Point-of-Sale, Kiosk, and Kitchen Display Device Authentication

Privileged EMC users authenticate Point-of-Sale (POS), Kiosk, and Kitchen Display clients while installing the software using the Oracle Client Application Loader (CAL) application using their username and password.

After authentication, the Simphony cloud service creates a pair of RSA 2048-bit keys for the client and sends the private half to the client. All clients must then use their unique RSA keys to sign authentication headers for each request sent to the cloud service.

Authentication of each client is done per-request by the cloud service by way of verifying the signature of authentication headers. Only clients that have correct RSA keys can correctly sign their authentication headers. The cloud service verifies each header before processing a request.

All traffic between clients and the cloud service is protected by HTTPS with TLS v1.2.