To Next Page

To Previous Page

ICO-OPE-04848-EN-V11

Move/3500 PCI PTS Security Policy

Public

Ingenico document - Please check document validity before using

12/16

6_Product Software Security

6_1 Software Development Guidance

When developing IP enabled applications, the developer must abide by the coding rules and best

practices described in the document [9], [10].

The following protocols and services are available on the device: TLS /SSL

, IP, DNS, SMTP,

POP3, DHCP, HTTP, HTTPS, SNTP, SOCKS, FTP, SFTP, WS/WSS, TCP/UDP, PPP.

This security guidance describes how protocols and services must be used/configured for each

interface that is available on the platform.

Note that SSL protocol is inherently weak and should be removed unless required on an interim basis

to facilitate interoperability as part of a migration plan.

When developing SRED applications, the developer must follow the guidance described in the

document [11].

The document provides security guidance for account data management and remote connection

authentication using cryptographic mechanisms.

When developing applications, the developer must follow the guidance described in the document

[11].

6_2 Account data protection

The device supports account data protection using format-preserving encryption (FPE). The FPE

method used are BPS and FF1.

The device also supports account data protection using standard TDES and standard AES.

The pass-through of clear-text account data is supported using whitelisting technique.

6_3 Firmware, Software and Configuration Parameters Update

Updates and patches can be loaded in the device. They are cryptographically authenticated by the

device. If the authenticity is not confirmed, the update or patch is rejected.

For the secure operation of the device, it is recommended to use the latest version of software

distributed

6_4 Software Authentication

Application code is authenticated before being allowed to run. The certificate and signature of the

application code is verified.

In case of incorrect signature or certificate, software is rejected. No action is expected from the end

user.

The certificate and signature are based on couples of ECDSA keys. The authenticity is guaranteed by

a certificate emitted by Ingenico.

SSL is only allowed for non-web services. If web services are used, only TLS is allowed for web

interfaces.

Brand	Ingenico group
Model	Move/3500
Category	Payment Terminal
Language	English

Ingenico group Move/3500 Installation Guide

Table of Contents

Other manuals for Ingenico group Move/3500

Questions and Answers:

Ingenico group Move/3500 Specifications

Related product manuals