Versions Compared

Old Version 1

changes.mady.by.user Alexandre PERRIER

Saved on

compared with

New Version Current

changes.mady.by.user Alexandre PERRIER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

SoftPOS high Level Architecture exemple

image-20240510-174849.png

EMV Kernel on SoftPOS Framework

The Agnos L2 SDK provides the way for the customer to :

  • connect his own Secure Client API (secclt module) that allows the merchants app to provision and control the attestation and monitoring, keys and configuration update, and PIN entry by (KML2 Lib connected to ? )using the KML2 Lib . The Agnos L2 SDK will call functions present in the Secure Client

  • use and connect is L3 Payment application via The Agnos API (agnos module - OLA) that provides payment transaction features.

image-20240510-183351.pngImage Removedimage-20240530-174909.pngImage Added

Notes:

  • The Secure Client maintains its own connection with its backend. The system administrator must provide the required connection and authentication parameters to the SDK provisioning API .The Secure Client API and Agnos API are independent. If an online PIN verification is required, the L3 module is responsible for invoking the secure PIN entry API and send the resulting cryptogram to its servers. Est ce toujours le cas ?

Secure Backend

...

  • The Secure Backend REST API is meant to be used only by the Secure Client and must be accessible from the internet.

  • The administration REST API allows performing administration operations such as:

    • Managing device models.

    • Adding devices to the system.

    • Registering users.

  • The remediation REST API allows the incident and fraud detection console operator to trigger an application specific remediation action in a specific application instance.

The Secure Backend consumes the following interfaces:

  • The security incidents notification interface that sends the details of possible security issues detected in the deployed merchants’ applications.

  • The cryptographic provider interface that exposes the cryptographic operations required by the Secure Backend.

Android COTS GPI HAL

GPI provides a wide set of primitives through the API level called Service Abstraction Level (SAL). This SAL layer encapsulates Agnos' HAL corresponding to the DEVICE layer. Integrating a new platform means overloading DEVICE behavior, i.e. coding into HAL. However, some GPI primitives may be overloaded depending on L3 needs:

  • gpiInitializeHSM (*): overload it to modify file references (not required for L2 TA)

  • gpiEMVGetCertificate (*): overload it to modify public keys look-up (not required for L2 TA)

  • gpiGetEMVCRL (*): overload it to modify revocated certificates look-up (not required for L2 TA)

  • gpiFindPANfromEFL (*): overload it to modify exception file parsing (not required for L2 TA)

...

Function:

Connect to

Open L2 API (OLA)

Diagramme integration

Function:

Connect to

Open L2 API interface is an abstraction of the card processing (alias L2. See also here More On Card Processing ), for EMV contact and EMV contactless systems. It is based on a simple set of primitives to ease L2 integration onto a payment application (alias L3).

...

  • Pin pad management: refer to manufacturer’s SDK to integrated use cases related to pin entry. Most of the time, proprietary callbacks must be defined using specific software signatures

  • Transit features: use manufacturer’s SDK to realize transit use cases. For example, if using Agnos Framework, refer to Callbacks API.

 Table to be updated

Product Version

Online API Documentation

Update

Comments

OLA 2.1.6

OLA version 2.1.6.23992

First online API version

Agnos for COTS' integration with an existing Entry Point

Our Agnos for COTS architecture allows customers having their own EntryPoint to integrate our kernels .

image-20240604-184922.pngImage Added

Customer API makes direct call to OLA API via Kotlin language .

Customer EntryPoint will do SELECT and FINAL SELECT . Once FCI + Kernel ID identified , this will be sent to AMADIS OLA API (via ola_contactless_add_aid_supported) via Customer API (please see confluence page for normal flowAgnos for COTS Integration Guidance - Application selection bypass )

Link between GPI and Agnos L2 Stack :

if customer wants to go to L2 Certification , Amadis Agnos L2 stack provides events sends via callback to the GPI , customer will need to create Link between GPI and Customer Middleware which allow via a Listener to implement special events like BIP , message DISPLAY , LED .

image-20241008-202509.pngImage Added

See the confluence page below for more details regarding Application Selection bypass

Agnos for COTS Integration Guidance - Application selection bypass