Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s EMM

Verifone’s new flagship payment device “Carbon” comes along with a whole service platform for Estate Owners, merchants, and app developers. A developer SDK and platform allows third-party developers to create apps that can interact with the payment flow, and merchants can purchase these apps via an app store. Merchants can manage their devices and users via the device or via a web platform. Estate owners get an overview of all devices in their “estate” and can manage the devices, their merchants, and apps that they can provide to the merchants. The device consists of two parts – an Android tablet and a Unix-based payment terminal. Verifone decided to use WSO2’s mobile device management solution (EMM) to manage the Android tablet for installing apps, getting information about the current state of the devices, locking or rebooting the devices, installing security policies, etc. Our own terminal management system interacts with EMM on an API-only basis to manage the Android tablets. And the plan is to use EMM for a large-scale deployment of thousands of devices in the field.
This talk will introduce the features and use cases of Carbon, the motivation why we chose the open-source EMM over commercial alternatives, as well as the architecture of our device management via our own terminal management system and EMM APIs.

  • Login to see the comments

  • Be the first to like this

WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s EMM

  1. 1. Managing Verifone’s New Payment Device “Carbon” with WSO2’s EMM Ulrich Herberg, Ph.D. 2/22/2017
  2. 2. 2 What is Carbon?
  3. 3. 3 What is Carbon? • New “flagship” payment terminal by Verifone • Android based tablet merchant facing • 3rd party app development SDK and app market (with payment APIs) • PCI-DSS certified payment terminal customer facing • Management of all devices (aka “estate”) on Estate Manager portal • Management of merchants’ devices on Merchant portal • Remote support by Verifone on Estate Owner Support portal
  4. 4. 4 Carbon Use Cases • With Commerce Platform, merchants can: - reward their best customers with loyalty and points programs, - display promotional media and coupons, - leverage beacons for store analytics, and - invite customers to redeem personalized offers in real time.
  5. 5. 5 Problem: How to Monitor and Manage Carbon Devices?
  6. 6. 6 Problem: How to Monitor and Manage Carbon Devices?
  7. 7. 7 Why Open Source MDM Solution? • Commercial solutions for MDM exist, but: - Incur large costs, often paid based on number of devices - Inflexible for customizations of the MDM solution - Potentially more difficult to integrate in existing terminal management infrastructure - Impossible to get source code to create own modifications of the MDM agent or server • Thus, we decided to work with WSO2 to advance their existing tool “EMM” to fit our requirements
  8. 8. 8 WSO2 Enterprise Mobility Management (EMM) [1] • Open-source platform for managing Android, iOS and Windows devices • Based on an “agent” installed on the device and a server that can be deployed on-premise or in the cloud • Provides UI, as well as API-based control • Integrates with other WSO2 products, in particular for authorization (SSO, OAuth, …), as well as LDAP [1]
  9. 9. 9 Self-Enrollment of Devices • Using mutual TLS (EMM also supports OAuth) Tablet Certificate Service MDM Server 1. Send certificate request 2. Receive certificate 4. Enrollment completed 3. Enroll w mutual TLS
  10. 10. 10 Integration Into Our Environment Tablet TMS MDM Server 2. Poll for new commands 3. Receive command Terminal 1. Trigger command to Android tablet “A” 4. Return success 5. Return success
  11. 11. 11 “EMM as a Blackbox”: API-based MDM • We needed more APIs than EMM provided out of the box • I worked with WSO2 to accomplish that • RESTful APIs documented on Swagger
  12. 12. 12 How Do We Use EMM? • Get device information (including geo location) • OTA upgrade • APK installation/update/removal • Lock device • Reboot • Factory reset • Send logcat • Send notification
  13. 13. 13 Scaling MDM Tablet ELB EMM worker 1 EMM worker 2 EMM worker 3 Auto-scaling group S3 storage RDS
  14. 14. 14 Scaling MDM Tablet ext. ELB EMM worker 1 EMM worker 2 EMM worker 3 Auto-scaling group S3 storage RDS int. ELB nginx nginx Nginx used for TLS termination