argument : PED
A1 "Confidentiality and integrity of customers' PIN is assured" {
    supported by
        F1 "PED has a tamper proofing mechanism"
        F2 "There is a tamper proof sealed box around the PED"

    warranted by
        A2
"The tamper proofing mechanism guarantees that attempts to
tamper the PED sealed box will cause data in transit to be deleted, 
lost or overridden (depending on the mechanism implemented)"
         {
            warranted by
                DK1 "Defeating the tamper proofing mechanism
requires more than 10 hours effort"
                DK2 "Defeating the tamper proofing mechanism cost
more than $25,000"

        }

        A3 "The PED sealed box is really tamper proof" {
            supported by
                F3 "Communication outside the PED box is encrypted"

            warranted by
                DK3
          "There is no need for an expensive EMV protocol
implementation to enforce encrypted communication 
inside the PED box"

        }

}

A4 "There are attackers with high level of expertise " round 1
{
    supported by
        F4 "Motivation to obtain PIN is potential financial gain " round 1

    warranted by
        DK4
         "Incentive and expertise ( with some imagination )
represent enough ingredients to overcome tamper proofing mechanism "
          round 1
        replacing DK2
        with ! DK2

}

A5 "Failure in tamper proofing mechanism exposes security of PED
sealed box" round 1
replacing A3
with ! A3
{
    supported by
        F8 "Overcoming PED sealed box allows obtaining clear text PIN" round 1

    warranted by
        DK6
"Clear text PIN can be obtained not only by
tampering with the PED sealed box but also by other means such as by
social engineering applied to the card holders"
         round 1

}