Access Guard 1000 Flashcards
What is the AG1000? Part 1
> The AccessGuard 1000 (AG1000) solution from NewNet is designed to process millions of mobile, broadband IP based POS transactions, m-commerce and e-commerce payments transactions, mobile wallet payments etc, while delivering the fundamental security capabilities needed to enable safe and reliable transport of financial transactions, security verification, or any data which requires high levels of data encryption over many network types.
Designed with flexibility as one of Access Guard’s core features, the system can also process, non- financial based transactions, including, business-to-business verifications, security verifications, point- to-point encryption, insurance & healthcare transactions and a variety of custom applications that require the highest level security and efficiency.
What is the AG1000? Part 2
The AccessGuard 1000 terminates SSL sessions that are originated from the mobile, broadband and IP supported POS, ATMs and smart phone based payment terminals. For the Financial providers it also supports transaction protocols like VISA I, VISA II, ISO 8583, TPDU (Transport Protocol Data Unit), and Custom Protocols, which allow AccessGuard to seamlessly interoperate with both next generation and legacy systems, while creating an environment for faster, reliable and more secure transactions.
What is the AG1000? Part 3
AccessGuard integrates Security (SSL, TLS etc), Transaction Protocol Processing (VISA, ISO8583 etc) and IP Routing (RIP, OSPF etc) in a single box combining the best in class for internet security, payment protocol handling and network routing. We provide an industry first and unique solution with integrated capability to offer these three critical capabilities to truly perform secure transaction routing in a single system.
Scalability
The AccessGuard 1000 solution is designed to scale from supporting hundreds of mobile, broadband IP payment terminal to supporting then of thousands of terminals. This means, transaction processing support for a million IP POS terminals can be simply achieved by distributing AccessGuard 1000 nodes throughout the network.
Security
Products sold in financial transaction market require strict adherence to regulatory and agency approvals. PCI DSS security requirement is among one of them an AG is compliant with these standard specifications. Also, support of financial transaction protocols like VISA I, VISA II, etc. provides an opportunity to offer more value added services on top of simple transparent routing of today. AG offers enhanced transaction data security with support for the DUKPT encryption and decryption standards used for encrypting transaction data from IP payment terminal and mobile payment devices.
The AccessGuard 1000 can securely interconnect the new or legacy acquiring/banking host servers with next generation mobile broadband IP POS or payment terminals, while safe guarding the sensitive data during its transit over the public internet or private network. Because of our vast years of experience in designing and selling financial services product including, transaction gateways for POS terminal to the financial market, NewNet has the know how to provide powerful value added services with reduced cost of transactions.
What are the Key Benefits?
Providing a more Secure means of connecting Mobile, Broadband IP POS/ATM terminals, NFC Terminals, Mobile Payment devices like Tablets, Smart phones, etc. and Transporting Information Securely to Multiple Locations over Secure or Unsecure Networks.
Highly Secure
Uses private, embedded SSL processing engine that is not subject to the common vulnerabilities of Open SSL-based solutions.
Fast “Time-to-Market”
Designed to install in hours, not days. Capacity is expandable via a feature key enable procedure. Releases delivered via software upgrades.
Lower Cost of Ownership
Standards-based system delivers high call density in 2U of rack space
Investment Protection
Minimal or no modification required to the existing hosts with full compatibility to existing host application protocols. It can also be used with currently deployed point-of-sale (POS) terminals.
Industry Protocol Support
Supports the latest standards such as Visa I, Visa II, SSL 3.0/TLS 1.0
Highly Versatile System
Integrates SSL processing, protocol- based routing, transaction processing, IP network routing, redundancy and management and reporting on a single solution and effectively reduces the number of network elements.
Key Features
Key Features
Encryption Offloading
The AccessGuard 1000 uses a next generation hardware acceleration encryption engine to achieve the perfor- mance required for the financial market. This means that as an SSL offloader, the host system is not respon- sible for processing any portion of the SSL traffic. By processing the entire SSL transaction, AccessGuard 1000 follows a model of encrypted-data-in from POS to decrypted-data-out towards host system.
Encryption Aggregation
This solution can aggregate thousands of simultaneous SSL and non-SSL connections and transactions. It can also support re-use, introduction in SSLv3, which can be used to reduce the burden of establishing a new SSL session by reusing previously established SSL Session ID’s. The AccessGuard 1000 can support thousands of persistent socket connections which support session reuse.
Redundancy & Load Sharing
AG System design supports query and download of resolved IP addresses, which is stored and utilized for redundancy routing and load sharing. It also provides a higher availability default path without requiring con- figuration of dynamic routing or router discovery protocol on every IP POS device.
Technical Specifications
Technical Specifications Power Requirements • AC 90~264V @47~63 Hz IP Protocols • NTP • TCP/IP • DNS • LDAP • RIPv2 • HTTP Physical Interfaces • 4 GbE or 10GbE SFP • 1 RJ-45 Console port Management • SNMP • SSH • GUI • Alarms/Traps • Syslog MAC • MD5 • SHA1 Dimensions & Weight • (WxHxD): 442x88x660 mm • 19” rack mount • 22 Kg/48.5 lbs in weight Operating Environment • Operating Temp.: 0°C to +40°C • Storage Temp.: -20°C to +70°C • Operating humidity: 5% RH to 95% ... RH (non -condensing) • Storage humidity: 5% RH to 90% ... RH (non-condensing) Regulatory/Agency Approvals • EIA-310-D • FCC Part 15 Class B testing • UL 60950-1 and EN 60950-1 HiPot • RoHS compliant & lead free Call Detail Record • RADIUS Encryption Engine • Embedded Encryption co- processor Key Exchange • RSA • RSA (512) • Diffie-Hellman Transaction Protocol Support • Transparent • VISA l/ll (EIS) • ISO 8583 • TDPU Security • SSL v3.0, TLS v1.0 • PCI security requirements • Digital Certification • DUKPT Encryption • RCA (40,128) • AES (192,256 • 3DES (168) • DES (56)
What are the protocols supported?
Transaction Protocol Support • VISA I/II (EIS 1051/1052 ) • BIN Routing • VLP with Host for Multiplexing • Multiple Variants ISO 8583 • Regional Variants TPDU • NII numbering mapped to Bank servers • Single Host session XML • ISO formats • Custom Flavors Transparent • Pre-configured routing Custom Protocols • Proprietary Routing
What are the AG1000 Internal Features?
Dual 2.4GHz Intel Xeon 6 core Processor • Linux OS • 4to81GEor10GESFPs • IPv6 support • XML Transaction processing • Network routing – RIP, OSPF , BGP • Expandable to 3000 TPS or 12,000 Concurrent SSL/TLS Sessions • Network Filtering • IPSec security • Virtualization • Load Distribution options • Faster transactions • Additional PCI-e slot for security module expansion
What are the AG1000 Features?
Mobile/Broadband IP to IP secure transaction processor
– Secure, standards based product
– 2U chassis, Linux OS, Xeon processor, multiple PCI-e slots
• System Capacity
– 1500 TPS and 6000 concurrent transactions
– Expandable to 12,000 concurrent sessions and 3000 TPS
• Security Features
– SSL v3.0, TLS 1.0, PCI/CISP Security, Digital Certificate, DUKPT
– Secure shell (SSH) remote access, TACACS authentication
– IPSec to Host Server
– FIPS Level 2 Compliant
• Transaction Protocol Processing
– Web Based HTTP and HTTPS transaction processing
– Legacy host interfaces (TPDU, VLP)
– Field specific routing – least cost, highest revenue
– Persistence connections to minimize TCP setup/disconnect time
• Network Routing
– RIPv2, OSPF
– IP Protocols - IPv4, IPv6, NAT, NTP, TCP/IP, UDP, DNS, LDAP
• High Availability
– Redundancy support using VRRP
– Load sharing on multiple Access Guard 1000s
• Hardware acceleration
– On board Cryptographic processor
– Increased number of transaction in shorter durations
• Management & Reporting
– SNMP system management (CEM), accounting and billing support (AV)
Features & Functions
Secure Routing of Mobile/Broadband IP payment transactions from Mobile devices, IP POS/ATM terminals, internet payment gateways, NFC Terminals
• Integrated solution for internet payments, remote mobile payments, NFC mobile wallet payments, mobile money transfer
• Faster completion of transactions over the IP networks
• Support for all major industry standard transaction protocols
including VISA I/II, ISO 8583, TPDU etc
• Industry standards based security processing with advanced encryption standards and methods
• PCI-DSS compliant solution with high level of data, network and access securities
• Transaction session data records generation with details of client devices, authorizing bank servers etc
• Secure remote access to the system and strict access control
mechanism for maximum security
What are the benefits?
Integrated system for security offloading, transaction protocol processing and IP routing
Avoid need for separate systems/additional devices for SSL offloading, Transaction protocol processing and IP routing
Expand the session and transaction rating requirements by SW upgrade
Retain existing Banking Server interfaces
Support for all existing transaction protocols with Authorization Servers
Expand the service capability from Dial transaction services to Mobile Payment processing
End to End Security as mandated by PCI using DUKPT
Custom modifications on AG1000 to interface with the Mobile payment/wallet applications to offer Mobile transaction services
TransacPons/Sec
1250
Peak Hour TransacPons
4.5M
Average Daily TransacPon Volume
18M
6
© 2012 NewNet All rights reserved.
•
NewNet Proprietary and Confidential
Single solution for Mobile and Internet based transaction services
Security - PCI DSS -
Build and Maintain a Secure Network
– Requirement 1: Install and maintain a firewall configuration to protect cardholder data Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
– Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program
– Requirement 5: Use and regularly update anti-virus software Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
– Requirement 7: Restrict access to cardholder data by business need-to-know Requirement 8: Assign a unique ID to each person with computer access Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
– –
–
Requirement 10: Track and monitor all access to network resources and cardholder data Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
