It is known for a variety of unattended PIN entry devices (PEDs) to include an encrypting keypad to allow a customer to enter a PIN code in a secure manner. Such a keypad is known in the art as an Encrypting PIN pad (or EPP) and may include only a secure keypad as a customer interface and rely upon external displays and card readers of the PED.
Known PEDs include Self-Service Terminal (SSTs), such as Automated Teller Machines (ATMs), automated fuel dispensers, kiosks and vending machines, or the like. An ATM typically requires a customer to enter a secure PIN code via an EPP in the ATM for authorizing a customer transaction at the ATM. Operational cryptographic keys and master keys of the financial institution owning the ATM, for example, are also typically stored in secure memory and/or a cryptographic processor of an EPP.
People with malicious intent have been known to probe into an EPP in an attempt to capture customer PIN codes when they are entered, or even read operational cryptographic keys and master keys of the financial institution, thereby placing customers' money (and the financial institution's money) at risk. Accordingly, the physical and electronic design and manufacture of EPPs must adhere to increasingly strict requirements, regulations and certifications.
EPPs have a clearly defined physical boundary and a tamper-resistant or tamper-evident shell. An EPP conventionally includes a keyboard panel, a lining plate, keys, a water-resistant sealing layer, a main control board and a base plate. The EPP is assembled by stacking up these components in sequence and securing them together.
EPPs are also tamper responsive in that they will destroy critical information if the EPP is tampered with, thereby preventing the critical information, such as encryption keys, being disclosed to an attacker.