Agilis NDX Product Description

PRELIMINARY - DRAFT COPY
Thu Sep 24 16:55:21 2009
Agilis NDx Product Description

TP-821344-001A PD 6562 September 2009
CONFIDENTIAL - Trade Secret Material Only Diebold and entities granted an express written license by Diebold may possess or use this material. Unauthorized possession or use is illegal and is punishable by ne and/or imprisonment.

Thu Sep 24 16:55:21 2009
Document History Document Number TP-821344-001A Date 9/2009 Remarks Original edition
Copyright protection is claimed for each revision listed in the document history, as of the date indicated. Unpublished, All Rights Reserved Any trademarks, service marks, product names or company names not owned by Diebold, Incorporated or its subsidiaries (collectively "Diebold") that appear in this document are used for informational purposes only and Diebold claims no rights thereto, nor does such use indicate any af liation with or any endorsement of Diebold or Diebold products by the owners thereof. This document contains proprietary information. If the document pages state the information is con dential (or words of similar import), then this document is intended solely for the use of the copyright owner's employees or other personnel expressly authorized in writing by the copyright owner. Other uses of this information without the express written consent of the copyright owner are prohibited. This document should be treated as con dential material for security reasons. Any unauthorized disclosure or use of con dential material may violate Section 1832 of Title 18 of the United States Code as well as other laws, and may be punishable by ne and imprisonment. The information contained in this document is subject to change without notice. When using the document for system implementation, please call your authorized sales or service representative for any applicable changes. This document and the information contained herein are provided AS IS AND WITHOUT WARRANTY. In no event shall the copyright owner or its suppliers be liable for any special, indirect, or consequential damages of any nature resulting from the use of information in this manual. No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means: electronic, mechanical, photocopying, recording, or otherwise, without prior written permission from the copyright owner. Your use of this document and/or any of the information contained herein constitutes your agreement to all of the terms stated on this page. Diebold continually strives to improve its products. If you would like to comment on the accuracy, clarity, organization or value of this document, please contact us at documentationservices@diebold.com or address correspondence to: Diebold, Incorporated Att: Documentation Services 9-B-16 5995 Mayfair Road North Canton, OH 44720
ii
CONFIDENTIAL - Trade Secret Material Copyright Diebold, Incorporated (9/2009) - All Rights Reserved TP-821344-001A

Thu Sep 24 16:55:21 2009
Contents
Section 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Section 2 Agilis NDx 3.0 Product Overview . . . . . . . . . 2.1 Prerequisites . . . . . . . . . . . . . . . . . . . . 2.2 Features . . . . . . . . . . . . . . . . . . . . . . 2.2.1 Agilis Of ce Suite . . . . . . . . . . . . 2.2.2 Agilis Power . . . . . . . . . . . . . . . 2.2.3 Communication . . . . . . . . . . . . . 2.2.4 Deposit Automation . . . . . . . . . . . 2.2.5 Other Supported Devices . . . . . . . . . 2.2.6 Security . . . . . . . . . . . . . . . . . . 2.2.7 Supervisor . . . . . . . . . . . . . . . . 2.2.8 Application Control . . . . . . . . . . . 2.2.9 Installation and Con guration . . . . . . 2.2.10 Administration . . . . . . . . . . . . . . 2.2.11 NCR and Wincor terminals support . . . 2.3 Supported States . . . . . . . . . . . . . . . . . 2.4 Supported Functions Set . . . . . . . . . . . . . 2.5 Supported Messages . . . . . . . . . . . . . . . 2.6 Supported Commands . . . . . . . . . . . . . . . 2.7 Other Security Features . . . . . . . . . . . . . . 2.8 Status Messages . . . . . . . . . . . . . . . . . . 2.9 Supervisor . . . . . . . . . . . . . . . . . . . . . 2.10 Setup and Installation Overview . . . . . . . . . 2.11 Communication Protocol Compatibility . . . . . 2.12 Con guration Overview . . . . . . . . . . . . . 2.12.1 Agilis Con guration Utility . . . . . . . 2.12.2 Terminal Con guration Data Downloaded Section 3 Section 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1-1 1-1 2-1 2-1 2-2 2-2 2-2 2-2 2-3 2-5 2-6 2-9 2-10 2-11 2-11 2-12 2-12 2-13 2-14 2-14 2-15 2-16 2-16 2-17 2-17 2-17 2-17 2-18 3-1 4-1 5-1 5-1 5-1
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Section 5 Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1 Guide Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Programming Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Figures
Tables
Table 1-1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
iii

Thu Sep 24 16:55:21 2009
Tables
Table 2-1 Table 2-2 Table 2-3 Table 3-1 Table 3-2 Table 4-1 Supported States . . . Function Identi ers . Supported Commands Hardware Requirements Devices and Features Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12 2-13 2-15 3-1 3-1 4-1
iv

Thu Sep 24 16:55:21 2009
Section 1 Introduction
1.1
Overview
The Agilis NDx product is a pre-packaged solution that allows the terminal to support the NDC+ protocol. Agilis NDx release 3.0 is an ongoing product designed for Diebold, as well as for foreign vendor terminals, such as NCR and Wincor. Therefore, as this documentation evolves, more terminal hardware information will be added allowing the Agilis NDx 3.0 application to be extremely versatile and maintainable for your chosen hardware.
1.2
Terminology
Table 1-1 Terminology
Term ABC ACU Agilis Agilis AMI Anti Fish
De nition Agilis Base Communications (subsystem) Agilis Con guration Utility A Diebold software environment for Diebold and foreign ATMs A Diebold software environment for Diebold and foreign ATMs Acronym for Diebold's Agilis Module Interface; name of components that form the lowest level device software interface on the Opteva Terminal product family A feature for speci c card readers that prevent a perpetrator from illegally " shing" or forcibly removing a card from a Card Reader by the use of a tool and/or procedure. When a fraud attempt is detected, the Card Reader drops a pin across the input slot of the Card Reader, so that the card cannot be " shed out" by any type of small tool. The Agilis NDx software immediately sends a status to the Host to annunciate this condition. Automated Teller Machine Barcode Reader Module Cash Dispenser Module Cash-In Module Communication SubSystem Depositor Module European Central Bank Encryption Module Acronym for Europay-MasterCard-Visa, a set of speci cations that payment system hardware and software components must comply with to be used with chip cards. There are Level 1 speci cations that de ne the functions of the Card Reader and Level 2 speci cations that de ne the functions of the terminal software related to the Smart Card.
ATM BAR CDM CIM CSS DEP ECB EDM EMV
1-1

Thu Sep 24 16:55:21 2009
Table 1-1
Term EMV Smart Card De nition
Terminology (continued)
An EMV Smart Card is a chip-based, EMV-compliant card. The consumer inserts the Smart Card (integrated circuit chip card) into the ATM (or other device) to perform debit or credit transactions, such as those offered by Visa and MasterCard. Encrypting PIN Pad Indicator Light and LEDs Graphic User Interface Card Reader/Writer Message Authentication Code is a terminal application that prevents unauthorized tampering with messages between an automated teller machine (ATM) and a network. NCR Direct Connect Operator Switch The next generation Diebold ATM hardware, using the Windows XP Pro operating system. Payment Card Industry PIN input, encryption and veri cation module Journal printer Passbook printer Receipt printer Statement printer Remote Key Load Store And Forward Smart Device Objects A compound decryption process transforming cipher text into plain text through a required 3-step procedure (DES) of decrypting, encrypting and decrypting blocks of data using a double-length key (16 bytes). Triple DES decryption uses double-length keys where (in this case) the rst half of the key is used for decrypting and the second half is used for encrypting. A compound encryption process transforming plain text into cipher text through a required 3-step procedure (DES) of encrypting, decrypting and encrypting blocks of data using a double-length key (16 bytes). Triple DES encryption uses double-length keys where (in this case) the rst half of the key is used for encrypting and the second half is used for decrypting. VISA PIN Entry Device, a set of speci cations that the EPP must comply with to be VISA compliant. Windows XP Pro is a high performance, more secure operating system, allowing a quicker launch of most applications, as well as a faster entire system startup. Windows XP Pro manages your system resources, such as memory, CPU time, and le operations, in a way that keeps your system running as quickly as possible when you are working with several programs at the same time (multitasking). eXtensions for Financial Services
EPP FEP GUI IDC MAC
NDC OPS Opteva PCI PIN PRJ PRP PRR PRS RKL SAF SDO Triple DES Decryption
Triple DES Encryption
VISA PED Windows XP Professional
XFS
1-2

Thu Sep 24 16:55:21 2009
Section 2 Agilis NDx 3.0 Product Overview

The Agilis NDx product allows the terminal to support the NDC protocol. This terminal solution allows ATMs to be installed in NDC or NDC+ networks without requiring any changes at the NDC host. The application is easily installed, con gured and maintained. Agilis NDx 3.0 is the most recent version of the NDx plug-in. It is based on the new and unsurpassed EmPower architecture. Thanks to EmPower customizing capabilities and tools, you can adapt the NDC solution to any NDC derivatives and/or speci c features that can exist over all NDC accounts to better meet customers needs. The Agilis NDx new release is a cross vendor solution that supports Diebold Opteva, NCR and Wincor ATMs. Diebold 9x and ix terminals are not supported. The Agilis NDx release 3.0 supports almost all features that were available on Agilis NDx XV release 2.1 plus the support for Recycling module, ENA module, Barcode Reader, EMV enhancements, new Security features, Of ce Suite, particularly Campaign Of ce. The Architecture is hardware neutral and uses Diebold INvolve middleware. The INvolve middleware enables the same application to run without change on different vendors hardware and different device variants.
2.1
Prerequisites
The Agilis NDx 3.0 solution requires the Windows XP Professional Operating system and Service Pack 3. When migrating from any release of Agilis NDx to Agilis NDx 3.0 powered by Agilis EmPower solution, the new solution requires a new installation. There is no upgrade path. If the original XP Pro installation media is not available, another copy of XP Pro must be obtained.
2-1

Thu Sep 24 16:55:21 2009
2.2
Features
The following list details features in this release for the Agilis NDx software product.
2.2.1
Agilis Of ce Suite Agilis NDx supports Agilis Of ce Suite (Campaign of ce, Journal of ce, Remote of ce, and Security of ce). Campaign Of ce Agilis NDx integrates all hooks allowing to operate with Campaign Of ce 3.0 in a NDC environment. Final customization can be done with a PS engagement.
2.2.2
Agilis Power Agilis NDx uses the following Agilis Power features: Agilis Advanced Browser for display of consumer screens with HTML formatted data. Agilis Power Smart Device Objects (SDO) to control ATM devices.
2.2.3
Communication Communication Protocol Compatibility The Agilis NDx application works with all communication protocols that are supported by the Agilis Base Communications (ABC) subsystem program. NDC+ Compatibility and Message Formats The host terminal does not need to be modi ed in order to run an Agilis NDx solution in the network. Agilis NDx has the capability to process all incoming messages from the NDC host. This software product also supports NDC con guration data such as States, FITs and Screens. SNMP Agent Agilis NDx can interface the Agilis SNMP Agent v1.0 for Agilis EmPower Base using the SNMP Communicator interface. The Agilis SNMP Agent v1.0 for Agilis EmPower Base is protocol independent and is so compatible with Agilis NDx . The Agilis SNMP Agent v1.0 for Agilis EmPower Base is compatible with: Microsoft SNMP Master Agent. SNMP master-extensions agent architecture.
2-2

Thu Sep 24 16:55:21 2009
Agilis SNMP architecture. Any SNMP management application.
2.2.4
Deposit Automation Agilis NDx 3.0 supports the following Cash and Cheque Deposit devices and solutions. AHD Agilis NDx supports the After Hours Depositor when used with Opteva terminals. Bulk Cash Recycler Module (BCRM) Agilis NDx integrates support for the Bulk Cash Recycler Module (BCRM). The BCRM is a cash dispenser and currency acceptor in a single module. This allows currency that is deposited to be recycled back to the consumer via cash dispense. Agilis NDx can be con gured to support cash deposits, dispensing, and cash recycling, depending on hardware and XFS con guration. BNA Agilis NDx provides support for the Bulk Note Acceptor (BNA) on Opteva terminals. A terminal equipped with a BNA allows a consumer to deposit bank notes in loose bundles of mixed denominations in any lengthwise orientation. ENA Agilis NDx release 3.0 supports Diebolds new Enhanced Note Acceptor, which is available on all Opteva advanced function ATMs. The ENA joins Diebolds world-class deposit automation family. The ENA module offers a new improved design with increased reliability and is designed for lower note count transactions. The ENA will accept up to 50 notes at a time without an envelope, using a presenter style interface. This module is available as an alternative to the higher capacity Bulk Note Acceptor module. Agilis NDx 3.0 supports the Enhanced Note Acceptor as follows: Validator A (BEB) Article 6 with the BEB validator for counterfeit processing support in the Euro zone ENA stacking cassette for currency distribution upon deposit Validator B (JCM) Intelligent Depositor Module (IDM) The Agilis NDx application supports the Intelligent Depositor Module for Diebold Opteva system. The IDM is used to accept customer checks for deposit.
2-3

Thu Sep 24 16:55:21 2009
Agilis NDx can support (customization needed) the following enhanced IDM operations if supported by the IDM hardware and NDC protocol: Bin accessed status Tamper status Ink Low Status Optional stamping during check handling operations controlled by the network E13B, CMC7 and OCR MICR code line recognition support Suspicious magnetic status used to control state ow Con gurable option to send a hint amount to RSS for amount recognition performance improvement Analyze the check images for the presence of speci c elds (endorsement, signature, etc.) as supported by RSS and use the results to control state ow Perform image quality analysis on the check images as supported by RSS and use the results to control state ow Article 6 Agilis NDx supports Article 6 speci ed by ECB for cash deposit transactions. Deposit devices and XFS layers support ECB article 6 as speci ed in the XFS speci cations. Banknote Signature Tracing System (BSTS) BSTS is an Agilis Component that creates and maintains a database with Transaction information and cashed-in banknotes data. The database will be populated with customer transactions and banknote data when forgeries or suspects of forgeries are detected by the client application. The client application provides those data during customer transactions and requires BSTS to re-trace depositing information (transaction and banknote data) during maintenance operations. Image Way Agilis NDx 3.0 supports Image Way Recognition operations and Image Store and Forward. Image Way RSS Recognition is a standalone Diebold product that takes an image of a check, obtained from the scanning device (IDM) and performs Optical Character Recognition operations on it and returns the results. Store and Forward functionality stores locally image and deposit transaction data and then at timed intervals transmits it to a central site.
2-4

Thu Sep 24 16:55:21 2009
2.2.5
Other Supported Devices Bar Code Reader Agilis NDx supports the barcode reader, allowing perform transactions such as Bill Payment. EJ (Electronic Journal) Eletronic Journal ensures uninterrupted logging to disk even when the journal printer is out of service. The Agilis NDx application product has the capability to upload the electronic journal to NDC host. Increased Media Capacity The Opteva terminal supports the 5-high Advanced Function Dispenser (AFD). When con gured with the same denomination value as one of the other 4 cassettes, the fth cassette is supported as logical part of the one of the others loaded with the same type of bank notes and thus extends the capacity and increases uptime. This does not impact the NDC+ host. Passbook Agilis NDx supports the Passbook Printer designed to handle passbooks. Both Basic and Advanced passbook printers are supported: Basic: This feature provides basic passbook update capability for both horizontal and vertical fold passbooks. The passbook is inserted opened to the desired page. If there is not enough available lines to print data, the application will eject the passbook and ask the customer to turn the page and insert again to complete printing (no page turning capability). Advanced: The application detects automatically the rst empty line and the turn page is performed by the printer. Special Receipts Printing The Agilis NDx application product has the ability to print NDC special receipt screens R00' and R01', allowing this feature to print one receipt per transaction. Tri-color Lead-through Indicators Agilis NDx supports tri-color lead-through indicators on the following devices: Card reader Thermal receipt and two-tone graphical statement printers Envelope depository Note dispenser Passbook printer
This color indicator displays green when the terminal is in service with no faults, yellow when it contains a module with a supply low condition, and red when a module that is out of service. Touch Screens The Agilis NDx application product supports the FDKs emulation for Touch screens during screens processing.
2-5

Thu Sep 24 16:55:21 2009
Voice Guidance The Agilis NDx application product supports voice guidance on Agilis NDx terminals supporting voice-prompting commands in which voice messages are supplied by the host in screen data load commands that have the appropriate escape sequences. A voice control le, which consists of voice messages, speci es which media le will be played sequentially. Each institution will be required to provide their own media les for messages that apply to their own system. UPS Agilis NDx activities were enhanced to provide support of UPS in a NDC environment.
2.2.6
Security Agilis NDx 3.0 supports the following Security Features. ABC SSL Encryption Support Encrypted ATM communications is an option of Agilis Base Communication (ABC) that uses SSL encryption technology to encrypt the nancial transaction messages, particularly cardholder data, between the ATM and the nancial transaction host across open, public networks. Only the communication that uses ABC is encrypted, for example the NDx messages. Anti Fish Anti Fish, an anti-fraud feature for speci c card readers, available on Diebold Opteva terminals, that prevents a perpetrator from illegally " shing" or forcibly removing a card from a Card Reader by the use of a tool and/or procedure. When a fraud attempt is detected, the Card Reader drops a pin across the input slot of the Card Reader, so that the card cannot be " shed out" by any type of small tool. The Agilis NDx software immediately sends a status to the Host to annunciate this condition. Anti-Skimming On ATM equipped with motorized card readers with LTI anti skimming sensor, Agilis NDx application receives events identifying fraud attempts on the ATM, which can be sent to the host. Anti-skimming sensor detects the presence of Skimming devices criminals add to the bezel of the card readers. EMV Smart Card Support EMV is a set of speci cations that payment system hardware and software components must comply with to be used with chip cards. There are Level 1 speci cations that de ne the functions of the Card Reader and Level 2 speci cations that de ne the functions of the terminal software related to the Smart Card. The EMV kernel used by Agilis NDx is EMV 4.1 certi ed.
2-6

Thu Sep 24 16:55:21 2009
An EMV Smart Card is a chip-based, EMV-compliant card. The electronic chip on the card contains a program that performs operations and holds nancial data, allowing the consumer to use the card as a debit or credit card. Smart Cards have two major advantages over traditional magnetic stripe cards, as follows: Greater security against fraud (risk management) Capability of supporting a wide range of differentiating services (value added services) Ability of acquire to download EMV con guration data. Smart Card States support. Application Selection Indicator in ICC Terminal Acceptable Application IDs table. ICC application selection can be based on full or partial match. Automatic Language Selection. Parallel Processing. Issuer Script Processing. Track 2 data used during an ICC transaction. Additional parameters supported in ICC Terminal Acceptable Application IDs table determine which Track 2 data will be used to prepare a PIN block. It allows using simulated track 2 data when no magnetic track 2 and no track 2 equivalent data are available. Transaction Request Messages including EMV data for Host approve. Transaction Reply Messages including issuer scripts. Encrypting PIN Pad The Encrypting PIN Pad (EPP) is a sealed module that immediately encrypts the PIN entry so that no raw" PIN numbers are accessible to electronic hackers either tapping onto wires within the ATM or remotely sensing electromagnetic radiation emitted through ATM wiring. Any tampering of the EPP renders it unusable, requiring shipment back to the manufacturer to reset internal keys. The Diebold PIN Pad, referred to as the Encrypted Pin Pad 4.0 or 5.0 (EPP4/EPP5) includes the following functions: Enciphers the PIN inside a secure module at the keypad. Performs Data Encryption Algorithm (DEA) and Data Encryption Standard (DES) operations such as network-to-terminal authentication, PIN veri cation or change, and DEA key management. EPP4/EPP5 supports both single DES and triple DES Algorithms.
2-7

Thu Sep 24 16:55:21 2009
Allows data entry from the keypad. Supports VISA rmware for ensuring VISA PED compliance. The ATM must be tted with an EPP4 with VISA rmware for ensuring VISA PED compliance or with a PCI-compliant EPP5 (VISA rmware supported as standard). NOTE The VISA PED compliant EPP4 and the PCI-compliant EPP5 only support Triple DES encryption. PCI DSS Agilis NDx includes all changes required to address the PCI DSS requirements for protecting customers data. In accordance with PCI DSS (Payment Card Industry Data Security Standards) regulatory standards version 1.2, the Agilis NDx application will not store the full contents of any track from the magnetic stripe, in a chip, or elsewhere. Agilis NDx also masks the full contents of PIN (Personal Identi cation Number) or encrypted PIN block in the logs, even when the maximum level of logging or tracing is enabled. If the PIN or encrypted PIN block are included as part of a message trace, they will be masked. Agilis Base Communication (ABC) V4.4.0 includes support for Secure Sockets layer (SSL). Message Authentication Code (MAC) The MAC (Message Authentication Code) is a data security feature, which helps prevent unauthorized tampering with messages between an ATM and a network. The application monitors messages between the network and Agilis by adding a MAC code and a Time Variant Number (TVN) to critical messages. PIN Change Feature A Customer Selectable PIN state allows the cardholder to input a new PIN inclusive using an EMV card. It differs from the PIN entry state in the number of retries. The state will prompt for the new PIN twice and will take a good exit if both are the same and the terminal checking feature is enabled. Remote Key Loading (RKL) Agilis NDx release 3.0 supports Remote Key Loading compliant with Payment Card Industry requirements. Remote Key Loading based on Certi cates is supported. Agilis NDx does not support Remote Key Loading based on NCR signatures that allows to run on NCR and Wincor terminals. Suspend Mode Suspend mode is a security feature to prevent tampering at the ATM. When a tampering attack is suspected, the ATM goes in suspend mode for a pre-de ned period and no customer transaction can be performed. To the suspected cheat, it looks as if the ATM has been damaged in some way and has gone out of service. The ATM comes back into service when the timeout period expires.
2-8

Thu Sep 24 16:55:21 2009
Code Obfuscation The Code Obfuscation is the process of transforming the Agilis NDx 3.0 software code to something incomprehensibly. Humans cannot easily understand it, even while using decompilers in order to Protect Intellectual Property and make harder to crack the code and tampering. Secure Token Authentication Two-factor authentication using the Secure USB Device, as designed by Diebold engineering, for authorized users is an innovative solution for secure access to the system level of the ATM. This service links an authorized user to a USB hardware cryptographic token using a User certi cate from VeriSign. Access is controlled by either the PIN or pass phrase set by the associate and not shared with or known by others. The secure PIN and/or pass phrase ties the associate to the digital certi cate and to the USB token.This allows the Diebold ATM system to uniquely identify the authorized user who is attempting to access the system using the secure USB device. Additionally this service allows restricted authorization to system functions based on the user role. An audit trail is maintained for the menu activities executed by the associate. Additionally, if we examine standards such as the PCI DSS or PCI ATM draft, we see that this service complies with the unique id and audit trail requirements of these standards. Symantec Endpoint Protection v11 The purpose of the Symantec Endpoint Protection (SEP11) Firewall Security Agent is to control communications with the Agilis NDx 3.0 terminal. The SEP11 Firewall Security Agent is also referred to as the rewall. However, the product combines an anti-virus, spyware, and a malware detection engine, a rewall, and intrusion prevention into a single security product. SEP11 offers protection for the ATM operating system, registry access restrictions, le access restrictions, process launch restrictions, and device control providing strengthened security and protection for our customers. TPM Activation (Diebold Opteva Processors) The TPM, available with the upgraded Opteva processor, is a microcontroller that stores keys, passwords and digital certi cates. This new TPM chip is permanently attached to the motherboard and it is enabled. It provides an added level of security and serves as a "silicon safe" to protect encryption and signature keys. The TPM contains a Verisign Certi cate which ties it to the speci c ATM in which its installed. Since each TPM chip is unique to a particular device, it is capable of performing platform authentication. It can be used to verify that the system seeking access is the expected system. This protects the ATM against PC substitution and virtually eliminates the potential for fraud caused by booting and running software from a source other than the primary hard drive.
2.2.7
Supervisor Auto Supervisory Feature This con guring feature allows entering in Supervisor mode directly when opening the safe and/or cabinet door, just like when pressing the White Rocker switch. Similarly, you can exit the Supervisor mode by closing the safe and/or cabinet door. This option is con gurable through the ACU.
2-9

Thu Sep 24 16:55:21 2009
State of Health Agilis NDx added a new feature in the Supervisor allowing displaying the state of health of the terminal. Communication line status: Online/Of ine Application state: In Service/Out Of Service In Use /Not In Use Settlement Transactions Settlement transactions are operator selectable functions that can be executed in maintenance mode. The related information is downloaded in NDC reserved screens C09 to C19.
2.2.8
Application Control Host FIT Loads The Agilis NDx application dynamically manages NDC FIT con guration data, which can be loaded directly from the host to the terminal. Multi-Language Support The Agilis NDx application handles both screen processing and multi-language support by resolving all screen references and screen data translations. Host Screen Loads The Agilis NDx application product has the capability to process NDC screens as delivered from the NDC host. Local Custom Screens The Agilis NDx application product has the capability to process NDC local screens the same way as the delivered from the NDC host. Host State Loads The Agilis NDx application product has the capability to process NDC states as delivered from the NDC host. Support base 36 (alphanumeric) state numbers that enables up to 46655 state numbers. A state number can be decimal (base 10, range 000-254 or 256-999) or alphanumeric (base 36, range 000-254 or 256-ZZZ). Local Custom States The Agilis NDx application product has the capability to process NDC local states the same way as the delivered from the NDC host.
2-10

Thu Sep 24 16:55:21 2009
2.2.9
Installation and Con guration CD-RW Support Agilis NDx provides support for the CD-RW drive, which is a standard option in the Opteva terminals. Some of the support provided by Agilis NDx includes the ability to install application software, to load les and media to the terminal for advertising and content distribution, and to archive Electronic Data Capture les. NOTE Agilis NDx provides support for a CD-RW drive, which is now a standard device in the Opteva terminals. This includes the ability to install application software, load custom les or media to the terminal for advertising and content distribution, and to archive Electronic Data Capture Files. In addition, this new device supports the ability to backup customized parameters and ATM software. Pre-Packaging Based on EmPower platform, Agilis NDx release 3.0 is delivered as a pre-packaged software product. The release 3.0 can be ordered as installable media CDs, with or without operation system. It can be also ordered with Opteva terminals preloaded on the hard- drive and ready to be con gured on site to be up and running. Agilis NDx 3.0 set-up installs the software with pre-de ned Diebold default screens (in English) and NDC default settings. Agilis NDx 3.0 is also available through the Diebold Exchange Community for Professional Services engagements for customization. Single Con guration Tool All options are con gured via the Agilis Con guration Utility (ACU).
2.2.10
Administration EDC Archive Function The Agilis NDx application supports the Agilis NDx Maintenance EDC archive function that writes journal data to the CD-RW (Writable CD-ROM), if no oppy media drive exists. Error Status Reports The Agilis NDx application product reports statuses to the host. Remote Status Indicator Agilis EmPower NDx supports the Remote Status Indicator device.
2-11

Thu Sep 24 16:55:21 2009
2.2.11
NCR and Wincor terminals support Agilis NDx release 3.0 supports NCR and Wincor ATMs. EmPower is designed to work in a cross vendor environment. Agilis NDx release 3.0 has been tested on NCR and Wincor terminals representative of the current NCR/WNI offering. However, due to the various foreign con gurations that can be installed in the eld, it is recommended for any cross vendor engagement to involve Professional Services organization. EDC Archive Function The Agilis NDx application supports the Agilis NDx Maintenance EDC archive function that writes journal data to the CD-RW (Writable CD-ROM), if no oppy media drive exists.
2.3
Supported States
The Agilis NDx supports the following states: Table 2-1
State A B C D E F G H I J K _ L M R S T V W X Y b Description Card Read PIN Entry Envelope Dispenser Pre-Set Operation Code Buffer Four FDK Selectin Function Amount Entry Amount Check Information Entry Transaction Request Close FIT Switch Expanded Fit Switch Card Write Enhanced PIN Entry Enhanced Amount Entry Language Code Switch Card Read PIN Entry Initiation Language Select From Card FDK Switch FDK Information Entry Eight FDK Selection Function Customer Selectable PIN
Supported States
2-12

Thu Sep 24 16:55:21 2009
Table 2-1
State k i p > w & . + / , ; ? Description Smart FIT Check Audio Control Passbook Cash Accept Cheque Accept Barcode Read
Supported States (continued)
Automatic Language Selection Begin ICC Application Selection and Initialization Begin ICC Initialization Complete ICC Application Selection and Initialisation Complete ICC Initialisation ICC Reinitialise Set ICC Transaction Data
2.4
Supported Functions Set

The Agilis NDx supports the following Function Identi ers: Table 2-2
Function ID 1 or 7 2 or 8 3 or 9 4 5 6 A B or C F P Q * : Description Deposit and Print Dispense and Print Display and Print Print Immediate Set Next State and Print Night Safe Deposit and Print Card Before Cash Parallel Dispense and Print and Card Eject Card Before Parallel Dispense and Print Print Statement and Wait Print Statement and Next State BNA Refund Notes and Next State BNA Encash Notes and Next State BNA Encash Notes and Wait CPM Process Cheque
Function Identi ers
2-13

Thu Sep 24 16:55:21 2009
2.5
Supported Messages
The Agilis NDx supports the following NDC Messages: Transaction Request Transaction Reply Interactive Transaction Reply Unsolicited Statuses - Device Errors - External Events - Supplies Problems Solicited Statuses Ready 9 / Ready B Device Fault Command Reject Speci c Command Reject Terminal State
Encryptor Initialization Data Status information Field Device Status Information EJ Commands
2.6
Supported Commands
The Agilis NDx supports the following Commands:
2-14

Thu Sep 24 16:55:21 2009
Table 2-3
Type Description
Supported Commands
Startup / Shutdown Send Supply Counters Send Con guration ID Send Tally Information Send Con guration Information Send HW Con g. Data only Send Supplies. Data only Terminal Command Send Fitness Data only Send Tamper and Sensor Status Data only Send SW ID and Release # Data only Send Date and Time Send Enhanced Con guration Data Send Local Con guration Option Digits Send Error Log Information Startup / Shutdown State Table Load Screen / Keyboard data load Con guration Parameters load including ICC data Enhanced Con guration Parameters load FIT data load Con guration ID number load MAC Field Selection load Customization Command Date and Time load Encryption Key load Extended Encryption Key Change State Table Load Screen / Keyboard data load Con guration Parameters load Enhanced Con guration Parameters load FIT data load
2.7
Other Security Features

Diebold con gures the software security features normally provided by the Microsoft Windows XP Professional operating system to implement speci c user accounts with password protection.
2-15

Thu Sep 24 16:55:21 2009
While it runs the ATM for consumer transactions, Agilis NDx release 3.0 disables the Windows desktop to prevent unauthorized system access and further enhance security. This feature is con gurable so that the Windows desktop can be enabled temporarily, if desired, such as in a test environment before the ATM is deployed or installed in the eld at a customer site. The Agilis NDx release 3.0 also supports the following security features: Single length key encryption (DES) Double length key encryption (TDES) Single key MACing Double length key MACing as speci ed by ISO 9797-1 standard. Double Length Key MACing according AS2805.4.1 for Australia Key entry in two parts or more Individual KVV Cumulative KVV PCI compliant Remote key RKL/Certi cate SEP11 - USB Blocking (only for Opteva) Security Template (only for Opteva)
2.8
Status Messages
The Agilis NDx supports the following statuses: Standard NDC statuses for all devices. M-statuses or MDS statuses provided by means of con guration les Alarm status for door - Go to supervisor mode Leaving maintenance mode w/o asking operator. No message box, no key entry. Persisting errors when leaving maintenance mode are displayed on the score bar.
2.9
Supervisor
The Supervisor application provides an easy to use interface to all terminal data including: Management of Supplies Con guration Key Entry Interface to terminal diagnostics Settlement Terminal State of Health display
2-16

Thu Sep 24 16:55:21 2009
2.10 Setup and Installation Overview

The Agilis NDx 3.0 installation package, available for all platforms, includes one media kit CD common to all terminals and the Developer installer (.msi) For more information on setup instructions and con guration of the Agilis NDx 3.0 application, refer to the Agilis NDx Installation and Con guration on Opteva (TP-821370-001B PD 6610), Agilis NDx Installation and Con guration on Wincor(TP-821382-001B PD 6638) and Agilis NDx Installation and Con guration on NCR(TP-821381-001B PD 6637). NOTE For Diebold terminals, a eld installation package with Operating System, XFS and RSS is also available.
2.11 Communication Protocol Compatibility

The Agilis NDx application works with all communication protocols that are supported by the Agilis Base Communications (ABC) subsystem program. The Agilis Base Communications (ABC), based on Diebold's Communications Subsystem, provides the communications between the Agilis applications and the host(s). The operator interface for the communication subsystem (Communication Subsystem Editor (CSSEDT)) allows the operator to monitor communication status and activity, and to initiate and view message traces. The communication subsystem dynamically updates the various statistics, providing an accurate view of communication status at all times.
2.12 Con guration Overview

2.12.1 Agilis Con guration Utility The con guration interface has been simpli ed. All options are now con gured via the Agilis Con guration Utility (ACU). The Agilis Base con gurator options are available under the Agilis EmPower menu. The Agilis Power con gurator options are available under the Agilis Power menu. The Agilis NDx con gurator options are available under the Agilis NDx menu.
2-17

Thu Sep 24 16:55:21 2009
2.12.2
Terminal Con guration Data Downloaded The terminal con guration data sent by the host consists of the following: States - State tables direct the terminal to the tasks to be performed during each part of a transaction. Screens - Screen data contains display, control, and delimiter characters for different screens, which must be shown during different parts of a transaction. FITs - Financial Institution Tables provide information used to identify the card-issuing institution. Miscellaneous - Miscellaneous data can include con guration, enhanced parameters, data and time loads, ICC con guration and more.
2-18

Thu Sep 24 16:55:21 2009
Section 3 Hardware Requirements

The Agilis NDx Con guration application operates with the following minimum hardware and must coexist with the following standard ATM hardware devices. Listed are those hardware components supported and not supported for the Agilis NDx Con guration application. Table 3-1 Hardware Requirements
HARDWARE Processor RAM Hard Drive Diebold Opteva Series Terminals Pentium 3 or higher / Celeron 2.0GHz or higher 1 GB minimum 40 GB minimum (with 20G minimum free space) NCR Terminals 2.0GHz Pentium processor minimum 1 GB minimum 40 GB minimum (with 20G minimum free space) Wincor Terminals 2.0 GHz Celeron processor minimum 1 GB minimum 40 GB minimum (with 20G minimum free space)
Devices and Features The following sections list the full scope of functional devices and features for the Agilis NDx 3.0 product that are supported for particular terminals. Table 3-2 Devices and Features
Devices After Hour Depository Bar Code Reader Bulk Cash Recycler Bulk Note Acceptor (BNA) Cash Dispenser Diebold Opteva Series Terminals Supported Supported Supported Supported Advanced Function Dispenser (AFD) with Fifth Cassette support Supported Supported Supported Supported Supported using the EPP4 or EPP5 Supported Supported Supported Not Supported Supported Supported Supported Including USB EPP Supported Supported Dispenser, 4-high, Standard Cassette Supported Supported Dispenser, 4-high, Standard Cassette Supported NCR Terminals Wincor Terminals
Chip Card Device (Smart Card Reader) Coin Dispenser Consumer Video (front) Dip Card Reader Encrypting Pin Pad (EPP) /Consumer Keypad Enhanced Note Acceptor (ENA) Envelope Dispenser Envelope Depositor Impact Receipt Printer
3-1

Thu Sep 24 16:55:21 2009
Table 3-2
Devices Intelligent Depositor Module (IDM) Journal Printer External Alarms Motorized Card Reader Operator Video (rear screen GUI) Passbook Printer (basic) Passbook Printer (Advanced) Rear Alphanumeric Keyboard (maintenance) Sensors and Indicators Statement Printer Thermal Receipt Printer Thermal Statement Printer Touch Screen TTU (Terminal Text Unit) Tri-color Lead-through programming color capability Sensors Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported Supported
Devices and Features (continued)

NCR Terminals Wincor Terminals
Diebold Opteva Series Terminals Supported using the IDM4 or IDM5 Supported
Supported Including USB Thermal Journal Printer Supported Supported
Supported
Supported
Supported Supported Supported Including USB Thermal Receipt Printer Supported Supported Supported Supported
For a list of hardware feature codes and part numbers, contact your Diebold representative.
3-2

Thu Sep 24 16:55:21 2009
Section 4 Software Requirements

Table 4-1 Software Requirements
Diebold Opteva Series Terminals Windows XP Professional operating system with Service Pack 3 Diebold XFS V3.11.1.11 BSTS V3.11.1 RSS 2.4.0.8 XFS version v04.05 or v5.0 XFS version: ProDevice 4.1/40 (XFS Release 3.03). NCR Terminals Wincor Terminals
AMI (for Opteva ONLY) AMI is an acronym for Diebold's Agilis Module Interface, the name of components that form the lowest level device software interface on the Opteva Terminal product family. The Agilis AMI (Agilis Modular Interface) is the interface layer for Diebold Opteva ATM terminals. The AMI adapter, receives CSS express bus messages and translates them into AMI messages. Windows XP Professional Operating System Windows XP Professional with Service Pack 3 is the operating system for the Agilis NDx software application running on Diebold terminals.
4-1

Thu Sep 24 16:55:21 2009
Section 5 Documentation
The following Diebold documentation provides more information concerning the terminal and utility software related to the Agilis NDx application:
5.1
Guide Manuals
Agilis NDx Installation on Opteva Guide (TP-821370-001B PD 6610) Agilis NDx Installation on NCR Guide (TP-821381-001B PD 6637) Agilis NDx Installation on Wincor Guide (TP-821382-001B PD 6638) Agilis NDx Con guration Guide (TP-821316-001A PD 6516) Agilis Base Con guration Guide (TP-821305-001A) Agilis Developer Installation Guide Agilis NDx Supervisor User Guide (TP-821344-001A)
5.2
Programming Manuals
Agilis NDx Application Programmers Guide (TP-821317-001A) Agilis NDx Con guration Guide (TP-821316-001A) Agilis NDx Custom Application Projects Tutorial (TP-821390-001A) Agilis NDx How to use the Presenter class (TP-821379-001A) Agilis NDx Passbook Printer Extension (TP-821356-001A) Agilis NDx Supervisor Programmers Guide (TP-821314-001A) Handling new devices using FAN and NDx Communicator (TP-821318-001A) How To - Creating a Custom NDC project (TP-821357-001A) XML Schema Customizations Tutorial (TP-821364-001A)
5-1

Agilis NDX Product Description

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Agilis NDX Product Description

Hochgeladen von

Copyright:

Verfügbare Formate

PRELIMINARY - DRAFT COPY

Thu Sep 24 16:55:21 2009