Beta 1


Title Security in POS systems
Author Pedersen, Allan
Hedegaard, Anders
Supervisor Sharp, Robin (Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark)
Institution Technical University of Denmark, DTU, DK-2800 Kgs. Lyngby, Denmark
Thesis level Master's thesis
Year 2005
Abstract When implementing a Point Of Sale (POS) system it has become increasingly common that the IT provider hosts the POS application on centralized servers not located at the point of sale. The access to the POS application is then provided via a client-server based system where the POS terminal (POS client) and the attached POS devices is continuously connected to the POS application server e.g. via the Internet. POS devices may include printers, bar code scanners, payment terminals, etc. This thesis analyzes and defines the security requirements for such a system, using an approach based on the Common Criteria for Information Technology Security Evaluation (CC). A CC Protection Profile for a generalized POS system is developed. Furthermore, a CC Security Target for a secure interface between the POS application and payment terminal is developed. The Security Target claims conformance to the developed Protection Profile. Finally, a design example of the secure interface is described in order to show the applicability of the developed Security Target.
Note Supervised by Prof. Robin Sharp
Imprint Department of Informatics and Mathematical Modeling, Technical University of Denmark, DTU : DK-2800 Kgs. Lyngby, Denmark
Keywords Common Criteria; Protection Profile; Security uation; Point of Sale; POS system; Payment Terminal
Fulltext
Original PDF imm3965.pdf (0.78 MB)
Admin Creation date: 2006-06-22    Update date: 2012-12-19    Source: dtu    ID: 185866    Original MXD