PCI 3.0 EPP WINCE Production Setup

Version 1.01

May 14, 2014

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 2

Index 1. Overview .............................................................................................................................................. 3 2. PCI 3.0 EPP WINCE Setup ....................................................................................................................... 4 3. Appendix A .......................................................................................................................................... 8

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 3

Overview

Compared to the PCI 1.0 EPP, the primary benefit of the PCI 3.0 EPP includes a number of

security features that make the device more difficult to compromise during ATM operations.

The most significant change to the EPP is the addition of physical tamper switches and the

inclusion of four different “states” in the EPP firmware. Separate security IDs and Passwords

have also been added in order to access the software to change these “states”.

EPP States

1) Installation State

The Installation State is the default operational state for the EPP. This state is required for the

EPP to accept a Master Key and for transactions to be processed. This state is the same as the

default for the PCI 1.0 EPP.

2) Authorized Removal State

This state allows the removal of the EPP, while retaining the EPP configuration (Passwords and

Encryption Keys). This allows the device to be removed and inspected without losing

configuration information.

3) Unauthorized Removal State

This condition occurs when an EPP physical tamper has been detected. When a tamper occurs,

a NVRAM clear must be performed on the EPP (not to be confused with the ATM CLEAR

NVRAM function). This condition may occur during transport in some cases, and should be able

to be recovered using the NVRAM clear function.

4) Initialization State

This is the default state of the EPP after performing a physical NVRAM clear on the EPP. All

passwords and accounts are reset to default zeroes (000000) and must be reconfigured prior to

key entry / normal ATM operations. You must change the EPP State accounts and passwords from

default, and log in successfully to change from this state.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 4

PCI 3.0 EPP WINCE Setup

PLEASE NOTE THE FOLLOWING:

After physically installing the new EPP Keypad on the ATM, you must perform a series of steps to

set the EPP to the “Installation State” so that you can enter encryption “keys” on the terminal.

The Key Management passwords that you are familiar with (000000 / 000000) are now set to the

following defaults (111111 / 222222).

There are also an additional set of IDs and Passwords that you must enter in order to access the

software to allow you to configure the “state” of the EPP. These values are (111111 / 111111) and

(222222 / 222222). Please enter these when prompted during the setup procedures.

1) From the Operation Program screen select HOST SETUP.

2) From the HOST SETUP screen select KEY MANAGEMENT.

3) Next, select ENTER MASTER KEYS. Select YES to enter KEY MANAGEMENT. Wait for the program

to initialize.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 5

4) At the SECURE MODE screen, input the KEY MANAGEMENT PASSWORD #1 (111111).

5) Next, input the KEY MANAGEMENT PASSWORD #2 (222222).

6) At the KEY MANAGEMENT screen select SET EPP STATE.

7) At the ENTER ID / PASSWORD screen select START.

8) Enter the factory default Account1 ID and PASSWORD (111111 and 111111).

9) Next, select START and then enter the factory default Account2 ID and PASSWORD (222222 and

222222).

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 6

10) Next, select CHANGE STATE.

11) The CHANGE EPP STATE screen displays with the current state of the EPP. There are four different

possible EPP states:

INITIALIZATION STATE

AUTHORIZED REMOVAL STATE

INSTALLATION STATE

UNAUTHORIZED REMOVAL STATE

The EPP should be in the INITIALIZATION STATE. If so, continue at Step 12 below.

If the EPP is in the AUTHORIZED REMOVAL STATE, also continue at Step 12 below.

If the EPP is already in the INSTALLATION STATE, continue at Step 15 below.

If the EPP is in the UNAUTHORIZED REMOVAL STATE, a problem may have occurred during shipment.

You will need to perform a NVRAM Clear on the EPP. (NOTE: This is different than the ATM CLEAR

NVRAM function). Go to Appendix A.

12) Select CHANGE STATE. The ATM will prompt you to change the state from INITIALIZATION STATE to

INSTALLATION STATE (or from AUTHORIZED REMOVAL STATE to INSTALLATION STATE).

13) Press CHANGE STATE again to change to INSTALLATION STATE.

14) If the changed state is successfully saved, “EXECUTION SUCCESS!” will be displayed. Check the

current state on screen (if it is still in INITIALIZATION STATE, the EPP may not be installed

correctly).

15) Press CANCEL four times to return to the Operation Program screen. PCI 3.0 EPP setup is completed.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 7

Appendix A

If the EPP is in the UNAUTHORIZED REMOVAL STATE

PLEASE NOTE THE FOLLOWING:

You will be required to clear NVRAM on the EPP.

This will reset the passwords back to factory default values. You will be required to configure new

values for Key Management passwords, and for security IDs and Passwords.

Perform the steps as shown below, entering the exact values listed.

1) Perform the following steps to clear NVRAM on the EPP:

1. Remove power to the EPP by disconnecting the power cable shown by the arrow below.

2. Turn Switch 1 on the EPP to the ON position.

3. Reconnect the power cable to the EPP – wait 5 seconds.

4. Disconnect the power cable to the EPP.

5. Reset Switch 1 to the OFF position.

6. Reconnect the power cable to the EPP.

2) From the Operation Program screen select HOST SETUP.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 8

3) From the HOST SETUP screen select KEY MANAGEMENT.

4) Next, select ENTER MASTER KEYS. Select YES to enter KEY MANAGEMENT. Wait for the program

to initialize.

5) At the SECURE MODE screen, input the KEY MANAGEMENT PASSWORD #1 (000000).

6) Next, input the KEY MANAGEMENT PASSWORD #2 (000000).

7) The KEY MANAGEMENT screen displays. The first requirement is to change the KEY MANAGEMENT

PASSWORD #1 and KEY MANAGEMENT PASSWORD #2 from the factory default settings of 000000 to

new values. Use the default values shown below. Select CHANGE PASSWORD.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 9

8) The CHANGE PASSWORD screen displays. Select PASSWORD 1.

9) Input PASSWORD 1 (default 111111).

10) ATM displays “successful”.

11) Re-input PASSWORD 1 (default 111111) to verify.

12) ATM displays “successful”.

13) Select PASSWORD 2.

14) Input PASSWORD 2 (default 222222).

15) ATM displays “successful”.

16) Re-input PASSWORD 2 (default 222222) to verify.

17) ATM displays “successful”.

18) Press CANCEL to return to KEY MANAGEMENT.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 10

19) At the KEY MANAGEMENT screen select SET EPP STATE.

20) There is a separate set of ID and Passwords required for making any changes to the EPP State.

The first step will be to input the factory default values, and then you will be instructed to add new

ID and Passwords. Use the recommended default values shown below.

21) At the ENTER ID / PASSWORD screen select START.

22) Enter the factory default Account1 ID and PASSWORD (000000 and 000000).

23) Next, select START and enter the factory default Account2 ID and PASSWORD (000000 and 000000).

24) At the SET EPP STATE screen select ADD ID.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 11

25) At the ADD ID / PASSWORD screen select ENTER.

26) Input Account1 ID and PASSWORD (default 111111 and 111111).

27) Select VERIFY.

28) Re-input Account1 ID and PASSWORD (default 111111 and 111111).

29) ATM displays “successful”.

30) Select ENTER.

31) Next, input Account2 ID and PASSWORD (default 222222 and 222222).

32) Select VERIFY.

33) Re-input Account2 ID and PASSWORD (default 222222 and 222222)

34) ATM displays “successful”.

35) Select CANCEL.

36) Select CANCEL again to return to KEY MANAGEMENT.

37) At the SECURE MODE screen, input the KEY MANAGEMENT PASSWORD #1 (111111).

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 12

38) Next, input the KEY MANAGEMENT PASSWORD #2 (222222).

39) At the KEY MANAGEMENT screen select SET EPP STATE.

40) At the ENTER ID / PASSWORD screen select START.

41) Enter the factory default Account1 ID and PASSWORD (111111 and 111111).

42) Next, select START and enter the factory default Account2 ID and PASSWORD (222222 and 222222).

43) At the KEY MANAGEMENT screen select SET EPP STATE.

44) The SET EPP STATE screen displays with the current state of the EPP. The EPP should be in the

INITIALIZATION STATE.

Confidential

© 2014 Nautilus Hyosung, Inc. All Rights Reserved. 13

45) Select CHANGE STATE. The ATM will prompt you to change the state from INITIALIZATION STATE to

INSTALLATION STATE.

46) Press CHANGE STATE again to change to INSTALLATION STATE.

47) If the changed state is successfully saved, “EXECUTION SUCCESS!” will be displayed. Check the

current state on screen (if it is still in INITIALIZATION STATE, the EPP may not be installed

correctly).

48) Press CANCEL four times to return to the Operation Program screen. PCI 3.0 EPP setup is completed.