ATMs and operating systemsOverview for ATMIA Africa forum

Tonbridge, England

August 2016

o Windows 10

o Windows CE

o Arising alternatives

o Industry RFI

Today

Windows 10 - comparison

o The ATM industry has been working diligently to deal with XP end of life. Many deployers upgraded ATMs to Windows 7 (end of mainstream support 2015, end of extended support 2020)

o Windows 10 was released in 2015 and will be supported at least through 2025

o Microsoft has stepped up in the fight with malware with new security features. This means additional hardware requirements which may not be supported by older ATMs/PCs

o ATM deployers need to evaluate which OS to use for XP upgrades, which OS to use for new ATMs and when to upgrade Windows 7 & XP when support ends

Overview

Windows OS’ life cycles

Client operating

systems

Latest update or

service pack

End of

mainstream

support

End of extended

support

Windows XP Service Pack 3 April 14, 2009 April 8, 2014

Windows Vista Service Pack 2 April 10, 2012 April 11, 2017

Windows 7 * Service Pack 1 January 13, 2015 January 14, 2020

Windows 8 Windows 8.1 January 9, 2018 January 10, 2023

Windows 10, released in

July 2015 **

N/A October 13, 2020 October 14, 2025

Source Microsoft.com

System requirements - compared10 8/8.1 7 Vista XP Prof.

Processor support

PAE, NX, SSE2

PAE, NX, SSE2

ProcessorSpeed

1GHz 1/2 GHz (32/64bit processor)

1 GHz 1 GHz 300MHz

CPU 32/64 bit 32/64 bit 32/64 bit 32/64 bit

Memory 2GB RAM 2GB RAM 1GB RAM 1 GB RAM 128 MB RAM

Hard disk 50 GB 16/20 GB (32/64 bit CPU)

16/20 GB(32/64 bit CPU)

15 GB 1.5 GB

Graphic card MS DirectX 9 graphics device with WDDM driver

MS DirectX 9 graphics device with WDDM driver

MS DirectX 9 graphics device with WDDM driver

MS DirectX 9 graphics device with WDDM driver

Super VGA

Security• TPM 1.2+• Secureboot(UEFI)• Device Guard*

New

New

Sim

ilar

to 7

(no

t to

XP

)

In comparison, a Q3 ‘15 delivered low-end Dell PC exceeds the above with 1TB disk, 3.7GHz clock and 6GB memory

* DeviceGuard requires the 64 bit implementation, creating high impact

• Physical Address Extension (PAE) is a memory management feature for the IA-32 architecture, first introduced in the Pentium

Pro. It defines a page table hierarchy of three levels, with table entries of 64 bits each instead of 32, allowing these CPUs to

access a physical address space larger than 4 gigabytes (232 bytes).

• The NX bit, which stands for No-eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage

of processor instructions (code) or for storage of data. . . starting with Windows XP Service Pack 2 and Windows Server

2003 Service Pack 1, the NX features were implemented for the first time on the x86 architecture.

• Streaming SIMD Extensions 2, is one of the Intel SIMD (Single Instruction, Multiple Data) processor supplementary

instruction sets first introduced by Intel with the initial version of the Pentium 4 in 2001. Competing chip-maker AMD added

support for SSE2 with the introduction of their Opteron and Athlon 64 ranges of AMD6464-bit CPUs in 2003.

PAE, NX, SSE2 – old featuresAnecdotic evidence some of those features not supported by very old PCs.

Source Wikepedia

o Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices . . . optional support in Windows Vista and later

o Secure Boot is a security standard developed by members of the PC industry to help make sure that your PC boots using only software that is trusted by the PC manufacturer.The following versions of Windows support Secure Boot: Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 8, Windows Server 2012, and Windows RT.

o Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. To get Device Guard working, a supported IOMMU setup must be present in the PC or device. However, AMD and Intel processors, and even certain ARM and MIPS cores, have had IOMMU protection mechanisms built-in for a while now. Intel calls its IOMMU tech VT-d; AMD prefers AMD-Vi.

TPM1.2+,SecureBoot, DeviceGuardMore “new” versions” which may be already supported by existing PCs.

o Either you specify the components, your ATM manufacturer provides those

• Beyond GHz and GB

o Validate for each component Windows 10 compatibility

o Try this at your own computer

o Right click on the windows icon and you are offered a compatibility check

Database/desk study Compatibility agent

Support existing base

The road to Windows 10

The options

Compliance

(as late as possible)

Gradual

(roll-out during planned maintenance, e.g. W7)

Priority

(as soon as possible to benefit from malware protection)

Spread out the Windows 7 cost over the longest period possible

Minimise roll-out costs & benefit from malware protectionW10 for Skylake ATMs

Business case for malware protection

o Every operator can analyse readiness themselves

• Typically GHz & GBs are widely expected to be ready for W10, question

mark security features

o Please familiarise yourself with W10 releases such as Treshold 2 (aka SP1) and Redstone (aka 10.1)

o Once HW & Software vendors announce their readiness date, operators can determine roll-out strategy

Recommended activities deployers

Desk study benefits & support

Stability W10

HW & SW readiness

Determine roll-out strategy

WINDOWS CE USERS

And now for something completely different . . .

o Microsoft has announced a CE successor

• Windows 10 IoT Core

• No support last version (CE 2013) after 10 October 2023

o Characteristics

• Downgraded version of Windows 10, same security features

• App based, win32 code not supported (so CEN XFS not supported)

• Dramatically lower hardware requirements, no end date

o Recommendations/conclusions

• Support of CEN XFS might have given W10 IoT Core a wider appeal

• CE users to assess your software requirements & discuss with your

manufacturer

About CE and Windows 10 IoT core

ALTERNATIVES TO WINDOWS

o Hot spot deployment of alternative operating systems

o Linux

• India – low-cost/maintenance ATMs

• Brazil – alternative

o Windows CE

• US, Canada, UK – comprehensive

retail offering

o Android

• The young pretender

Alternative operating systems

o Different initiatives

• Different market segments

• New types (mobile initiated)

• Proof-of-concept stage

o Big ticket items

• Despite increasing CEN XFS

endorsement, no emerging

Android standards

• Compatibility existing back-office

systems and R&D

Android

INDUSTRY RFI

o Rationale

• Need for alternatives to

Windows

• Need for proper standardisation

• Need for products

o ATMIA subcommittee

o Input by Payment Redesign through interviews/questionnaires to deployers

Industry RFI

Tap

card

Device drivers

Device-to-device

PC based

IoT based

Barcodereader

EPP Card reader Cash dispenser

Anti-skimming

App App NFC included,EMV external

Externalinterface

Required

o First vendor has announced W10 readiness

• ATM operators are recommended to

look at W10 any time soon

• Note the complexity

o CE 2013 users to work with their suppliers to look at the impact of the 2023 support sunset

o Android in the PoC phase

o Industry RFI to drive further standardisation

Summary

Contact us

Eric de Putter

www.paymentredesign.com

+44 7950 449188

+31 20 808 2151

Eric.dePutter@PaymentRedesign.com