Electronic terminals such as point of sale (POS) terminals are becoming ubiquitous in our society. These terminals include credit, debit, and check authorization capabilities. Some of these devices are used as stand alone devices and some are networked using LAN technology. Because of the sensitive financial information being transmitted and received by these electronic terminals, security is a critical issue. In order to provide security, electronic terminals employ data encryption. Encryption devices scramble readable data to produce cipher text. Most of the terminals use an encryption key as part of the encryption process. An encryption key is a block of data that is combined with the readable input data to produce the cipher text. For example, the encryption key and the input data can be combined using an exclusive OR function. On the other hand, the Data Encryption Standard (DES) algorithm is often used to combine an encryption key with input data to produce the cipher text. The DES algorithm employs a 56 bit encryption key to produce the cipher text. The use of an encryption key is considered to be more secure than scrambling the input data.
Another security issue relates to tamper protection. Typically, all secure information such as encryption keys are stored in SRAM or PROM. In one approach, if the processor detects a downloading operation that may result in security information being compromised, the processor deletes the security information.
In another approach, tamper detection switches are employed to prevent physical tampering of the terminal. If the top enclosure of the terminal is separated from the main printed circuit board, or if the “trap door” is opened in the bottom of the enclosure, the detection switches are thrown. The operating system of the terminal is programmed to erase the security information in response to the signals received from the switches. In another approach, ultrasonic bonding is often used to provide evidence that someone attempted to open the terminal device.
While the above described methods are effective in terms of preventing or monitoring tampering, there are problems associated with these methods. Under certain circumstances the security information loaded into the electronic terminal must be changed or updated. Oftentimes it is desirable to change the security information loaded into the electronic terminal at the factory before the first use. At this point, the terminal must be shipped to the factory or to a servicing organization to be reprogrammed. Subsequently, the terminal is unboxed, the anti-tampering features are deactivated, the security information is reloaded, the terminal re-bonded and the terminal is repackaged. These steps are inefficient, time consuming and costly.
What is needed is a method of securely reprogramming the security information in an electronic terminal without having to remove the terminal from its shipping container, dismantle the terminal, deactivate the anti-tampering features, reload the security information, and re-bond the terminal. Further, what is needed is a method of securely reprogramming the security information in an electronic terminal without having to ship the terminal off site.