CRYPT2Pay V7.07 Reference Manual

CRYPT2Pay V7.
07 Reference
Manual
Version No.: 1.1

Reference: BNTng/V7/EN/LP54006
This document is the property of Bull and may not be reproduced or communicated without written authorization
Trademarks
All brand names and product names are trademarks or registered trademarks of their
respective owners.
Copyrights
Under the copyright law, neither the Crypt2Pay software nor documentation may be
copied, photocopied, reproduced, translated or reduced to any electronic medium or
machine readable form, in whole or in part, without the prior written consent of Bull
SA.
License Conditions
Please read your license agreement with Bull carefully and make sure you understand
the exact terms of usage.
You are not allowed to make any modifications to the product. If you feel the need
for any modifications, please contact Bull.
Disclaimer
This Document is provided “ as is” without warranty of any kind, either express or
implied, including, but not limited to, the implied warranties of merchantability,
fitness for a particular purpose, or non-infringement.
This document could include technical inaccuracies or typographical errors. Changes
are periodically made to the information herein; these changes will be incorporated
in new editions of the document. Bull may make improvements of and/or changes to the
product described in this document at any time.
Contact
If you wish to obtain further information on this product or any other Bull product,
you are always welcome to contact us.
http://www.bull.com/security/crypt2pay.html
Date: 12/09/05
Doc. title: CRYPT2Pay V7.07 Reference Manual
Doc. reference: BNTng/V7/EN/LP54006
Doc. version: 1.1
RÉFÉRENCE VERSION PAGE
CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 M1
Document revision notice
VERSION NUMBER DATE OF REASONS

REVISION
1.0 04/08/05 Creation from "BNTng V7.5 User's Guide (reference BNTng/V7/LP54004)"
1.1 12/09/05 Update for CRYPT2Pay V7.07
REFERENCE VERSION PAGE
CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 TMI
CONTENTS
1. INTRODUCTION______________________________________________________________________________ 4
1.1. OBJECTIVES OF CRYPT2PAY ........................................................................................................................................4
1.2. PRESENTATION OF THIS MANUAL ...................................................................................................................................4
1.3. HARDWARE BASE ...........................................................................................................................................................5

1.3.1. Front panel description ...........................................................................................................................................6
1.3.2. Rear panel description.............................................................................................................................................6
1.4. SOFTWARE BASE ............................................................................................................................................................7
1.5. REFERENCE DOCUMENTS................................................................................................................................................9
2. INSTALLATION _____________________________________________________________________________ 10
2.1. INTRODUCTION.............................................................................................................................................................10
2.2. RECEPTION OF THE EQUIPMENT ....................................................................................................................................10

2.2.1. Reception of the documentation.............................................................................................................................10
2.2.2. Reception of the equipment....................................................................................................................................10
2.3. INSTALLATION ENVIRONMENT .....................................................................................................................................10
2.4. POWERING ON ..............................................................................................................................................................11
2.5. ADMINISTRATION SETUP ..............................................................................................................................................12
2.6. VERIFICATION OF CRYPT2PAY CONFIGURATION AND PARAMETER SETTING ..............................................................13
2.7. SETTING CRYPT2PAY PARAMETERS ...........................................................................................................................13
3. UTILIZATION AND ADMINISTRATION PRINCIPLES ___________________________________________ 15
3.1. USER PROFILES AND ACCOUNTS ...................................................................................................................................15

3.1.1. Profiles...................................................................................................................................................................15
3.1.2. Password management ..........................................................................................................................................16
3.1.3. User management initialization.............................................................................................................................16
3.2. BEHAVIOUR UNDER PARTICULAR EXTERNAL CONDITIONS ...........................................................................................17
3.2.1. Power supply cutoff ...............................................................................................................................................17
3.2.2. Line cutoff ..............................................................................................................................................................17
3.2.3. Intrusion (voluntary or involuntary)......................................................................................................................17
4. CRYPT2PAY ADMINISTRATION ______________________________________________________________ 18
4.1. OPENING AN ADMINISTRATION SESSION .......................................................................................................................18

4.1.1. Authentication........................................................................................................................................................18
4.1.2. Welcome menu .......................................................................................................................................................19
4.1.3. General principles .................................................................................................................................................20
4.2. APPLICATION MANAGEMENT ........................................................................................................................................21
4.2.1. "Download" sub-menu...........................................................................................................................................23
4.2.2. "Options" sub-menu...............................................................................................................................................26
4.2.3. "Set up Boot" sub-menu .........................................................................................................................................28
4.2.4. "Reboot" sub-menu ................................................................................................................................................29
4.3. SYSTEM MANAGEMENT - "SYSTEM" MENU ..................................................................................................................31
CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 TMII
4.3.1. "Time" sub-menu ...................................................................................................................................................34

4.3.2. "TCP/IP" sub-menu ...............................................................................................................................................35
4.3.3. "X.25" sub-menu ....................................................................................................................................................36
4.4. "TOOLS" MENU ............................................................................................................................................................37
4.4.1. "Log Setup" sub-menu ...........................................................................................................................................38
4.4.2. "Log forward" and "Log backward" sub-menus....................................................................................................39
4.4.2.1. Audit of administration operations ..................................................................................................................................... 39
4.4.3. "Checking of KCV " sub-menu...............................................................................................................................41
4.5. "USERS" MANAGEMENT ...............................................................................................................................................42
4.5.1. "Password" sub-menu............................................................................................................................................43
4.5.2. "Add" sub-menu .....................................................................................................................................................44
4.5.3. "Delete" sub-menu .................................................................................................................................................45
5. SECURITY PROCEDURES ____________________________________________________________________ 46
5.1. CUSTOMER PERSONALIZATION .....................................................................................................................................46

5.1.1. Principles of customer personalization .................................................................................................................46
5.1.2. Prerequisite............................................................................................................................................................46
5.1.3. Initiation of customer personalization ...................................................................................................................47
5.1.4. Operator dialogues ................................................................................................................................................48
5.1.5. Main menu of the customer personalization function ............................................................................................48
5.1.6. Stage 2 description : KM2BNT(x) key generation .................................................................................................49
5.1.6.1. KM2BNT(x) key generation and attributes input ............................................................................................................... 49
5.1.6.2. KM2bntx Key output on smart card ................................................................................................................................... 49
5.1.7. Stage 3 description : Introduction of KM2bntx from smart cards .........................................................................50
5.1.8. Personalization validation function.......................................................................................................................50
5.2. OPTIONS MANAGEMENT ...............................................................................................................................................51
5.2.1. Principles...............................................................................................................................................................51
5.2.2. Option files ............................................................................................................................................................51
6. TROUBLESHOOTINGS _______________________________________________________________________ 53
6.1. INTRODUCTION.............................................................................................................................................................53
6.2. PROBLEM REPORT ........................................................................................................................................................53
6.3. TROUBLESHOOTING .....................................................................................................................................................53
7. APPENDIXES ________________________________________________________________________________ 55
7.1. DESCRIPTION OF THE RJ45 CONNECTORS.....................................................................................................................55
7.2. DESCRIPTION OF THE DB9/RS 232 CONNECTOR ..........................................................................................................55
7.3. DESCRIPTION OF THE DB25-V11/V28 CONNECTOR .....................................................................................................56
7.4. CONFIGURING THE VXWORKS CONSOLE ......................................................................................................................57

7.4.1. Hardware...............................................................................................................................................................57
7.4.2. Configuring the hyperterminal ..............................................................................................................................57
8. MAINTENANCE SERVICE ____________________________________________________________________ 59
CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 TMIII
LIST OF FIGURES
Figure 1 View of CRYPT2Pay front panel .....................................................................................................................................6

Figure 2 View of CRYPT2Pay rear panel ......................................................................................................................................6
Figure 3 Principle of CRYPT2Pay administration.......................................................................................................................12
Figure 4 NetscapeTM cache management .....................................................................................................................................12
Figure 5 Password entry ..............................................................................................................................................................18
Figure 6 Administration home page.............................................................................................................................................19
Figure 7 Access control................................................................................................................................................................20
Figure 8 Application management ...............................................................................................................................................22
Figure 9 File downloading...........................................................................................................................................................25
Figure 10 File downloading ( browse).........................................................................................................................................25
Figure 11 "Uploading file" message ...........................................................................................................................................26
Figure 12 Options configuration..................................................................................................................................................26
Figure 13 CRYPT2Pay boot set up ..............................................................................................................................................28
Figure 14 BNTng reboot ..............................................................................................................................................................29
Figure 15 Diagram of the boot zones...........................................................................................................................................30
Figure 16 System management.....................................................................................................................................................33
Figure 17 Configuring date and time...........................................................................................................................................34
Figure 18 Configuring the TCP/IP network parameters..............................................................................................................35
Figure 19 Configuring the X25 network parameters ...................................................................................................................36
Figure 20 Tools ............................................................................................................................................................................37
Figure 21 Tools log Setup ............................................................................................................................................................38
Figure 22 Logs display.................................................................................................................................................................39
Figure 23 Selection of a key V7 format ........................................................................................................................................41
Figure 24 User management........................................................................................................................................................42
Figure 25 Change of password ....................................................................................................................................................43
Figure 26 Add a user....................................................................................................................................................................44
Figure 27 Deletion of users..........................................................................................................................................................45
Figure 28 Boot flow chart ............................................................................................................................................................47
Figure 29 Configuring the hyperterminal ....................................................................................................................................57
Figure 30 Configuring the hyperterminal (continued).................................................................................................................58
CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 4
1. INTRODUCTION
1.1. Objectives of CRYPT2Pay

In order to fight against fraud, CRYPT2Pay specifications have been defined in collaboration with the largest French
banks.
CRYPT2Pay is a high-performance HSM designed for banks. It can be used for payment authorization or issuing
functions:
• Authorization: It secures payment and withdrawal transactions using magnetic stripe cards and smart
cards.
• Issuance: It offers functions for generating secret codes, calculating cryptographic data and allowing the
personalization data preparation for magnetic stripe cards and smart cards.
CRYPT2Pay provides the solution to two vital needs:

• Security: The fight against fraud requires, among other things, calculation and checking of the
cryptographic data on the monetic servers. Hence the need for these systems to be connected to a means of
storing and processing the "secrets" in complete safety. The confidence in a payment system relies on this
module's resistance to attack.
• Performance.
CRYPT2Pay is designed using standard tried-and-tested off-the-shelf products, while benefiting from the latest
technological advances. It brings the advantages of economy of scale and reliability of widely distributed products.
Bull Services, a specialist in logic security, has put all the skill and experience it has acquired over the last decade into
the design of CRYPT2Pay secure module.
IMPORTANT
The attention of users and operators is drawn to the particular nature of CRYPT2Pay: it is an item of equipment that
fulfils a security function and the conditions of installation and operation influence the security of the data it contains. It
is therefore vital to comply with these instructions and those given by your Security Manager to guarantee the expected
security level.
CRYPT2Pay is the new commercial name of Bull's HSM, previously called "BNTng". "BNTng" may still be
encountered in product documentation or GUI.
1.2. Presentation of this manual

This document is CRYPT2Pay Reference Manual that is delivered with each HSM. The reference documents are listed
in 1.5 "Reference documents”.
Remark: The screen illustrations are provided for information only and do not necessarily represent the latest
version of the software.
CRYPT2Pay is a stand-alone security module that is connected to the host system by an X25 or TCP/IP link and is
administered from a browser on an administration workstation. Access to the administration application is controlled by
a login/password authentication mechanism for users who can have operator or administrator rights.
¾ CRYPT2Pay unit is shown in paragraph 1.3 "Hardware base "
¾ The instructions and procedures for reception, powering on, and verification of the initial configuring of
CRYPT2Pay are described in paragraph 2 "Installation"
¾ CRYPT2Pay account management principles are described in paragraph 3.1 User profiles and accounts
CRYPT2Pay has two software loading partitions in its non-volatile memory (Flash memory). The software supplied by
Bull and signed with a private key (Bull or Customer) is loaded into a partition from CRYPT2Pay Manager. The active
partition and the default booting partition are chosen from CRYPT2Pay Manager. The production software contains all
the functions described in CRYPT2Pay specification documents, but the commands can only be used by the host server
if they are authorized and activated. Authorization is controlled by an option flag controlled by Bull and possibly the
security manager. Activation is controlled from CRYPT2Pay Manager.
¾ The software and options are described in paragraph 1.4 "Software base"
¾ The software and option file downloading function are described in paragraph 4.2.1 "Download" sub-menu
¾ The choice of default boot partition is described in paragraph 4.2.3 “"Set up Boot" sub-menu”
In order to monitor its operation, CRYPT2Pay offers functions for displaying:

¾ Its system status (see 4.3 System management - "System" menu)
¾ Statistics concerning traffic over the low layers of the network (see 4.3 System management - "System" menu)
¾ Application frames exchanged with the host server (see 4.4.2 "Log forward" and "Log backward" sub-menu)
¾ Check values for keys loaded in the key memory (see 4.4.3 "Checking of KCV " sub-menu)
CRYPT2Pay is a security product that must undergo customer personalization by introducing into a protected memory
the master key of the equipment and associated information (key identifier). The option disabling mechanisms can also
be used for protection purposes, to limit the available functions solely to those necessary in CRYPT2Pay utilization
context, particularly when transporting it between two sites.
¾ The customer personalization procedure is described in paragraph 5.1 « Customer personalization »
¾ The options files are described in paragraph 5.2 « Option »
1.3. Hardware base

CRYPT2Pay consists of a casing accommodating the following three electronic boards (PCBs):
• A front panel PCB that manages the simplified man-machine interface.
• A rear panel PCB that manages the communication interfaces (RS232, Ethernet).
• A secure module PBC based on the MPC860 PowerQuicc processor (MOTOROLA) and the GCD
cryptography coprocessor (Philips).
A CRYPT2Pay HSM must be connected to the mains power supply, even it it's not used in production, in order
to keep its batteries charged.
1.3.1. Front panel description
E/S
BNTng
MARCHE ALIM RAZ
Serial No.: XPQ NT AA SS XXXX
Cust. ref.: XXXX
Figure 1 View of CRYPT2Pay front panel
MARCHE (ON): Red / Orange / Green light.

ALIM (POWER): Green light.
RAZ (RESET): Hole giving access to hard reset pushbutton.
E / S (I / O ): RJ45 connector for personalization operations or for the management and distribution of keys via an
external drive.
1.3.2. Rear panel description
V11/V28 DTE/DCE LINK RX/TX
X25 Ethernet RS232
Modèle : 76 610 249
Réf Client : xxxx
N/S : XPQNTAASSXXXX
V : 110/240 Hz : 50/60 A : 0,5/1

|
Nbre fils : 2 + terre
Figure 2 View of CRYPT2Pay rear panel
X 25
V11/V28 light: Red = V11, Green = V28
DTE/DCE light: Red = DCE, Green = DTE
Ethernet
RX/TX light: Red = RX, Green = TX
LINK/COL: Red = link
RS232
VxWorks console output, or printer connection (see appendix)
1.4. Software base

The security manager is provided with the following CRYPT2Pay software products:
• CRYPT2Pay production software (signed by Bull),
• Options files (signed by Bull, containing the authorized options for each CRYPT2Pay),
The KMC software (to be installed on a Linux PC) is also supplied with its documentation if it has been ordered (i.e. if
the customer does not use the services of a KMC of a grouping of banks).
CRYPT2Pay "usage profile"
A usage profile control mechanism is implemented in CRYPT2Pay:

• each CRYPT2Pay has a usage profile, stored in EEPROM during personalization,
• the usage profile corresponds to a defined set of options (i.e. of CRYPT2Pay commands),
• authorised options for each usage profile are defined in CRYPT2Pay software.
Usage Profile Description Authorised Options

AUTH Cryptographic functions for : BASIC
1. Authorisation server EMV_Authorize
2. Telepayment server B0'
3. ATM manager ANSI2
3D_Authorize
V6
COFINOGA
TEST (limited to AUTH profile
functions)
KMC Cryptographic functions for a Key BASIC
Management Centre. CGDC
ISSUE Cryptographic functions for ECBng Basic
EMV_Issue
TEST (limited to ISSUE profile
functions)
DATAPREP Cryptographic functions for personalization BASIC
data preparation server PKCS11
MAG_DataPrep
EMV_DataPrep
MONEO_DataPrep
TEST (limited to DATAPREP profile
functions)
BNUdev CRYPT2Pay for test purpose only COFINOGA
TEST (In this usage profile, activation
of TEST option enables to activate all
CRYPT2Pay options, except private
ones)
ACS Cryptographic functions for an authentication BASIC
server for e-Business transactions (This usage 3D_Issue
profile is not available in France)
MAILER Cryptographic functions for PIN mailers BASIC
(This usage profile is not available in France) PIN_Edit
PIN_Print
Usage Profile Description Authorised Options

MULTI Cryptographic functions for a multi-purpose BASIC, PKCS11
usage of CRYPT2Pay (This usage profile is EMV_Authorize
not available in France) ANSI2
3D_Authorize
AMEX_Authorize
CGDC
EMV_Issue
PIN_Generate
MAG_DataPrep, EMV_DataPrep
AMEX_Issue
3D_Issue
PIN_Edit, PIN_Print
FISC, MPCOS
TEST
1.5. Reference documents

The following specifications are available on request (restricted circulation):
• BNTng/V7/EN/LP51003 : CRYPT2Pay Command Interface,
• BNTng/V7/EN/LP51002 : CRYPT2Pay Cryptographic Principles,
• BNTng/V7/FR/LP51001 : CRYPT2Pay Data dictionary,
• BNTng/V7/FR/LP51120 : Technical and functional specification of BNTng EMV.
The following documents are provided with each CRYPT2Pay HSM:

• BNTng/V7/EN/LP54006: CRYPT2Pay Reference Manual (the present document),
• BNTng/V7/EN/WhitePaper : Introduction to CRYPT2Pay
• BNTng/V7/EN/LP54007 : CRYPT2Pay user's guide,
The following documents are provided with the KMC:

• KMC/LP54002: KMC User's Guide,
Remark: The document versions are likely to change; the list if regularly updated through the Technical Hardware and
Software Bulletin (THSB) issued to customers.
2. INSTALLATION
2.1. Introduction
This chapter describes the steps to follow to install a CRYPT2Pay HSM.
When, CRYPT2Pay is supplied for the first time, or is returned after in-factory maintenance, the Transport application
is loaded in each of the two boot partitions (A and B).
CRYPT2Pay has been configured by Bull with a default TCP/IP configuration and a software signature verification key.
At this stage it is "manufacturer personalized".
For CRYPT2Pay to be operational, it still has to be "customer personalized", an operation whereby the security
manager introduces the master key and the associated security data into CRYPT2Pay. This operation can be carried out
during installation on the production site or beforehand.
2.2. Reception of the equipment
2.2.1. Reception of the documentation

Documents provided with each CRYPT2Pay HSM are listed at §1.5 "Reference Documents"
2.2.2. Reception of the equipment

CRYPT2Pay is supplied in a sealed case, which itself is packed in cardboard packaging.
The case contains the following items:
• CRYPT2Pay,
• a mains power supply cable,
• manuals listed above (refer to §1.5),
• a case sealing bracelet (in case it has to be returned to the factory),
• the delivery order, where you will find default configuration parameters set by Bull.
As soon as the equipment is received, a specimen of the delivery order must be sent back to the supplier ;
the address of the supplier is indicated on the delivery order
IMPORTANT
CRYPT2Pay case must be able to be reused for future transportation if necessary (return to factory). Take care to store
this case with its sealing bracelet and reserve it solely for this purpose.
CRYPT2Pay delivery used by the KMC contains in addition an external SafePAD drive, its power supply module and
cable for connecting it to CRYPT2Pay. This external drive is used for introducing/outputting keys into/from the KMC,
and must also be used for the customer personalization of the other CRYPT2Pays.
2.3. Installation environment

CRYPT2Pay is a high-performance security peripheral. It must be placed in a suitable environment.
Place CRYPT2Pay horizontally on a stable support.
IMPORTANT
CRYPT2Pay features components that detect movement, vibration, and temperature and electric voltage out of nominal
operating ranges. These components are designed to make CRYPT2Pay secure.
It is essential:
- to provide a stable electrical power supply for CRYPT2Pay,
- not to move it once installed,
- to avoid positioning it near sources of vibration(1) or heat
- not to place anything on top of CRYPT2Pay.
It is recommended to place each CRYPT2Pay on its own dedicated and stable support.
2.4. Powering on
Switch on CRYPT2Pay using the switch (see: Figure 2 View of CRYPT2Pay rear panel).
IMPORTANT
The machine's safety device trips during transportation, therefore the "Marche" (On) light flashes red the first time it is
powered on.
CRYPT2Pay must be powered off then on again to cancel this safety alarm.
Once powered on, CRYPT2Pay initializes itself (this takes about 40 to 50 seconds), with the following sequence:
Boot:
At power on (or further to a hard reset – RAZ (RESET) button on front panel held depressed until the MARCHE (ON)
light becomes red), the MARCHE (ON) light is RED. CRYPT2Pay initiates a series of self-tests.
Self-tests:
At each self-test, the MARCHE (ON) light first lights up ORANGE before changing to GREEN.
If one of these self-tests fails, CRYPT2Pay switches the MARCHE (ON) light to flashing RED and remains flashing
RED as long as CRYPT2Pay is powered on.
If all the self-tests are successful, the light changes to ORANGE and CRYPT2Pay starts loading CRYPT2Pay software.
Loading:
The light is illuminated ORANGE throughout software loading. The light indicates the loading result once completed:
• the light normally changes to GREEN indicating that the application and administrative functions of CRYPT2Pay
are available.
• the light remains ORANGE if loading fails.
• the light flashes alternatively ORANGE and GREEN if CRYPT2Pay has not yet undergone customer
personalization. In this case, the external reader must be connected to the serial port on the front panel before
performing customer personalization, under the supervision of two security officers (see paragraph 5.1 Customer
personalization)
IMPORTANT
If the safety device trips (which can be caused by tilting, for example), CRYPT2Pay enters an alert status that is
signaled by the MARCHE (ON) light changing to flashing RED.
After analyzing and remedying the cause of safety device tripping, CRYPT2Pay alert status can be cleared by powering
it off then on again.
(1)
Air conditioning, places of frequent passage or readily accessible to uninformed cleaning personnel
2.5. Administration setup

CRYPT2Pay administration principle is as follows:
Hub
Administration station
Local Network
Figure 3 Principle of CRYPT2Pay administration
CRYPT2Pay is remotely managed from a workstation with WEB browser (minimum version : NetscapeTM 4.0, Internet
ExplorerTM 4.0). Bull recommends to use the NetscapeTM navigator. For a correct display, use the option of refreshing
the pages "every time".
Proceed as follows with NetscapeTM navigator :

• In sub-menu "Edit", select "Preferences".
• Select sub-menu "Advanced", and then click on "Cache".
• In the sub-menu 'document in cache is compared to document on network: ', select "Every time".
Figure 4 NetscapeTM cache management
HTML Pages are stored in HTTP server running on CRYPTPay.

To connect, the user gives his identifier and his password.
Note :
From the same administration station, CRYPT2Pay HSMs are managed one by one, by connecting a WEB browser to
CRYPT2Pay to be managed; thus, one can make only one URL request at the same time
2.6. Verification of CRYPT2Pay configuration and parameter setting

CRYPT2Pay is delivered (for the first time or following a maintenance action), with an application known as
"Transport Application". This application is loaded in each of the two boot partitions, A and B, of CRYPT2Pay.
IMPORTANT
Before any applicative handling on CRYPT2Pay, check the presence of the Transport Application in the two boot
partitions A and B. For that, switch twice CRYPT2Pay off and on. After each boot, CRYPT2Pay administration station
must be able to connect on the Web page "Remote loading" of the administration server of the Transport Application.
To check that CRYPT2Pay application is loaded in both areas, apply the following procedure:
1. Use a personal microcomputer operating under WindowsTM or Linux, equipped with a 10-Mbit/s Ethernet port
and featuring an Internet ExplorerTM or Netscape NavigatorTM browser
2. Connect CRYPT2Pay to the Ethernet port of the microcomputer by its RJ45 connector on the rear panel, using
a crossed Ethernet cable.
3. Configure the TCP/IP layers of the microcomputer to match the TCP/IP configuration of CRYPT2Pay (same
sub-network).
4. Open the browser.
5. Power on CRYPT2Pay and wait for the MARCHE (ON) light to illuminate steady GREEN (see para. 2.4
Powering on).
6. Logon to the administration of the Transport Application using the WEB browser by connecting to
CRYPT2Pay IP address, port 80: the page "Remote loading" of the Transport Application administration (first
partition, A or B) must be displayed.
7. Switch CRYPT2Pay off and on and wait until the POWER light illuminates steady GREEN (cf parag. 2.4
Powering).
8. Logon again to the Transport Application administration using the WEB browser using CRYPT2Pay IP
address (port 80) : the page "Remote loading" of the Transport Application administration must be displayed
(second partition, B or A respectively).
9. Switch CRYPT2Pay off
2.7. Setting CRYPT2Pay parameters

CRYPT2Pay is delivered with a number of default parameters that must be checked and possibly changed before
putting the equipment into operation in the production environment:
Administrator's identifier: admin (cannot be changed)

Administrator's password: root
IP address: Address configured during CRYPT2Pay manufacturer personalization
phase; it is indicated on the machine delivery order
IP Mask: Mask configured during CRYPT2Pay manufacturer personalization phase;
it is indicated on the machine delivery order
Port number (1) : Port Number configured during CRYPT2Pay manufacturer personalization
phase
Maximum number of connections 1
In addition, in X25 mode
X25 line mode: DCE
Use of logic channel number 0 No
(1)
TCP listening port number used by CRYPT2Pay for the application connections coming from the host system.
These parameters are changed using CRYPT2Pay administration interface described in the following chapter, which
implies having a CRYPT2Pay Manager connected to the same IP sub-network as CRYPT2Pay.
This administration is available only after loading of CRYPT2Pay production.
3. UTILIZATION AND ADMINISTRATION PRINCIPLES
3.1. User profiles and accounts
3.1.1. Profiles
CRYPT2Pay administration caters for 2 profiles:
• "Administrator" profile
• "Operator" profile.
These profiles have the following particularities:

• By default CRYPT2Pay has one and only one account with "Administrator" profile. The identifier of this
account is "admin". Its password is initialized with the value "root" at manufacturer personalization.
• The "Administrator" profile, like the other profiles, can change its own password.
• The "Administrator" profile can create / delete an account having an "Administrator" or "Operator" profile.
• The "Administrator" profile can reinitialize the password of all the other user accounts.
Warning: once changed, the "admin" password must be saved and kept in a safe place.
There can be a maximum of 6 user accounts, including the "admin" account.

Each identifier and password is limited to 20 alphanumerical ASCII characters.
The minimum length of a password is 5 characters, checked by CRYPT2Pay administration application.
List of rights according to user profile:
Administration Menu/Screen "Administrator" rights "Operator" rights

Passwords change Restricted Restricted
User management R / M (1) N.A.
Configuring CRYPT2Pay (boot area, date and time, etc.) R/M R
Configuring the network R/M R
Setting option parameters R/M R
Display of KCV R/M R/M
Downloading R/M N.A.
Soft reboot R/M R/M
Trace parameter setting and display R/M R/M
System status R R
Display of traffic R R/M
Meaning of abbreviations:
R/M The user has Read and Modification rights for this function.
Restricted "Administrator" and "Operator" profiles can only modify their own password.
R The user has Read-only rights for this function.
(1) "Administrator" accounts can re-initialize user account management. Consequently there
always remains at least one "Administrator" account.
N.A. This function is Not Accessible to this user.
3.1.2. Password management

When a user with "Administrator" or "Operator" profile enters an incorrect password at login, he/she is authorized 2
further login attempts.
If an incorrect password is entered 3 times in succession, the account is blocked.
Only an "Administrator" profile can unblock an "Administrator" or "Operator" account.
The number of connection attempts is stored in CRYPT2Pay RAM.
Thus, if all the accounts are blocked and nobody can login to CRYPT2Pay, the Security Officer can authorize rebooting
of CRYPT2Pay in order to reset the user counters and allow users to login to CRYPT2Pay again.
3.1.3. User management initialization

From the administration station, the initial administrator (admin) connects to the administration server. He authenticated
with login "admin" and default password. He can create other user accounts, with default passwords, and change
"admin" password.
Other users can then connect themselves and change their initial password.
User management is described in §4.5 "Users Management".
3.2. Behaviour under particular external conditions
3.2.1. Power supply cutoff

In the event of a power supply cutoff (or rebooting of CRYPT2Pay), the application traces are erased from CRYPT2Pay
memory.
CRYPT2Pay obviously cannot be used by the host or CRYPT2Pay Manager during the power cutoff.
When the power supply is restored, everything takes place in the same way as for powering on (see para. 2.4 Powering
on). CRYPT2Pay erases the keys and waits for the connection of a host and/or a CRYPT2Pay Manager.
3.2.2. Line cutoff

In the event of a break in the link with the host computer resulting in the detection of protocol disconnection by
CRYPT2Pay (after approximately 2 minutes), it waits for connection again.
3.2.3. Intrusion (voluntary or involuntary)

If CRYPT2Pay suffers one of the following attacks:
z impacts and attempts to move it,
z attempts to open it,
z temperature outside the range: -10°C to +65°C
(in fact anything that could subject CRYPT2Pay to stresses that breach the installation rules given in the installation
manual provided with CRYPT2Pay), CRYPT2Pay ceases to be operational until it is returned to service.
If it is possible to restore a satisfactory operating environment, the only way of making CRYPT2Pay operational again
is to switch it off then on again.
4. CRYPT2PAY ADMINISTRATION
4.1. Opening an administration session
4.1.1. Authentication
By connecting to the IP address of CRYPT2Pay on the HTTP port (80), the password entry window is accessed
(Figure 5. Window's look depends on the browser).
The user enters his identifier and password and then accesses the protected zone; this authentication process enables the
browser session. You have to close your browser to disconnect.
Figure 5 Password entry
If the identifier and the password are correct, CRYPT2Pay administration home page is displayed
(Figure 6).
4.1.2. Welcome menu

The following figure (Figure 6) illustrates CRYPT2Pay administration home page.
Figure 6 Administration home page
The strip at the top of all the administration screens indicates:

• the date and time,
• the usage profile configured during manufacturer personalization,
• the name and version of the active Application in CRYPT2Pay,
• CRYPT2Pay logical number (entered during customer personalization),
• the Dallas No.,
• authorized and active options
The main menu provides access to the different administration functions described in this manual.
• The functions accessible to all users are displayed in yellow (light grey).
• The functions reserved for administrators are displayed in orange (dark grey).
Four menus are proposed:

• The "Application" menu gives access to the functions for administration of the applications loaded into
CRYPT2Pay memory: downloading of an application or an options file, activation of options, setting the boot
configurations, rebooting CRYPT2Pay.
• The "System" menu gives access to the system configuration functions: date and time, setting TCP/IP and X25
communication parameters
• The "Tools" menu gives access to the tools for viewing the application logs and check values of the keys loaded
into CRYPT2Pay
• The "Users" menu gives access to the accounts and user profile administration functions.
The home page gives the choice of language used in the administration application ("Français" or "English" button).
4.1.3. General principles

The various screens can be printed from the browser menu.
The user can use the keyboard or the mouse to access the browser or CRYPT2Pay administration tool menus.
All the pages contain a single frame divided into three sections, from top to bottom:
• The strip providing general identification information on CRYPT2Pay
• The menus and sub-menus of the administration application
• An information page (associated with a menu) or a data entry page (associated with a sub-menu).
If an operator user attempts to access a page that is accessible via an orange button (i.e. a page to which only an
administrator profile is authorized access), access is denied and the following page is displayed:
Figure 7 Access control
Note: depending on the browser, the user may be requested to connect as an administrator (password entry window is
displayed). Windows look and feel depend on the browser.
4.2. Application management

CRYPT2Pay has two distinct boot partitions: A and B, each of which can contain a version of CRYPT2Pay
Application.
Each boot partition is assigned a status that can take 2 values:
• "bootable": an application has been loaded into this partition and CRYPT2Pay has already booted on this
partition,
• "Test": an application has been loaded into this partition but CRYPT2Pay has never yet booted on this partition,
In addition, one of these two partitions has the attribute "boot partition at power on".
Rules for downloading a new application

For security reasons, the Application is always downloaded into the partition that is not the "boot partition at power on'.
If downloading of an application takes place correctly, the partition used takes "Test" status,
If the reboot on this partition takes place correctly, the partition used takes the value "bootable" (and its version number
is displayed on the administration screens), but it does not become the "boot partition at power on"!
If the user wants to use this new version permanently, he/she must change the boot partition at power on. Otherwise
CRYPT2Pay keeps booting on the former boot partition.
These mechanisms make it possible to change Application version while keeping the former version valid.
To summarize, changing version requires the following steps:

1. "Download" sub-menu:
- Download the file containing the signed application to the partition X (A or B) that is not the "boot partition
at power on",
2. "Reboot" sub-menu:
- Choose partition on which new Application was downloaded: select the associated radio button ,
- Reboot CRYPT2Pay clicking on "Reboot" button
- Perform the integration and/or non-regression tests in the test environment.
3. "Boot configuration" sub-menu:
- Change the "boot partition at power on" (press the non-selected radio button and apply the change).
4. "Reboot" sub-menu:
- Boot on the (new) partition by default (click on the "Reboot" button).
After this last operation, and until the next software downloading, it is still possible to return to the old software version
by changing the "boot partition at power on".
The production software contains all the functions described in CRYPT2Pay specification document, but the commands
can only be used by the host server if they are authorized and enabled.
The option files are created by Bull. They contain the list of machines for which the option(s) is (are) authorized: the
machines are identified by their Dallas number.
Figure 8 Application management
The page associated with sub-menu "Application" is divided into three parts:
1. Versions and Boot partitions

For each one of partitions A and B, are specified :
• the name and version number of application in the partition; after the loading of application on a partition, and
as long as CRYPT2Pay did not reboot on this partition, the value "unknown" is displayed
• partition state :
- active/idle: the partition on which CRYPT2Pay booted is "active"; the other partition is "idle",
- default/temp: "default" indicates the partition by default on which CRYPT2Pay will reboot; the other
partition is "temp",
- bootable/test: after the loading of an application on a partition, and as long as CRYPT2Pay did not reboot
on this partition, the partition is in the state "test". after a successful boot of CRYPT2Pay on the partition
"test", the state of the partition becomes "bootable"
2. Options
This part indicates functional profile of CRYPT2Pay (see the list of the profiles in the paragraph 1.4 Software bases)
and options:
• Available: authorized options downloaded from an options file (but possibly not activated),
• Active: activated by administrator among available options,
• Authorized: available options that can be activated by administrator (possibly not downloaded but available
due to activation of another option, ex.TEST, or always available, ex. WATCHDOG),
• Loaded: options actually charged by the production software (the corresponding functionality's can be used
by the server).
3. KM2bntx
Identifier and control value of the master key KM2bntx are specified in this part of the page.
"Application" menu gives access to the administrative functions of the application loaded in the memory of
CRYPT2Pay. It includes four sub-menus :
• "Loading" sub-menu : Remote loading of an application, a KSLp key (signature verification) or an options file,
• "Options" sub-menu: Activation or deactivation of options,
• "Boot" sub-menu : Choice of the default boot partition
• "Reboot" sub-menu: Reboot of CRYPT2Pay
4.2.1. "Download" sub-menu

The "Download" sub-menu is used to download files to CRYPT2Pay:
• File containing a new application in CRYPT2Pay :

This file is signed beforehand at the KMC (Key Management Center) by the KSLs key (private software
signature key) corresponding to the public key loaded in CRYPT2Pay.
Each version of CRYPT2Pay software is provided as a file named VWXX-YYZ.bin where:

W Version number
XX Revision number
YY Technical status number
Z Version marker ("D" for "Distribution France", "I" for "International", “X” for “Transport
Application”)
After successful downloading, the new version is recorded in CRYPT2Pay.
If an incident occurs during downloading, the current version is maintained. Downloading of the new version
must be started over again.
IMPORTANT
To avoid any regression, it is recommended to load the same software version into the two partitions A and B
of CRYPT2Pay before proceeding to the production phase.
• Option update file:

Options files are delivered on a diskette including three files:
- readme.txt: file describing the contents of the diskette
- cccc_pppp_wxx_ooo-nn.opt: options file (not signed)
- cccc_pppp_wxx_ooo- nn.ksl: signed options file
with :
cccc Customer code
pppp Profile code
w Major version number
w Release version number
ooo Options code
nn Options file release number
After a successful loading, only options authorized in the options file will be authorized in CRYPT2Pay, others
options being prohibited (except for WATCHDOG option which is always available).
The administrator must activate the newly authorized options.
IMPORTANT
Before getting out CRYPT2Pay of its protected installation site (for a transfer between sites or a equipment
return), it is recommended, as a preliminary, and so far as CRYPT2Pay is in a state which allows it, to
remove all CRYPT2Pay options and/or to download the Transport application on A and B partitions.
Figure 9 File downloading
The user must indicate the full path of the file to download. This can be done in two different ways:
• either by writing the entire path in the text zone,
• or by pressing the " Browse" button.
If the user presses the "Browse" button, a new window is displayed (Figure 10) through which the drive, directory and
then the file to download can be selected.
Figure 10 File downloading ( browse)
After selecting the file to download, the user presses "Open" and the complete path of the selected file is displayed in
the text zone.
The user definitively confirms the choice by clicking on " Download", then waits for the message "Check OK –
Complete" to be displayed
Figure 11 "Uploading file" message
4.2.2. "Options" sub-menu

The "Options" sub-menu allows the available options of CRYPT2Pay to be enabled or disabled. Unavailable options are
not proposed to the administrator for enabling.
Enabled options are ticked, while disabled options are not. The functions controlled by an enabled option can be used
by the host server, whereas the functions controlled by a prohibited or disabled option cannot be used.
IMPORTANT
It is recommended to enable only the options that are necessary for the server. More specifically, the "KMC"
option must only be enabled when CRYPT2Pay is used by the KMC.
Figure 12 Options configuration

The user can tick or untick the options. He then registers the desired options by clicking on the "Submit" button.
CAUTION: The options are unticked by default.

Once the options have been ticked (or respectively unticked) and registered, they become
immediately active (or respectively inactive).
Remark: In order for CRYPT2Pay to be able to be used as an HSM of a KMC, CRYPT2Pay must be authorized to
do so, that is to say that the "KMC" option must be displayed and ticked.
"Watchdog" option
The "watchdog" option enables an internal CRYPT2Pay monitoring mechanism that causes automatic rebooting in the
event of blocking of the host server's command processing application.
In order to avoid unexpected reboot, Watchdog option must be set only on request for Bull
Services.
"Test" option
The "Test" option is a specific option that gives access to all the functions of CRYPT2Pay in a test environment. When
this option is enabled, all the existing options are available in CRYPT2Pay (except for the private options), but always
in a test environment (with test keys).
"Logical number" option
The "Logical number" option is a specific option that allows the test logical number to be set to the value 3210 in a test
environment, the value by default being 0000.
For 3210 value, it is necessary, first, to select the Test option, and then, in second time, select "3210".
4.2.3. "Set up Boot" sub-menu
Figure 13 CRYPT2Pay boot set up
Page associated with "boot configuration" sub-menu details for each partition A and B :
• the name and version number of application in the partition;
"Boot configuration" sub-menu enable to modify the default partition on which CRYPT2Pay will reboot.
To change the default boot partition, it is necessary:

- to change this default boot partition by selecting the radio button not selected
- to click on the "Apply" button
4.2.4. "Reboot" sub-menu

This sub-menu is used to reboot CRYPT2Pay on a selected partition.
Figure 14 BNTng reboot
Page associated with the sub-menu "Reboot" details for each partition A and B :
• the name and version number of application in the partition;
To change the default starting partition, it is necessary :

- to choose the partition on which the new application was downloaded : select the corresponding radio button,
- to start again CRYPT2Pay by clicking on the button "Reboot"
Reboot of CRYPT2Pay on a new version of application:

After loading a new version of application, the partition on which it was downloaded is "idle, temp, test".
To reboot CRYPT2Pay on the partition containing this new application, it is necessary:
- to select the partition on which the new version of the application was downloaded by clicking the
corresponding radio button
- to reboot CRYPT2pay by clicking on the button "Reboot"
Example illustrating `active' and ` default' states of the two CRYPT2Pay boot partitions:
Boot partition active partition
Submenu « Reboot » :
- Select partition B
- Reboot
Submenu «Boot Configuration » :

OFF/ON
- Select partition B
- Apply
OFF/ON A
B
A
Submenu « Reboot » :
OFF/ON
- Select partition A
- Reboot
A
A
B
B
Submenu « Boot Configuration» :

- Select partition A
OFF/ON
- Apply
OFF/ON
A
A B
Figure 15 Diagram of the boot zones
4.3. System management - "System" menu

The page associated with the "System" menu presents information:
¾ on the status of the system and the communication interfaces:
• list and status of active processes,
• CRYPT2Pay memory occupation status,
• Ethernet and X25 communication interfaces status
¾ on the IP and X25 traffic:

• characteristics of the IP network (IP address, mask, etc.),
• characteristics of the X25 network,
• IP traffic (number of packets received correctly or incorrectly, etc.),
• X.25 traffic (number of packets received correctly or incorrectly, etc.).

Use CV 0 : no
Default Window packet size : 2
Default packet size : 128
Frame level, X25 State:

Nb of tries before disc (N2): 10
Disconnect time-out (T1) : 1400 ms
Retry time-out (T3) : 10000 ms
Physical level, X25 State:

Line type : V.24/V.28
Role : DTE
Clock rate : 19200 bps
Traffic
IP Ethernet interface
cpm (unit number 0):

Flags: (0x8063) UP BROADCAST MULTICAST ARP RUNNING
Type: ETHERNET_CSMACD
Internet address: 100.0.0.1
Broadcast address: 100.0.0.255
Netmask 0xff000000 Subnetmask 0xffffff00
Ethernet address is 08:00:38:80:12:f9
Metric is 0
Maximum Transfer Unit size is 1500
4361791 octets received
974340 octets sent
18258 packets received
18017 packets sent
2942 non-unicast packets received
229 non-unicast packets sent
15316 unicast packets received
17788 unicast packets sent
0 input discards
0 input unknown protocols
0 input errors
0 output errors
0 collisions; 0 dropped
IP Statistics
total 17808
badsum 0
tooshort 0
toosmall 0
badhlen 0
badlen 0
infragments 0
fragdropped 0
fragtimeout 0
forward 0
cantforward 0
redirectsent 0
unknownprotocol 0
nobuffers 0
reassembled 0
outfragments 0
noroute 0
ARP Table
LINK LEVEL ARP TABLE

Destination LL Address Flags Refcnt Use Interface
---------------------------------------------------------------------
100.0.0.10 00:03:47:e3:e0:63 0x8405 3 16299 cpm0
---------------------------------------------------------------------
X25 Statistics
recieved : 65535
sent : 65535
Processus
NAME ENTRY TID PRI STATUS PC SP ERRNO DELAY

---------- ------------ -------- --- ---------- -------- -------- ------- -----
tRootTask 161cc 7ffe00 0 PEND 160070 7ff840 c0002 0
tExcTask 148354 7eb718 0 PEND 16a334 7eb5f8 0 0
tLogTask 14e8f0 7e8d30 0 PEND 16a334 7e8c20 0 0
SM 93dc8 6c0fd8 10 PEND 16a334 6c0e88 0 0
PHDL 93eb4 6c5f88 20 PEND 16a334 6c5e38 0 0
to_httpd 57d5c 6bdd08 49 PEND 160070 6bdc28 0 0
tNetTask 130dc4 7aace0 50 READY 160070 7aabf0 0 0
httpd 58f74 73cd58 50 READY 1650ac 73c658 d0003 0
BNTngApp 170f8 73ab80 60 PEND 160070 73a6d0 3d0002 0
X25 93fa0 6c37b0 70 PEND 16a334 6c3660 0 0
BKGD 88420 6bea68 127 READY 164a28 6be9b8 0 0
Memory
FREE LIST:
num addr size
---- ---------- ----------
1 0x006bd180 24
2 0x006bdf90 16
3 0x0074da30 16

4 0x001c5e00 5206880
5 0x007fa000 568
6 0x007f8000 4088
7 0x007f6000 4088
8 0x007f4000 4088
9 0x007f2000 4088
10 0x007f0000 4088
11 0x007ee000 4072
12 0x00796000 2768
13 0x00720000 2704
14 0x00718000 4000
SUMMARY:
status bytes blocks avg block max block
------ ---------- --------- ---------- ----------
current
free 5241488 14 374392 5206880
alloc 1264040 222 5693 -
cumulative
alloc 49266448 44315 1111 -
Secure key storage

------ ---------- --------- ---------- ----------
current
free 286200 1 286200 286200
alloc 504 9 56 -
cumulative
alloc 967736 1225 789 -
X25 messages partition

------ ---------- --------- ---------- ----------
current
free 21424 2 10712 21176
alloc 4960 20 248 -
cumulative
alloc 6696 27 248 -
X25 buffer partition

------ ---------- --------- ---------- ----------
current
free 259024 2 129512 254504
alloc 58760 13 4520 -
cumulative
alloc 76840 17 4520 -
Figure 16 System management
"System" sub-menu gives access to CRYPT2Pay administrative functions :

• "Date/time": Adjustment of date and time of CRYPT2Pay,
• "TCP/IP": TCP/IP configuration,
• "X25": frame and network layers configuration
4.3.1. "Time" sub-menu

The window displays the current date and time of CRYPT2Pay.
Figure 17 Configuring date and time
The user can change these parameters if necessary.
The user presses the "Submit" button to confirm the entry
4.3.2. "TCP/IP" sub-menu

This sub-menu displays the current TCP/IP parameters.
The following parameters can be modified:

• IP address,
• Network mask
• Port number,
The "port number" parameter relates to the link between the host system application and CRYPT2Pay.
The user validates the modifications by clicking on the "Submit" button.
The modifications are taken into account by CRYPT2Pay after a REBOOT.
Figure 18 Configuring the TCP/IP network parameters
4.3.3. "X.25" sub-menu

This sub-menu serves to view and modify the X25 parameters for each of the three levels:
• Physical level,
• Link level,
• Network level.
Figure 19 Configuring the X25 network parameters
Physical level:
The user configures the following fields:
• the line mode: V.24/V.28 or X.24/V.11,
• the line role: DCE or DTE,
• the incoming or outgoing clock. If it is outgoing, the user must select one of the following values: 2400, 4800,
9600, 19200, 48K, 56K, 64K, 128K or 256K.
Link level:
The user can view and modify the following parameters:
• the number of frame repetitions before disconnection,
• the timeout on frame repetitions before disconnection,
• the timeout on frame acknowledgement before disconnection.
The timeouts are expressed in ms and can be on 5 digits.
Network level:
Only one logical channel is used. The user can choose to use logical channel number 0 by ticking "YES".
The other parameters can be modified, namely:
• the default packet window size: the number can vary from 2 to 7.
• the packet size, which equals one of the following values: 32, 64, 128, 256, 512, 1024, 2048, 4096.
The user validates all the modifications by clicking on the "Submit" button.
The modifications are only taken into account by CRYPT2Pay after a REBOOT.
4.4. "Tools" menu
Figure 20 Tools
The page associated with the "Tools" menu shows information on the application statistics:
• the number of negative replies to code verification requests,
• the number of code verification requests,
• the number of negative replies to CVV or CVC verification requests,
• the number of CVV or CVC verification requests,
The "Tools" menu gives access to the tools for managing the logs and auditing CRYPT2Pay keys:
• "Log Setup" sub-menu: Setting up the log of exchanges between CRYPT2Pay and the host,
• "Log forward" and "Log backward" sub-menus: Display of the log of exchanges between CRYPT2Pay and the
host,
• "Checking of KCV " sub-menu: Audit of keys loaded in CRYPT2Pay memory.
4.4.1. "Log Setup" sub-menu
Figure 21 Tools log Setup
The user can

• configure the information to be logged:
• No log
• Application requests
• X.25 activity
• clear the content of the log (by ticking on the "Clear" box).
The choice is confirmed by pressing the "Submit" button.
4.4.2. "Log forward" and "Log backward" sub-menus

This menu allows display of the log (forward or backward) recording application exchanges between CRYPT2Pay and
the host.
Figure 22 Logs display
This page displays logs of commands sent by the monetic server and the response returned by CRYPT2Pay.
It also displays the actions performed during CRYPT2Pay administration.
4.4.2.1. Audit of administration operations
"Log" sub-menu described above allows audit of the following administrative actions, be the log of the applicatives
requests activated or not :
• Loading,
• Options,
• Boot configuration ,
• Reboot,
• Date/time,
• TCP/IP,
• X25,
• Trace parameters
• User add,
• User delete,
• Password change,
Backup of these audit logs is done by saving the generated log page using the saving functions of the Web browser..
Loading
record : 00000002, date : TUE MAY 04 15:58:00 2004
Download software complete
Options
From : 126.111.5.33/80, user : admin
Change options activation to 84000002 done
Boot configuration
From : 126.111.5.33/80, user : admin
Change default boot partition to B done.
Reboot
POST MORTEM MSG : Power on or HW watchdog timeout
Date/time
From : 126.111.5.33/80, user : admin
Change Date to 04.05.2004/15.59 done
TCP/IP
From : 126.111.5.33/80, user : admin
Change ip params "126.111.5.119/255.255.253.0:2001" done

From : 126.111.5.33/80, user : admin
Change Nb Connexions to 1 done
X25
From : 126.111.5.33/80, user : admin
Change X25 clock rate to 9600 bps done.
Log configuration
From : 126.111.5.33/80, user : admin
Change log mask to 0xF800 done
Add (user)
From : 126.111.5.33/80, user : admin
Add user "user2" done
Delete (user)
record : 0000000D, date : TUE MAY 04 16:01:57 2004
From : 126.111.5.33/80, user : admin
Remove user "user2" done
Password (change)
record : 0000000A, date : TUE MAY 04 16:00:12 2004
From : 126.111.5.33/80, user : admin
Change password for user "admin" done
4.4.3. "Checking of KCV " sub-menu

The "Checking of KCV" sub-menu is used to obtain KCV (Key Check Value) of keys loaded in CRYPT2Pay.
The KCV is displayed once the user has entered the key identifier and confirmed it.
The KCV of a key corresponds to the encryption of an 8 bull byte block by the key.
Figure 23 Selection of a key V7 format
4.5. "Users" management

Any user with "administrator" profile has access to the user management page. He can create, unblock, delete or display
the list of users.
Note: It is not possible to change another user's password. If a password is lost, the user must be deleted and recreated.
An operator can only change his own password.
Figure 24 User management
4.5.1. "Password" sub-menu

The "Password" sub-menu allows a user to change his own password.
Figure 25 Change of password
The old password must be entered in order to be authorised to choose a new one.
The new password must be entered twice in succession and then confirmed.
4.5.2. "Add" sub-menu

The "Add" sub-menu enables the administrator to create a new user, within the limit of CRYPT2Pay's capacity, and to
assign that user a profile and an initial password.
Figure 26 Add a user
4.5.3. "Delete" sub-menu

The "Delete" sub-menu enables the administrator to delete one or more users or to reinitialize user account management
(i.e reset "admin" password to "root" and delete other accounts).
Figure 27 Deletion of users
5. SECURITY PROCEDURES
5.1. Customer personalization
5.1.1. Principles of customer personalization

Customer personalization consists in introducing into CRYPT2Pay:
• The master key (KM2bntx)
• The identifier of CRYPT2Pay owner (IdP)
• The logical number of CRYPT2Pay
• The version number (NK) of the master key.
This information is introduced into the protected memory (SRAM) of CRYPT2Pay and can also be copied to the
EEPROM through the "customer personalization confirmation" operation, which avoids having to perform a new
personalization each time the security mechanism is triggered.
This information is read from the KM2bntx key-carrying cards held by the two security officers. Each card can contain
up to 15 elementary files, identified by an index between 01 and FF, and each containing a key component.
The KM2bntx key can be generated and the key-carrying cards created:
• either on the KMC
• or by CRYPT2Pay itself at the beginning of the customer personalization procedure, if key generation is required.
5.1.2. Prerequisite
CRYPT2Pay application must be loaded on the boot partition.
Before starting CRYPT2Pay, it is necessary to connect its Safepad , using a staight cable.
The RJ45 slot to connect this cable is located on CRYPT2Pay front panel.
Caution: One should not connect the external power supply of Safe pad, the power supply is provided by CRYPT2Pay.
5.1.3. Initiation of customer personalization

When CRYPT2Pay is booted, it checks the customer personalization flags to trigger the personalization procedure if
necessary:
Customer Perso Data in SRAM? No

Curtomer Perso Data in
No
EEPROM?
Yes
Main Menu of Cutomer

Perso function Copy of customer perso data from
1 - Start EEPROM to SRAM
2 - Generate key ? Yes
KM2bntx key generation

and attributes input
No KM2bntx key output on

smart card
3 - Input key ? Yes

Introduction of KM2bntx
from smart card
Yes
Copy of personalisation data in SRAM
Display introduction
results
Valid perso ?
No No
Oui
Copy of personalisation data in EEPROM
5 - Display
personalization result
Start application using data in

SRAM
Figure 28 Boot flow chart
5.1.4. Operator dialogues

When the customer personalization operations are performed on the external drive, the VAL, COR and ANN
keys are managed as follows
Key Meaning Conditions of use Effect
VAL Confirmation Confirmation of an operation or entry of a Confirmation of operation and proceeding
complete element (for example the key is to next operation
inactive when entering a key index as
long as an index value has not been
entered)
COR Correction When entering an element Erasing of last character entered
ANN Cancellation When choosing an optional function Skipping the optional function and
(example GENERATE KEY) proceeding to next step of operation
Other cases Cancellation of the operation
All the operator entries are protected by a 2-minute timeout. After expiry of the timeout the operation is
completely cancelled.
5.1.5. Main menu of the customer personalization function

Stage 1. Dialog initialisation
« PERSONALIZATION »
VAL:START»
Confirmation by the user to start the customer personalization function. (VAL is the only authorized action)
Stage 2. KM2BNT(x) key generation
« VAL:GENERATE KEY
ANN:SKIP»
Confirmation to start the KM2bntx key generation and attributes input, then the KM2bntx key output on smart
card, or cancellation to go directly to step 5
Stage 3. KM2BNT(x) key introduction
« VAL:INPUT KEY
ANN:SKIP»
Confirmation to start the introduction of KM2bntx key introduction from smart card then the personalization
validation or cancellation to go directly to step 5
Stage 4. Customer personalisation validation
Stage 5. Display of key introduction final result
Personalization successful and accepted by Personalization failed or rejected by user
user
« PERSONALIZED « NOT PERSONALIZED
VAL: START APPLI» VAL: START APPLI »
Confirmation to start the host server command processing application, with the master key loaded into the
SRAM (If no master key has been loaded into the SRAM, only test mode operation is possible).
Note: Stages 2 to 4 are described in the following paragraphs
5.1.6. Stage 2 description : KM2BNT(x) key generation
5.1.6.1. KM2BNT(x) key generation and attributes input

1. Entry of CRYPT2Pay logical number on 4 hexadecimal digits:
« LOGICAL NB : ?
####»
The logical number 0000 is reserved for operation in test mode. Entry of this value causes return to state 1 after
flashing display of the message « ILLEGAL NB ».
2. Entry of CRYPT2Pay owner's identifier (IdP) on 10 hexadecimal digits:

« IDP : ?
########## »
3. Entry of the KM2bntx key number on 2 hexadecimal digits:
« KEY VERSION : ?
##»
Note: In the above description the # characters represent the characters entered by the operator.
5.1.6.2. KM2bntx Key output on smart card

Generation and Output of the KM2bntx key whose identifier is recovered from the preceding information (IdC =
300000nnnn00000000000000 where nnnn is CRYPT2Pay logical number). The operator dialogue is described below.
The key is output as two DES components on an ISO7816 support.
In the dialogue with the safe pad, when PIN code is entered, two cases occur :
1) smart card is used for the first time: the operator enters the initial PIN which was set during card personalization.
Then he/she enters the new code (code PIN chosen by the operator) twice to confirm the new code.
2) smard card has already been used: the operator enters the PIN, only once, if it is correct.
For each component (1 ≤ I ≤ 2) :

1. Display:
« KEY PART I :
INSERT CARD »
2. Insertion of key-carrying card by card holder
3. Card reset, verification of answer to reset and automatic recognition of card type (supported card, personalized, not
blocked, not mute)
4. Entry of PIN code (trial number « e »)
« KEY PART I :
CODE (e) ? »
5. Confirmation of PIN code
6. PIN code verification and return to step 4 if necessary (if PIN code is incorrect)
7. If the PIN code has never been changed since card personalization, a new PIN code is entered twice (e = 1 to 2).
Card PIN is changed if the two entries are identical (iteration of step 7 as long as the two entries 1 and 2 are not
identical):
« CHANGE PIN :
NEW CODE (e) ? »
8. Choice of key index on the card (iteration of entry as long as the value is not between 1 and FF and the elementary
file already exists on the card):
« KEY INDEX : ?
## »
9. Creation on the card of the elementary file corresponding to the index and recording of the key component in this
file
10. Remove the card and proceed to next card holder:
« KEY PART I OK
REMOVE CARD »
5.1.7. Stage 3 description : Introduction of KM2bntx from smart cards

Introduction of the KM2bntx key. The operator dialogue is described below. Introduction is performed from two DES
components.
This function returns

• a non-null error code and additional information in the event of an introduction error
• or a null error code with the value of the KM2bntx key, the IdP, the logical number of CRYPT2Pay (recovered
from the IdC) and the NK of the KM2bntx key, the KCV of the key.
For each of the components (1 ≤ I ≤ 2) :

1. Display:
« KEY PART I :
INSERT CARD »
2. Insertion of the key-carrying card by the card holder
3. Card reset, verification of answer to reset and automatic recognition of type of card (supported card, personalized,
not blocked, not mute)
4. entry of PIN code (trial number « e »)
« KEY PART I :
CODE (e) ? »
5. Confirmation of PIN Code
6. PIN code verification and return to step 4 if necessary (if PIN code is incorrect)
7. Choice of key index on card (iteration of entry as long as the value is not between 1 and FF):
« KEY INDEX : ?
## »
8. If it is an ISO7816 card: Selection of the application file on the card, selection and reading of the elementary file
containing the component.
9. If it is a B0’ card: Search for and reading of the service provider block containing the component.
10. Reading and checking of the information concerning the key selected on the card.
« KEY PART I OK
REMOVE CARD »
5.1.8. Personalization validation function

1. If introduction of the master key from cards (above function) has returned a non-null error code, this error code and
any complementary information (« C1C1C1C1C1C1C1C1») are displayed. The operator strikes VAL or ANN
key to exit the function:
« ERROR CODE ####
C1C1C1C1C1C1C1C1 »
2. If introduction of the master key is successful, the information is copied to the SRAM and the IdP and logical
number of CRYPT2Pay are displayed on 10 and 4 hexadecimal digits respectively:
« IDP: ##########
LOGICAL NB: #### »
3. Confirmation by the operator to proceed to display of the number and KCV of the KM2bntx key on 2 and 6
hexadecimal digits respectively:
« KEY VERSION: ##
KCV : ## ## ##»
4. Confirmation by the operator to proceed to the customer personalization confirmation option:
« VAL:VALID PERSO
ANN:SKIP »
5. If confirmed, the customer personalization information is copied to the EEPROM. If cancelled, the data remain in
the SRAM and can be used by CRYPT2Pay application until the next triggering of the security mechanism.
6. In the event of an EEPROM write error, an error message is displayed and must be confirmed by the operator to
exit the function:
« WRITE ERROR
»
5.2. Options management
5.2.1. Principles
The software applications are provided by Bull signed with a software signature private key. The corresponding public
key was introduced into CRYPT2Pay EEPROM during manufacturer personalization.
The options files allow some commands in CRYPT2Pay to be enabled or disabled. These files must be signed by the
Bull options signature key and then countersigned by the software signature key.
The file provided by Bull and containing options can be loaded directly from CRYPT2Pay Manager (administrator
task).
It is recommended to only enable those options necessary for CRYPT2Pay use cases. For example, the "KMC" option
that allows the use of the extended key management functions should only be enabled when CRYPT2Pay is used by the
KMC, and should be disabled when CRYPT2Pay is used by an authorization server for transaction management.
When transporting CRYPT2Pay between two of the Customer's sites, it is recommended to disable the BASIC option to
render CRYPT2Pay unusable during transportation outside protected premises and/or to download Transport
Application on A and B partitions.
5.2.2. Option files

The options file is in ASCII text format. End of line may be "\n" or "\n\r". It is case insensitive.
Blank lines or lines containing only spaces are ignored. The text that follows the '#' character is ignored. The space and
tabulation characters are ignored.
The first line of the file contains the software version:

Profil BNU : version V705
The file contains a line specifying the usage profile of CRYPT2Pay to which the file is applicable :
usage_profile=<functional profil>
The file must contain at least one line specifying a Dallas number:
dallas=<numéro de dallas hexa> # XPQNTnnnn NUM mmmm
This line may be complemented (comment) by the machine serial number: XPQxxxxxxxxx, logical number and
possibly security module serial number.
The file can contain several DALLAS numbers. The options will be applicable to the CRYPT2Pays whose number
corresponds to one of these lines.
It can contain one or more of the following lines:

BASIC=yes | no # Basic cryptography
EMV_A=yes | no # EMV & Magstripe authorize
PKCS11=yes ou no # Cryptographic functions
ANSI2=yes | no # ANSI 2 specific functions
3D_A=yes | no # 3D Secure & SPA/UCAF cryptogram verification
AMEX_A=yes | no # AMEX Check value verification
EMV_I=yes | no # EMV & Magstripe Issue
AMEX_I=yes | no # AMEX check value computation
PIN_E=yes | no # PIN Edit
PIN_P=yes | no # PIN Print
3D_I=yes | no # 3D Secure & SPA/UCAF cryptogram computation
MAG_DP=yes ou no # Magstripe Data Preparation
EMV_DP=yes ou no # EMV Data Preparation
MONEO_DP=yes ou no # MONEO Dataprep(e-purse) reload – France only
CGDC=yes | no # CGDC
MPCOS=yes | no # MPCOS cards
FISC=yes | no # FISC cards
TEST=yes | no # Test
These lines cause the option to be set to "1" if the value is "yes" and disable the option in the profile if it is "no". If an
option is indicated more than once, the change is rejected for the entire file.
6. TROUBLESHOOTINGS
6.1. Introduction
The aim of this chapter is to give the user a means of determining the source of errors in case of CRYPT2Pay failure.
In normal situation, CRYPT2Pay requires no regular maintenance operations.
This chapter is divided into two sections:
1. Problem report
2. Troubleshooting
IMPORTANT
CRYPT2Pay unit features opening detection devices that definitively erase the sensitive information it contains.
Any intervention requiring opening of CRYPT2Pay unit must be performed by Bull Services.
6.2. Problem report

CRYPT2Pay signals troubles through indicator lights on the front and rear panels.
Except during initialization phase (see para. 2.4), the MARCHE (ON) and ALIM (POWER) lights on the front panel are
illuminated steady Green, and the rear panel lights are illuminated in the color indicated in paragraph 1.3.2 “ Rear
panel”. Otherwise, CRYPT2Pay is not operational.
6.3. Troubleshooting
Remark: When an error occurs, first check that CRYPT2Pay is indeed situated in a suitable environment, as
described in the "Installation" section (see para. 2 “INSTALLATION”).
After booting, the lights remain off:

If CRYPT2Pay front panel lights do not illuminate when it is booted:
• Switch off the power supply.
• Check:
1. The main power supply connection:
The nominal voltage is present at the connector.
Cable not damaged and correctly connected.
2. The physical connection with the host computer:
Ethernet cable and connector not damaged and correctly connected.
• Switch CRYPT2Pay back on again.
If the same symptoms occur again, CRYPT2Pay is damaged (please call maintenance services).
After booting, the MARCHE (ON) light flashes Red:

When CRYPT2Pay is booted, the ALIM (POWER) light illuminates steady Green but the MARCHE (ON) light flashes
RED: CRYPT2Pay has detected a tamper attempt (movement, vibration, power supply voltage or internal temperature
outside permissible ranges).
• Identify the source of the fault and correct it.
• Switch off the power supply.
• Switch on the power supply.
IMPORTANT
If the MARCHE (ON) light remains on steady or flashing red, even after switching it on and off several times in
succession, it is VITAL to apply the following procedure (1):
If no key has been imposed or introduced into the protected and permanent memory of CRYPT2Pay (KDKM or KDK
key or service key encrypted under a KDK key or a lower level key), CRYPT2Pay may be accepted as is by the
authorized Bull transporter for return to Bull.
Otherwise, Bull Services must intervene on site with CRYPT2Pay unit key in the presence of the Security Officer, to:
- open CRYPT2Pay unit,
- disconnect the battery,
- reconnect the battery at least five seconds later,
- close CRYPT2Pay unit and lock it with the key.
CRYPT2Pay can then be accepted by the authorized Bull transporter for return to Bull.
If the same symptoms arise, either CRYPT2Pay is damaged, or the cause of the fault has not been correctly identified
and invalidated.
After powering the MARCHE (ON) light remains illuminated Orange:

When CRYPT2Pay is powered on, the ALIM (POWER) light is illuminated steady Green but the MARCHE (ON) light
is Orange:
"Customer" personalization of CRYPT2Pay has not been carried out, CRYPT2Pay is in "manufacturer personalized"
status.
Proceed with "customer personalization" of CRYPT2Pay .
(1)
: Outside France, this procedure is optional, i.e. Bull Services intervention on site is not compulsory before returning
CRYPT2Pay for maintenance.
7. APPENDIXES
7.1. Description of the RJ45 connectors

1. RTS 1. TX+
2. GND 2. TX-
3. ED 3. RX+
4. Vch 4. NC
5. RD 5. NC
BNTng front face 6. GND BNTng rear face 6. RX-
(External drive 7. CTS (Ethernet output) 7. NC
input)
8. Vch 8. NC
NC = Not Connected
7.2. Description of the DB9/RS 232 connector

1. NC
2. TX
3. RX
4. DTR#
5. GND
Rear face 6. NC
(Console output)
7. NC
8. CTS#
9. NC
NC = Not Connected
7.3. Description of the DB25-V11/V28 connector

Utilization in V28 Input / Output Utilization in V11 Input / Output
mode mode
DTE DCE DTE DCE
1. Shielding ground --- --- 1. Shielding ground --- ---
+
2. TX O O 2. TX O O
+
3. RX I I 3. RX I I
4. RTS O O 4. RTS+ O O
+
5. CTS I I 5. CTS I I
+
6. DSR I I 6. DSR I I
7. Signal ground --- --- 7. Signal ground --- ---
+
8. DCD I O 8. DCD I O
-(2)
9. NC --- --- 9. RXC I I
10. NC --- --- 10. DCD- I O
-
11. NC --- --- 11. TXCE O O
-(2)
12. NC --- --- 12. TXC I O
13. NC --- --- 13. CTS- I I
-
14. NC --- --- 14. TX O O
(1) +(1)
15. TXC I O 15. TXC I O
16. NC --- --- 16. RX- I I
(1) +(1)
Rear face 17. RXC I I 17. RXC I I
(X.25 output) 18. Local loopback O I 18. Local loopback O I
19. NC --- --- 19. RTS- O O
+
20. DTR O O 20. DTR O O
21. NC --- --- 21. NC --- ---
22. NC --- --- 22. DSR- I I
-
23. NC --- --- 23. DTR O O
+
24. TXCE O O 24. TXCE O O
25. NC --- --- 25. NC --- ---
NC = Not Connected
(1)
The cable used must connect pins 15 and 17 of the BNU.
(2)
The cable used must connect pins 9 and 12 of the BNU.
7.4. Configuring the VxWorks console
7.4.1. Hardware
Using a straight cable, connect CRYPT2Pay (via the RS 232 connector) to COM1 or COM2 of
CRYPT2Pay Manager.
7.4.2. Configuring the hyperterminal

In order to be able to use the hyperterminal (for test purpose), it must be configured as shown below
Figure 29 Configuring the hyperterminal
Figure 30 Configuring the hyperterminal (continued)
8. MAINTENANCE SERVICE
If you require any further information, please call the Bull Services assistance
department:
Bull Services
HSM & Pre-personalization Solutions
Business Unit
Rue Jean Jaures
BP 68
78340 Les Clayes-sous-Bois
FRANCE
HOT LINE : Telephone +(33) 1.30.80.62.00
e-mail: srv.hotline-bnt@bull.net
Fax: + (33) 1.30.80.78.87
Signet de Fin de document (ne pas effacer cette ligne).

CRYPT2Pay V7.07 Reference Manual

Uploaded by

Copyright:

Available Formats

You might also like

CRYPT2Pay V7.07 Reference Manual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CRYPT2Pay V7.07 Reference Manual

Uploaded by

Copyright:

Available Formats

CRYPT2Pay V7.

Version No.: 1.1

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 M1

Document revision notice

VERSION NUMBER DATE OF REASONS

1.1 12/09/05 Update for CRYPT2Pay V7.07

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 TMI

1.1. OBJECTIVES OF CRYPT2PAY ........................................................................................................................................4

1.2. PRESENTATION OF THIS MANUAL ...................................................................................................................................4

1.3. HARDWARE BASE ...........................................................................................................................................................5

1.5. REFERENCE DOCUMENTS................................................................................................................................................9

2.2. RECEPTION OF THE EQUIPMENT ....................................................................................................................................10

2.4. POWERING ON ..............................................................................................................................................................11

2.5. ADMINISTRATION SETUP ..............................................................................................................................................12

2.6. VERIFICATION OF CRYPT2PAY CONFIGURATION AND PARAMETER SETTING ..............................................................13

2.7. SETTING CRYPT2PAY PARAMETERS ...........................................................................................................................13

3. UTILIZATION AND ADMINISTRATION PRINCIPLES ___________________________________________ 15

3.1. USER PROFILES AND ACCOUNTS ...................................................................................................................................15

4.1. OPENING AN ADMINISTRATION SESSION .......................................................................................................................18

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 TMII

4.3.1. "Time" sub-menu ...................................................................................................................................................34

5.1. CUSTOMER PERSONALIZATION .....................................................................................................................................46

6.2. PROBLEM REPORT ........................................................................................................................................................53

6.3. TROUBLESHOOTING .....................................................................................................................................................53

7.1. DESCRIPTION OF THE RJ45 CONNECTORS.....................................................................................................................55

7.2. DESCRIPTION OF THE DB9/RS 232 CONNECTOR ..........................................................................................................55

7.3. DESCRIPTION OF THE DB25-V11/V28 CONNECTOR .....................................................................................................56

7.4. CONFIGURING THE VXWORKS CONSOLE ......................................................................................................................57

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 TMIII

Figure 1 View of CRYPT2Pay front panel .....................................................................................................................................6

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 4

1.1. Objectives of CRYPT2Pay

CRYPT2Pay provides the solution to two vital needs:

1.2. Presentation of this manual

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 5

In order to monitor its operation, CRYPT2Pay offers functions for displaying:

1.3. Hardware base

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 6

1.3.1. Front panel description

Serial No.: XPQ NT AA SS XXXX

Cust. ref.: XXXX

Figure 1 View of CRYPT2Pay front panel

MARCHE (ON): Red / Orange / Green light.

1.3.2. Rear panel description

V11/V28 DTE/DCE LINK RX/TX

X25 Ethernet RS232

Modèle : 76 610 249

Réf Client : xxxx

V : 110/240 Hz : 50/60 A : 0,5/1

Figure 2 View of CRYPT2Pay rear panel

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 7

1.4. Software base

CRYPT2Pay "usage profile"

A usage profile control mechanism is implemented in CRYPT2Pay:

Usage Profile Description Authorised Options

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 8

Usage Profile Description Authorised Options

CRYPT2Pay V7.07 Reference Manual BNTNG/V7/EN/LP54006 1.1 9