Professional Documents
Culture Documents
CRYPT2Pay V7.07 Reference Manual
CRYPT2Pay V7.07 Reference Manual
CRYPT2Pay V7.07 Reference Manual
07 Reference
Manual
This document is the property of Bull and may not be reproduced or communicated without written authorization
Trademarks
All brand names and product names are trademarks or registered trademarks of their
respective owners.
Copyrights
Under the copyright law, neither the Crypt2Pay software nor documentation may be
copied, photocopied, reproduced, translated or reduced to any electronic medium or
machine readable form, in whole or in part, without the prior written consent of Bull
SA.
License Conditions
Please read your license agreement with Bull carefully and make sure you understand
the exact terms of usage.
You are not allowed to make any modifications to the product. If you feel the need
for any modifications, please contact Bull.
Disclaimer
This Document is provided “ as is” without warranty of any kind, either express or
implied, including, but not limited to, the implied warranties of merchantability,
fitness for a particular purpose, or non-infringement.
This document could include technical inaccuracies or typographical errors. Changes
are periodically made to the information herein; these changes will be incorporated
in new editions of the document. Bull may make improvements of and/or changes to the
product described in this document at any time.
Contact
If you wish to obtain further information on this product or any other Bull product,
you are always welcome to contact us.
http://www.bull.com/security/crypt2pay.html
Date: 12/09/05
Doc. title: CRYPT2Pay V7.07 Reference Manual
Doc. reference: BNTng/V7/EN/LP54006
Doc. version: 1.1
This document is the property of Bull and may not be reproduced or communicated without written authorization
RÉFÉRENCE VERSION PAGE
1.0 04/08/05 Creation from "BNTng V7.5 User's Guide (reference BNTng/V7/LP54004)"
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
CONTENTS
1. INTRODUCTION______________________________________________________________________________ 4
2. INSTALLATION _____________________________________________________________________________ 10
2.1. INTRODUCTION.............................................................................................................................................................10
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
6.1. INTRODUCTION.............................................................................................................................................................53
7. APPENDIXES ________________________________________________________________________________ 55
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
LIST OF FIGURES
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
1. INTRODUCTION
CRYPT2Pay is a high-performance HSM designed for banks. It can be used for payment authorization or issuing
functions:
• Authorization: It secures payment and withdrawal transactions using magnetic stripe cards and smart
cards.
• Issuance: It offers functions for generating secret codes, calculating cryptographic data and allowing the
personalization data preparation for magnetic stripe cards and smart cards.
CRYPT2Pay is designed using standard tried-and-tested off-the-shelf products, while benefiting from the latest
technological advances. It brings the advantages of economy of scale and reliability of widely distributed products.
Bull Services, a specialist in logic security, has put all the skill and experience it has acquired over the last decade into
the design of CRYPT2Pay secure module.
IMPORTANT
The attention of users and operators is drawn to the particular nature of CRYPT2Pay: it is an item of equipment that
fulfils a security function and the conditions of installation and operation influence the security of the data it contains. It
is therefore vital to comply with these instructions and those given by your Security Manager to guarantee the expected
security level.
CRYPT2Pay is the new commercial name of Bull's HSM, previously called "BNTng". "BNTng" may still be
encountered in product documentation or GUI.
Remark: The screen illustrations are provided for information only and do not necessarily represent the latest
version of the software.
CRYPT2Pay is a stand-alone security module that is connected to the host system by an X25 or TCP/IP link and is
administered from a browser on an administration workstation. Access to the administration application is controlled by
a login/password authentication mechanism for users who can have operator or administrator rights.
¾ CRYPT2Pay unit is shown in paragraph 1.3 "Hardware base "
¾ The instructions and procedures for reception, powering on, and verification of the initial configuring of
CRYPT2Pay are described in paragraph 2 "Installation"
¾ CRYPT2Pay account management principles are described in paragraph 3.1 User profiles and accounts
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
CRYPT2Pay has two software loading partitions in its non-volatile memory (Flash memory). The software supplied by
Bull and signed with a private key (Bull or Customer) is loaded into a partition from CRYPT2Pay Manager. The active
partition and the default booting partition are chosen from CRYPT2Pay Manager. The production software contains all
the functions described in CRYPT2Pay specification documents, but the commands can only be used by the host server
if they are authorized and activated. Authorization is controlled by an option flag controlled by Bull and possibly the
security manager. Activation is controlled from CRYPT2Pay Manager.
¾ The software and options are described in paragraph 1.4 "Software base"
¾ The software and option file downloading function are described in paragraph 4.2.1 "Download" sub-menu
¾ The choice of default boot partition is described in paragraph 4.2.3 “"Set up Boot" sub-menu”
CRYPT2Pay is a security product that must undergo customer personalization by introducing into a protected memory
the master key of the equipment and associated information (key identifier). The option disabling mechanisms can also
be used for protection purposes, to limit the available functions solely to those necessary in CRYPT2Pay utilization
context, particularly when transporting it between two sites.
¾ The customer personalization procedure is described in paragraph 5.1 « Customer personalization »
¾ The options files are described in paragraph 5.2 « Option »
A CRYPT2Pay HSM must be connected to the mains power supply, even it it's not used in production, in order
to keep its batteries charged.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
E/S
BNTng
MARCHE ALIM RAZ
N/S : XPQNTAASSXXXX
X 25
V11/V28 light: Red = V11, Green = V28
DTE/DCE light: Red = DCE, Green = DTE
Ethernet
RX/TX light: Red = RX, Green = TX
LINK/COL: Red = link
RS232
VxWorks console output, or printer connection (see appendix)
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
The KMC software (to be installed on a Linux PC) is also supplied with its documentation if it has been ordered (i.e. if
the customer does not use the services of a KMC of a grouping of banks).
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Remark: The document versions are likely to change; the list if regularly updated through the Technical Hardware and
Software Bulletin (THSB) issued to customers.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
2. INSTALLATION
2.1. Introduction
This chapter describes the steps to follow to install a CRYPT2Pay HSM.
When, CRYPT2Pay is supplied for the first time, or is returned after in-factory maintenance, the Transport application
is loaded in each of the two boot partitions (A and B).
CRYPT2Pay has been configured by Bull with a default TCP/IP configuration and a software signature verification key.
At this stage it is "manufacturer personalized".
For CRYPT2Pay to be operational, it still has to be "customer personalized", an operation whereby the security
manager introduces the master key and the associated security data into CRYPT2Pay. This operation can be carried out
during installation on the production site or beforehand.
As soon as the equipment is received, a specimen of the delivery order must be sent back to the supplier ;
the address of the supplier is indicated on the delivery order
IMPORTANT
CRYPT2Pay case must be able to be reused for future transportation if necessary (return to factory). Take care to store
this case with its sealing bracelet and reserve it solely for this purpose.
CRYPT2Pay delivery used by the KMC contains in addition an external SafePAD drive, its power supply module and
cable for connecting it to CRYPT2Pay. This external drive is used for introducing/outputting keys into/from the KMC,
and must also be used for the customer personalization of the other CRYPT2Pays.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
IMPORTANT
CRYPT2Pay features components that detect movement, vibration, and temperature and electric voltage out of nominal
operating ranges. These components are designed to make CRYPT2Pay secure.
It is essential:
- to provide a stable electrical power supply for CRYPT2Pay,
- not to move it once installed,
- to avoid positioning it near sources of vibration(1) or heat
- not to place anything on top of CRYPT2Pay.
It is recommended to place each CRYPT2Pay on its own dedicated and stable support.
2.4. Powering on
Switch on CRYPT2Pay using the switch (see: Figure 2 View of CRYPT2Pay rear panel).
IMPORTANT
The machine's safety device trips during transportation, therefore the "Marche" (On) light flashes red the first time it is
powered on.
CRYPT2Pay must be powered off then on again to cancel this safety alarm.
Once powered on, CRYPT2Pay initializes itself (this takes about 40 to 50 seconds), with the following sequence:
Boot:
At power on (or further to a hard reset – RAZ (RESET) button on front panel held depressed until the MARCHE (ON)
light becomes red), the MARCHE (ON) light is RED. CRYPT2Pay initiates a series of self-tests.
Self-tests:
At each self-test, the MARCHE (ON) light first lights up ORANGE before changing to GREEN.
If one of these self-tests fails, CRYPT2Pay switches the MARCHE (ON) light to flashing RED and remains flashing
RED as long as CRYPT2Pay is powered on.
If all the self-tests are successful, the light changes to ORANGE and CRYPT2Pay starts loading CRYPT2Pay software.
Loading:
The light is illuminated ORANGE throughout software loading. The light indicates the loading result once completed:
• the light normally changes to GREEN indicating that the application and administrative functions of CRYPT2Pay
are available.
• the light remains ORANGE if loading fails.
• the light flashes alternatively ORANGE and GREEN if CRYPT2Pay has not yet undergone customer
personalization. In this case, the external reader must be connected to the serial port on the front panel before
performing customer personalization, under the supervision of two security officers (see paragraph 5.1 Customer
personalization)
IMPORTANT
If the safety device trips (which can be caused by tilting, for example), CRYPT2Pay enters an alert status that is
signaled by the MARCHE (ON) light changing to flashing RED.
After analyzing and remedying the cause of safety device tripping, CRYPT2Pay alert status can be cleared by powering
it off then on again.
(1)
Air conditioning, places of frequent passage or readily accessible to uninformed cleaning personnel
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Hub
Administration station
Local Network
CRYPT2Pay is remotely managed from a workstation with WEB browser (minimum version : NetscapeTM 4.0, Internet
ExplorerTM 4.0). Bull recommends to use the NetscapeTM navigator. For a correct display, use the option of refreshing
the pages "every time".
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
IMPORTANT
Before any applicative handling on CRYPT2Pay, check the presence of the Transport Application in the two boot
partitions A and B. For that, switch twice CRYPT2Pay off and on. After each boot, CRYPT2Pay administration station
must be able to connect on the Web page "Remote loading" of the administration server of the Transport Application.
To check that CRYPT2Pay application is loaded in both areas, apply the following procedure:
1. Use a personal microcomputer operating under WindowsTM or Linux, equipped with a 10-Mbit/s Ethernet port
and featuring an Internet ExplorerTM or Netscape NavigatorTM browser
2. Connect CRYPT2Pay to the Ethernet port of the microcomputer by its RJ45 connector on the rear panel, using
a crossed Ethernet cable.
3. Configure the TCP/IP layers of the microcomputer to match the TCP/IP configuration of CRYPT2Pay (same
sub-network).
4. Open the browser.
5. Power on CRYPT2Pay and wait for the MARCHE (ON) light to illuminate steady GREEN (see para. 2.4
Powering on).
6. Logon to the administration of the Transport Application using the WEB browser by connecting to
CRYPT2Pay IP address, port 80: the page "Remote loading" of the Transport Application administration (first
partition, A or B) must be displayed.
7. Switch CRYPT2Pay off and on and wait until the POWER light illuminates steady GREEN (cf parag. 2.4
Powering).
8. Logon again to the Transport Application administration using the WEB browser using CRYPT2Pay IP
address (port 80) : the page "Remote loading" of the Transport Application administration must be displayed
(second partition, B or A respectively).
9. Switch CRYPT2Pay off
(1)
TCP listening port number used by CRYPT2Pay for the application connections coming from the host system.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
These parameters are changed using CRYPT2Pay administration interface described in the following chapter, which
implies having a CRYPT2Pay Manager connected to the same IP sub-network as CRYPT2Pay.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
3.1.1. Profiles
CRYPT2Pay administration caters for 2 profiles:
• "Administrator" profile
• "Operator" profile.
Warning: once changed, the "admin" password must be saved and kept in a safe place.
Meaning of abbreviations:
R/M The user has Read and Modification rights for this function.
Restricted "Administrator" and "Operator" profiles can only modify their own password.
R The user has Read-only rights for this function.
(1) "Administrator" accounts can re-initialize user account management. Consequently there
always remains at least one "Administrator" account.
N.A. This function is Not Accessible to this user.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Other users can then connect themselves and change their initial password.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
4. CRYPT2PAY ADMINISTRATION
4.1.1. Authentication
By connecting to the IP address of CRYPT2Pay on the HTTP port (80), the password entry window is accessed
(Figure 5. Window's look depends on the browser).
The user enters his identifier and password and then accesses the protected zone; this authentication process enables the
browser session. You have to close your browser to disconnect.
If the identifier and the password are correct, CRYPT2Pay administration home page is displayed
(Figure 6).
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
The main menu provides access to the different administration functions described in this manual.
• The functions accessible to all users are displayed in yellow (light grey).
• The functions reserved for administrators are displayed in orange (dark grey).
The home page gives the choice of language used in the administration application ("Français" or "English" button).
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
All the pages contain a single frame divided into three sections, from top to bottom:
• The strip providing general identification information on CRYPT2Pay
• The menus and sub-menus of the administration application
• An information page (associated with a menu) or a data entry page (associated with a sub-menu).
If an operator user attempts to access a page that is accessible via an orange button (i.e. a page to which only an
administrator profile is authorized access), access is denied and the following page is displayed:
Note: depending on the browser, the user may be requested to connect as an administrator (password entry window is
displayed). Windows look and feel depend on the browser.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
In addition, one of these two partitions has the attribute "boot partition at power on".
If the reboot on this partition takes place correctly, the partition used takes the value "bootable" (and its version number
is displayed on the administration screens), but it does not become the "boot partition at power on"!
If the user wants to use this new version permanently, he/she must change the boot partition at power on. Otherwise
CRYPT2Pay keeps booting on the former boot partition.
These mechanisms make it possible to change Application version while keeping the former version valid.
After this last operation, and until the next software downloading, it is still possible to return to the old software version
by changing the "boot partition at power on".
The production software contains all the functions described in CRYPT2Pay specification document, but the commands
can only be used by the host server if they are authorized and enabled.
The option files are created by Bull. They contain the list of machines for which the option(s) is (are) authorized: the
machines are identified by their Dallas number.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
The page associated with sub-menu "Application" is divided into three parts:
2. Options
This part indicates functional profile of CRYPT2Pay (see the list of the profiles in the paragraph 1.4 Software bases)
and options:
• Available: authorized options downloaded from an options file (but possibly not activated),
• Active: activated by administrator among available options,
• Authorized: available options that can be activated by administrator (possibly not downloaded but available
due to activation of another option, ex.TEST, or always available, ex. WATCHDOG),
• Loaded: options actually charged by the production software (the corresponding functionality's can be used
by the server).
3. KM2bntx
Identifier and control value of the master key KM2bntx are specified in this part of the page.
"Application" menu gives access to the administrative functions of the application loaded in the memory of
CRYPT2Pay. It includes four sub-menus :
• "Loading" sub-menu : Remote loading of an application, a KSLp key (signature verification) or an options file,
• "Options" sub-menu: Activation or deactivation of options,
• "Boot" sub-menu : Choice of the default boot partition
• "Reboot" sub-menu: Reboot of CRYPT2Pay
If an incident occurs during downloading, the current version is maintained. Downloading of the new version
must be started over again.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
IMPORTANT
To avoid any regression, it is recommended to load the same software version into the two partitions A and B
of CRYPT2Pay before proceeding to the production phase.
After a successful loading, only options authorized in the options file will be authorized in CRYPT2Pay, others
options being prohibited (except for WATCHDOG option which is always available).
IMPORTANT
Before getting out CRYPT2Pay of its protected installation site (for a transfer between sites or a equipment
return), it is recommended, as a preliminary, and so far as CRYPT2Pay is in a state which allows it, to
remove all CRYPT2Pay options and/or to download the Transport application on A and B partitions.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
The user must indicate the full path of the file to download. This can be done in two different ways:
• either by writing the entire path in the text zone,
• or by pressing the " Browse" button.
If the user presses the "Browse" button, a new window is displayed (Figure 10) through which the drive, directory and
then the file to download can be selected.
After selecting the file to download, the user presses "Open" and the complete path of the selected file is displayed in
the text zone.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
The user definitively confirms the choice by clicking on " Download", then waits for the message "Check OK –
Complete" to be displayed
Enabled options are ticked, while disabled options are not. The functions controlled by an enabled option can be used
by the host server, whereas the functions controlled by a prohibited or disabled option cannot be used.
IMPORTANT
It is recommended to enable only the options that are necessary for the server. More specifically, the "KMC"
option must only be enabled when CRYPT2Pay is used by the KMC.
The user can tick or untick the options. He then registers the desired options by clicking on the "Submit" button.
Remark: In order for CRYPT2Pay to be able to be used as an HSM of a KMC, CRYPT2Pay must be authorized to
do so, that is to say that the "KMC" option must be displayed and ticked.
"Watchdog" option
The "watchdog" option enables an internal CRYPT2Pay monitoring mechanism that causes automatic rebooting in the
event of blocking of the host server's command processing application.
In order to avoid unexpected reboot, Watchdog option must be set only on request for Bull
Services.
"Test" option
The "Test" option is a specific option that gives access to all the functions of CRYPT2Pay in a test environment. When
this option is enabled, all the existing options are available in CRYPT2Pay (except for the private options), but always
in a test environment (with test keys).
The "Logical number" option is a specific option that allows the test logical number to be set to the value 3210 in a test
environment, the value by default being 0000.
For 3210 value, it is necessary, first, to select the Test option, and then, in second time, select "3210".
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Page associated with "boot configuration" sub-menu details for each partition A and B :
• the name and version number of application in the partition;
• partition state :
- active/idle: the partition on which CRYPT2Pay booted is "active"; the other partition is "idle",
- default/temp: "default" indicates the partition by default on which CRYPT2Pay will reboot; the other
partition is "temp",
- bootable/test: after the loading of an application on a partition, and as long as CRYPT2Pay did not reboot
on this partition, the partition is in the state "test". after a successful boot of CRYPT2Pay on the partition
"test", the state of the partition becomes "bootable"
"Boot configuration" sub-menu enable to modify the default partition on which CRYPT2Pay will reboot.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Page associated with the sub-menu "Reboot" details for each partition A and B :
• the name and version number of application in the partition;
• partition state :
- active/idle: the partition on which CRYPT2Pay booted is "active"; the other partition is "idle",
- default/temp: "default" indicates the partition by default on which CRYPT2Pay will reboot; the other
partition is "temp",
- bootable/test: after the loading of an application on a partition, and as long as CRYPT2Pay did not reboot
on this partition, the partition is in the state "test". after a successful boot of CRYPT2Pay on the partition
"test", the state of the partition becomes "bootable"
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Example illustrating `active' and ` default' states of the two CRYPT2Pay boot partitions:
Submenu « Reboot » :
- Select partition B
- Reboot
B
A
Submenu « Reboot » :
OFF/ON
- Select partition A
- Reboot
A
A
B
B
A B
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Traffic
IP Ethernet interface
IP Statistics
total 17808
badsum 0
tooshort 0
toosmall 0
badhlen 0
badlen 0
infragments 0
fragdropped 0
fragtimeout 0
forward 0
cantforward 0
redirectsent 0
unknownprotocol 0
nobuffers 0
reassembled 0
outfragments 0
noroute 0
ARP Table
X25 Statistics
recieved : 65535
sent : 65535
Processus
Memory
FREE LIST:
num addr size
---- ---------- ----------
1 0x006bd180 24
2 0x006bdf90 16
3 0x0074da30 16
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
SUMMARY:
status bytes blocks avg block max block
------ ---------- --------- ---------- ----------
current
free 5241488 14 374392 5206880
alloc 1264040 222 5693 -
cumulative
alloc 49266448 44315 1111 -
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Physical level:
The user configures the following fields:
• the line mode: V.24/V.28 or X.24/V.11,
• the line role: DCE or DTE,
• the incoming or outgoing clock. If it is outgoing, the user must select one of the following values: 2400, 4800,
9600, 19200, 48K, 56K, 64K, 128K or 256K.
Link level:
The user can view and modify the following parameters:
• the number of frame repetitions before disconnection,
• the timeout on frame repetitions before disconnection,
• the timeout on frame acknowledgement before disconnection.
The timeouts are expressed in ms and can be on 5 digits.
Network level:
Only one logical channel is used. The user can choose to use logical channel number 0 by ticking "YES".
The other parameters can be modified, namely:
• the default packet window size: the number can vary from 2 to 7.
• the packet size, which equals one of the following values: 32, 64, 128, 256, 512, 1024, 2048, 4096.
The user validates all the modifications by clicking on the "Submit" button.
The modifications are only taken into account by CRYPT2Pay after a REBOOT.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Figure 20 Tools
The page associated with the "Tools" menu shows information on the application statistics:
• the number of negative replies to code verification requests,
• the number of code verification requests,
• the number of negative replies to CVV or CVC verification requests,
• the number of CVV or CVC verification requests,
The "Tools" menu gives access to the tools for managing the logs and auditing CRYPT2Pay keys:
• "Log Setup" sub-menu: Setting up the log of exchanges between CRYPT2Pay and the host,
• "Log forward" and "Log backward" sub-menus: Display of the log of exchanges between CRYPT2Pay and the
host,
• "Checking of KCV " sub-menu: Audit of keys loaded in CRYPT2Pay memory.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This page displays logs of commands sent by the monetic server and the response returned by CRYPT2Pay.
It also displays the actions performed during CRYPT2Pay administration.
"Log" sub-menu described above allows audit of the following administrative actions, be the log of the applicatives
requests activated or not :
• Loading,
• Options,
• Boot configuration ,
• Reboot,
• Date/time,
• TCP/IP,
• X25,
• Trace parameters
• User add,
• User delete,
• Password change,
Backup of these audit logs is done by saving the generated log page using the saving functions of the Web browser..
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Loading
record : 00000002, date : TUE MAY 04 15:58:00 2004
Download software complete
Options
record : 00000003, date : TUE MAY 04 15:58:13 2004
From : 126.111.5.33/80, user : admin
Change options activation to 84000002 done
Boot configuration
record : 00000004, date : TUE MAY 04 15:58:25 2004
From : 126.111.5.33/80, user : admin
Change default boot partition to B done.
Reboot
record : 00000001, date : TUE MAY 04 16:35:18 2004
POST MORTEM MSG : Power on or HW watchdog timeout
Date/time
record : 00000005, date : TUE MAY 04 15:59:00 2004
From : 126.111.5.33/80, user : admin
Change Date to 04.05.2004/15.59 done
TCP/IP
record : 00000003, date : TUE MAY 04 16:37:02 2004
From : 126.111.5.33/80, user : admin
Change ip params "126.111.5.119/255.255.253.0:2001" done
X25
record : 00000008, date : TUE MAY 04 15:59:25 2004
From : 126.111.5.33/80, user : admin
Change X25 clock rate to 9600 bps done.
Log configuration
record : 00000001, date : TUE MAY 04 15:54:48 2004
From : 126.111.5.33/80, user : admin
Change log mask to 0xF800 done
Add (user)
record : 00000009, date : TUE MAY 04 15:59:53 2004
From : 126.111.5.33/80, user : admin
Add user "user2" done
Delete (user)
record : 0000000D, date : TUE MAY 04 16:01:57 2004
From : 126.111.5.33/80, user : admin
Remove user "user2" done
Password (change)
record : 0000000A, date : TUE MAY 04 16:00:12 2004
From : 126.111.5.33/80, user : admin
Change password for user "admin" done
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Note: It is not possible to change another user's password. If a password is lost, the user must be deleted and recreated.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
The old password must be entered in order to be authorised to choose a new one.
The new password must be entered twice in succession and then confirmed.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
5. SECURITY PROCEDURES
This information is introduced into the protected memory (SRAM) of CRYPT2Pay and can also be copied to the
EEPROM through the "customer personalization confirmation" operation, which avoids having to perform a new
personalization each time the security mechanism is triggered.
This information is read from the KM2bntx key-carrying cards held by the two security officers. Each card can contain
up to 15 elementary files, identified by an index between 01 and FF, and each containing a key component.
The KM2bntx key can be generated and the key-carrying cards created:
• either on the KMC
• or by CRYPT2Pay itself at the beginning of the customer personalization procedure, if key generation is required.
5.1.2. Prerequisite
CRYPT2Pay application must be loaded on the boot partition.
Before starting CRYPT2Pay, it is necessary to connect its Safepad , using a staight cable.
The RJ45 slot to connect this cable is located on CRYPT2Pay front panel.
Caution: One should not connect the external power supply of Safe pad, the power supply is provided by CRYPT2Pay.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
Yes
Yes
Copy of personalisation data in SRAM
Display introduction
results
Valid perso ?
No No
Oui
5 - Display
personalization result
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
All the operator entries are protected by a 2-minute timeout. After expiry of the timeout the operation is
completely cancelled.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
1) smart card is used for the first time: the operator enters the initial PIN which was set during card personalization.
Then he/she enters the new code (code PIN chosen by the operator) twice to confirm the new code.
2) smard card has already been used: the operator enters the PIN, only once, if it is correct.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
5.2.1. Principles
The software applications are provided by Bull signed with a software signature private key. The corresponding public
key was introduced into CRYPT2Pay EEPROM during manufacturer personalization.
The options files allow some commands in CRYPT2Pay to be enabled or disabled. These files must be signed by the
Bull options signature key and then countersigned by the software signature key.
The file provided by Bull and containing options can be loaded directly from CRYPT2Pay Manager (administrator
task).
It is recommended to only enable those options necessary for CRYPT2Pay use cases. For example, the "KMC" option
that allows the use of the extended key management functions should only be enabled when CRYPT2Pay is used by the
KMC, and should be disabled when CRYPT2Pay is used by an authorization server for transaction management.
When transporting CRYPT2Pay between two of the Customer's sites, it is recommended to disable the BASIC option to
render CRYPT2Pay unusable during transportation outside protected premises and/or to download Transport
Application on A and B partitions.
The file contains a line specifying the usage profile of CRYPT2Pay to which the file is applicable :
usage_profile=<functional profil>
The file must contain at least one line specifying a Dallas number:
dallas=<numéro de dallas hexa> # XPQNTnnnn NUM mmmm
This line may be complemented (comment) by the machine serial number: XPQxxxxxxxxx, logical number and
possibly security module serial number.
The file can contain several DALLAS numbers. The options will be applicable to the CRYPT2Pays whose number
corresponds to one of these lines.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
6. TROUBLESHOOTINGS
6.1. Introduction
The aim of this chapter is to give the user a means of determining the source of errors in case of CRYPT2Pay failure.
In normal situation, CRYPT2Pay requires no regular maintenance operations.
This chapter is divided into two sections:
1. Problem report
2. Troubleshooting
IMPORTANT
CRYPT2Pay unit features opening detection devices that definitively erase the sensitive information it contains.
Any intervention requiring opening of CRYPT2Pay unit must be performed by Bull Services.
6.3. Troubleshooting
Remark: When an error occurs, first check that CRYPT2Pay is indeed situated in a suitable environment, as
described in the "Installation" section (see para. 2 “INSTALLATION”).
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
IMPORTANT
If the MARCHE (ON) light remains on steady or flashing red, even after switching it on and off several times in
succession, it is VITAL to apply the following procedure (1):
If no key has been imposed or introduced into the protected and permanent memory of CRYPT2Pay (KDKM or KDK
key or service key encrypted under a KDK key or a lower level key), CRYPT2Pay may be accepted as is by the
authorized Bull transporter for return to Bull.
Otherwise, Bull Services must intervene on site with CRYPT2Pay unit key in the presence of the Security Officer, to:
- open CRYPT2Pay unit,
- disconnect the battery,
- reconnect the battery at least five seconds later,
- close CRYPT2Pay unit and lock it with the key.
CRYPT2Pay can then be accepted by the authorized Bull transporter for return to Bull.
If the same symptoms arise, either CRYPT2Pay is damaged, or the cause of the fault has not been correctly identified
and invalidated.
(1)
: Outside France, this procedure is optional, i.e. Bull Services intervention on site is not compulsory before returning
CRYPT2Pay for maintenance.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
7. APPENDIXES
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
(1)
The cable used must connect pins 15 and 17 of the BNU.
(2)
The cable used must connect pins 9 and 12 of the BNU.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
7.4.1. Hardware
Using a straight cable, connect CRYPT2Pay (via the RS 232 connector) to COM1 or COM2 of
CRYPT2Pay Manager.
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
This document is the property of Bull and may not be reproduced or communicated without written authorization
REFERENCE VERSION PAGE
8. MAINTENANCE SERVICE
If you require any further information, please call the Bull Services assistance
department:
Bull Services
HSM & Pre-personalization Solutions
Business Unit
Rue Jean Jaures
BP 68
78340 Les Clayes-sous-Bois
FRANCE
e-mail: srv.hotline-bnt@bull.net
This document is the property of Bull and may not be reproduced or communicated without written authorization