Late last year I wrote a post, “Securing the Internet of POS,” describing how members of the Intel® Internet of Things Solutions Alliance are using the latest security technologies available in 4th generation Intel® Core™ processors to address a full range of threats faced by retail POS devices. Two events have happened since then that demand a second look into how to deal with these threats.
The first event is the introduction of the Intel® Atom™ processor E3800 product family (formerly codenamed “Bay Trail”). The family also includes two Intel® Celeron® processors based on the same microarchitecture. These sub-10-watt system on chips (SoCs) bring substantial security and reliability advantages to mobile POS devices.
The second is the Target security breach that resulted in the compromise of 40 million credit and debit cards – a veritable nightmare for any retailer. The Target breach could cost the company and payment card companies over USD 1.4 billion in reparations, fraudulent charges, and replacement cards. It is causing customers lots of grief. And it is tarnishing the reputation of a retailer who will now have to work hard to win back the trust and loyalty of its customer base.
It’s time now to look at how the newest Intel® Atom™ processors are prime for retail use models and provide built-in security to protect customer and store data and avoid such tragedies.
An Ideal Processor for Entry-Level Retail Devices
The Intel Atom processor E3800 product family is designed to meet the needs of entry-level mobile and stationary POS devices. These processors combine the requisite compute and media performance, connectivity, and security with a low bill-of-materials (BOM) and power budget to deliver enhanced experiences in low-cost transactional devices.
The processors use Intel’s Silvermont microarchitecture and industry-leading 22nm process technology with 3-D Tri-Gate transistors to deliver significant performance improvements compared to the Intel® Atom™ processor N2000/D2000 family. Their Gen 7 Intel® Graphics Technology provides up to five times the 3D graphics power over previous generations for dramatically improved graphics performance on POS devices with small and large screens.
In regards to compute performance – a critical feature for handling peak selling times – out-of-order instruction execution, and other microarchitecture enhancements significantly increase performance up to double per core and four times per CPU compared to prior generations. In addition to providing a power boost, this true single-chip design with its integrated graphics and memory controller saves valuable board real estate – an important feature for small form factors.
Intel® Atom™ or Celeron® Processor – What’s the Difference?
The main difference between the Intel Atom and Celeron processor choices in this family is that the Intel Atom processor E3800 SKUs offer an industrial temperature range and Error-Correcting Code (ECC) memory. These can be great reliability and data integrity features for mobile POS devices. The industrial temperature range means the Intel Atom processor E3800 SKUs will withstand a wide range of extreme temperatures for outdoor use. The ECC memory capability enables designs that protect against single-bit errors causing a system failure in the middle of a transaction or other operation. In applications not needing the extended temperature range or ECC memory, the Intel Celeron processor SKUs provide many of the other features and performance-per-watt benefits of the Intel Atom processor E3800 SKUs.
Enhanced Transaction Security
Secure, fast transactions are a must-have in retail today. What makes these new processors so special is that their Silvermont microarchitecture brings to Intel Atom processors several of the most sought-after security features from the Intel® Core™ processor product families. These include Secure Boot, Intel® Advanced Encryption Standard New Instructions (Intel® AES-NI), and Intel® Virtualization Technology (Intel® VT). These three features provide important security enhancements and, along with deep support for McAfee solutions, make mobile POS devices more resilient. Let’s look at how.
· Intel Secure Boot. Part of the unified extensible firmware interface (UEFI) 2.3.1 specification (Errata C), Secure Boot ensures that a platform boots into a known, verified state. The feature defines an interface between operating system and firmware/BIOS that when enabled and fully configured helps a computer resist attacks and infection from malware. Secure Boot detects tampering with boot loaders, key operating system files, and unauthorized option ROMs by validating their digital signatures. Detections are blocked from running before they can attack or infect the system. You might think of Secure Boot as a security gate. Code with valid credentials gets through and executes, but code with bad credentials, or no credentials, is blocked at the gate and rejected.
· Intel® AES-NI. Encryption is a key requirement for POS systems of any kind and critical for PCI-DSS compliance, but that doesn’t mean it has to compromise performance. This well-known feature, once only available in Intel Core and Intel® Xeon® processors, accelerates data encryption and decryption, helping secure communications and storage. With Intel AES-NI, seven new instructions for cryptographic processes minimize processor loading, saving processor cycles for other actions. The result is secure customer data with less performance hit. In addition, Intel AES-NI provides enhanced security by addressing the side channel attacks on AES that are associated with traditional software methods of AES implementation.
· Intel® VT. Applications requiring a higher level of security, such as transactional software, can be isolated using Intel VT. This hardware-based technology improves the robustness of traditional software-based virtualization solutions by accelerating key functions of the virtualized platform and helping separate critical operations from less-sensitive applications. By protecting an application’s memory space in hardware, Intel VT helps prevent attacks from malicious software.
For even greater security, the Intel Celeron processor and Intel Atom processor E3800 product families support McAfee Embedded Control and McAfee Endpoint Encryption. In particular, McAfee Embedded Control gives retailers a simple, lightweight software solution to make devices resilient to malware infections and attacks through dynamically managed whitelists that provide comprehensive change policy enforcement and PCI compliance (see my recent blog post on whitelisting). McAfee Endpoint Encryption provides a powerful solution for encrypting data stored in end devices. Combined with the Intel Atom processor E3800 product family’s processor enhancements, this combination of hardware and software delivers excellent protection to mobile POS devices (Figure 1).
Mobile POS Solutions from Members of the Intel Intelligent Systems Alliance
For systems integrators and developers wanting to start with a finished tablet, Dell OEM offers the versatile Venue* 8 Pro (Figure 2) featuring the Intel® Atom™ processor Z3740D, a quad-core design in the Bay Trail family that features the Silvermont microarchitecture. Engineered for one-hand use, all it takes is a USB attached Magnetic Stripe Reader (MSR) to turn this into a powerful and secure mobile POS solution. The Dell Venue™ 8 Pro helps to keep information secure with a firmware TPM and Dell Data Protection | Encryption Security Tools. An 8-inch HD IPS display offers HD resolution (WXGA 1280 x 800) with 10-point capacitive touch and a wide viewing angle. Wireless LAN and Dell Wireless Mobile Broadband provide connectivity on the move. Bluetooth* capability enables use with a wireless handheld barcode scanner.
Another option comes from Arbor Technology. Their Gladius G1052 (Figure 3) is a rugged tablet perfect for duty on any sales floor. Featuring a 10.4” XGA TFT color LCD with projected capacitive touch, this tablet features a quad-core Intel® Celeron® processor N2920 to deliver high performance and excellent security features. Meeting MIL-STD-810G, IP54, 1.2m (4ft.) drop resistance, it makes a rugged tablet for mobile POS use. It features versatile connectivity (WLAN/Bluetooth/WWAN) and can be ordered with barcode scanner, RFID reader and MSR. A hot-swappable external battery with redundant internal battery makes it easy to switch batteries and keep the unit running throughout the sales day.
For those looking to make their own mobile POS device based on the Intel Atom processor E3800 product family, a wide selection of boards is available from Alliance members. A good example is the COMe-mBT10 product family (Figure 4) from Kontron. These seven credit card-sized COM Express* mini modules are highly scalable and cover the entire performance range of Intel Atom processor E3800 and Intel® Celeron® processor N2900 and J1900 product families. The 55 mm x 84 mm modules with Type 10 pin-out they offer an extensive set of features, including the new security functions and optional ECC memory. The rich, powerful and flexible x86 feature set in combination with the low-power credit card-sized footprint make these new mini modules a perfect fit for a wide range of new, graphic-rich multi-touch applications.
Congatec also offers the full line of the entire performance range of Intel Atom processor E3800 and Intel Celeron processor N2900 and J1900 product families in its conga-QA3 Qseven modules (Figure 5). This makes it easy to balance performance with low power (from 5 to 10 watts), plus choose whether to include ECC memory and an industry temperature range in a mobile POS line. All conga-QA3 modules are fitted with ceramic capacitors, making them ideal for mobile applications in harsh environments, whether it’s a mobile POS for outdoor environments or a mobile inventory solution with bar code scanner for warehouses.
Begin a New Generation of Secure Mobile POS
As more and more retailers look to modernize their operations with mobile POS devices, system integrators and developers have an ever greater responsibility to help them maintain security and PCI-DSS compliance. The latest Alliance solutions using the security features included in the Intel Atom processor E3800 product family go a long way in ensuring transactions stay private and protected no matter where an employee is on the sales floor.
Solutions in this blog:
· Security - Top Picks (blogs, white papers, and more)
· Energy Efficiency - Top Picks (blogs, white papers, and more)
· Retail - Top Picks (blogs, white papers, and more)
Dell OEM and Kontron are Premier members of the Intel® Internet of Things Solutions Alliance. Congatec AG and McAfee are Associate members of the Alliance. Arbor Technology is an Affiliate member of the Alliance.
Roving Reporter (Intel Contractor), Intel® Internet of Things Solutions Alliance
Associate Editor, Embedded Innovator magazine