Some point-of-sale (POS) devices, such as POS peripherals (e.g. PINpads, POS printers, POS cash drawers, POS magnetic stripe readers, POS bar code scanners, and POS line displays), are typically connected to and under the control of an electronic cash register (ECR). Other POS devices are standalone POS terminals (e.g. payment terminals, EFT POS terminals) that are able to perform some actions (e.g. effect electronic payment) without an ECR. The Payment Card Industry (PCI) mandates that the executable program code resident on POS devices must be secured against unauthorised changes or substitution. This mandate is fulfilled, in part, by configuring the POS device to only accept updates to the resident executable program code from a local source, such as the electronic cash register. More importantly, however, this mandate is fulfilled by requiring the POS device to validate the source of the executable program code updates prior to accepting and installing the update. Typically, the originator of the executable program code will implement a cryptographic protection mechanism, such as digitally signing the update (using a symmetric or asymmetric key), and the POS device is configured to only accept the executable program code update if a cryptographic protection service implemented on the POS device is able to the executable program code update.
Although the executable program code updates mechanism satisfies the security requirements imposed by the PCI, the requirement for the updates to be digitally signed and installed from a local device renders such updates slow and cumbersome to be deployed, particularly when the updates originate from other than the manufacturer of the POS device or the acquirer that deploys/controls the POS device.