Security in POS systems | Allan Pedersen, Anders Hedegaard
| Abstract | When implementing a Point Of Sale (POS) system it has become increasingly common that the IT provider hosts the POS application on centralized servers not located at the point of sale. The access to the POS application is then provided via a client-server based system where the POS terminal (POS client) and the attached POS devices is continuously connected to the POS application server e.g. via the Internet. POS devices may include printers, bar code scanners, payment terminals, etc.
This thesis analyzes and defines the security requirements for such a system, using an approach based on the Common Criteria for Information Technology Security Evaluation (CC). A CC Protection Profile for a generalized POS system is developed. Furthermore, a CC Security Target for a secure interface between the POS application and payment terminal is developed. The Security Target claims conformance to the developed Protection Profile. Finally, a design example of the secure interface is described in order to show the applicability of the developed Security Target. | Keywords | Common Criteria, Protection Profile, Security uation, Point of Sale, POS system, Payment Terminal | Type | Master's thesis [Academic thesis] | Year | 2005 | Publisher | Informatics and Mathematical Modelling, Technical University of Denmark, DTU | Address | Richard Petersens Plads, Building 321, DK-2800 Kgs. Lyngby | Series | IMM-Thesis-2005-52 | Note | Supervised by Prof. Robin Sharp | Electronic version(s) | [pdf] | BibTeX data | [bibtex] | IMM Group(s) | Computer Science & Engineering |
|