Browse Prior Art Database

Controlled, Secure Method For Remote Update Of Device Functional Code In A Fiscal Printer Or Other IO Device Disclosure Number: IPCOM000013943D
Original Publication Date: 2000-Sep-01
Included in the Prior Art Database: 2003-Jun-19

Publishing Venue



Countries with 'fiscal tax' laws (for example, Brazil, Italy, or Greece) impose design requirements on Point of Sale systems. In a typical fiscal point of sale system, a physically secure fiscal module is located inside the system printer. All item sale data is passed to this module, which accumulates the tax data and assures that accurate customer receipts are printed and journals recorded. The functional code (microcode) in the fiscal module is approved by government testing, and once installed in the fiscal printer, can only be replaced by breaking the fiscal module's seal and manually plugging a new ROM onto the fiscal logic card. Remote microcode updates, common to 'modern' IO devices and readily implemented using flash memory , are not allowed by existing fiscal regulations. A microcode defect or law change requires a visit to each installed machine by a government -approved service technician. If a government approval agency were to digitally sign an approved microcode image, however, downloading of fiscal code could be allowed while still protecting against the introduction of a non-approved code image. In a typical implementation, a government controlled public and private key pair could be generated for each printer manufacturer or product type. The public key is provided to the printer manufacturer and written to a ROM in each printer. The private key is used by the government to digitally sign the tested and approved fiscal microcode, using an industry standard digital signature algorithm. Any code image downloaded to the fiscal printer could be verified by the fiscal hardware as a government approved code level. The following figure demonstrates the method: 1