PoS Authentication and Management

Flavio Costa · ‎03-16-2016

Hi Experts,

My customer (local commerce in Sao Paulo, Brazil) has payment machines (PoS) with 3G phone chips and need to authenticate and manage the authorizations of these machines in a very specific way, as follows. I wonder if Cisco ISE could work in this level of detail, maybe through API or some MDM, please advise!

1) Authentication based on the SIM card phone number and the IMEI (International Mobile Equipment Identity) such as if the SIM card is removed and inserted in an unauthorized client (another PoS machine or even a cellphone), the data plan cannot be used.

2) Creation of a specific admin user who can only create a valid device in the infrastructure by entering the data of phone and IMEI and/or interface (API), creating this separate form of infrastructure interface.

3) Alert generation in the management tool if the SIM card is removed from the machine.

4) Alert generation in case the SIM Card try to authenticate in an unauthorized machine.

If nothing like that is possible, can you give any advices based on your experience?

Thanks in advance!!!

Regards,

.:|:.:|:. Flavio Costa
CISCO Virtual Systems Engineer - Security
flavicor@cisco.com

Philip D'Ath · ‎03-16-2016

I don't know the answer. However I see the ISE mentions combining it with an external MDM server and makes mention in IMEI in several places.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_network_devices.html

Search for IMEI. Maybe it might help find the answer you need.