PCI-Secure Standard Software
Ruzivo rwechigadzirwa: PCI-Secure Software Standard Vendor
Implementation Guide yeViking Terminal 2.00
Zvinotsanangurwa
Shanduro: 2.0
1. Nhanganyaya uye Chikamu
1.1 Sumo
Iyo PCI-Secure Software Standard Vendor Implementation Guide
inopa nhungamiro yekushandisa software paViking
Terminal 2.00.
1.2 Software Security Framework (SSF)
Iyo Software Security Framework (SSF) inovimbisa kubhadhara kwakachengeteka
kushandiswa paViking Terminal 2.00.
1.3 Software Vendor Implementation Guide - Kugovera uye
Updates
Gwaro iri rinosanganisira ruzivo rwekugovera nekuvandudzwa
yeSoftware Vendor Implementation Guide yeViking Terminal
2.00.
2. Chengetedza Kubhadhara Kushandisa
2.1 Chishandiso S/W
Iyo yakachengeteka yekubhadhara application software inovimbisa yakachengeteka
kutaurirana nemubhadharo wekubhadhara uye ECR.
2.1.1 Payment Host kutaurirana TCP/IP parameter setup
Ichi chikamu chinopa mirairo yekumisikidza TCP/IP
parameters yekukurukurirana nemubhadharo wekubhadhara.
2.1.2 ECR kutaurirana
Ichi chikamu chinopa mirairo yekutaurirana ne
ECR (Electronic Cash Register).
2.1.3 Hurukuro yekugamuchira kuburikidza neECR
Ichi chikamu chinotsanangura maitiro ekutanga kutaurirana ne
muenzi wekubhadhara achishandisa ECR.
2.2 Inotsigirwa terminal hardware (s)
Iyo yakachengeteka yekubhadhara application inotsigira Viking Terminal 2.00
hardware.
2.3 Mitemo yekuchengetedza
Ichi chikamu chinotsanangura mitemo yekuchengetedza iyo inofanirwa kuva
inoteverwa kana uchishandisa yakachengeteka kubhadhara application.
3. Chengetedza Remote Software Update
3.1 Mutengesi Kushanda
Ichi chikamu chinopa ruzivo pamusoro pekushandiswa kwekuchengetedza
kure kure software inogadziridza kune vatengesi.
3.2 Gwaro Rekushandisa Rinogamuchirwa
Ichi chikamu chinotsanangura mutemo unogamuchirika wekushandisa kune yakachengeteka
kure software updates.
3.3 Personal Firewall
Mirayiridzo yekugadzirisa firewall yemunhu kubvumira
yakachengeteka kure kure software zvigadziriso zvinopihwa muchikamu chino.
3.4 Remote Update Procedures
Ichi chikamu chinotsanangura maitiro ekuita zvakachengeteka
kure software updates.
4. Kudzimwa kwakachengeteka kweSensitive Data uye Kudzivirirwa kweAkachengetwa
Cardholder Data
4.1 Mutengesi Kushanda
Ichi chikamu chinopa ruzivo pamusoro pekushandiswa kwekuchengetedza
Kudzimwa kwedata rakavanzika uye kuchengetedzwa kweakachengetwa ane kadhi data
zvevatengesi.
4.2 Chengetedza Delete Mirayiridzo
Mirayiridzo yekudzima zvakachengetedzeka data yakavanzika inopihwa
muchikamu chino.
4.3 Nzvimbo Dzakachengetwa Kadhi Data
Ichi chikamu chinonyora nzvimbo dzinochengeterwa data rine makadhi
uye inopa nhungamiro pakudzivirira.
Ichi chikamu chinotsanangura maitiro ekubata akaverengerwa
mvumo yekutengeserana zvakachengeteka.
4.5 Matanho ekugadzirisa matambudziko
Mirayiridzo yekugadzirisa matambudziko ane chekuita nekuchengetedza
kudzima uye kuchengetedzwa kwe data rakachengetedzwa rine kadhi rinopihwa mukati
chikamu ichi.
4.6 PAN nzvimbo - Kuratidzwa kana kudhindwa
Ichi chikamu chinotaridza nzvimbo uko PAN (Primary Account
Nhamba) inoratidzwa kana kudhindwa uye inopa nhungamiro pakuchengetedza
it.
4.7 Kurumidza files
Mirayiridzo yekugadzirisa kukurumidza files zvakachengetedzeka zvinopihwa mukati
chikamu ichi.
4.8 Kutungamira kwakakosha
Ichi chikamu chinotsanangura maitiro akakosha ekutarisira kuti ave nechokwadi
chengetedzo yedata rakachengetwa rine kadhi.
4.9 '24 HR' Reboot
Mirayiridzo yekuita '24 HR' reboot kuti uone system
kuchengetedzwa kunopihwa muchikamu chino.
4.10 Whitelisting
Ichi chikamu chinopa ruzivo nezve whitelisting uye yayo
kukosha mukuchengetedza kuchengetedzwa kwehurongwa.
5. Authentication uye Access Controls
Ichi chikamu chinobata chokwadi uye kuwana kudzora matanho
kuve nechokwadi chekuchengetedzwa kwehurongwa.
Mibvunzo Inowanzo bvunzwa (FAQ)
Mubvunzo: Chii chinangwa chePCI-Secure Software Standard
Vendor Implementation Guide?
A: Nhungamiro inopa mazano ekushandisa kubhadhara kwakachengeteka
application software paViking Terminal 2.00.
Mubvunzo: Ndeipi terminal hardware inotsigirwa nekubhadhara kwakachengeteka
application?
A: Iyo yakachengeteka yekubhadhara application inotsigira Viking Terminal
2.00 hardware.
Mubvunzo: Ndingadzima sei data rakavanzika zvakachengeteka?
A: Mirayiridzo yekudzima zvakachengeteka data yakavanzika ndeye
yakapihwa muchikamu 4.2 chegwaro.
Mubvunzo: Chii chakakosha che whitelist?
A: Whitelisting inoita basa rakakosha mukuchengetedza sisitimu
chengetedzo nekubvumira zvikumbiro zvakatenderwa chete kuti zvishande.
Izvi zvakaiswa muboka seInternal
Nets Denmark A/S:
PCI-Secure Software Standard Software Vendor Implementation Guide yeViking terminal 2.00
Shanduro 2.0
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00 1 1
Zviri mukati
1. Nhanganyaya uye Chimiro …………………………………………………………………………. 3
1.1
Nhanganyaya ………………………………………………………………………………………. 3
1.2
Software Security Framework (SSF)……………………………………………………. 3
1.3
Software Vendor Implementation Guide – Distribution and Updates …… 3
2. Secure Payment Application………………………………………………………………………
2.1
Chikumbiro S/W ………………………………………………………………………………. 4
2.1.1 Payment Host kutaurirana TCP/IP parameter setup …………………….. 4
2.1.2 ECR kutaurirana……………………………………………………………………………. 5
2.1.3 Nhaurirano yekutambira kuburikidza neECR……………………………………………………………. 5
2.2
Zvigadzirwa zvemagetsi zvinotsigirwa ………………………………………………….. 6
2.3
Security Policies …………………………………………………………………………………. 7
3. Chengetedza Remote Software Update …………………………………………………………. 8
3.1
Merchant Applicability……………………………………………………………………… 8
3.2
Gwaro Rekushandisa Rinogamuchirika …………………………………………………………………… 8
3.3
Personal Firewall……………………………………………………………………………… 8
3.4
Remote Update Procedures ………………………………………………………………… 8
4. Kudzimwa kwakachengeteka kweSensitive Data uye Kudzivirirwa kweAkachengetwa Kadhi Muridzi Data9
4.1
Merchant Applicability……………………………………………………………………… 9
4.2
Chengetedza Delete Mirayiridzo………………………………………………………………………
4.3
Nzvimbo Dzakachengetedzwa Kadhi Data………………………………………………….. 9
4.4
Deferred Authorization Transaction ………………………………………………. 10
4.5
Matanho ekugadzirisa matambudziko ……………………………………………………………… 10
4.6
PAN nzvimbo - Kuratidzwa kana kudhindwa ………………………………………………… 10
4.7
Prompt files ………………………………………………………………………………….. 11
4.8
Key management ………………………………………………………………………………
4.9
`24 HR' Reboot …………………………………………………………………………………. 12
4.10 Whitelisting ………………………………………………………………………………… 12
5. Authentication and Access Controls ……………………………………………………. 13
5.1
Access Control ……………………………………………………………………………. 13
5.2
Password Controls …………………………………………………………………………. 15
6. Kutema matanda ……………………………………………………………………………………….. 15.
6.1
Merchant Applicability…………………………………………………………………. 15
6.2
Gadzirisa Marogi Settings ………………………………………………………………………. 15
6.3
Central Logging ……………………………………………………………………………… 15
6.3.1 Gonesa trace Logging pane terminal …………………………………………………………… 15
6.3.2 Send trace Logs to host ……………………………………………………………………… 15
6.3.3 Remote trace logging …………………………………………………………………………………. 16
6.3.4 Remote kukanganisa kutema matanda………………………………………………………………………………. 16
7. Wireless Networks ……………………………………………………………………………… 16
7.1
Merchant Applicability…………………………………………………………………. 16
7.2
Yakakurudzirwa Wireless Configurations …………………………………………… 16
8. Network Segmentation …………………………………………………………………….. 17
8.1
Merchant Applicability…………………………………………………………………. 17
9. Remote Access …………………………………………………………………………………… 17
9.1
Merchant Applicability…………………………………………………………………. 17
10.
Kufambiswa kweSensitive data ……………………………………………………….. 17
10.1 Kufambiswa kwe data sensitive …………………………………………………………… 17
10.2 Kugovera Sensitive data kune imwe software ……………………………………….. 17
10.3 Email uye Sensitive data ……………………………………………………………………. 17
10.4 Non-Console Administrative Access …………………………………………………. 17
11.
Viking Versioning Methodology………………………………………………………. 18
12.
Mirayiridzo nezve Yakachengeteka Kuiswa kwePatches uye Zvidzoreso. …………. 18
13.
Viking Release Updates …………………………………………………………………. 19
14.
Zvisiri-Kushanda zvinodiwa …………………………………………………………. 19
15.
PCI Chengetedza Software Standard Requirements Reference ……………………… 23
16.
Tsanangudzo yeMatemu ……………………………………………………………………………. 24
17.
Document Control ………………………………………………………………………… 25
2
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
1. Nhanganyaya uye Chikamu
1.1 Sumo
Chinangwa cheiyi PCI-Secure Software Standard Software Vendor Implementation Guide ndechekupa vanobatana negwara rakajeka uye rakakwana pakuitwa kwakachengeteka, kumisikidzwa, uye kushanda kweViking software. Nhungamiro inoraira Vatengesi nezve mashandisiro eNets 'Viking application munzvimbo yavo nenzira inoenderana nePCI Secure Software Standard. Kunyangwe, haina kuitirwa kuve yakakwana yekuisa gwara. Viking application, kana ikaiswa zvinoenderana negwara rakanyorwa pano, inofanirwa kufambisa, uye kutsigira kutevedza kwePCI yemutengesi.
1.2 Software Security Framework (SSF)
Iyo PCI Software Security Framework (SSF) muunganidzwa wezviyero uye zvirongwa zveyakachengeteka dhizaini uye kusimudzira kwekubhadhara application software. Iyo SSF inotsiva iyo Payment Application Data Security Standard (PA-DSS) nezvinodiwa zvemazuva ano zvinotsigira huwandu hwakawanda hwekubhadhara software mhando, matekinoroji, uye nzira dzekusimudzira. Inopa vatengesi zviyero zvekuchengetedza sePCI Secure Software Standard yekugadzira uye kuchengetedza yekubhadhara software kuitira kuti idzivirire kubhadhara kwekubhadhara uye data, kuderedza kusasimba, uye kudzivirira pakurwiswa.
1.3 Software Vendor Implementation Guide – Distribution and Updates
Iyi PCI Yakachengeteka Software Standard Software Vendor Implementation Guide inofanira kuparadzirwa kune vese vakakodzera vashandisi vekushandisa kusanganisira vatengesi. Inofanirwa kuvandudzwa kanenge gore negore uye mushure mekuchinja mune software. The year review uye yekuvandudza inofanirwa kusanganisira shanduko nyowani dzesoftware pamwe neshanduko muSecure Software Standard.
Nets inoburitsa ruzivo pane zvakanyorwa websaiti kana paine zvigadziriso mugwaro rekushandisa.
Webnzvimbo: https://support.nets.eu/
For Example: Nets PCI-Secure Software Standard Software Vendor Implementation Guide ichagoverwa kune vese vatengi, vatengesi, uye vanobatanidza. Vatengi, Vatengesi, uye Vanobatanidza vanozoziviswa kubva ku reviews uye zvigadziriso.
Zvigadziriso kuPCI-Secure Software Standard Software Vendor Implementation Guide inogona kuwanikwa nekubata maNet zvakananga, zvakare.
Iyi PCI-Secure Software Standard Software Vendor Implementation Guide inonongedza ese PCI-Secure Software Standard uye PCI zvinodiwa. Mavhezheni anotevera akataurwa mugwaro rino.
· PCI-Secure-Software-Standard-v1_2_1
3
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
2. Chengetedza Kubhadhara Kushandisa
2.1 Chishandiso S/W
Iwo maViking ekubhadhara maapplication haashandise chero software yekunze kana hardware isiri yeViking yakamisikidzwa application. Zvese zvinobatika zveS/W zveViking kubhadhara chikumbiro zvakasainwa nedigital neTetra signing kit yakapihwa neIngenico.
· Iyo terminal inotaurirana neNets Host ichishandisa TCP/IP, kungave kuburikidza neEthernet, GPRS, Wi-Fi, kana kuburikidza nePC-LAN inomhanyisa POS application. Zvakare, iyo terminal inogona kutaurirana nemuiti kuburikidza nenharembozha neWi-Fi kana GPRS yekubatanidza.
Viking terminals inobata kutaurirana kwese uchishandisa Ingenico link layer chikamu. Ichi chikamu chishandiso chakaiswa mune terminal. Iyo Link Layer inogona kubata akati wandei kutaurirana panguva imwe chete uchishandisa akasiyana peripherals (modem uye serial port ye ex.ample).
Ikozvino inotsigira zvinotevera maprotocol:
* Yemuviri: RS232, yemukati modem, yekunze modem (kuburikidza neRS232), USB, Ethernet, Wi-Fi, Bluetooth, GSM, GPRS, 3G uye 4G.
· Data Link: SDLC, PPP. · Network: IP. · Kutakura: TCP.
Iyo terminal inogara ichitora danho rekumisikidza kutaurirana kwakanangana neNets Host. Iko hakuna TCP / IP server S / W mune terminal, uye iyo terminal S / W haina kumbopindura kune dzinopinda mafoni.
Kana yasanganiswa nePOS application paPC, iyo terminal inogona kusetwa kuti itaure kuburikidza nePC-LAN ichimhanyisa POS application uchishandisa RS232, USB, kana Bluetooth. Zvichiri kushanda kwese kwekushandisa kwekubhadhara kuri kushanda mune terminal S/W.
Iyo protocol protocol (uye yakashandiswa encryption) iri pachena uye yakazvimirira yerudzi rwekutaurirana.
2.2 Payment Host kutaurirana TCP/IP parameter setup
4
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
2.3 ECR kutaurirana
· RS232 seri · USB Connection · TCP/IP parameter setup, inozivikanwawo seECR pamusoro peIP
· Host/ECR kutaurirana sarudzo muViking Payment Application
· Nets Cloud ECR (Batanidza @ Cloud) paramita kumisikidzwa
2.4 Hurukuro yekugamuchira kuburikidza neECR
Cherechedza: Tarisa "2.1.1- Payment Host communication TCP/IP parameter setup" kune dzimwe nyika TCP/IP ports.
5
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
2.5 Inotsigirwa terminal hardware (s)
Viking kubhadhara application inotsigirwa pane akasiyana PTS (PIN transaction chengetedzo) yakasimbiswa Ingenico zvishandiso. Rondedzero yeterminal hardware pamwe nenhamba yavo yekubvumidza yePTS inopiwa pazasi.
Tetra Terminal Types
Terminal hardware
Nzira ye3000
PTS
PTS mvumo
nhamba yeshanduro
5.x
4-30310
PTS Hardware Version
LAN30EA LAN30AA
Desk 3500
5.x
4-20321
DES35BB
Fambisa 3500
5.x
4-20320
MOV35BB MOV35BC MOV35BQ MOV35BR
Link2500
Link2500 Self4000
4.x
4-30230
5.x
4-30326
5.x
4-30393
LIN25BA LIN25JA
LIN25BA LIN25JA SEL40BA
PTS Firmware Version
820547v01.xx 820561v01.xx 820376v01.xx 820376v02.xx 820549v01.xx 820555v01.xx 820556v01.xx 820565v01.xx 820547v01.xx 820376v01.xx 820376v02.xx 820547v01.xx 820549v01.xx 820555v01.xx 820556v01.xx 820565v01.xx 820547v01.xx 820565v01.xx 820548v02.xx 820555v01.xx 820556v01.xx 820547v01.xx
820547v01.xx
820547v01.xx
6
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
2.6 Mitemo yekuchengetedza
Viking yekubhadhara chikumbiro inonamatira kune ese anoshanda ekuchengetedza marongero anotsanangurwa neIngenico. Kuti uwane ruzivo rwakakwana, aya ndiwo anongedzo kumitemo yekuchengetedza yeTetra terminals dzakasiyana:
Terminal Type
Link2500 (v4)
Chengetedzo Policy gwaro Link/2500 PCI PTS Chengetedzo Policy (pcisecuritystandards.org)
Link2500 (v5)
PCI PTS Chengetedzo Policy (pcisecuritystandards.org)
Desk3500
https://listings.pcisecuritystandards.org/ptsdocs/4-20321ICO-OPE-04972-ENV12_PCI_PTS_Security_Policy_Desk_3200_Desk_3500-1650663092.33407.pdf
Fambisa3500
https://listings.pcisecuritystandards.org/ptsdocs/4-20320ICO-OPE-04848-ENV11_PCI_PTS_Security_Policy_Move_3500-1647635765.37606.pdf
Lane3000
https://listings.pcisecuritystandards.org/ptsdocs/4-30310SP_ICO-OPE-04818-ENV16_PCI_PTS_Security_Policy_Lane_3000-1648830172.34526.pdf
Self4000
Self/4000 PCI PTS Chengetedzo Policy (pcisecuritystandards.org)
7
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
3. Chengetedza Remote Software Update
3.1 Mutengesi Kushanda
Nets inoendesa zvakachengeteka Viking kubhadhara application zvigadziriso kure. Aya magadzirirwo anoitika pane imwecheteyo nzira yekutaurirana seyakachengeteka kubhadhara kutengeserana, uye mutengesi haafanirwe kuita chero shanduko kune iyi nzira yekutaurirana kuti itevedzwe.
Kuti uwane ruzivo rwese, vatengesi vanofanirwa kugadzira mutemo unogamuchirika wekushandisa matekinoroji akatarisana nevashandi, maererano negwara riri pazasi reVPN, kana kumwe kumhanyisa-kumhanya, zvigadziriso zvinogamuchirwa kuburikidza nefirewall kana firewall yako.
3.2 Gwaro Rekushandisa Rinogamuchirwa
Mutengesi anofanirwa kugadzira marongero ekushandisa akakosha-akatarisana nevashandi matekinoroji, senge modem nemidziyo isina waya. Iyi mitemo yekushandiswa inofanira kusanganisira:
· Yakajeka manejimendi mvumo yekushandisa. · Huchokwadi hwekushandisa. · Rondedzero yezvishandiso zvese uye vashandi vane mukana. · Kuisa mazita emidziyo ine muridzi. · Bata ruzivo uye chinangwa. · Kushandiswa kunogamuchirwa kwehunyanzvi. · Nzvimbo dzetiweki dzinogamuchirwa dzetekinoroji. · Rondedzero yezvigadzirwa zvakatenderwa nekambani. · Kubvumira kushandiswa kwemamodemu kune vatengesi chete pazvinenge zvichidikanwa uye kudzima mushure mekushandisa. · Kurambidzwa kwekuchengetedza makadhi ane data pane zvemuno midhiya kana yakabatana kure.
3.3 Personal Firewall
Chero "nguva dzose-pa" yekubatanidza kubva pakombuta kuenda kuVPN kana kumwe kumhanyisa-kumhanya kunofanirwa kuchengetedzwa nekushandisa wega firewall chigadzirwa. Iyo firewall inogadziriswa nesangano kuti isangane nematanho chaiwo uye isingachinjike nemushandi.
3.4 Remote Update Procedures
Pane nzira mbiri dzekukonzeresa terminal kuti ubate neNets software centre yekuvandudza:
1. Pamwe nemaoko kuburikidza nesarudzo yemenu mune terminal (swipe merchant card, sarudza menyu 8 "Software", 1 "Fetch software"), kana Host yakatanga.
2. Kushandisa Host yakatanga nzira; iyo terminal inogashira murairo kubva kune Host mushure mekunge yaita kutengeserana kwemari. Murairo unoudza terminal kuti ibate neNets software centre kuti itarise zvigadziriso.
Mushure mekubudirira kwesoftware update, terminal ine yakavakirwa-mukati printer inodhinda risiti ine ruzivo rweiyo vhezheni itsva.
Terminal integrators, vadyidzani uye/kana maNets technical support team ichava nebasa rekuzivisa vatengesi nezvekuvandudzwa, kusanganisira chinongedzo chegwaro rekushandisa rakagadziridzwa uye zvinyorwa zvekuburitsa.
Pamusoro pekugamuchira mushure mekuvandudza software, Viking yekubhadhara application inogona zvakare kusimbiswa kuburikidza neiyo Terminal Info pakudzvanya `F3′ kiyi pane terminal.
8
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
4. Kudzimwa kwakachengeteka kweSensitive Data uye Kudzivirirwa kweAkachengetwa Kadhi Data
4.1 Mutengesi Kushanda
Viking yekubhadhara application haichengete chero magineti mitsetse data, kadhi yekusimbisa kukosha kana makodhi, maPIN kana PIN block data, cryptographic kiyi zvinhu, kana cryptograms kubva kune ayo apfuura shanduro.
Kuti uve zvinoenderana nePCI, mutengesi anofanira kunge aine mutemo wekuchengeta-data uyo unotsanangura kuti data rine makadhi richachengetwa kwenguva yakareba sei. Viking yekubhadhara application inochengeta data rine makadhi uye / kana inonzwisisika yechokwadi dhata rekupedzisira kutengeserana uye kana paine kunze kwenyika kana kudzoreredzwa mvumo yekutengeserana uku uchitevedzera PCI-Secure Software Standard kutevedzera panguva imwe chete, saka inogona kuregererwa kubva mutemo wekuchengeta dhata remutengesi.
4.2 Chengetedza Delete Mirayiridzo
Iyo terminal haichengete inonzwisisika yechokwadi data; full track2, CVC, CVV kana PIN, kwete pamberi kana mushure memvumo; kunze kweDeferred Authorization transactions iyo nyaya yakavharidzirwa inonzwisisika yechokwadi data (yakazara track2 data) inochengetwa kusvika mvumo yaitwa. Tumira mvumo iyo data inobviswa zvakachengeteka.
Chero chiitiko chenhoroondo yakarambidzwa data iripo mune terminal inozodzimwa zvakachengeteka kana iyo terminal Viking yekubhadhara application yakwidziridzwa. Kudzimwa kwedata rakarambidzwa rekare uye dhata rakapfuura rekuchengetedza mutemo zvinozoitika zvoga.
4.3 Nzvimbo Dzakachengetwa Kadhi Data
Kadhi data rakachengetwa muFlash DFS (Data File System) yeiyo terminal. Iyo data haiwanikwe zvakananga nemutengesi.
Data Store (file, tafura, zvichingodaro)
Cardholder Data Elements yakachengetwa (PAN, kupera, chero zvinhu zveSAD)
Machengeterwo echitoro chedata (semufample, encryption, kuwana zvidzoreso, truncation, nezvimwewo)
File: trans.rsd
PAN, Zuva rekupera, Service Code
PAN: Yakavharidzirwa 3DES-DUKPT (112 bits)
File: storefwd.rsd PAN, Expiry Date, Service Code
PAN: Yakavharidzirwa 3DES-DUKPT (112 bits)
File: transoff.rsd PAN, Expiry Date, Service Code
PAN: Yakavharidzirwa 3DES-DUKPT (112 bits)
File: transorr.rsd Truncated PAN
Yakadimburwa (Chekutanga 6, Yekupedzisira 4)
File: offlrep.dat
Truncated PAN
Yakadimburwa (Chekutanga 6, Yekupedzisira 4)
File: defauth.rsd PAN, Zuva Rekupera, Service Code
PAN: Yakavharidzirwa 3DES-DUKPT (112 bits)
File: defauth.rsd Yakazara track2 data
Yakazara Track2 data: pre-Encrypted 3DES-DUKPT (112 bits)
9
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
4.4 Deferred Authorization Transaction
Mvumo Yakamisikidzwa inoitika kana mutengesi asingakwanise kupedzisa mvumo panguva yekutengeserana nemubati wekadhi nekuda kwekubatana, nyaya dzemasisitimu, kana zvimwe zvipimo, obva apedzisa mvumo kana achinge akwanisa kuzviita.
Izvi zvinoreva kuti mvumo yakadzoserwa inoitika kana mvumo yepamhepo yaitwa mushure mekunge kadhi risisipo. Sezvo mvumo yepamhepo yekudzoserwa mvumo yekutengeserana inonokerwa, matransferensi acho achachengetwa pane terminal kudzamara ma transaction apihwa mvumo gare gare kana network yavepo.
Matekisheni anochengetwa uye anotumirwa gare gare kumugadziri, senge machengeterwo eOffline transaction kubva nhasi muViking kubhadhara application.
Mutengesi anogona kutanga kutengeserana se `Deferred Authorization' kubva kuElectronic Cash Rejista (ECR) kana kuburikidza neyekupedzisira menyu.
Deferred Authorization transactions inogona kuiswa kuNets host nemutengesi uchishandisa sarudzo dziri pazasi: 1. ECR – Admin command – Send offline (0x3138) 2. Terminal – Merchant ->2 EOT -> 2 inotumirwa kune host
4.5 Matanho ekugadzirisa matambudziko
Tsigiro yeNets haikumbire kutendeseka kwechokwadi kana kadhi data rekugadzirisa matambudziko. Viking yekubhadhara application haigone kuunganidza kana kugadzirisa iyo inonzwisa dhata chero ipi zvayo.
4.6 PAN nzvimbo - Kuratidzwa kana kudhindwa
Masked PAN:
Mamarisiti eKutengeserana Kwemari: Masked PAN anogara akadhindwa parisiti rekutengesa kune vese vane makadhi uye mutengesi. Iyo PAN yakafukidzwa mune mazhinji emakesi ine * apo yekutanga manhamba matanhatu uye yekupedzisira manhamba mana ari mumavara akajeka.
· Transaction list report: Transaction list report inoratidza kutengeserana kwakaitwa muchikamu. Tsanangudzo yekutengeserana inosanganisira Masked PAN, Kadhi rinoburitsa zita uye huwandu hwekutengesa.
· Receipt yekupedzisira yevatengi: Ikopi yeresiti yekupedzisira yemutengi inogona kugadzirwa kubva kune terminal kopi menyu. Risiti yemutengi ine PAN yakavharidzirwa serisiti rekutanga revatengi. Basa rakapihwa rinoshandiswa kana terminal ikatadza kuburitsa risiti yemutengi panguva yekutengeserana chero chikonzero.
Encrypted PAN:
· Offline transaction risiti: Retailer risiti reti yekutengeserana pasina Indaneti inosanganisira Triple DES 112-bit DUKPT data yakavharidzirwa yemakadhi (PAN, Expiry date uye Service code).
BAX: 71448400-714484 12/08/2022 10:39
Visa Contactless ************3439-0 107A47458AE773F3A84DF977 553E3D93FFFF9876543210E0 15F3 AID: A0000000031010 TVR: 0000000000 123461 KC000004
10
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
Mhinduro: Y1 Chikamu: 782
TENGA
NOK
12,00
AKABVUMA
RETAILER COPY
Simbiso
Viking yekubhadhara application inogara ichivharidzira iyo data remune makadhi nekusarudzika kuti ichengeterwe kunze kwepamhepo transaction, kuendesa kune NETS host uye kudhinda yakavharidzirwa kadhi data parisiti yemutengesi yekutengeserana kunze kwenyika.
Zvakare, kuratidza kana kuprinda kadhi PAN, Viking kubhadhara application inogara yakavharisa iyo PAN manhamba neasterisk `*' ine Chekutanga 6 + Yekupedzisira manhamba mana akajeka sekumisikidzwa. Iyo kadhi nhamba yekudhinda fomati inodzorwa neiyo terminal manejimendi system uko kudhinda fomati inogona kuchinjwa nekukumbira kuburikidza neyakakodzera chiteshi uye nekupa bhizinesi zviri pamutemo zvinodiwa, zvisinei neViking kubhadhara application, hapana zvakadaro.
Example for masked PAN: PAN: 957852181428133823-2
Ruzivo rudiki: **************3823-2
Ruzivo rwepamusoro: 957852 ******** 3823-2
4.7 Kurumidza files
Viking yekubhadhara chikumbiro haipe chero yakaparadzana kukurumidza files.
Viking chikumbiro chekubhadhara chikumbiro chekupinza makadhi kuburikidza nekuratidzira zvinokurudzira izvo zviri chikamu chekutumira mameseji mukati meiyo yakasainwa yekubhadhara Viking chikumbiro.
Kurudziro yekuratidzira yePIN, huwandu, nezvimwe zvinoratidzwa pane terminal, uye zvemukati memakadhi zvakamirirwa. Izvo zvakagamuchirwa kubva kumubati wemakadhi hazvina kuchengetwa.
4.8 Kutungamira kwakakosha
Kune iyo Tetra mhando yemamodhi ekupedzisira, mashandiro ese ekuchengetedza anoitwa munzvimbo yakachengeteka yePTS mudziyo wakadzivirirwa kubva kune yekubhadhara application.
Encryption inoitwa mukati menzvimbo yakachengeteka nepo decryption yeiyo encryption data inogona kuitwa chete neNets Host masisitimu. Yese kiyi yekutsinhana pakati peNets host, Kiyi / Inject tool (yeTetra terminals) uye iyo PED inoitwa mu encrypted fomu.
Matanho eKiyi Management anoitwa neNets zvinoenderana neDUKPT chirongwa uchishandisa 3DES encryption.
Ese makiyi uye makiyi ezvikamu anoshandiswa neNets terminals anogadzirwa uchishandisa zvakabvumidzwa zvisina kujairika kana pseudorandom maitiro. Makiyi uye zvikamu zvakakosha zvinoshandiswa neNets zviteshi zvinogadzirwa neNets kiyi manejimendi system, iyo inoshandisa yakatenderwa Thales Payshield HSM mauniti kugadzira cryptographic kiyi.
11
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
Iyo yakakosha manejimendi yakazvimirira pane yekubhadhara kushanda. Kurodha application nyowani hakudi shanduko kune kiyi mashandiro. Iyo terminal kiyi nzvimbo inotsigira yakatenderedza 2,097,152 kutengeserana. Kana iyo kiyi nzvimbo yapera, Viking terminal inomira kushanda uye inoratidza mhosho meseji, uye ipapo iyo terminal inofanira kutsiviwa.
4.9 `24 HR' Reboot
Ese maViking materminal PCI-PTS 4.x uye pamusoro uye nekudaro anotevera zvinodiwa kuti PCI-PTS 4.x terminal itangezve zvishoma kamwe chete maawa makumi maviri nemana ega ega kupukuta RAM uye nekuwedzera chengetedzo terminal HW kubva kushandiswa kuwana mubhadharo. kadhi data.
Imwe bhenefiti yeiyo `24hr' re-boot kutenderera ndeyekuti ndangariro inodonha inodzikiswa uye ine kushomeka kune mushambadzi (kwete kuti isu tinofanirwa kugamuchira ndangariro dzinodonha nyaya.
Mutengesi anogona kuseta iyo reboot nguva kubva kune terminal Menu sarudzo ku `Reboot Nguva'. Nguva yekudzokorodza inogadzikwa pane `24hr' wachi uye inotora iyo fomati HH: MM.
Iyo Reset michina yakagadzirirwa kuve nechokwadi chekugadzirisazve terminal kanokwana kamwechete pamaawa makumi maviri nemana achimhanya. Kuzadzisa chinodiwa ichi nguva, inonzi "reset interval" inomiririrwa naTmin uye Tmax yakatsanangurwa. Iyi nguva inomiririra nguva yenguva iyo kugadzirisa zvakare kunobvumirwa. Zvichienderana nekesi yebhizinesi, iyo "reset interval" inogadziriswa panguva yekupedzisira yekuisa chikamu. Nekugadzira, nguva iyi haigone kupfupika kupfuura maminitsi makumi matatu. Munguva iyi, kudzoreredza kunoitika zuva rega rega 24 maminetsi apfuura (paT30) sezvakatsanangurwa nemufananidzo uri pazasi:
4.10 Whitelisting
Whitelisting inzira yekuona kuti maPAN akanyorwa sevachena anotenderwa kuratidzwa mumavara akajeka. Viking inoshandisa minda mitatu yekuona maPAN akacheneswa ayo anoverengwa kubva kune zvigadziriso zvakatorwa kubva kune terminal manejimendi system.
Kana `Mureza wekuteerera' muNets host waiswa kuY, ruzivo kubva kuNets Host kana Terminal management system inotorwa kuterminal, kana terminal yatanga. Mureza weCompliance uyu uri kushandiswa kuona maPAN akacheneswa ayo anoverengwa kubva mudataset.
`Track2ECR' mureza inotarisa kana data reTrack2 richitenderwa kubatwa (kutumirwa/kugamuchirwa) neECR kune anenge apihwa. Zvichienderana nekukosha kwemureza uyu, zvinotariswa kana iyo track2 data ichifanira kuratidzwa mune yemuno modhi paECR.
`Print fomati ndima' inosarudza kuti PAN icharatidzwa sei. Iwo makadhi ari muPCI chiyero achave ese akadhinda fomati akaiswa kuratidza iyo PAN mune truncated/masked fomu.
12
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
5. Authentication uye Access Controls
5.1 Kupinda Kudzora
Iyo Viking yekubhadhara application haina maakaundi evashandisi kana mapassword anoenderana saka, iyo Viking yekubhadhara application inoburitswa pane ichi chinodiwa.
· ECR Integrated setup: Hazvigoneke kuwana ma transaction marudzi seRefund, Deposit uye Reversal kubva kune terminal menyu kuita kuti mabasa aya achengetedzeke kubva mukushandiswa zvisizvo. Aya ndiwo marudzi ekutengeserana uko kuyerera kwemari kunoitika kubva kuaccount yemutengesi kuenda kuaccount yemuridzi wemakadhi. Ibasa remutengesi kuona kuti ECR inoshandiswa chete nevashandisi vane mvumo.
· Standalone setup: Mutengesi kadhi yekuwana kudzora ndeye default inogoneswa kuwana mhando dzekutengesa senge Refund, Dhipoziti uye Reversal kubva kune terminal menyu kuita kuti mabasa aya achengetedzeke kubva mukushandiswa zvisizvo. Iyo Viking terminal inogadziriswa nekusarudzika kuchengetedza menyu sarudzo, kudzivirira kupinda kusingatenderwe. Iwo maparamita ekugadzirisa iyo menyu chengetedzo inowira pasi peMerchant Menu (inowanikwa neMerchant kadhi) -> Parameters -> Chengetedzo.
Dzivirira menyu Gadzirira ku `Hongu' nekusarudzika. Bhatani remenu pane terminal rinodzivirirwa uchishandisa Dzivirira menyu kumisikidza. Menyu inogona kuwanikwa chete neMutengesi uchishandisa kadhi remutengesi.
13
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
Dzivirira kudzoserwa Gadzirira ku `Hongu' nekukasira. Kudzosera kumashure kutengeserana kunogona kuitwa chete nemutengesi achishandisa kadhi remutengesi kuwana menyu inodzoserwa.
Dzivirira kuyananiswa Gadzikwa ku `Hongu' nekusarudzika Sarudzo yeKuyananisa inogona kuwanikwa chete nemutengesi ane kadhi remutengesi kana dziviriro iyi yaiswa kuti ichokwadi.
Dzivirira Shortcut Set ku `Hongu' by default Shortcut menyu ine sarudzo dze viewing Terminal Info uye sarudzo yekuvandudza Bluetooth paramita ichave iripo kumutengesi chete kana kadhi remutengesi rikatsvaira.
14
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
5.2 Password Controls
Iyo Viking yekubhadhara application haina mushandisi maakaundi kana anoenderana mapassword; saka, iyo Viking application haina kuregererwa pane ichi chinodiwa.
6. Kutema miti
6.1 Mutengesi Kushanda
Parizvino, yeNets Viking yekubhadhara application, hapana yekupedzisira-mushandisi, inogadziriswa PCI log marogi.
6.2 Gadzirisa Rogi Settings
Iyo Viking yekubhadhara application haina mushandisi maakaundi, saka PCI inopindirana nematanda haishande. Kunyangwe mune yakanyanya verbose transaction yekutema iyo Viking yekubhadhara application haitore chero yakavanzika yechokwadi data kana kadhi data.
6.3 Central Logging
Iyo terminal ine generic log mechanism. Iyo meshini inosanganisirawo kutema matanda ekugadzira uye kudzima kweS / W inogoneka.
S/W kurodha zviitiko zvakarogwa uye zvinogona kuendeswa kune Host mawoko kuburikidza nemenu-sarudzo mune terminal kana pakukumbira kubva kumugadziri akamisikidzwa mune zvakajairika transaction traffic. Kana S/W kudhawunirodha activation ikatadza nekuda kwekusaina masiginecha edhijitari pane yakagamuchirwa files, chiitiko chinorogwa uye choendeswa kune Host otomatiki uye nekukasira.
6.4 6.3.1 Gonesa kuronda Kutema paterminal
Kugonesa trace logging:
1 Swipe Merchant kadhi. 2 Wobva wasarudza "9 System menyu". 3 Wobva waenda kumenyu "2 System Log". 4 Nyora kodhi yehunyanzvi, iyo yaunogona kuwana nekufonera Nets Merchant Service rutsigiro. 5 Sarudza "8 Parameters". 6 Wobva wagonesa "Logging" ku "Hongu".
6.5 6.3.2 Tumira trace Logs kune muridzi
Kutumira trace logs:
1 Dzvanya kiyi yeMenu pane terminal uye wobva wa Swipe Merchant kadhi. 2 Wobva wasarudza "7 Operator menyu". 3 Wobva wasarudza "5 Send Trace Logs" kutumira matanda ekutsvaga kune anotambira.
15
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
6.6 6.3.3 kutema matanda kure
Iyo parameter yakaiswa muNets Host (PSP) iyo inogonesa / kudzima iyo Terminal's trace regging performance kure. Nets Host inotumira Trace inogonesa / kudzima kutema paramende kune Terminal muData yakaiswa pamwe nenguva yakarongwa apo Terminal ichaisa Trace logs. Kana terminal ikagashira Trace parameter sezvainogoneswa, yaizotanga kutora Trace logs uye panguva yakarongwa ichaisa ese matrace logs uye kudzima basa rekutema matanda ipapo.
6.7 6.3.4 kuremote kukanganisa kukanganisa
Error logs anogara achigoneswa pane terminal. Kufanana nekutsvaga matanda, paramende inoiswa muNets Host iyo inogonesa / kudzima Terminal kukanganisa kwekutema matanda kure. Nets Host inotumira Trace inogonesa / kudzima kutema dhizaini kuTeminari muData yakaiswa pamwe nenguva yakarongwa apo Terminal ichaisa Error logs. Kana terminal ikagashira Kukanganisa kutema paramende sekugoneswa, yaizotanga kutora Error logs uye panguva yakarongwa ichaisa ese ekukanganisa matanda uye kudzima basa rekutema matanda ipapo.
7. Wireless Networks
7.1 Mutengesi Kushanda
Viking kubhadhara terminal - MOVE 3500 uye Link2500 vane kugona kubatana neWi-Fi network. Naizvozvo, kuti Wireless ishandiswe zvakachengeteka, kufunga kunofanirwa kutorwa paunenge uchiisa uye nekugadzirisa iyo isina waya network sekutsanangurwa pazasi.
7.2 Yakakurudzirwa Wireless Configurations
Pane zvakawanda zvinotariswa uye matanho ekutora kana uchigadzira mawireless network akabatana netiweki yemukati.
Pazvishoma, zvinotevera zvigadziriso uye zvigadziriso zvinofanirwa kunge zviripo:
· Manetiweki ese asina waya anofanirwa kupatsanurwa uchishandisa firewall; kana kubatanidza pakati pewireless network nekadhi yedata data nharaunda ichidikanwa, kupinda kunofanirwa kudzorwa uye kuchengetedzwa nefirewall.
· Shandura iyo yakasarudzika SSID uye dzima SSID kutepfenyura · Shandura mapassword akasarudzika ese ekubatanidza isina waya uye isina waya yekuwana nzvimbo, izvi zvinosanganisira con-
kupinda chete pamwe chete netambo dzenharaunda dzeSNMP · Shandura chero zvimwe zvisizvo zvekuchengetedza zvakapihwa kana kusetwa nemutengesi · Iva nechokwadi chekuti nzvimbo dzekupinda dzisina waya dzakagadziridzwa kune ichangoburwa firmware · Shandisa WPA kana WPA2 chete nemakiyi akasimba, WEP inorambidzwa uye haifanire kushandiswa. · Shandura makiyi eWPA/WPA2 pakugadzwa uye nguva nenguva uye chero munhu ane
ruzivo rwekiyi runosiya kambani
16
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
8. Network Segmentation
8.1 Mutengesi Kushanda
Iyo Viking yekubhadhara application haisi server-yakavakirwa kubhadhara application uye inogara pane terminal. Nechikonzero ichi, chikumbiro chekubhadhara hachidi chero shanduko kuti isangane nechinodiwa ichi. Paruzivo rwemutengesi, data yekadhi rechikwereti haigone kuchengetwa pamasisitimu akabatana neInternet. For example, web maseva nemaseva edatabase hazvifanirwe kuiswa pane imwechete server. Demilitarized zone (DMZ) inofanirwa kumiswa kuti iparadze network kuitira kuti michina iri paDMZ chete ndiyo iwanikwe paInternet.
9. Remote Access
9.1 Mutengesi Kushanda
Viking kubhadhara application haigone kuwanikwa kure. Rutsigiro rwekure rwunoitika chete pakati pemushandi weNets anotsigira nemutengesi parunhare kana nemaNet zvakananga panzvimbo nemutengesi.
10.Kutumirwa kweSensitive data
10.1 Kufambiswa kweSensitive data
Viking yekubhadhara application inochengetedza data rakadzikama uye/kana kadhi data mukufambisa uchishandisa meseji-level encryption uchishandisa 3DES-DUKPT (112 bits) kune ese kutapurirana (kusanganisira veruzhinji network). Chengetedzo Protocols ye IP kutaurirana kubva kuViking application kune Host haidiwe sezvo meseji-level encryption inoitwa uchishandisa 3DES-DUKPT (112-bits) sezvatsanangurwa pamusoro. Iyi encryption scheme inovimbisa kuti kunyangwe kana kutengeserana kukabatwa, hakugone kugadziridzwa kana kukanganiswa neimwe nzira kana 3DES-DUKPT (112-bits) ikaramba ichionekwa seyakasimba encryption. Sezviri paDUKPT kiyi manejimendi chirongwa, kiyi ye3DES inoshandiswa yakasarudzika kune yega yega kutengeserana.
10.2 Kugovera Sensitive data kune imwe software
Iyo Viking yekubhadhara application haipe chero inonzwisisika interface (s) / APIs kuti igone kugovera iyo cleartext account data zvakananga neimwe software. Hapana data inonzwisisika kana cleartext account data inogovaniswa neimwe software kuburikidza neakafumurwa APIs.
10.3 Email uye Sensitive data
Viking yekubhadhara application haitsigire kutumira email.
10.4 Non-Console Administrative Access
Viking haitsigire isiri-Console administrative kuwana. Nekudaro, kune ruzivo rwemutengesi rwese, iyo isiri-Console manejimendi yekuwana inofanirwa kushandisa SSH, VPN, kana TLS ye encryption yeese asiri-console manejimendi yekuwana maseva munzvimbo yedhata yemakadhi. Telnet kana dzimwe nzira dzisina kuvharidzirwa dzekuwana hadzifanirwe kushandiswa.
17
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
11. Viking Versioning Methodology
Nzira yeshanduro yeNets ine zvikamu zviviri zveS/W nhamba yeshanduro: a.bb
uko `a' ichawedzerwa kana yakakwira shanduko shanduko inoitwa sePCI-Secure Software Standard. a - huru vhezheni (1 digit)
`bb' ichawedzerwa kana yakaderera maitiro akarongwa shanduko inoitwa sePCI-Secure Software Standard. bb - diki vhezheni (2 manhamba)
Iyo Viking yekubhadhara application S/W vhezheni nhamba inoratidzwa seizvi pane terminal skrini kana iyo terminal inokwidziridzwa: `abb'
· Iyo yekuvandudza kubva semuenzaniso, 1.00 kusvika 2.00 yakakosha inoshanda update. Inogona kusanganisira shanduko dzine chekuita pakuchengetedza kana PCI Secure Software Standard zvinodiwa.
· Iyo yekuvandudza kubva semuenzaniso, 1.00 kusvika 1.01 isiri-yakakosha basa rekuvandudza. Iyo inogona kunge isingasanganisire shanduko ine chekuita pakuchengetedza kana PCI Chengetedza Software Standard zvinodiwa.
Shanduko dzese dzinomiririrwa mukutevedzana kwenhamba.
12. Mirayiridzo pamusoro peKuiswa Kwakachengeteka kwePatches uye Updates.
Mambure anounza zvakachengeteka maapplication ekubhadhara ari kure. Aya magadzirirwo anoitika pane imwecheteyo nzira yekutaurirana seyakachengeteka kubhadhara kutengeserana, uye mutengesi haafanirwe kuita chero shanduko kune iyi nzira yekutaurirana kuti itevedzwe.
Kana paine chigamba, maNet anovandudza chigamba vhezheni paNets Host. Mutengesi aiwana zvigamba kuburikidza neotomatiki S/W yekurodha chikumbiro, kana mutengesi anogona zvakare kutanga kurodha software kubva kune terminal menyu.
Kuti uwane ruzivo rwese, vatengesi vanofanirwa kugadzira mutemo unogamuchirika wekushandisa matekinoroji akatarisana nevashandi, maererano negwara riri pazasi reVPN kana kumwe kumhanyisa-kumhanya, zvigadziriso zvinogamuchirwa kuburikidza nefirewall kana vashandi firewall.
Iyo Nets host inowanikwa kuburikidza neinternet uchishandisa yakachengeteka kuwana kana netiweki yakavharwa. Nenetiweki yakavharwa, mupi wetiweki ane chinongedzo chakananga kune yedu yekugara nharaunda inopihwa kubva kune yavo network network. Iwo materminal anotungamirwa kuburikidza neNet terminal manejimendi masevhisi. Iyo terminal manejimendi sevhisi inotsanangura kune exampnharaunda iyo terminal ndeyayo uye anowana ari kushandiswa. Terminal manejimendi zvakare ine basa rekusimudzira terminal software kure netiweki. Mambure anovimbisa kuti software yakaiswa kune terminal yapedza zvitupa zvinodiwa.
Mambure anokurudzira macheki mapoinzi kune vese vatengi vayo kuti ave nechokwadi chekubhadhara kwakachengeteka uye kwakachengeteka sezvakanyorwa pazasi: 1. Chengetedza runyoro rwese mashandiro ekubhadhara zviteshi uye tora mapikicha kubva kune ese mativi kuti iwe uzive kuti ivo vanofanirwa kutaridzika sei. 2. Tarisa zviratidzo zviri pachena zvetampering sezvisimbiso zvakatyoka pamusoro pekuvhara mahwendefa kana screws, odd kana akasiyana cabling kana mudziyo mutsva wehardware wausingazive. 3. Chengetedza materminals ako kuti asasvike kwevatengi kana asiri kushandiswa. Ongorora zviteshi zvako zvekubhadhara zuva nezuva uye zvimwe zvishandiso zvinogona kuverenga makadhi ekubhadhara. 4. Iwe unofanirwa kutarisa kuzivikanwa kwevashandi vekugadzirisa kana uri kutarisira chero kubhadhara kwekugadzirisa kugadzirisa. 5. Fonera maNet kana bhangi rako nekukurumidza kana uchifungidzira chero chiitiko chisingaoneki. 6. Kana uchitenda kuti mudziyo wako wePOS uri panjodzi yekubirwa, saka pane ma cradles esevhisi uye maharnees akachengeteka uye tethers zviripo kuti utengerwe zvekutengesa. Zvingave zvakakodzera kufunga nezvekushandisa kwavo.
18
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
13.Viking Release Updates
Iyo Viking software inoburitswa mune anotevera kuburitswa kutenderera (zvichienderana nekuchinja):
· 2 makuru anoburitswa pagore · 2 madiki anoburitswa pagore · Zvigamba zveSoftware, sezvinenge zvichidikanwa, (semuenzaniso nekuda kwechero dambudziko rebug/kusagadzikana). Kana a
kuburitswa kunoshanda mumunda uye imwe nyaya yakakosha (s) inoshumwa, ipapo software chigamba chine gadziriso chinotarisirwa kuburitswa mukati memwedzi mumwe chete.
Vatengesi vaizoziviswa nezve zvaburitswa (zvikuru/zvidiki/chigamba) kuburikidza nemaemail ayo aizotumirwa zvakananga kune avo eemail kero. Iyo email ichave zvakare iine makuru makuru ekuburitsa uye kuburitsa manotsi.
Vatengesi vanogona zvakare kuwana zvinyorwa zvekuburitsa izvo zvichaiswa pa:
Manotsi ekuburitswa kwesoftware (nets.eu)
Kuburitswa kweViking Software kunosainwa pachishandiswa Ingenico's kuimba chishandiso cheTetra terminals. Chete software yakasainwa ndiyo inogona kuiswa pane terminal.
14. Not-Inoshanda zvinodiwa
Ichi chikamu chine rondedzero yezvinodiwa muPCI-Chengetedza Software Standard iyo yakaongororwa se `Haishandiswe' kune iyo Viking yekubhadhara application uye kupembedza kweizvi.
PCI Chengetedza Software Standard
CO
Chiitiko
Chikonzero chekuve `chisingashandiswe'
5.3
Nzira dzechokwadi (kusanganisira chikamu cre- Viking kubhadhara chikumbiro chinomhanya paPCI yakabvumidzwa PTS POI
dentials) yakasimba zvakakwana uye yakasimba kune mudziyo.
chengetedza magwaro echokwadi kubva pakuve
yakaumbwa, yakashatiswa, yakadonhedza, kufungidzira, kana kutenderedzwa- Viking yekubhadhara application haipe yemuno, isiri-console.
vented.
kana kusvika kure, kana mwero weropafadzo, saka hapana
zvitupa muPTS POI mudziyo.
Viking yekubhadhara application haipe zvigadziriso zvekugadzirisa kana kugadzira maID evashandisi uye haipe chero yemuno, isiri-console kana kure kuwana kune yakakosha zvinhu (kunyangwe nezvinangwa zvekugadzirisa).
5.4
Nekumisikidza, kuwana kwese kuzvinhu zvakakosha kunoitwa zvakare-
Viking kubhadhara chikumbiro chinomhanya paPCI yakabvumidzwa PTS POI
yakaomeswa kune iwo chete maakaunti uye sevhisi mudziyo.
izvo zvinoda kuwana kwakadaro.
Viking yekubhadhara application haipe marongero kune
maneja kana kugadzira maakaundi kana masevhisi.
7.3
Nhamba dzese dzisina kujairika dzinoshandiswa nesoftware ndeye Viking kubhadhara application haishandise chero RNG (random
inogadzirwa ichishandisa chete yakatenderwa nhamba-nhamba jenareta) yemabasa ayo encryption.
ber generation (RNG) algorithms kana maraibhurari.
19
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
Yakatenderwa RNG algorithms kana maraibhurari ndeaya anosangana neindasitiri zviyero zvekusafungira kwakakwana (semuenzaniso, NIST Special Publication 800-22).
Viking yekubhadhara application haiburitse kana kushandisa chero nhamba dzisina kujairika dzecryptographic mabasa.
7.4
Random tsika dzine entropy inosangana neViking kubhadhara application haishandise chero RNG (random
zvishoma zvinoshanda simba zvinodiwa zvenhamba jenareta) kune yayo encryption mabasa.
iyo cryptographic primitives uye makiyi anovimba
pavari.
Viking kubhadhara application haiburitse kana kushandisa chero
nhamba dzisina kujairika dze cryptographic mabasa.
8.1
Kwese kuedza kwekuwana uye kushandiswa kwezvinhu zvakakosha Viking kubhadhara application inomhanya paPCI yakabvumidzwa PTS POI
inotevedzwa uye inoteedzerwa kune yakasarudzika munhu. madivayiri, uko zvese zvakakosha zvekushandisa zvinhu zvinoitika, uye iyo
PTS POI firmware inovimbisa kuvanzika uye kutendeseka kwese-
sitive data ichichengetwa mukati mePTS POI mudziyo.
Kuvanzika kweViking kubhadhara application yakavanzika, kutendeseka uye kusimba kunodzivirirwa uye kunopihwa nePTS POI firmware. Iyo PTS POI firmware inodzivirira chero kuwana kune zvakakosha zvinhu kunze kweiyo terminal uye inovimba ne-anti-t.ampering features.
Viking yekubhadhara chikumbiro haipe yemuno, isiri-console kana kure yekuwana, kana mwero weropafadzo, saka hapana munhu kana mamwe masisitimu ane mukana wekuwana zvinhu zvakakomba, chete Viking kubhadhara application inokwanisa kubata zvakakomba zvinhu.
8.2
Zvese zviitiko zvinotorwa zvakakwana uye zvinodiwa- Viking kubhadhara application inomhanya paPCI yakabvumidzwa PTS POI
sary tsanangudzo yekunyatsotsanangura kuti ndezvipi zvishandiso.
mabasa akaitwa, avo vakaita
iwo, nguva yaakaitwa, uye
Viking yekubhadhara application haipe yemuno, isiri-console
izvo zvakakosha zvinhu zvakakanganiswa.
kana kuwana kure, kana mwero weropafadzo, saka hapana
munhu kana mamwe masisitimu ane mukana wezvinhu zvakakosha, chete
Viking kubhadhara application inokwanisa kubata zvakakosha zvinhu.
· Viking kubhadhara chikumbiro hachipi ropafadzo nzira dzekushanda.
· Iko hakuna mabasa ekudzima encryption ye data inonzwisisika
· Iko hakuna mabasa e decryption ye data inonzwisisika
· Iko hakuna mabasa ekutumira kunze data inonzwisisika kune mamwe masisitimu kana maitiro
· Iko hakuna maficha echokwadi anotsigirwa
Chengetedzo dzinodzora uye mashandiro ekuchengetedza hazvigone kudzimwa kana kudzimwa.
8.3
Iyo software inotsigira kuchengetedzwa kwakachengeteka kwe de- Viking kubhadhara application inomhanya paPCI yakabvumidzwa PTS POI
tailed marekodhi ekuita.
zvishandiso.
20
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
8.4 B.1.3
Viking yekubhadhara application haipe yemuno, isiri-console kana kure kure, kana mwero weropafadzo, nekudaro hapana munhu kana mamwe masisitimu ane mukana wekuwana zvinhu zvakakosha, chete Viking kubhadhara application inokwanisa kubata zvakakomba zvinhu.
· Viking kubhadhara chikumbiro hachipi ropafadzo nzira dzekushanda.
· Iko hakuna mabasa ekudzima encryption ye data inonzwisisika
· Iko hakuna mabasa e decryption ye data inonzwisisika
· Iko hakuna mabasa ekutumira kunze data inonzwisisika kune mamwe masisitimu kana maitiro
· Iko hakuna maficha echokwadi anotsigirwa
Chengetedzo dzinodzora uye mashandiro ekuchengetedza hazvigone kudzimwa kana kudzimwa.
Iyo software inobata kutadza mukuita-yekuteedzera nzira dzekuti kutendeseka kwemarekodhi emabasa aripo kunochengetedzwa.
Viking kubhadhara application inomhanya paPCI yakatenderwa PTS POI zvishandiso.
Viking yekubhadhara application haipe yemuno, isiri-console kana kure kure, kana nhanho yeropafadzo, nekudaro hapana munhu kana mamwe masisitimu ane mukana wekuwana zvinhu zvakakosha, Viking application chete ndiyo inokwanisa kubata zvakakomba zvinhu.
· Viking kubhadhara chikumbiro hachipi ropafadzo nzira dzekushanda.
· Iko hakuna mabasa ekudzima encryption ye data inonzwisisika
· Iko hakuna mabasa e decryption ye data inonzwisisika
· Iko hakuna mabasa ekutumira kunze data inonzwisisika kune mamwe masisitimu kana maitiro
· Iko hakuna maficha echokwadi anotsigirwa
· Chengetedzo dzinodzora uye mashandiro ekuchengetedza haagone kudzimwa kana kudzimwa.
Mutengesi wesoftware anochengeta zvinyorwa zvinotsanangura zvese zvinogadziriswa zvingangokanganisa kuchengetedzeka kwe data rakavanzika.
Viking kubhadhara application inomhanya paPCI yakatenderwa PTS POI zvishandiso.
Viking yekubhadhara application haipe chero ipi yeinotevera kune yekupedzisira vashandisi:
· inogadziriswa sarudzo yekuwana kune yakavanzika data
21
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
B.2.4 B.2.9 B.5.1.5
· inogadzirika sarudzo yekushandura masisitimu ekuchengetedza data rakavanzika
· Kusvika kure kune application
· zvigadziriso zviri kure zvekushandisa
· inogadzirika sarudzo yekushandura default marongero echishandiso
Iyo software inoshandisa chete yakasarudzika nhamba yekugadzira basa (s) inosanganisirwa mune yekubhadhara terminal's PTS mudziyo ongororo yezvese cryptographic mashandiro anosanganisira akavanzika data kana mabasa anonzwisa tsitsi panodiwa zvisina mwero uye haiite zvayo.
Viking haishandise chero RNG (random nhamba jenareta) kune yayo encryption mabasa.
Viking application haiburitse kana kushandisa chero nhamba dzisina kujairika dzecryptographic mabasa.
random nhamba yekugadzira basa (s).
Kutendeseka kwesoftware nekukurumidza files inodzivirirwa maererano neControl Objective B.2.8.
Zvese zvinokurumidza kuratidzwa paViking terminal zvakavharirwa mukushandisa uye hapana kukurumidza files aripo kunze kwekushandisa.
Hapana kukurumidza files kunze kweViking kubhadhara application iripo, ruzivo rwese rwunodiwa runogadzirwa neapp.
Nhungamiro yekushandisa inosanganisira mirairo kune vanobatana kuti vasaine cryptographically kusaina zvese nekukurumidza files.
Zvese zvinokurudzira zvinoratidzwa paViking terminal zvakavharirwa mukushandisa uye hapana kukurumidza files aripo kunze kwekushandisa.
Hapana kukurumidza files kunze kweViking kubhadhara application iripo, ruzivo rwese rwunodiwa runogadzirwa neapp
22
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
15. PCI Secure Software Standard Requirements Reference
Zvitsauko mugwaro rino 2. Chengetedza Kubhadhara Kunyorera
PCI Chengetedza Software Standard Zvinodiwa
B.2.1 6.1 12.1 12.1.b
PCI DSS zvinodiwa
2.2.3
3. Chengetedza Remote Software
11.1
Updates
11.2
12.1
1&12.3.9 2, 8, & 10
4. Kudzimwa kwakachengeteka kweSensitive Data uye Kudzivirirwa kweAkachengetwa Kadhi Data
3.2 3.4 3.5 A.2.1 A.2.3 B.1.2a
Kutendesa uye Zvidzoreso zvekupinda 5.1 5.2 5.3 5.4
3.2 3.2 3.1 3.3 3.4 3.5 3.6
8.1 & 8.2 8.1 & 8.2
Kutema miti
3.6
10.1
8.1
10.5.3
8.3
Wireless Network
4.1
1.2.3 & 2.1.1 4.1.1 1.2.3, 2.1.1,4.1.1
Network Segmentation Remote Access Transmission yeCardholder Data
4.1c
B.1.3
A.2.1 A.2.3
1.3.7
8.3
4.1 4.2 2.3 8.3
Viking Versioning Methodology
11.2 12.1.b
Mirayiridzo yevatengi nezve 11.1
kuiswa kwakachengeteka kwezvigamba uye 11.2
updates.
12.1
23
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
16. Tsanangudzo yeMatemu
TERM Muridzi weKadhi data
DUKPT
3DES Mutengesi SSF
PA-QSA
DEFINITION
Mutsetse wakazara wemagineti kana PAN pamwe nechero ipi inotevera: · Zita reMuridzi weKadhi · Zuva rekupera · Service Code
Derived Unique Key Per Transaction (DUKPT) ndiyo yakakosha manejimendi chirongwa umo kune yega yega yekutengeserana, yakasarudzika kiyi inoshandiswa iyo inotorwa kubva kune yakagadziriswa kiyi. Naizvozvo, kana kiyi yakatorwa ikakanganiswa, remangwana uye rekare data rekutengesa richiri kuchengetedzwa sezvo makiyi anotevera kana epamberi haagone kutsanangurwa zviri nyore.
Mune cryptography, Triple DES (3DES kana TDES), zviri pamutemo Triple Data Encryption Algorithm (TDEA kana Triple DEA), iri symmetric-kiyi block cipher, iyo inoshandisa iyo DES cipher algorithm katatu kune yega yega data block.
Wekupedzisira mushandisi uye mutengi wechigadzirwa cheViking.
Iyo PCI Software Security Framework (SSF) muunganidzwa wezviyero uye zvirongwa zveyakachengeteka dhizaini uye kusimudzira kwekubhadhara software. Chengetedzo yesoftware yekubhadhara chikamu chakakosha chekuyerera kwekubhadhara uye kwakakosha kufambisa kutengeserana kwakavimbika uye kwakaringana kubhadhara.
Payment Application Yakakodzera Chengetedzo Vaongorori. Kambani yeQSA inopa masevhisi kune vatengesi vezvikumbiro zvekubhadhara kusimbisa zvikumbiro zvekubhadhara zvevatengesi.
SAD (Sensitive Authentication Data)
Ruzivo-rune chekuita nechengetedzo (Kadhi Rokusimbisa Makodhi/Makodhi, yakazara track data, maPIN, uye PIN Mabhuroki) anoshandiswa kuratidza vane makadhi, vachionekwa mune zviri pachena kana neimwe nzira isina kudzivirirwa. Kuburitsa, kugadziridzwa, kana kuparadzwa kweruzivo urwu kunogona kukanganisa kuchengetedzeka kwekriptographic mudziyo, system yeruzivo, kana ruzivo rwemune makadhi kana kuti inogona kushandiswa mukutengesa kwechitsotsi. Sensitive Authentication Data haifanire kuchengetwa kana kutengeserana kwapera.
Viking HSM
Iyo software chikuva chinoshandiswa neNets yekuvandudza application kumusika weEurope.
Hardware kuchengetedza module
24
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
17. Document Control
Munyori wezvinyorwa, Reviewers uye Vanobvumira
Tsanangudzo SSA Development Compliance Manager System Architect QA Muridzi Wechigadzirwa Maneja Injiniya Director
Basa Reviewer Munyori Reviewer & Anotendera Reviewer & Anotendera Reviewer & Anotendera Reviewer & Anotendera Maneja maneja
Name Claudio Adami / Flavio Bonfiglio Sorans Aruna Panicker Arno Eksström Shamsher Singh Varun Shukla Arto Kangas Eero Kuusinen Taneli Valtonen
Summary of Changes
Shanduro Nhamba 1.0
1.0
1.1
Version Date 03-08-2022
15-09-2022
20-12-2022
Chimiro Chekuchinja
Yekutanga Shanduro yePCI-Secure Software Standard
Yakagadziridzwa chikamu 14 nezvisinga shandiswe zvibodzwa zvekutonga nezvikonzero zvavo
Zvikamu zvakagadziridzwa 2.1.2 uye 2.2
neSelf4000.
Yakabviswa
Link2500 (PTS shanduro 4.x) kubva ku
inotsigirwa terminal list
Shandura Munyori Aruna Panicker Aruna Panicker
Aruna Panicker
Reviewer
Zuva Rakabvumirwa
Shamsher Singh 18-08-22
Shamsher Singh 29-09-22
Shamsher Singh 23-12-22
1.1
05-01-2023 Yakagadziridzwa chikamu 2.2 ne Link2500 Aruna Panicker Shamsher Singh 05-01-23
(pts v4) yekuenderera mberi nerutsigiro
kune iyi terminal mhando.
1.2
20-03-2023 Yakavandudzwa chikamu 2.1.1 neLatvian Aruna Panicker Shamsher Singh 21-04-23
uye Lithuanian terminal profiles.
Uye 2.1.2 neBT-iOS communica-
tion mhando rutsigiro
2.0
03-08-2023 Shanduro yekuburitsa yakagadziridzwa kuAruna Panicker Shamsher Singh 13-09-23
2.00 mumusoro/muzasi.
Yakagadziridzwa chikamu 2.2 neitsva
Move3500 hardware uye firmware
shanduro. Yakagadziridzwa chikamu 11 che
'Viking Versioning Methodology'.
Yakagadziridzwa chikamu 1.3 neizvino
vhezheni yePCI SSS inodiwa
guide. Yakagadziridzwa chikamu 2.2 chekuwedzera-
ported terminals yakabviswa isina kutsigirwa-
ported hardware shanduro kubva ku
list.
2.0
16-11-2023 Visual (CVI) update
Leyla Avsar
Arno Eksström 16-11-23
25
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
Distribution List
Zita Terminal Department Product Management
Kuvandudza Basa, Muedzo, Project Management, Compliance Terminal Product Management Team, Compliance Manager Chigadzirwa
Zvinyorwa Zvibvumirano
Zita Arto Kangas
Basa Chigadzirwa Muridzi
Gwaro Review Zvirongwa
Gwaro iri richava reviewed uye yakagadziridzwa, kana zvichidikanwa, sezvinotsanangurwa pazasi:
Sezvinodiwa kugadzirisa kana kuwedzera ruzivo rwemukati · Kutevera chero shanduko yesangano kana kugadzirisa patsva · Kutevera regoreview · Kutevera kushandiswa kwekusagadzikana · Kutevera ruzivo rutsva / zvinodiwa maererano nekusagadzikana kwakakodzera
26
PCI-Secure Software Standard Vendor Implementation Guide v2.0 yeViking Terminal 2.00
Zvinyorwa / Zvishandiso
 |
mambure PCI-Secure Standard Software [pdf] Bhuku reMushandisi PCI-Secure Standard Software, PCI-Yakachengeteka, Standard Software, Software |
