It has now been 5 years since EFTlab wrote the first line of code for the Babylon Payments product line. This is a good opportunity to review how EFTlab products have evolved.
The first Generation of BP-Sim began with a draft for an online payment simulator written in Python, chosen for reduced development effort and ease of customisation. This initial application was for payment terminal emulation and is known today as BP-Source. The application could simulate a variety of terminal, card and message configurations using multiple configuration files and supported APACS30 and the ISO8583-1987 messaging formats. No transaction security or logs were provided and processing performance was only 1 TPS.
The Python version was dropped and the entire code was rewritten in ANSI C to take advantage of this mid-level language’s cryptographic performance. BP-Sim started as a command line only application, so an experimental front-end was built in JAVA and SWT, using remoting to C to do all the hard background processing. Configuration was read from a single XML formatted configuration file and a new ISO8583-1993 messaging format was added. A simple acquirer/issuer response application was written; this later became the BP-Host module of the BP-Sim product family. Tracing was provided and processing performance was measured in excess of an incredible 10,000 TPS.
The decision was made to develop a fully featured thick client in Java SWT for BP-Sim, which provided a front-end for BP-Source and BP-Host modules running in the background. BP-Sim’s evolution continued with the addition of VISA, BIC-ISO and HyperCom formats. A new EMV parser with limited functionality to mock-up EMV data was also implemented. Code evaluation in mid 2011 revealed that the BP-Sim Framework GUI developed in Java SWT would not provide matching performance for the background compiled C application and all the Java code was dropped. A multi-platform wxWidgets library was selected to replace the Java SWT code. As growing XML configuration became difficult to maintain, it was replaced with an SQLite library, which provided a more configuration flexibility and with a front-end to match it made it really easy for EFTlab’s customers to administer their test installation.
At the end of the year, a revised BP-Sim Framework GUI was released and the SPDH format became available for processing. The cryptographic library continued to expand with the addition of the first ANSI X9.9 functions.
The growing repository of cryptographic and HSM handling functions sparked a decision to provide a freeware tool called the Cryptographic Calculator. In its initial version, it could send DUKPT commands to an HSM and provide HSM stress testing. The new BP-HSM module for BP-Sim was introduced, providing Thales HSM emulation. Later the same year, the Cryptographic Calculator (BP-CCALC) was separated from the HSM tool (BP-HCMD), with each becoming a separate application within the BP-Tools freeware family. Soon thereafter, BP-CCALC gained the ability to generate safe keys and BP-HSM (and BP-HCMD) gained the first commands for key generation and DUKPT functionality.
The growing complexity of the overall code and the emergence of many new formats and functionalities (MasterCard, AS2805, HyperCom) in quick succession prompted another design decision and the BP-Sim modules were rewritten from ANSI C into C++.
The new BP-Source, BP-Host and BP-HSM modules-now written in C++ were ready by the end of Q3. BP-Sim was extended with more functional improvements, mainly concentrated in the BP-Sim Framework, with the addition of the Key Store and transaction database. The transaction database allowed EFTlab’s customers to review all the messages exchange so they could be analysed later in case of need.
With two product families (BP-Sim and BP-Tools) now running in parallel, the need for an EMV implementation was important. In response to customers’ requests, BP-Sim was given the ability to handle EMV data for VISA and MasterCard ICC cards received through an external USB card reader. This improvement was followed by the addition of internal EMV transaction emulation for these two payment networks.
Meanwhile, the Cryptographic Calculator gained a number of new functions; some related to EMV processing, such as DES/3DES, as well as common hashing algorithms such as MD5, SHA-256, and full RSA cryptography. Becoming more and involved in the EMV world, the EFTlab team developed a new module for the freeware BP-Tools family called EMV Tool (BP-EMVT). By the end of year 2013, this tool parsed EMV TLV values, answers to reset (ATR) and contained a broad dictionary of EMV tags and APDU responses.
After establishing a strong relationship with card issuers, EFTlab received a request for an application that would provide a better understanding of all the files entering and leaving a Thales P3 – card personalisation platform. This resulted in the development of BP-CardEdit, a new application for the BP-Tools free-ware family, which provides in-depth diagnosis of Thales P3 data file content.
After establishing a strong relationship with our card issuing clients, we received a request for an application that would provide a better understanding of all the files entering and leaving a Thales P3 – card personalisation platform. This resulted in the development of BP-CardEdit, a new application for the BP-Tools free-ware family, which provided in-depth diagnosis of Thales P3 data file content.
At the end of 2013 two new projects were launched to fill another newly identified gap in the market caused by the absence of a reliable top and middle tier payments processing solution.
2014 has just begun, but the end of Q1 is fast approaching. In the first two months of 2014, the BP-Sim Framework gained many new functions, including the ability to independently manage multiple testing processes from one console – another milestone in payment system testing. The latest addition to the BP-Sim Framework provides the Test Management Console with an updated look and feel making test control and management even easier. Work continues on EFTlab’s switching and authorisation platforms, BP-Switch and BP-Auth. The team is fully focused on delivering BP-Switch first and BP-Auth second to the first two customers here in Australia.