Enforcing access restrictions on terminal maintenance tasks using smart cards

Purchasing goods by electronic transactions on Point-Of-Sale (POS) terminals is a popular payment method. POS terminals are sensitive devices that require constant attention and supervision from merchant. A frequent operation performed by merchant on POS terminal is the process of updating terminal software configuration. Such tasks are of a sensitive nature due to their strong impact on POS terminal functionality. A malicious person could disable POS terminal by exploiting the gaps in protection measures related to invocation of maintenance tasks. This paper proposes smart cards for maintenance staff as a method for guarding the access towards invocation of terminal maintenance tasks. A system is introduced composed of Key Distribution Center (KDC), smart cards and users who interact with terminals using smart cards. KDC, as a vital entity in proposed system, stores a set of records in smart cards that regulate which terminals and maintenance functions can be accessed by a user in a possession of such smart card.