PCI 3.0 EPP WINCE Production Setup
Version 1.01
May 14, 2014
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 2
Index 1. Overview .............................................................................................................................................. 3 2. PCI 3.0 EPP WINCE Setup ....................................................................................................................... 4 3. Appendix A .......................................................................................................................................... 8
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 3
Overview
Compared to the PCI 1.0 EPP, the primary benefit of the PCI 3.0 EPP includes a number of
security features that make the device more difficult to compromise during ATM operations.
The most significant change to the EPP is the addition of physical tamper switches and the
inclusion of four different “states” in the EPP firmware. Separate security IDs and Passwords
have also been added in order to access the software to change these “states”.
EPP States
1) Installation State
The Installation State is the default operational state for the EPP. This state is required for the
EPP to accept a Master Key and for transactions to be processed. This state is the same as the
default for the PCI 1.0 EPP.
2) Authorized Removal State
This state allows the removal of the EPP, while retaining the EPP configuration (Passwords and
Encryption Keys). This allows the device to be removed and inspected without losing
configuration information.
3) Unauthorized Removal State
This condition occurs when an EPP physical tamper has been detected. When a tamper occurs,
a NVRAM clear must be performed on the EPP (not to be confused with the ATM CLEAR
NVRAM function). This condition may occur during transport in some cases, and should be able
to be recovered using the NVRAM clear function.
4) Initialization State
This is the default state of the EPP after performing a physical NVRAM clear on the EPP. All
passwords and accounts are reset to default zeroes (000000) and must be reconfigured prior to
key entry / normal ATM operations. You must change the EPP State accounts and passwords from
default, and log in successfully to change from this state.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 4
PCI 3.0 EPP WINCE Setup
PLEASE NOTE THE FOLLOWING:
After physically installing the new EPP Keypad on the ATM, you must perform a series of steps to
set the EPP to the “Installation State” so that you can enter encryption “keys” on the terminal.
The Key Management passwords that you are familiar with (000000 / 000000) are now set to the
following defaults (111111 / 222222).
There are also an additional set of IDs and Passwords that you must enter in order to access the
software to allow you to configure the “state” of the EPP. These values are (111111 / 111111) and
(222222 / 222222). Please enter these when prompted during the setup procedures.
1) From the Operation Program screen select HOST SETUP.
2) From the HOST SETUP screen select KEY MANAGEMENT.
3) Next, select ENTER MASTER KEYS. Select YES to enter KEY MANAGEMENT. Wait for the program
to initialize.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 5
4) At the SECURE MODE screen, input the KEY MANAGEMENT PASSWORD #1 (111111).
5) Next, input the KEY MANAGEMENT PASSWORD #2 (222222).
6) At the KEY MANAGEMENT screen select SET EPP STATE.
7) At the ENTER ID / PASSWORD screen select START.
8) Enter the factory default Account1 ID and PASSWORD (111111 and 111111).
9) Next, select START and then enter the factory default Account2 ID and PASSWORD (222222 and
222222).
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 6
10) Next, select CHANGE STATE.
11) The CHANGE EPP STATE screen displays with the current state of the EPP. There are four different
possible EPP states:
INITIALIZATION STATE
AUTHORIZED REMOVAL STATE
INSTALLATION STATE
UNAUTHORIZED REMOVAL STATE
The EPP should be in the INITIALIZATION STATE. If so, continue at Step 12 below.
If the EPP is in the AUTHORIZED REMOVAL STATE, also continue at Step 12 below.
If the EPP is already in the INSTALLATION STATE, continue at Step 15 below.
If the EPP is in the UNAUTHORIZED REMOVAL STATE, a problem may have occurred during shipment.
You will need to perform a NVRAM Clear on the EPP. (NOTE: This is different than the ATM CLEAR
NVRAM function). Go to Appendix A.
12) Select CHANGE STATE. The ATM will prompt you to change the state from INITIALIZATION STATE to
INSTALLATION STATE (or from AUTHORIZED REMOVAL STATE to INSTALLATION STATE).
13) Press CHANGE STATE again to change to INSTALLATION STATE.
14) If the changed state is successfully saved, “EXECUTION SUCCESS!” will be displayed. Check the
current state on screen (if it is still in INITIALIZATION STATE, the EPP may not be installed
correctly).
15) Press CANCEL four times to return to the Operation Program screen. PCI 3.0 EPP setup is completed.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 7
Appendix A
If the EPP is in the UNAUTHORIZED REMOVAL STATE
PLEASE NOTE THE FOLLOWING:
You will be required to clear NVRAM on the EPP.
This will reset the passwords back to factory default values. You will be required to configure new
values for Key Management passwords, and for security IDs and Passwords.
Perform the steps as shown below, entering the exact values listed.
1) Perform the following steps to clear NVRAM on the EPP:
1. Remove power to the EPP by disconnecting the power cable shown by the arrow below.
2. Turn Switch 1 on the EPP to the ON position.
3. Reconnect the power cable to the EPP – wait 5 seconds.
4. Disconnect the power cable to the EPP.
5. Reset Switch 1 to the OFF position.
6. Reconnect the power cable to the EPP.
2) From the Operation Program screen select HOST SETUP.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 8
3) From the HOST SETUP screen select KEY MANAGEMENT.
4) Next, select ENTER MASTER KEYS. Select YES to enter KEY MANAGEMENT. Wait for the program
to initialize.
5) At the SECURE MODE screen, input the KEY MANAGEMENT PASSWORD #1 (000000).
6) Next, input the KEY MANAGEMENT PASSWORD #2 (000000).
7) The KEY MANAGEMENT screen displays. The first requirement is to change the KEY MANAGEMENT
PASSWORD #1 and KEY MANAGEMENT PASSWORD #2 from the factory default settings of 000000 to
new values. Use the default values shown below. Select CHANGE PASSWORD.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 9
8) The CHANGE PASSWORD screen displays. Select PASSWORD 1.
9) Input PASSWORD 1 (default 111111).
10) ATM displays “successful”.
11) Re-input PASSWORD 1 (default 111111) to verify.
12) ATM displays “successful”.
13) Select PASSWORD 2.
14) Input PASSWORD 2 (default 222222).
15) ATM displays “successful”.
16) Re-input PASSWORD 2 (default 222222) to verify.
17) ATM displays “successful”.
18) Press CANCEL to return to KEY MANAGEMENT.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 10
19) At the KEY MANAGEMENT screen select SET EPP STATE.
20) There is a separate set of ID and Passwords required for making any changes to the EPP State.
The first step will be to input the factory default values, and then you will be instructed to add new
ID and Passwords. Use the recommended default values shown below.
21) At the ENTER ID / PASSWORD screen select START.
22) Enter the factory default Account1 ID and PASSWORD (000000 and 000000).
23) Next, select START and enter the factory default Account2 ID and PASSWORD (000000 and 000000).
24) At the SET EPP STATE screen select ADD ID.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 11
25) At the ADD ID / PASSWORD screen select ENTER.
26) Input Account1 ID and PASSWORD (default 111111 and 111111).
27) Select VERIFY.
28) Re-input Account1 ID and PASSWORD (default 111111 and 111111).
29) ATM displays “successful”.
30) Select ENTER.
31) Next, input Account2 ID and PASSWORD (default 222222 and 222222).
32) Select VERIFY.
33) Re-input Account2 ID and PASSWORD (default 222222 and 222222)
34) ATM displays “successful”.
35) Select CANCEL.
36) Select CANCEL again to return to KEY MANAGEMENT.
37) At the SECURE MODE screen, input the KEY MANAGEMENT PASSWORD #1 (111111).
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 12
38) Next, input the KEY MANAGEMENT PASSWORD #2 (222222).
39) At the KEY MANAGEMENT screen select SET EPP STATE.
40) At the ENTER ID / PASSWORD screen select START.
41) Enter the factory default Account1 ID and PASSWORD (111111 and 111111).
42) Next, select START and enter the factory default Account2 ID and PASSWORD (222222 and 222222).
43) At the KEY MANAGEMENT screen select SET EPP STATE.
44) The SET EPP STATE screen displays with the current state of the EPP. The EPP should be in the
INITIALIZATION STATE.
Confidential
© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 13
45) Select CHANGE STATE. The ATM will prompt you to change the state from INITIALIZATION STATE to
INSTALLATION STATE.
46) Press CHANGE STATE again to change to INSTALLATION STATE.
47) If the changed state is successfully saved, “EXECUTION SUCCESS!” will be displayed. Check the
current state on screen (if it is still in INITIALIZATION STATE, the EPP may not be installed
correctly).
48) Press CANCEL four times to return to the Operation Program screen. PCI 3.0 EPP setup is completed.