zt598j epp - atmdesksrv.atmdesk.com/epp/zt598j-user-manual.pdfinstallation & user manual ....

ZT598J EPP SDC and USB variants

Firmware Rev. F15/F17

Installation & User Manual

Rev.2.0

© 2006-2012 ATMdesk GmbH

© 2006-2012 ATMdesk GmbH of 13

1. General Information ZT598J EPP is a PCI approved Encrypting PIN Pad designed for NCR 56xx, 58xx PersonaS

and 66xx SelfServ ATMs. ZT598J is a 100% transparent hardware drop-in replacement of original NCR EPP. There

are no software changes required on the ATM. There are two variants of ZT598J: • SDC variant mounted in a 56xx/58xx compatible housing with SDC interface board

• USB variant mounted in a 66xx compatible housing with USB interface board

Plug & play compatible with NCR SDC and USB EPPs Compatible with all versions of NCR APTRA/AANDC Compatible with all versions of NCR S4i/NDC+ (SDC variant only) BAPE (-B) and EKC (-E) legacy mode support (SDC variant only) DAPI1 and DAPI7 mode of operation (SDC variant only) LGCY and INTL mode of operation (USB variant only)

Vandal-proof metal keytips Built-in heater for use in Through-the-Wall ATMs PCI Approved


1.1. PCI Approval ZT598J has been approved to conform to Payment Card Industry (PCI) PIN Entry Device

Security requirements. Approval Number: 4-10019 Approved at: 13.09.2006 Renewed at: 09.02.2009 Next Renewal at: 30.04.2014

The copy of the Approval Letter is attached below. The reference can be also found at the PCI Security Standards Council web site https://www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html

https://www.pcisecuritystandards.org/

https://www.pcisecuritystandards.org/security_standards/ped/pedapprovallist.html


2. Interface Connectors

2.1. SDC Variant

• SDC Bus (10-pin IDC connector):

N/C 1 2 N/C

DATA-P 3 4 DATA-N

RESET-P 5 6 RESET-N

N/C 7 8 N/C

GND 9 10 N/C

• Power and FDKs (26-pin IDC connector):

+5V 1 2 GND

SCAN_TX0- 3 4 ERR_LED-

AUD_LED- 5 6 N/C

N/C 7 8 ALPHA-

FDK_LEFT- 9 10 FDK_RIGHT-

SCAN_TX0- 11 12 SCAN_TX1-




SCAN_RX0- 19 20 SCAN_RX1-




2.2. USB Variant Standard mini-USB connector for power and communication.

2.3. 24V Heater Power Both SDC and USB variants provide 24V DC power connector for heater circuitry:

+24V 1 2 GND

Usage of heater power connector is optional. It should be connected when EPP keypad is

exposed to lower temperatures in through-the wall ATMs. Regulating of the keypad temperature is done automatically.


3. Activation ZT598J is usually supplied as completely assembled and tested unit, mounted in appropriate

housing with appropriate interface board (SDC or USB):

ZT598J in 56xx/58xx housing with SDC interface board

ZT598J in 66xx housing with USB interface board (mounted under back cover)

The interface board (SDC or USB) is bound to one and only one ZT598J EPP. The process

of binding interface board to the EPP and testing the complete unit is called activation and is performed by the supplier before shipment.

CAUTION

Assembled and activated EPP must not be disassembled. Interface board reattached to another ZT598J will NOT work.

In exceptional cases upon customer request (e.g. due to logistic issues) EPP may be

delivered in parts (ZT598J box, housing and/or interface board separately) in non-activated state. Further information and assistance in assembling and activation procedures is provided on request.

CAUTION

Disassembled EPP must be activated after assembling. Until activated, EPP will NOT work in an ATM.


4. Installation & Configuration

ZT598J EPP is a direct plug-in replacement of NCR EPP; therefore the installation procedure is the same as for NCR EPP.

When upgrading NCR 56xx/58xx ATMs from legacy SDC keyboards (e.g. Hi-Bape),

appropriate EPP fitting kit may be necessary as required by the ATM class.

4.1. SDC Variant NCR SDC EPP can be one of two types for legacy compatibility: BAPE (-B) or EKC (-E).

The type is hardwired in SDC interface board which is marked as either “Type B” or “Type E”. ZT598J EPP can support both types in firmware, but proper type must be selected manually.

If you are unsure about which type to set up, please look at the label on the back side of one of your original NCR EPPs, which should say either “Type B” or “Type E”.

NCR SDC EPP can be loaded with two variants of application: DAPI1 or DAPI7. ZT598J EPP can support both variants in firmware, but proper variant must be selected

manually. If you are unsure about which variant to set up, use DAPI1, which works universally. DAPI7 is newer and more secure option, but it is only supported by latest version of APTRA and AANDC.

Note. ZT598J does not support country-specific application variants for Germany,

Switzerland and France (DAPI2/5, DAPI3/8 and DAPI4/9 respectively). Before first power-on of the ATM with newly installed ZT598J please make sure its type and

variant (EPP-E vs. EPP-B resp. DAPI1 vs. DAPI7) matches configuration of the EPP previously installed in this ATM. To do this, a ZT598J EPP Maintenance Utility is provided.

ZT598J EPP Maintenance Utility is a bootable 3.5” floppy disk (supplied on request) which

allows the following tasks on the EPP installed inside an ATM: • SDC interface board firmware update (Note: this is not ZT598J encryptor firmware as

certified by PCI). • EPP type change (EPP-B to EPP-E and vice versa) • EPP variant change (DAPI1 to DAPI7 and vice versa)

To use the Maintenance Utility reboot ATM from the floppy disk. Interface board firmware

update will happen automatically if newer version is available on the floppy (this firmware update does not impact customer keys within EPP encryptor).

Current EPP type and variant (e.g. EPP-E/DAPI1) will be then shown on the ATM monitor. To select another type and/or variant follow on-screen prompts.

CAUTION Changing EPP type/variant will destroy all customer keys within EPP encryptor.


4.2. USB Variant NCR USB EPP (UEPP2) can be loaded with two variants of application: LGCY or INTL. ZT598J EPP can support both variants in firmware. Proper variant is selected automatically

by APTRA upon first power-on of the ATM with newly installed ZT598J, according to NCR EPP variant previously configured.

Note. ZT598J does not support country-specific application variants for Germany,

Switzerland and France.


5. Remote Key Management ZT598J EPP provides PKI-based Remote Key Management functionality identical to those

provided by NCR EPP. There is, however, one difference in that the EPP’s RSA keys are signed by different

vendor:

• NCR EPP public key is signed by NCR’s private vendor key at NCR premises during EPP manufacture.

• ZT598J EPP public key is signed by Shenzhen Zhengtong Electronics Co., Ltd. (SZZT’s) private vendor key at SZZT premises during EPP manufacture.

An ATM host wishing to use Remote Key Management for both NCR and SZZT EPPs must

implement separate Host RSA keys:

• Host public key for use with NCR EPPs should be signed using NCR’s private vendor key (performed by NCR upon request).

• Host public key for use with ZT598J EPPs should be signed using SZZT’s private vendor key (performed by SZZT or its representative upon request).


6. Troubleshooting This section describes possible issues and solutions during ZT598J installation.

6.1. EPP Not Found Symptom: ATM boots, but EPP does not show up.

• S4i: “Keyboard not attached” message appears and ATM halts. • Aptra: Keyboard is not listed in “Hardware Configuration”.

Solution: Check if EPP is alive: when powered up, EPP should issue ~1 second beep. If there’s no beep on power-up, EPP is broken and should be repaired or replaced.

6.2. Initial Keys Cannot Be Entered Symptom: ATM boots, but does not allow to enter any initial encryption key.

• Either an error message is displayed or ATM reboots during initial key entry.

Solution: Check if EPP is activated: after power up and initial beep, EPP should NOT beep on a key press. If beep is produced when a pinpad key is pressed, EPP is not activated and cannot be used in an ATM.

6.3. NDC ATM Reboots or Reports Encryptor Errors Symptom: ATM running an NDC application (NDC+ or early AANDC) does not work properly.

• Encryptor errors reported to the host or to the journal. • ATM reboots unexpectedly during an operation.

Solution: Check if EPP type is set to EPP-B (see Section 4.1). NDC application was designed to work with EPP-B keyboards; it may not work properly with EPP-E keyboards.

6.4. “New Hardware Found” Wizard Appears in Windows XP Symptom: After EPP was installed on an ATM, replacing another previously installed EPP, Windows XP detects new hardware and opens “New Hardware Found” wizard. Solution 1 (preferred): Switch EPP type to the opposite: EPP-B to EPP-E or vice versa (see Section 4.1). Windows XP detects new hardware only if the EPP type is changed; your EPP type does not match previously installed EPP type. Solution 2: Log in to Windows as Administrator (or other user with administrative rights) and let “New Hardware Found” wizard to complete. You will need to know appropriate login and password to perform this task.


6.5. AANDC 3.x Continuously Reboots

Symptom: After EPP was installed on an ATM, replacing another previously installed EPP, Aptra Advance NDC version 3.x continuously reboots during application loading. This is a known issue with AANDC 3.x (observed with versions 3.0 and 3.1). When EPP keyboards with different setting (e.g. DES vs 3DES) are swapped, AANDC 3.x fails to start up Solution:

• Boot Windows XP in Safe Mode (press F8 on Windows boot and select “Safe Mode”). • Log in as Administrator (or other user with administrative rights). You will need to know

appropriate login and password. • Delete or rename the following files:

C:\Program Files\NCR APTRA\XFS PIN Service Provider\krep.dat C:\Program Files\NCR APTRA\XFS PIN Service Provider\krep.bak

• Reboot the ATM.

6.6. AANDC 3.x Fails to Store Key (“FAILED TO CREATE CHECKSUM”)

Symptom: After EPP was installed on an ATM, replacing another previously installed EPP, Aptra Advance NDC version 3.x cannot store manually entering Master Key (e.g. Key A). A message “FAILED TO CREATE CHECKSUM” or similar appears instead. This is a known issue with AANDC 3.x (observed with versions 3.0 and 3.1). When EPP keyboard which was not initialized on this ATM is installed, AANDC 3.x fails to initialize it automatically. Solution 1 (preferred): Switch NDC Key Entry mode to another value and back.

• Enter AANDC Supervisor (SELECT) and choose ACCESS menu.

• Choose KEY ENTRY submenu

• Change entry mode e.g. from ‘4’ to ‘3’ and back to ‘4’. Solution 2: Reset NDC Key Entry mode in Windows Registry.

• Boot Windows XP in Safe Mode (press F8 on Windows boot and select “Safe Mode”). • Log in as Administrator (or other user with administrative rights). You will need to know

appropriate login and password.

• Run Registry Editor (regedit.exe) • Locate the following key and change its value to 0:

HKEY_LOCAL_MACHINE\SOFTWARE\NCR\Advance NDC\ENCRYPTORMODE\EncMode

• Reboot the ATM.

zt598j epp - atmdesksrv.atmdesk.com/epp/zt598j-user-manual.pdfinstallation & user manual ....

Documents