi mapulogalamu ena kudzera mu ma API owonekera.
10.3 Imelo ndi Sensitive data
Ntchito yolipira ya Viking sichirikiza kutumiza imelo.
10.4 Non-Console Administrative Access
Viking sichirikiza mwayi wotsogolera wosakhala wa Console. Komabe, kuti adziwe zambiri zamalonda, njira zoyang'anira zosagwiritsa ntchito Console ziyenera kugwiritsa ntchito SSH, VPN, kapena TLS pobisalira zonse zomwe sizili ndi makhonsolo a seva omwe ali ndi makhadi. Telnet kapena njira zina zosabisika siziyenera kugwiritsidwa ntchito.
17
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
11. Viking Versioning Methodology
Njira yosinthira ya Nets imakhala ndi magawo awiri a S/W nambala ya mtundu: a.bb
kumene `a' idzachulukidwa pamene kusintha kwakukulu kukuchitika malinga ndi PCI-Secure Software Standard. a - mtundu waukulu (chiwerengero chimodzi)
`bb' idzachulukitsidwa pamene kusintha kocheperako kukuchitika malinga ndi PCI-Secure Software Standard. bb - mtundu wocheperako (ma manambala 2)
Nambala ya mtundu wa S/W ya Viking yolipira ikuwonetsedwa motere pazenera la terminal pomwe terminal imayatsidwa: `abb'
· Zosintha kuchokera mwachitsanzo, 1.00 mpaka 2.00 ndizosintha kwambiri. Zingaphatikizepo zosintha zomwe zimakhudza chitetezo kapena zofunikira za PCI Secure Software Standard.
· Zosintha kuchokera mwachitsanzo, 1.00 mpaka 1.01 ndizosintha zosafunikira. Sizingaphatikizepo zosintha zokhudzana ndi chitetezo kapena zofunikira za PCI Secure Software Standard.
Zosintha zonse zimayimiridwa motsatira manambala.
12. Malangizo okhudza Kuyika Motetezedwa kwa Zigamba ndi Zosintha.
Nets imapereka zosintha zamapulogalamu akutali motetezeka. Zosinthazi zimachitika panjira yolumikizirana yofanana ndi njira zolipirira zotetezedwa, ndipo wamalonda sakufunika kuti asinthe njira iyi yolumikizirana kuti atsatire.
Pakakhala chigamba, Nets isintha mtundu wa chigamba pa Nets Host. Wogulitsa amatha kupeza zigambazo kudzera pa pempho lotsitsa la S/W, kapena wamalonda atha kuyambitsanso kutsitsa mapulogalamu kuchokera pamenyu yotsitsa.
Kuti mudziwe zambiri, amalonda ayenera kupanga ndondomeko yovomerezeka yogwiritsira ntchito matekinoloje ofunika kwambiri ogwira ntchito, malinga ndi malangizo omwe ali pansipa a VPN kapena maulumikizidwe ena othamanga kwambiri, zosintha zimalandiridwa kudzera pa firewall kapena firewall ya antchito.
The Nets host imapezeka kudzera pa intaneti pogwiritsa ntchito njira zotetezeka kapena kudzera pa netiweki yotsekedwa. Ndi netiweki yotsekedwa, opereka ma netiweki ali ndi kulumikizana kwachindunji ku malo omwe timakhala nawo omwe amaperekedwa kuchokera kwa omwe amapereka maukonde. Ma terminal amayendetsedwa kudzera pa Nets terminal management services. The terminal management service imatanthauzira mwachitsanzoampndi chigawo chomwe terminal ndi yake komanso wopeza omwe akugwiritsidwa ntchito. Kasamalidwe ka ma terminal alinso ndi udindo wokweza pulogalamu yama terminal patali pamaneti. Nets amaonetsetsa kuti pulogalamu yomwe idakwezedwa ku terminal yamaliza ziphaso zofunikira.
Ma Nets amalimbikitsa macheke kwa makasitomala ake onse kuti atsimikizire kuti malipiro otetezeka ndi otetezeka monga momwe zalembedwera pansipa: 1. Sungani mndandanda wa malo onse olipira omwe akugwira ntchito ndikujambula zithunzi kuchokera kumadera onse kuti mudziwe momwe akuyenera kuwonekera. 2. Yang'anani zizindikiro zoonekeratu za tampzosindikizira monga zosindikizira zosweka pa mbale zovundikira kapena zomangira, ma cabling osamvetseka kapena osiyana kapena chida chatsopano cha hardware chomwe simungachizindikire. 3. Tetezani ma terminals anu kuti makasitomala asafike pomwe simukuzigwiritsa ntchito. Yang'anani malo olipirako tsiku lililonse ndi zida zina zomwe zimatha kuwerenga makadi olipirira. 4. Muyenera kuyang'ana anthu ogwira ntchito yokonza ngati mukuyembekeza kukonzanso kolipira. 5. Imbani foni ma Nets kapena banki yanu nthawi yomweyo ngati mukukayikira kuti pali zochitika zosadziwikiratu. 6. Ngati mukukhulupirira kuti chipangizo chanu cha POS chili pachiwopsezo cha kubedwa, ndiye kuti pali zoyikapo zantchito ndi ma hani otetezedwa ndi ma tethers omwe mungagulidwe pamalonda. Kungakhale koyenera kuganizira kagwiritsidwe ntchito kawo.
18
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
13.Viking Kutulutsidwa Zosintha
Pulogalamu ya Viking imatulutsidwa mumayendedwe otsatirawa (kutengera kusintha):
· 2 zazikulu zotulutsidwa pachaka · 2 zing'onozing'ono zotulutsidwa pachaka · Zigamba zamapulogalamu, ngati zikufunika, (mwachitsanzo chifukwa cha vuto lililonse/chiwopsezo). Ngati a
kumasulidwa kukugwira ntchito m'munda ndipo zovuta zina zimanenedwa, ndiye kuti pulogalamu ya pulogalamu yomwe ikukonzekera ikuyembekezeka kutulutsidwa mkati mwa mwezi umodzi.
Ogulitsa azidziwitsidwa za zomwe zatulutsidwa (zazikulu/ zazing'ono/chigamba) kudzera pamaimelo omwe angatumizidwe mwachindunji ku ma adilesi awo a imelo. Imelo idzakhalanso ndi mfundo zazikuluzikulu za kumasulidwa ndi zolemba zomasulidwa.
Amalonda athanso kupeza zolemba zomwe zidzakwezedwa pa:
Zolemba zotulutsa mapulogalamu (nets.eu)
Kutulutsa kwa Viking Software kumasainidwa pogwiritsa ntchito chida choimbira cha Ingenico cha Tetra terminals. Mapulogalamu osayinidwa okha ndi omwe angakwezedwe pa terminal.
14. Zofunikira zosagwiritsidwa ntchito
Gawoli lili ndi mndandanda wa zofunikira mu PCI-Secure Software Standard yomwe yawunikidwa ngati `NotApplicable' ku ntchito yolipira ya Viking ndi zifukwa zake.
PCI Secure Software Standard
CO
Zochita
Kulungamitsidwa kukhala `Osagwiritsidwa ntchito'
5.3
Njira zotsimikizira (kuphatikiza gawo la cre- Viking yolipira imagwira ntchito pa PCI yovomerezeka PTS POI
dentials) ndi zolimba mokwanira komanso zolimba pazida.
tetezani zidziwitso zotsimikizika kuti zisakhale
zabodza, zosokoneza, zotsikiridwa, zongopeka, kapena zozungulira- Ntchito yolipirira ya Viking siyipereka zakomweko, zosatonthoza.
kutulutsa mpweya.
kapena mwayi wofikira kutali, kapena kuchuluka kwa mwayi, chifukwa chake palibe
zizindikiro mu chipangizo cha PTS POI.
Ntchito yolipira ya Viking siyimapereka zoikamo kuti muzitha kuyang'anira kapena kupanga ma ID a ogwiritsa ntchito ndipo sapereka mwayi uliwonse wapafupi, osagwiritsa ntchito console kapena kutali ndi zinthu zofunika kwambiri (ngakhale kusakatula).
5.4
Mwachikhazikitso, mwayi wonse wopeza zinthu zofunika kwambiri umasinthidwanso.
Ntchito yolipira ya Viking imayenda pa PCI yovomerezeka ya PTS POI
zokhazikika pamaakaunti awo okha ndi zida zamautumiki.
zomwe zimafuna mwayi wotero.
Ntchito yolipira ya Viking sipereka zokonda
wongolera kapena kupanga maakaunti kapena ntchito.
7.3
Nambala zonse mwachisawawa zomwe zimagwiritsidwa ntchito ndi pulogalamuyi ndi ntchito yolipira ya Viking sigwiritsa ntchito RNG iliyonse (mwachisawawa
kupangidwa pogwiritsa ntchito jenereta yovomerezeka yokhayokha) kuti igwiritse ntchito kubisa.
ber generation (RNG) ma algorithms kapena malaibulale.
19
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
Ma algorithms ovomerezeka a RNG kapena malaibulale ndi omwe amakwaniritsa miyezo yamakampani kuti asadziwike mokwanira (mwachitsanzo, NIST Special Publication 800-22).
Ntchito yolipira ya Viking simapanga kapena kugwiritsa ntchito manambala mwachisawawa pantchito za cryptographic.
7.4
Miyezo yachisawawa imakhala ndi entropy yomwe imakwaniritsa ntchito yolipira ya Viking sigwiritsa ntchito RNG iliyonse (mwachisawawa
zofunika zochepa mphamvu mphamvu ya nambala jenereta) kwa ntchito zake kubisa.
zoyamba za cryptographic ndi makiyi omwe amadalira
pa iwo.
Ntchito yolipira ya Viking sipanga kapena kugwiritsa ntchito
manambala mwachisawawa a ntchito za cryptographic.
8.1
Kuyesa konse ndi kugwiritsa ntchito zinthu zofunika kwambiri zolipira Viking zimayendera pa PCI yovomerezeka ya PTS POI
imatsatiridwa ndikutsatiridwa ndi munthu wapadera. zipangizo, kumene kusamalira zinthu zofunika kwambiri kumachitika, ndi
Firmware ya PTS POI imatsimikizira chinsinsi komanso kukhulupirika kwa omvera.
Sitive data pamene yasungidwa mkati mwa chipangizo cha PTS POI.
Kusungidwa kwachinsinsi, kukhulupirika ndi kulimba mtima kwa ntchito yolipira ya Viking zimatetezedwa ndikuperekedwa ndi firmware ya PTS POI. Firmware ya PTS POI imalepheretsa mwayi uliwonse wopeza zinthu zofunika kwambiri kunja kwa terminal ndipo imadalira anti-t.ampmawonekedwe a ering.
Kufunsira kulipira kwa Viking sikumapereka mwayi wamba, osatsegula kapena mwayi wakutali, kapena mwayi, chifukwa chake palibe munthu kapena machitidwe ena omwe ali ndi mwayi wopeza zinthu zofunika kwambiri, ntchito yolipira ya Viking yokha ndiyomwe imatha kuthana ndi zinthu zovuta.
8.2
Zochitika zonse zimajambulidwa mokwanira komanso zofunikira- Ntchito yolipira ya Viking imayenda pa PCI yovomerezeka ya PTS POI
sary mwatsatanetsatane kufotokoza molondola zomwe zida zenizeni.
ntchito zinachitidwa, amene anachita
iwo, nthawi yomwe iwo anachitidwa, ndi
Kugwiritsa ntchito kulipira kwa Viking sikumapereka kwanuko, osatonthoza
zinthu zofunika zomwe zidakhudzidwa.
kapena mwayi wakutali, kapena kuchuluka kwa mwayi, motero palibe
munthu kapena machitidwe ena omwe ali ndi mwayi wopeza zinthu zofunika kwambiri, kokha
Ntchito yolipira ya Viking imatha kuthana ndi zinthu zofunika kwambiri.
· Kugwiritsa ntchito kulipira kwa Viking sikumapereka mwayi wogwira ntchito.
· Palibe ntchito kuletsa kubisa deta tcheru
· Palibe ntchito kwa decryption tcheru deta
· Palibe ntchito za kutumiza deta tcheru ku machitidwe ena kapena njira
· Palibe mawonekedwe otsimikizira omwe amathandizidwa
Kuwongolera chitetezo ndi magwiridwe antchito sikungalephereke kapena kuchotsedwa.
8.3
Pulogalamuyi imathandizira kusungidwa kotetezedwa kwa ntchito yolipira ya Viking imayendetsedwa ndi PCI yovomerezeka ya PTS POI
zizindikiro za ntchito.
zipangizo.
20
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
8.4 B.1.3
Kugwiritsa ntchito kulipira kwa Viking sikumapereka mwayi wamba, osatsegula kapena mwayi wakutali, kapena mwayi, chifukwa chake palibe munthu kapena machitidwe ena omwe ali ndi mwayi wopeza zinthu zofunika kwambiri, ntchito yolipira ya Viking yokha ndiyomwe imatha kuthana ndi zinthu zovuta.
· Kugwiritsa ntchito kulipira kwa Viking sikumapereka mwayi wogwira ntchito.
· Palibe ntchito kuletsa kubisa deta tcheru
· Palibe ntchito kwa decryption tcheru deta
· Palibe ntchito za kutumiza deta tcheru ku machitidwe ena kapena njira
· Palibe mawonekedwe otsimikizira omwe amathandizidwa
Kuwongolera chitetezo ndi magwiridwe antchito sikungalephereke kapena kuchotsedwa.
Pulogalamuyi imayendetsa zolephera mu njira zotsatirira zochitika kuti kukhulupirika kwa zolemba zomwe zilipo kale zisungidwe.
Ntchito yolipira ya Viking imayenda pazida zovomerezeka za PCI za PTS POI.
Kugwiritsa ntchito kulipira kwa Viking sikumapereka mwayi wamba, osatsegula kapena mwayi wakutali, kapena mwayi, chifukwa chake palibe munthu kapena machitidwe ena omwe ali ndi mwayi wopeza zinthu zofunika kwambiri, ma Viking okha ndi omwe amatha kuthana ndi zinthu zovuta.
· Kugwiritsa ntchito kulipira kwa Viking sikumapereka mwayi wogwira ntchito.
· Palibe ntchito kuletsa kubisa deta tcheru
· Palibe ntchito kwa decryption tcheru deta
· Palibe ntchito za kutumiza deta tcheru ku machitidwe ena kapena njira
· Palibe mawonekedwe otsimikizira omwe amathandizidwa
· Zoyang'anira chitetezo ndi magwiridwe antchito sangathe kuzimitsidwa kapena kuchotsedwa.
Wogulitsa mapulogalamu amasunga zolemba zomwe zimafotokoza zonse zomwe zingasinthidwe zomwe zingakhudze chitetezo cha data tcheru.
Ntchito yolipira ya Viking imayenda pazida zovomerezeka za PCI za PTS POI.
Kugwiritsa ntchito kulipira kwa Viking sikumapereka chilichonse mwa izi kwa ogwiritsa ntchito:
· configurable njira kupeza tcheru deta
21
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
B.2.4 B.2.9 B.5.1.5
· configurable njira kusintha njira kuteteza tcheru deta
· Kufikira kutali ndi pulogalamuyi
· zosintha zakutali za pulogalamuyi
· Chosankha chosinthira kuti musinthe makonda a pulogalamuyo
Pulogalamuyi imagwiritsa ntchito ntchito zopanga manambala mwachisawawa zomwe zikuphatikizidwa pakuwunika kwa chipangizo cha PTS cha malo olipira pazochita zonse zachinsinsi zomwe zimakhudzana ndi data yodziwika bwino kapena zovuta zomwe zimafunikira kuti pakhale masheya osasinthika ndipo sagwiritsa ntchito zakezake.
Viking sagwiritsa ntchito RNG iliyonse (wopanga manambala mwachisawawa) pantchito zake zobisa.
Kugwiritsa ntchito kwa Viking sikumapanga kapena kugwiritsa ntchito manambala mwachisawawa pantchito za cryptographic.
ntchito zopanga manambala mwachisawawa.
Kutsimikizika kwa pulogalamu yam'manja files imatetezedwa molingana ndi Control Objective B.2.8.
Zowonetsa zonse mwachangu pa terminal ya Viking zimayikidwa mu pulogalamuyo ndipo palibe mwachangu files alipo kunja kwa ntchito.
Palibe mwachangu files kunja kwa ntchito yolipira ya Viking ilipo, zidziwitso zonse zofunika zimapangidwa ndi pulogalamuyi.
Chitsogozo chokwaniritsira chimaphatikizapo malangizo kwa omwe akukhudzidwa kuti asayine mwachangu zonse files.
Zidziwitso zonse zomwe zikuwonetsedwa pa terminal ya Viking zimayikidwa mu pulogalamuyo ndipo palibe mwachangu files alipo kunja kwa ntchito.
Palibe mwachangu files kunja kwa ntchito yolipira ya Viking ilipo, zidziwitso zonse zofunika zimapangidwa ndi pulogalamuyi
22
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
15. PCI Secure Software Standard Requirements Reference
Mitu mu chikalata ichi 2. Kutetezedwa Kulipira Kufunsira
PCI Secure Software Standard Zofunikira
B.2.1 6.1 12.1 12.1.b
Zofunikira za PCI DSS
2.2.3
3. Sungani Mapulogalamu Akutali
11.1
Zosintha
11.2
12.1
1&12.3.9 2, 8, & 10
4. Kuchotsa Motetezedwa kwa Sensitive Data ndi Chitetezo cha Makhadi Osungidwa
3.2 3.4 3.5 A.2.1 A.2.3 B.1.2a
Kutsimikizira ndi Kuwongolera Kufikira 5.1 5.2 5.3 5.4
3.2 3.2 3.1 3.3 3.4 3.5 3.6
8.1 ndi 8.2 8.1 ndi 8.2
Kudula mitengo
3.6
10.1
8.1
10.5.3
8.3
Wireless Network
4.1
1.2.3 & 2.1.1 4.1.1 1.2.3, 2.1.1,4.1.1
Network Segmentation Remote Access Transmission of Cardholder Data
4.1c
B.1.3
A.2.1 A.2.3
1.3.7
8.3
4.1 4.2 2.3 8.3
Viking Versioning Methodology
11.2 12.1.b
Malangizo kwa makasitomala za 11.1
kukhazikitsa kotetezedwa kwa zigamba ndi 11.2
zosintha.
12.1
23
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
16. Kalozera wa Mawu
Zolemba za TERM Cardholder
DUKU
3DES Merchant SSF
PA-QSA
TANTHAUZO
Mzere wa maginito wathunthu kapena PAN kuphatikiza zilizonse mwa izi: · Dzina la mwini khadi · Tsiku lotha ntchito · Khodi ya Ntchito
Derived Unique Key Per Transaction (DUKPT) ndi ndondomeko yoyendetsera ntchito yomwe pazochitika zilizonse, chinsinsi chapadera chimagwiritsidwa ntchito chomwe chimachokera ku kiyi yokhazikika. Chifukwa chake, ngati kiyi yochokera ikusokonezedwa, zomwe zachitika zam'tsogolo ndi zam'mbuyomu zimatetezedwabe popeza makiyi otsatira kapena am'mbuyomu sangadziwike mosavuta.
Mu cryptography, Triple DES (3DES kapena TDES), mwalamulo Triple Data Encryption Algorithm (TDEA kapena Triple DEA), ndi symmetric-key block cipher, yomwe imagwiritsa ntchito DES cipher algorithm katatu pa chipika chilichonse.
Wogwiritsa ntchito komanso wogula malonda a Viking.
PCI Software Security Framework (SSF) ndi mndandanda wa miyezo ndi mapulogalamu amapangidwe otetezedwa ndi kupanga mapulogalamu olipira. Chitetezo cha pulogalamu yolipira ndi gawo lofunikira kwambiri pamayendedwe olipira ndipo ndikofunikira kuti pakhale njira zolipirira zodalirika komanso zolondola.
Malipiro Oyenerera Oyesa Chitetezo. Kampani ya QSA yomwe imapereka chithandizo kwa ogulitsa ntchito zolipira kuti atsimikizire zolipira za ogulitsa.
SAD (Sensitive Authentication Data)
Zambiri zokhudzana ndi chitetezo (Makhodi / Makhalidwe Otsimikizira Khadi, deta yonse, ma PIN, ndi PIN Blocks) zomwe zimagwiritsidwa ntchito kutsimikizira omwe ali ndi makhadi, owonekera m'mawu osamveka kapena osatetezedwa. Kuwulula, kusinthidwa, kapena kuwononga chidziwitsochi kukhoza kusokoneza chitetezo cha makina obisika, makina azidziwitso, kapena chidziwitso cha mwini makhadi kapena angagwiritsidwe ntchito mwachinyengo. Sensitive Authentication Data isasungidwe ntchito ikatha.
Viking HSM
Pulogalamu yamapulogalamu yomwe imagwiritsidwa ntchito ndi Nets pakukulitsa ntchito pamsika waku Europe.
Hardware chitetezo module
24
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
17. Document Control
Wolemba Zolemba, Reviewers ndi Ovomereza
Kufotokozera SSA Development Compliance Manager System Architect QA Product Owner Product Manager Director Engineering
Ntchito Reviewndi Wolemba Reviewer & Approver Reviewer & Approver Reviewer & Approver Reviewer & Approver Manager Manager
Claudio Adami / Flavio Bonfiglio Sorans Aruna Panicker Arno Eksström Shamsher Singh Varun Shukla Arto Kangas Eero Kuusinen Taneli Valtonen
Chidule cha Zosintha
Mtundu Nambala 1.0
1.0
1.1
Tsiku la 03-08-2022
15-09-2022
20-12-2022
Chikhalidwe cha Kusintha
Mtundu Woyamba wa PCI-Secure Software Standard
Kusinthidwa ndime 14 ndi zolinga zowongolera zosagwiritsidwa ntchito ndi zifukwa zawo
Ndime zosinthidwa 2.1.2 ndi 2.2
ndi Self4000.
Zachotsedwa
Link2500 (PTS mtundu 4.x) kuchokera ku
mndandanda wa terminal wothandizidwa
Sinthani Wolemba Aruna Panicker Aruna Panicker
Aruna Panicker
Reviewer
Tsiku Lovomerezeka
Shamsher Singh 18-08-22
Shamsher Singh 29-09-22
Shamsher Singh 23-12-22
1.1
05-01-2023 Gawo losinthidwa 2.2 ndi Link2500 Aruna Panicker Shamsher Singh 05-01-23
(pts v4) kuti mupitilize chithandizo
za mtundu wa terminal.
1.2
20-03-2023 Gawo losinthidwa 2.1.1 ndi Aruna Panicker Shamsher Singh waku Latvia 21-04-23
ndi Lithuanian terminal profiles.
Ndipo 2.1.2 yokhala ndi BT-iOS communica-
thandizo la mtundu wa tion
2.0
03-08-2023 Mtundu wotulutsidwa wasinthidwa kukhala Aruna Panicker Shamsher Singh 13-09-23
2.00 pamutu / pansi.
Gawo losinthidwa 2.2 ndi latsopano
Move3500 hardware ndi firmware
Mabaibulo. Zasinthidwa gawo 11 la
'Viking Versioning Methodology'.
Gawo 1.3 losinthidwa ndi zaposachedwa
mtundu wa zofunikira za PCI SSS
wotsogolera. Zasinthidwa ndime 2.2 kuti zithandizire
ma terminals amachotsedwa osagwiritsidwa ntchito
zida zamtundu wa hardware kuchokera ku
mndandanda.
2.0
16-11-2023 Zowoneka (CVI) zosintha
Leyla Avsar
Arno Eksström 16-11-23
25
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
Mndandanda Wofalitsa
Dzina la Terminal Department Product Management
Kupititsa patsogolo Ntchito, Kuyesa, Kuwongolera Ntchito, Gulu Loyang'anira Zogwirizana ndi Terminal Product, Compliance Manager Product
Kuvomereza Zolemba
Dzina la Arto Kangas
Function Product Owner
Document Review Mapulani
Chikalata ichi chidzakhala reviewkusinthidwa ndi kusinthidwa, ngati kuli kofunikira, monga momwe tafotokozera pansipa:
· Momwe zimafunikira kukonza kapena kupititsa patsogolo zomwe zili mkatiview Kutsatira kugwiritsa ntchito chiwopsezo · Kutsatira zatsopano / zofunikira zokhudzana ndi chiopsezo
26
PCI-Secure Software Standard Vendor Implementation Guide v2.0 ya Viking Terminal 2.00
Zolemba / Zothandizira
 |
nets PCI-Secure Standard Software [pdf] Buku Logwiritsa Ntchito PCI-Secure Standard Software, PCI-Secure, Standard Software, Software |
