BR102012006204A2 - secure equipment digital sorting system - Google Patents

Abstract

digtal screening system for secure equipment, established in specific software where information about secure equipment used in electronic financial transactions will be handled to ensure that secure equipment has not been breached or tampered with to intercept user information their card and password codes; The screening system software performs a series of tests during the secure equipment validation process and records the results of these tests in files generated by the system itself; such files may be saved locally on the machine on which the system is being run, or may be transferred to external servers, or may be kept in the cloud; These files may be accessed by those who have access authority for the proper processing of information; If safe equipment fails validation tests, the screening system software may issue a lockout command; This software also allows images of the safe equipment to be recorded, and can also make markings, physical recordings on the safe equipment, indicating its disapproved condition.

Description

"DIGITAL SCREENING SYSTEM FOR SECURE EQUIPMENT" This descriptive report refers to the Privilege of Invention in the field of secure devices for electronic money transactions and / or transfers. Such devices are characterized by being subject® equipment to very strict requirements, giving them high levels of safety.

These devices perform the. electronic transfers of securities will be dealt with herein by Secure Equipment. Examples of Secure Equipment are Point of Sale Terminals (POS), PINPAD Terminals, and Encrypted Keypads, the latter widely used in self-service banking systems.

Safe Equipment is, therefore, those applied to bank transaction processes; payments through credit cards: debit or credit cards, be it through the magnetic stripe reader, either by reading the smart card identification chip (smart card) for both electronic and chip contact chips Contactless; and any other value transactions that require electronic validation.

Because they deal with financial movements, Insurance® Equipment is subject to attacks by malicious, law-abiding individuals attempting to insert circuits capable of obtaining card data and recording user passwords. Such ciphers are popularly known like "suck goat" and end up creating a database that will later be transmitted to some external equipment such as a personal computer. This is through communication processes which may be via Bluetooth, Wifi, GSM or the like.

These databases are used by fraudsters who use the information to create card replicas. With these replicas they can make unauthorized monetary movements, payments, etc., harming the original cardholder. This activity is popularly known as "cloning" cards.

As the action of fraudsters depends on the installation of intruder circuits within the Safe Equipment system, we suggest a way to counteract the actions of infringers by using technology tools to be specifically developed for this use, such as identifying when a Safe Equipment is breached and has installed inside it a card and password data collection device.

Thus, the aim of this invention is to establish a means for performing the screening of Safe Equipment, both for field installed equipment and for equipment that is in factory stocks, dealers or service networks. The present Screening System will consist of software that will contain the necessary information for the conference and validation of Safe Equipment, an internal Module for Control and Monitoring of Safe Equipment, as well as the identification of parts and constituent parts of Safe Equipment. whatever. The Sorting System software shall be installed on a microcomputer, which shall be connected to the Safe Equipment, whether by serial port, USB, or ale communication; same, wireless solutions such as Bluetooth, GSM, Wlfi or the like. The Safe Equipment will be able to send to the Screening System, thanks to the installation of the Safe Device Monitoring and Control Module, its working condition, indicating whether the current consumption is within the specified · or not. If consumption is higher than expected, this may be the result of a circuit not within the Safe Equipment. Within the Safe Equipment information set there will be a listing of the parts and components used to assemble a particular Safe Equipment. Safe Equipment by cross-referencing this information with the identification of the parts of the device. If any inconsistencies are noted, this may indicate that the Safe Equipment has been tampered with. - Operation of the Sorting System should be done by authorized personnel. of service able to. perform service tasks. In order for: the process to start, the system operator must identify himself through his e-CPF, his Civil Identity Registration (RIC), functional identity smart card (badge), Token device , or through your fingerprint if the system uses biometric readers or any other means for operator identification.

Once the operator identification is complete, the Secure Equipment must be connected to the microcomputer where the Screening System will run either via Serial or USB ports, Wifi GSM devices, Biuetooth or other wireless solutions. The Safe Equipment has a Serial Number label that must be informed to the Screening System either by reading its corresponding bar code or by typing it via keypad. The Screening System will then compare the Serial Number entered by the operator with the Serial Number recorded internally on the Safe Equipment. The Screening System operator shall, when evaluating certain Safe Equipment, make a visual inspection of the Safe Equipment. the same by assessing possible malfunctions or anomalies in the equipment, both in its cabinet and on the labels or seal. Any nonconformities found shall be recorded in the Screening System, so that this information may also be used during the validation or blocking process of this equipment. The. Screening System shall also receive the information from the Equipment Control and Monitoring Module. Safe in order to monitor the power consumption of the device, thus being able to issue the Safe Equipment lock-command when very high current consumption is detected, above the normal.

By gathering the above information, which is the Safe Equipment Serial Number, the result of the operator's visual inspection and the Safe Equipment consumption data, the Sorting System will be able to start a series of tests that would have their results recorded within the Screening System itself. If there is any incongruity o-Safe Equipment: tests may fail, the Screening System may issue, at the end of the tests, a command to lock the equipment, this must also be recorded by the Screening System. The decision to lock Safe Equipment may be automatic or may be at the discretion of the Screening System operator, depending on the result observed in the tests.

Even if the Safe Equipment is not blocked, in case of inconsistencies in the tests, it should be referred for maintenance, as it does not have full conditions of use, having its operation and its ability to protect the confidential information doubtful. The Screening System may also contain visual information through images taken by digital cameras, with records of the result of the visual inspection performed on the Safe Equipment.

Records of the result of the screening performed by the Screening System may be kept on the computer on which the Screening System is installed, as may be made available via remote files, having files saved to a particular Server or even "cloud" "(Cloud Computing). The important thing is that the data is accessible so that maintenance services can take appropriate action when needed. REtVIN DICTIONS:

Claims (14)

1, "DIGITAL SCREENING SYSTEM FOR SECURE EQUIPMENT", characterized by being a solution: via software: and Secure Equipment validation hardware, assessing its operation and security conditions when handling sensitive information, A "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 1, characterized in that said system uses records of the parts and parts used in the assembly of Safe Equipment in order to ascertain that it is maintained. if with its original mounting configurations unchanged, ie the composition of the parts that make it up, the cabinet remains original, 3, "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 2, characterized in that the current consumption information of the Safe Equipment obtained through the use of the Control and Monitoring Module is confronted with predetermined indices. already known, for the equipment in question, thus raising the possibility of an undesirable circuit ("suck goat") installed inside the Safe Equipment, 4. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 3. characterized in that the said system is based on a software solution installed on a microcomputer; may or may not additionally involve other complementary equipment, such as barcode readers, SmaríCard card readers, biometric readers, token devices, cameras, as well as marking devices for disapproved Safe Equipment, among other possible equipment. 5. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 4, characterized in that said system is installed in a microcomputer with outputs for identification of the operator either through its e-CPF, RIC (Registration). Identity Card), SmartCard functional ID card (badge), Token device or fingerprint reading, as well as any other form of unique operator personal identification. 6. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 5, characterized in that said Validation Protection System containing the validator program manages the test results files in coded manner by means of cryptographic processes, for the appropriate treatments and actions. 7. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 6, characterized in that said System compares the Serial Number informed by the operator with the Serial Number recorded internally on the Safe Equipment; If any inconsistencies are detected, the Screening System will fail the equipment and may send a lockout command to the Safe Equipment either automatically or triggered by an operator command; In this situation, even if it is not blocked, the Safe Equipment should be sent for maintenance as it is not in working order and protection of confidential information. 8. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 7, characterized in that said System contains a program capable of handling visual state information inputs from Safe Equipment, either by means of picture files, text descriptions or short questionnaires; This information will be considered within the decision making process of validating the Safe Equipment. 9. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 8, characterized in that said system receives electrical current consumption information from Safe Equipment; This information will be obtained from a Control and Monitoring Module installed next to the Secure Equipment; This module sends consumption metering data to the Safe Equipment processor, which will be connected to the Screening System; Current consumption information is used to indicate the possible presence of unwanted circuits within the Safe Equipment; Current data is collected under specific test conditions and any discrepancies will trigger an alarm signal for the validation program to indicate to the operator this condition, assisting the Safe Equipment assessment process. 10. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 9, characterized in that said system performs diagnostic tests of the functionalities of Safe Equipment. 11. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 10, characterized in that said system records in its own files the results of the analyzes and tests performed; If the Safe Equipment fails, the Screening System may issue a command to lock it, which must be sent for maintenance, as it does not have full conditions and operation and protection of confidential information. 12. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 11, characterized in that said system may additionally make visual markings on the failed Safe Equipment. 13. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 12, characterized in that said system locally records in the microcomputer in which the screening software is installed, files with the results of the tests performed; Such files may be accessed by authorized operators for the proper processing of the data. 14. "DIGITAL SCREENING SYSTEM FOR SAFE EQUIPMENT" according to claim 13, characterized in that said system allows files with test results to be stored on external servers or even in the "Cloud". Computing) in files with restricted access to authorized operators.