P2PE implementation

This section describes how IPC is implemented for Point-to-point Encryption (P2PE) solution, covering Domain 1: Encryption Device and Application Management and its IPC implementation. IPC provides an installer for P2PE Merchants that has implemented all below mentioned requirements.

Domain 1 : Encryption Device and Application Management

Requirement 1A: Account data must be encrypted in equipment that is resistant to physical and logical compromise

  • 1A-1 PCI-approved POI devices with SRED are used for transaction acceptance

  • 1A-2 Applications on POI devices with access to clear-text account data are assessed per Domain 2 before being deployed into a P2PE solution

Implementation in IPC

IPC checks for SRED status of connected PED at the time of initialization. Below are the steps that how IPC communicates with PED at the time of initialization:

  1. IPC sends a command to the PED to check the connection. If the PED doesn't get the expected response it will display "Unable to set link with PED".
  2. IPC sends a command to the PED to check the PED is SRED enabled. Below is the process how IPC check it for Ingenico and VeriFone Vx820-7816.

    • Ingenico: IPC sends the Read Version command which returns 4 bytes of security file version number in response. If the value of the security file version number is not ‘0000’ then it is P2PE enabled.

    • VeriFone Vx820-7816 and P400: IPC sends the get SRED Status command to check the DFDB0E tag is present. If this tag is present in the response then the PED is P2PE enabled. The DFDB0E value for a P2PE enabled PED is 00000001.

      If the PED is not SRED enabled (Non-SRED) then IPC display below message, stops initialisation and exits.

    Unable to open Integrated Payment Client, NON_P2PE PED Found... Please call WorldPay Service Desk..

  3. For P2PE PEDs, IPC uses a command to read the Device Interface Version and PED Serial Number. These device parameters are needed for DMS (Device Management System).
  4. IPC than sends the request to EMBOSS for downloading EMV config/Dataset files along with the PED information. These are the parameters IPC sends in the request API:

    NumberRequest ParameterSource (IPC / PED)
    1Terminal IDIPC
    2Merchant IDIPC
    3Software Version (Version of IPC )IPC
    4Device Type (iWL250)IPC
    5Device Interface (e.g. For iPP350 it is RAM)IPC
    6Device Interface VersionPED
    7Terminal OS (OS of system on which IPC is installed)IPC
    8Category Type (Environment in which IPC is operating like ‘Retail’ or 'Semi-attended')IPC
    9PED Serial NumberPED

    EMBOSS sends the above parameters to the P2PE server and the PED’s status is changed to Terminal_Init in DMS.

  5. IPC pushes the EMV configuration to the PED.

In the case of PED swapping, IPC keeps the serial number of connected PEDs. If someone pulls out the connected device and tries to perform a transaction with another device without exiting the IPC then the scenario serial number of device is checked when performing a transaction on thePED. If a different serial number is found, IPC displays an error message and restarts.

Requirement 1B: Secure logical access to POI devices

  • 1B-3 The solution provider implements procedures to protect POI devices and applications from known vulnerabilities and securely update devices

  • 1B-4 Solution provider implements procedures to secure account data when troubleshooting

  • 1B-5 The P2PE solution provides auditable logs of any changes to critical functions of the POI devices

Implementation in IPC

The IPC downloads updates for POI devices and applications by connecting to trusted host systems through HTTPS. The IPC trust-store which contains trusted SSL server certificates and is referred to for every SSL connection to the WPH server. IPC encrypts all sensitive data using SSL/TLS.

Best practice: Java 8 uses the TLS 1.2 encryption method by default and it is strongly recommended to use Java 8 or above.

When updates for POI device are available a WPH server flag is set to true. The IPC checks for the update at initialisation. When an update is available you get this message: ‘A new version of IPC/Firmware is available. Do you want to update now?’

IPC will send the update request to a trusted SSL host only as held in the trust-store.

If you accept the request then the IPC sends anupdate request to WPH server and WPH returns:

  • URL from where the update is to be downloaded

  • Name of the file

  • Size of the file

  • Checksum of the file

IPC then downloads the file and checks the file size and checksum from information previously received from WPH.

If all details match then the patch is applied in case of IPC update.

If all details match then patch downloads successfully and resides inside YESEFT folder under FirmwareUpgrade folder.

If details do not match then IPC prompts ‘Download Failed’ and does not update the patch.

IPC restarts after downloading patch and checks for the FirmwareUpgrade folder if available. IPC then validates the patch and start downloading the files into the device.

Note: WPH will provide the software/POI device update only if the terminal ID is configured for software download and a new update is available.

When IPC requests the WPH server to download the update, the WPH server returns the patch's URL, name, size, and checksum of the file.

IPC then downloads the patch and checks the integrity of patch using size and checksum of the file received previously.

If any of the filed doesn’t match then IPC application finds the integrity of patch has been broken down and marks it is as corrupt, putting this patch into the backup folder named Firmwarebackup inside YESEFT.

There can be one more scenario in which the patch received from manufacturer is corrupted and while downloading patch from WPH server it passes all checks. When corrupted patch files are downloaded to the POI device, the device will check the integrity of files and not upgrade to the higher version, rolling back to the previous version of POI device.

These upgraded process is illustrated in integration guide inIPC updates.

For all P2PE Merchants it is mandatory to download all the required upgrades of software and firmware. You can not configure the upgrade option.

P2PE update screenshot

Requirement 1D: Implement secure application-management processes

  • 1D-1 Integrity of applications is maintained during installation and updates.

Implementation in IPC

For integrity of installer seeIPC Installation Instructions.