Our serial LCD module is suitable for different applications of various industries. For example, a customer likes to build a display into a cash terminal. He has a save interaction between the outside world and the CPU (SSL or something similar). But communication between CPU and the display must be saved. All communication bytes are well specified in the command documentation and the documentation is freely available in the internet. However, this communication path is open; it is not safe at all.
Now, the bank house wants us to ensure that there is no way to manipulate the electronic parts within the cash terminal. Currently, it seems impossible because it is easy to decode the communication transfer on the RS232 interface since all codes can be obtained from the internet. By knowing the bytes transferred, it is possible to manipulate the output of the display without attacking the (save) CPU.
The solution is to add a password byte (or word) to the data transfer code, which is sent to the display. We called this procedure "user password". The password byte would be used by the serial LCD module to decode the incoming transfer bytes. So, even using a data logger, one cannot find out what type of transfer is going on between the CPU and the Serial lcd module, because one can not see any "clear text". Thus, attacking the RS232 interface is almost impossible and security communication can be guaranteed.
没有评论:
发表评论