ATMs and operating systems - ATM Industry Association Banking Technology Forum/ATMIA... · ATMs and...
Transcript of ATMs and operating systems - ATM Industry Association Banking Technology Forum/ATMIA... · ATMs and...
ATMs and operating systemsOverview for ATMIA Africa forum
Tonbridge, England
August 2016
o Windows 10
o Windows CE
o Arising alternatives
o Industry RFI
Today
Windows 10 - comparison
o The ATM industry has been working diligently to deal with XP end of life. Many deployers upgraded ATMs to Windows 7 (end of mainstream support 2015, end of extended support 2020)
o Windows 10 was released in 2015 and will be supported at least through 2025
o Microsoft has stepped up in the fight with malware with new security features. This means additional hardware requirements which may not be supported by older ATMs/PCs
o ATM deployers need to evaluate which OS to use for XP upgrades, which OS to use for new ATMs and when to upgrade Windows 7 & XP when support ends
Overview
Windows OS’ life cycles
Client operating
systems
Latest update or
service pack
End of
mainstream
support
End of extended
support
Windows XP Service Pack 3 April 14, 2009 April 8, 2014
Windows Vista Service Pack 2 April 10, 2012 April 11, 2017
Windows 7 * Service Pack 1 January 13, 2015 January 14, 2020
Windows 8 Windows 8.1 January 9, 2018 January 10, 2023
Windows 10, released in
July 2015 **
N/A October 13, 2020 October 14, 2025
Source Microsoft.com
System requirements - compared10 8/8.1 7 Vista XP Prof.
Processor support
PAE, NX, SSE2
PAE, NX, SSE2
ProcessorSpeed
1GHz 1/2 GHz (32/64bit processor)
1 GHz 1 GHz 300MHz
CPU 32/64 bit 32/64 bit 32/64 bit 32/64 bit
Memory 2GB RAM 2GB RAM 1GB RAM 1 GB RAM 128 MB RAM
Hard disk 50 GB 16/20 GB (32/64 bit CPU)
16/20 GB(32/64 bit CPU)
15 GB 1.5 GB
Graphic card MS DirectX 9 graphics device with WDDM driver
MS DirectX 9 graphics device with WDDM driver
MS DirectX 9 graphics device with WDDM driver
MS DirectX 9 graphics device with WDDM driver
Super VGA
Security• TPM 1.2+• Secureboot(UEFI)• Device Guard*
New
New
Sim
ilar
to 7
(no
t to
XP
)
In comparison, a Q3 ‘15 delivered low-end Dell PC exceeds the above with 1TB disk, 3.7GHz clock and 6GB memory
* DeviceGuard requires the 64 bit implementation, creating high impact
• Physical Address Extension (PAE) is a memory management feature for the IA-32 architecture, first introduced in the Pentium
Pro. It defines a page table hierarchy of three levels, with table entries of 64 bits each instead of 32, allowing these CPUs to
access a physical address space larger than 4 gigabytes (232 bytes).
• The NX bit, which stands for No-eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage
of processor instructions (code) or for storage of data. . . starting with Windows XP Service Pack 2 and Windows Server
2003 Service Pack 1, the NX features were implemented for the first time on the x86 architecture.
• Streaming SIMD Extensions 2, is one of the Intel SIMD (Single Instruction, Multiple Data) processor supplementary
instruction sets first introduced by Intel with the initial version of the Pentium 4 in 2001. Competing chip-maker AMD added
support for SSE2 with the introduction of their Opteron and Athlon 64 ranges of AMD6464-bit CPUs in 2003.
PAE, NX, SSE2 – old featuresAnecdotic evidence some of those features not supported by very old PCs.
Source Wikepedia
o Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices . . . optional support in Windows Vista and later
o Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer.The following versions of Windows support Secure Boot: Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 8, Windows Server 2012, and Windows RT.
o Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. To get Device Guard working, a supported IOMMU setup must be present in the PC or device. However, AMD and Intel processors, and even certain ARM and MIPS cores, have had IOMMU protection mechanisms built-in for a while now. Intel calls its IOMMU tech VT-d; AMD prefers AMD-Vi.
TPM1.2+,SecureBoot, DeviceGuardMore “new” versions” which may be already supported by existing PCs.
o Either you specify the components, your ATM manufacturer provides those
• Beyond GHz and GB
o Validate for each component Windows 10 compatibility
o Try this at your own computer
o Right click on the windows icon and you are offered a compatibility check
Database/desk study Compatibility agent
Support existing base
The road to Windows 10
The options
Compliance
(as late as possible)
Gradual
(roll-out during planned maintenance, e.g. W7)
Priority
(as soon as possible to benefit from malware protection)
Spread out the Windows 7 cost over the longest period possible
Minimise roll-out costs & benefit from malware protectionW10 for Skylake ATMs
Business case for malware protection
o Every operator can analyse readiness themselves
• Typically GHz & GBs are widely expected to be ready for W10, question
mark security features
o Please familiarise yourself with W10 releases such as Treshold 2 (aka SP1) and Redstone (aka 10.1)
o Once HW & Software vendors announce their readiness date, operators can determine roll-out strategy
Recommended activities deployers
Desk study benefits & support
Stability W10
HW & SW readiness
Determine roll-out strategy
WINDOWS CE USERS
And now for something completely different . . .
o Microsoft has announced a CE successor
• Windows 10 IoT Core
• No support last version (CE 2013) after 10 October 2023
o Characteristics
• Downgraded version of Windows 10, same security features
• App based, win32 code not supported (so CEN XFS not supported)
• Dramatically lower hardware requirements, no end date
o Recommendations/conclusions
• Support of CEN XFS might have given W10 IoT Core a wider appeal
• CE users to assess your software requirements & discuss with your
manufacturer
About CE and Windows 10 IoT core
ALTERNATIVES TO WINDOWS
o Hot spot deployment of alternative operating systems
o Linux
• India – low-cost/maintenance ATMs
• Brazil – alternative
o Windows CE
• US, Canada, UK – comprehensive
retail offering
o Android
• The young pretender
Alternative operating systems
o Different initiatives
• Different market segments
• New types (mobile initiated)
• Proof-of-concept stage
o Big ticket items
• Despite increasing CEN XFS
endorsement, no emerging
Android standards
• Compatibility existing back-office
systems and R&D
Android
INDUSTRY RFI
o Rationale
• Need for alternatives to
Windows
• Need for proper standardisation
• Need for products
o ATMIA subcommittee
o Input by Payment Redesign through interviews/questionnaires to deployers
Industry RFI
Tap
card
Device drivers
Device-to-device
PC based
IoT based
Barcodereader
EPP Card reader Cash dispenser
Anti-skimming
App App NFC included,EMV external
Externalinterface
Required
o First vendor has announced W10 readiness
• ATM operators are recommended to
look at W10 any time soon
• Note the complexity
o CE 2013 users to work with their suppliers to look at the impact of the 2023 support sunset
o Android in the PoC phase
o Industry RFI to drive further standardisation
Summary
Contact us
Eric de Putter
www.paymentredesign.com
+44 7950 449188
+31 20 808 2151