Академический Документы
Профессиональный Документы
Культура Документы
CONFIDENTIAL
Copyright
2010 MICROS Systems, Inc. All rights reserved. No part of this publication may be reproduced,
photocopied, stored on a retrieval system, or transmitted without the express prior written
consent of the publisher. MICROS Systems, Inc. retains the right to update or change the
contents of this document without prior notice. MICROS Systems, Inc. assumes no responsibility
for the contents of this document.
OPERA is a trademark of MICROS Systems, Inc.
On Oracle and the On Oracle logo are trademarks of Oracle Corporation.
Information in this document is subject to change without notice.
MICROS Systems, Inc. makes no warranty of any kind with regard to this material, including but
not limited to the implied warranties of marketability and fitness for a particular purpose.
MICROS Systems, Inc. shall not be liable for errors contained herein or for incidental or
consequential damages in connection with the furnishing, performance, or use of this material.
Document Number:
CONFIDENTIAL
PAGE ii
MAY 2010
Table of Contents
TOOL OVERVIEW ........................................................................................... 1
Purge Unnecessary Credit Card Information ..................................................................... 1
REFERENCE ................................................................................................... 7
Phase 1 Key Generation and Re-encryption ................................................................7
Phase 2 Run the Wizard to Recompile the Opera Database ......................................... 13
CONFIDENTIAL
PAGE iii
MAY 2010
Tool Overview
The MICROS Systems Opera Key Gen Tool provides Opera sites with the capability to generate
a new Triple-DES encryption key that can be used to re-encrypt all stored system credit card
data.
The Tool is comprised of 2-parts:
Web Application used to generate the new key and to encrypt existing credit card data into
a temporary storage repository
Windows Application used to replace the existing credit card data (encrypted with a
previous key) with the newly encrypted data stored in the temporary storage repository
It is recommended that these two steps be run as close together as possible to ensure that
there is no mismatch of re-encrypted keys.
Note: As a data security measure, Micros Systems recommends that this utility be run on an
annual basis (at minimum).
CONFIDENTIAL
PAGE 1
MAY 2010
Pre-Phase 1 Checks
Possible duplicate credit card records from older software versions or from DB level record
manipulation (this will happen 100% of the time in QA environments where CC data has been
replaced with dummy datait's much more rare in production). Run the following script to
identify those records:
SELECT name_id, credit_card_type, credit_card_number, card_usage,
min(insert_date) min_insert_date, COUNT(1) AS row_count
FROM name$_credit_card
WHERE inactive_date IS NULL
AND name_Id IS NOT NULL
AND card_usage IS NOT NULL
GROUP BY name_id, credit_card_type, credit_card_number, card_usage
HAVING COUNT(1) > 1;
If records are identified, run the following script to clean them up:
DECLARE
otm_save_frequency CONSTANT NUMBER := 10000;
CURSOR cget_duplicate_rows IS
SELECT name_id, credit_card_type, credit_card_number, card_usage, min(insert_date)
min_insert_date, COUNT(1) AS row_count
FROM name$_credit_card
WHERE inactive_date IS NULL
AND name_Id IS NOT NULL
AND card_usage IS NOT NULL
GROUP BY name_id, credit_card_type, credit_card_number, card_usage
HAVING COUNT(1) > 1;
v_sql_row_count NUMBER := 0;
BEGIN
EXECUTE IMMEDIATE 'alter table name$_credit_card disable all triggers';
FOR rec IN cget_duplicate_rows
LOOP
UPDATE NAME$_credit_card
SET name_Id = NULL
WHERE name_Id = rec.name_Id
AND credit_card_type = rec.credit_card_type
CONFIDENTIAL
PAGE 2
MAY 2010
CONFIDENTIAL
PAGE 3
MAY 2010
CHANGE_ENCRYPT_KEY
CC_EDIT_INFO
Troubleshooting
If in the unlikely event that a failure occurs during Phase 1, it is essential to note that NO
existing Opera credit card data could have become corrupted and/or lost.
It is possible, however, that a system disruption (i.e. Network Failure) or previously corrupt
credit card data would prevent Phase 1 from completing successfully. If a failure did occur,
users are alerted on screen of a potential problem. In addition, all exceptions are logged in the
system at several levels.
In order to troubleshoot a problem, we recommend that users start by reviewing the
OperaKeyGen.log file. This file is located under the following directory for most installations:
[App Server Drive]:\oracle\10gappsvr\j2ee\home
Error reports in this file can be located by searching for lines that include the keyword
Exception.
If an exception is logged in OperaKeyGen.log, it is likely that additional troubleshooting
information can be located in the following 2 tables in the Opera database:
CC_REENCRYPT_STATUS
BATCH_PROC_LOG
CONFIDENTIAL
PAGE 4
MAY 2010
CONFIDENTIAL
PAGE 5
MAY 2010
All Opera credit card data will have been re-encrypted using the new encryption key.
The new encryption package created in Phase 1 will be registered such that future requests
to encrypt and/or decrypt will be serviced by this package.
CONFIDENTIAL
PAGE 6
MAY 2010
Reference
Phase 1 Key Generation and Re-encryption
Upon selecting the Change CC Encryption Key utility, you are prompted to re-enter your
password. Doing so is acknowledgement that you have read and acknowledge the prerequisites
stated on the screen.
Enter your password and select the Next button. (Select Close to exit the utility without
changing the credit card encryption key.)
CONFIDENTIAL
PAGE 7
MAY 2010
If you make a mistake in entering your password, the above screen appears.
Enter your password and select the Next button. (Select Close to exit the utility without
changing the credit card encryption key.)
CONFIDENTIAL
PAGE 8
MAY 2010
Key assembly uses four separate keys. For extra security, each of the four keys may be entered
by a separate individual so that no one person has access to the entire key.
Enter and re-enter each of the four keys.
After entering and re-entering each key, select the Next button. (Select Close to exit the utility
without changing the credit card encryption key.)
CONFIDENTIAL
PAGE 9
MAY 2010
CONFIDENTIAL
PAGE 10
MAY 2010
After entering and re-entering key part 4, select the Finish button. (Select Close to exit the
utility without changing the credit card encryption key.)
CONFIDENTIAL
PAGE 11
MAY 2010
CONFIDENTIAL
PAGE 12
MAY 2010
CONFIDENTIAL
PAGE 13
MAY 2010
Select the Start Upgrade button. (The credit card encryption key change utility uses the same
database management programs as those used for a system upgrade; thus, the reference to an
upgrade.)
This phase may take some time because it requires that Opera recompile the database schema.
When the schema has been recompiled, the following screen appears.
CONFIDENTIAL
PAGE 14
MAY 2010
Select the OK button to complete the credit card encryption key change.
The following prompt appears.
Click OK.
Users may now re-login and resume using Opera.
CONFIDENTIAL
PAGE 15
MAY 2010