Haachtsesteenweg 1442 1130 Brussels Belgium DEP Documentation DEP Customer's Host Programmers Guidelines Version: 04.01
Atos Worldline - Technology & Products / Engineering / DEP Page: 2/10 Version Management Report Version Name(s) Date Comments 01.00 TheSteamFactory 17/10/2002 Document for CC certification 03.00 F. Demaertelaere 21/01/2003 Document in package 03.01 M. Haest, P.Stienon 09/03/2006 General comments 04.00 Anna Papayan 16/03/2011 Change the template into Atos Worldline. 04.01 Joris Delclef 31/05/2011 Load balancing and Failover guidelines.
Atos Worldline - Technology & Products / Engineering / DEP Page: 3/10 CONFIDENTIALITY The information in this document is confidential and shall not be disclosed to any third party in whole or in part without the prior written consent of Atos Worldline S.A./N.V. COPYRIGHT The information in this document is subject to change without notice and shall not be construed as a commitment by Atos Worldline S.A./N.V. The content of this document, including but not limited to trademarks, designs, logos, text, images, is the property of Atos Worldline S.A/N.V. and is protected by the Belgian Act of 30.06.1994 related to author s right and by the other applicable Acts. The contents of this document must not be reproduced in any form whatsoever, by or on behalf of third parties, without the prior written consent of Atos Worldline S.A./N.V. Except with respect to the limited license to download and print certain material from this document for non-commercial and personal use only, nothing contained in this document shall grant any license or right to use any of Atos Worldline S.A./N.V. s proprietary material. LEGAL DISCLAIMER While Atos Worldline S.A./N.V. has made every attempt to ensure that the information contained in this document is correct, Atos Worldline S.A./N.V. does not provide any legal or commercial warranty on the document that is described in this specification. The technology is thus provided as is without warranties of any kind, expressed or implied, included those of merchantability and fitness for a particular purpose. Atos Worldline S.A./N.V. does not warrant or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, product or process disclosed. To the fullest extent permitted under applicable law, neither Atos Worldline S.A./N.V. nor its affiliates, directors, employees and agents shall be liable to any party for any damages that might result from the use of the technology as described in this document (including without limitation direct, indirect, incidental, special, consequential and punitive damages, lost profits). JURISDICTION AND APPLICABLE LAW These terms shall be governed by and construed in accordance with the laws of Belgium. You irrevocably consent to the jurisdiction of the courts located in Brussels for any action arising from or related to the use of this document. sa Atos Worldline nv Chaussée de Haecht 1442 Haachtsesteenweg B-1130 Bruxelles-Brussel - Belgium RPM-RPR Bruxelles-Brussel - TVA-BTW BE 0418.547.872
Atos Worldline - Technology & Products / Engineering / DEP Page: 4/10 TABLE OF CONTENTS TABLE OF CONTENTS... 4 1. SCOPE OF THE DOCUMENT... 5 1.1. REFERENCES... 5 1.2. CONTACTING ATOS WORLDLINE... 5 2. SET-UP GUIDELINES... 6 3. PROGRAMMING GUIDELINES... 7 4. OTHER SECURITY GUIDELINES... 8 5. LOAD BALANCING AND FAILOVER GUIDELINES... 9
Atos Worldline - Technology & Products / Engineering / DEP Page: 5/10 1. SCOPE OF THE DOCUMENT This document describes how a Customer s Host Programmer can access the security services delivered by the DEP, load balancing and failover mechanisms, and gives some hints on how to implement these mechanisms in their host. It describes the documents that have to be used by the Customer s Host Programmer, and lists security issues that have to be taken into account. 1.1. REFERENCES This document contains references to other documents about the DEP. This paragraph gives a list of all the documents referred to. DEP Host Interface Protocol DEP DS3 and DS4 Principles There are no references made to the following documents, but they could be useful to understand this document. DEP Introduction to DEP DEP General Architecture DEP Glossary 1.2. CONTACTING ATOS WORLDLINE You can visit Atos Worldline on the World Wide Web to find out about new products and about various other fields of interest. URL: www.atosworldline.com. For the documentation visit http://www.banksys.com web page. For support on issues related to DEP, customers, partners, resellers, and distributors can send an email to the DEP Hotline: mailto:dephotline-atosworldline@atosorigin.com.
Atos Worldline - Technology & Products / Engineering / DEP Page: 6/10 2. SET-UP GUIDELINES Logical access to the DEP Platform allows the execution of the security services provided. Atos Worldline suggests to limit the logical and physical accessibility to the DEP Platform, e.g. in a computer room with access control and with access to the DEP Platform only for the staff needing it. If the DEP Platform is connected to a host that needs access to the security services of the DEP Crypto Modules, Atos Worldline suggests using a point-to-point connection between the host and the DEP Platform. It is the task of the Customer s Host Programmer to ensure that only the applications that are authorized to use the available security services have access to the logical connection(s) with the DEP Platform containing the DEP Crypto Modules.
Atos Worldline - Technology & Products / Engineering / DEP Page: 7/10 3. PROGRAMMING GUIDELINES The communication protocol that is used to communicate with the DEP Platform is described in the document DEP Host Interface Protocol. The commands asking (cryptographic) functions to the DEP are sent in DS2, DS3 or DS4 format. The format DS2 is described in the document DEP Host Interface Protocol, and a full description of the DS3 and DS4 formats can be found in the document DEP DS3 and DS4 Principles. A list of the functions/interfaces that is available for specific Application Software, together with the details given in the manual of the dedicated Application Software. Either the list of interfaces is available in the Integration Manual of the dedicated Application Software and the details are specified in the complete Detailed Functional Specifications document of each library available in the Application Software, Or there is one document describing all the interfaces in detail available in the Application Software (Detailed Functional Specification document at Application Software level).
Atos Worldline - Technology & Products / Engineering / DEP Page: 8/10 4. OTHER SECURITY GUIDELINES The Customer s Host Programmer must interpret the interfaces available in the Application Software and use them securely. This strongly depends on the security services that are available. Because Atos Worldline also implements international standard algorithms, Atos Worldline cannot be responsible for the weakness of the algorithm (e.g. collisions in some standardized hashing algorithm). It is the task of the Customer s Host Programmer to: When data has to be encrypted by the DEP Crypto Module, the correct clear data has to be sent to the DEP Crypto Module. When data has to be decrypted by the DEP Crypto Module, the confidentiality of the clear data has to be guaranteed. When the DEP Crypto Module has to provide data integrity, send the correct data to the DEP Crypto Module. When data integrity has to be checked by the DEP Crypto Module, guarantee that the answer of the integrity check is not modified. When the DEP Crypto Module has to provide non-repudiation, send the correct data to the DEP Crypto Module. When non-repudiation has to be checked by the DEP Crypto Module, guarantee that the answer of the non-repudiation check is not modified. When cryptographic keys are sent to the DEP Crypto Module, guarantee that the cryptographic keys are strong.
Atos Worldline - Technology & Products / Engineering / DEP Page: 9/10 5. LOAD BALANCING AND FAILOVER GUIDELINES This chapter describes best practices for Distributing the host workload across multiple DEP platforms for guaranteeing optimal DEP response times; Detecting that a DEP platform is unavailable to inform operators that they must solve the problem thus guaranteeing fast recovery of the DEP platform; Detecting that a DEP platform is available again after having been unavailable. The best practices described below are for DEP Platforms that are connected to a host that implements that provides so called DEP router or DEP handler services to its applications. 1. Initialize the host application with configuration parameters such as o IP addresses of the DEP platforms that are available for the host, o The number of DEP/PCI cards that are present in each DEP platform, o Time out; this can be global to all DEP platforms. The time out that is set on the host should be bigger than the time out on the DEP Platform. 2. When the host application is initialized o For every IP address, initialize multiple connections on the DEP platform. A DEP platform accepts a maximum of 128 connections; however from a certain number of connections, there is no performance gain anymore. The threshold is different for every application and can only be known by testing. Typically, 2 to 4 connections on a DEP platform with 1 DEP/PCI card and 4 to 8 connections on a DEP platform with 2 DEP/PCI cards is a good guideline. o Distribute the host workload across the connections, for example by means of the round-robin algorithm, see http://en.wikipedia.org/wiki/round-robin. 3. Use the EDP protocol and address the pool by setting the device address to 0x00 (see DEP Host Interface protocol ). For DEP platforms that are equipped with 2 PCI cards, the DEP platform will itself distribute the host requests to the PCI card that is free. 4. When a DEP Platform returns an error code (see DEP Host Interface protocol to understand the different error types) or when it doesn t respond in the preconfigured time out, the host may decide to close the connections related to that DEP Platform. o From Venus 4.2.7, a DEP Platform that is equipped with 2 DEP/PCI cards returns only once an error to the host and then routes all new host requests to the DEP/PCI card that is still available, this means that the DEP Platform remains available for the host but it behaves as if only 1 DEP/PCI card is present. o For Venus versions below 4.2.7, the DEP Platform doesn t distinguish between DEP/PCI cards that are available or not and keeps on sending the host requests to both cards, this means that the host will continue to receive error messages. In the latter the host may decide to route the host requests to individual DEP/PCI cards by setting the device address
Atos Worldline - Technology & Products / Engineering / DEP Page: 10/10 to 0x01 or 0x02, depending on the DEP/PCI card that returned an error. 5. The host may keep track of all DEP Platforms that are unavailable and check regularly (the time interval could be set with a global parameter) whether the platform is available again. o When the host was unavailable because of DEP connectivity problems (e.g. time-out) the host may send for example an I_STD_ECHO command. When a valid response is received, the connections can be used again for applicative messages. o When the host was unavailable because of DEP applicative problems (e.g. a key that is not present in the key table) the host may send an applicative message but when still unavailable, the same message should be sent to another connection, otherwise too many transactions would fail.