Background: XFS4IoT ‒ the new version 4 API standard for ATMs
XFS4IoT is the new major version of the XFS global standard for ATMs. The specification created by the global CEN XFS committee is now available for preview on GitHub.
This new version takes a major leap forward when compared with XFS version 3. It is OS-agnostic, built on modern standards, cloud-native and has built-in security. It allows the ATM’s hardware devices to be exposed directly into a cloud application as a service – securely. XFS4IoT facilitates the next generation of software and hardware architectures for ATMs.
It enables banks to reduce costs, is quicker to deploy and easier to maintain, and is more secure.
Introducing KAL's XFS4IoT SP-Dev ‒ the new framework for creating XFS4IoT services
KAL's XFS4IoT SP-Dev is a new, free and open source development framework for creating XFS SP services for ATMs. It supports ATM hardware in both edge-based and cloud-based environments. This framework makes it quick and easy for hardware manufacturers to open up their hardware for use by new XFS4IoT applications.
The XFS4IoT SP-Dev framework offers banks and hardware vendors many benefits:
The all-new XFS4IoT SP-Dev framework is open source and will be developed with contributions from a cross-industry group of companies meeting the needs of both hardware manufacturers and ATM deployers for both existing and future architectures. The SP-Dev framework will be available under the MIT open source license. It will allow ATM manufacturers and ATM component vendors to create XFS4IoT SPs quickly using the new open source framework.
It works with any operating system
XFS4IoT SP-Dev is completely OS-agnostic and removes the current dependency of XFS on Windows. Services may now be implemented using any operating system including, of course, Windows, but also Linux, Android and others. The multi-platform .NET-Core based XFS4IoT SP-Dev framework can run on anything, from full PC systems to Arm-based SoC embedded hardware.
It works with hardware from any vendor
XFS4IoT is a multivendor framework. It allows XFS version 4 SPs to be developed and created by any company. The XFS4IoT SP-Dev framework makes it much easier to develop new SPs in a standard and fully compliant manner.
It works with hardware from multiple vendors at the same time
Each ATM device is managed by XFS4IoT as a separate web service. This means, for instance, that a card reader company can create its own XFS4IoT SP independent from an Encrypting PIN Pad company that can create its own SP. These independent SPs can then co-exist inside a single ATM or can operate without being physically integrated at the hardware level. This opens up the possibility of flexible new architectures where a core ATM may be fortified with components from multiple other hardware companies, integrated and held together by a software application running in the cloud.
It offers enhanced security
The XFS4IoT SP-Dev framework implements the new end-to-end support for device authentication that is built in to the XFS4IoT specification, providing a whole new level of security for XFS systems. The specification allows hardware secure elements to be embedded inside each ATM component, such as the cash dispenser. Encryption keys are distributed to a key vault inside the hardware secure element of each device using the TR34 open standard for key distribution. Secure cash dispensing in an XFS4IoT environment requires a security token protected by an HMAC to be presented to the hardware device. This will make black box attacks, for example, a thing of the past.
It deploys the latest technologies
XFS4IoT SP-Dev works with the latest modern technologies for servers and clients, such as .NET Core (a free OS-agnostic open source framework from Microsoft), WebSocket communications, TLS network security, TR34, HMAC device security, etc. The new specification and framework support cloud-computing, as well as edge-computing architectures.
Financial industry hardware component vendors
ATM software vendors
Join the workgroup
The next workgroup video conference call will take place using Zoom on 6th September 2022, at 1300 UK, 0800 US EST, 2100 Tokyo time. The call will be 30 minutes long. No NDAs required.
Get in touch