F ILE A UTHENTICATION Introduction to File Authentication Figure 35 The Development Process Pre-Deployment Process In this process: 1 A sponsor goes to the VeriFone CA Web site and requests certificates for deployment terminals. 2 Based on information provided by the sponsor through the VeriFone CA Web site, the VeriFone CA determines the required certificate structure. 3 VeriFone CA generates the following items for the sponsor: a Smart card containing a set of certificates and keys.
F ILE A UTHENTICATION Introduction to File Authentication Refer to Figure 36 illustrates the pre-deployment process. Figure 36 The Pre-Deployment Process Deployment Process In this process: 1 The sponsor provides the application file (from the development process) and the smart card and smart card PIN (from the pre-deployment process) as inputs to VeriShield. 2 VeriShield extracts the signer key, signer certificate, and sponsor certificate from the smart card.
F ILE A UTHENTICATION Introduction to File Authentication c If a matching application file is found, the operating system compares the signature file’s signature against the values stored in the application file’s calculated signature. d If the values match, the two files are authenticated and the ATTR_NOT_AUTH bit is set to 0.
F ILE A UTHENTICATION Introduction to File Authentication Figure 37 Planning for File Authentication 104 The Deployment Process File authentication is an integral part of every Omni 3600 terminal. To safeguard the terminal’s logical security, the file authentication module requires that any executable code file must be successfully authenticated before the operating system allows it to execute on the terminal.
F ILE A UTHENTICATION Introduction to File Authentication Authentication Requirements for Specific File Types For the purposes of file authentication, executable code files include two file types that can be recognized by their filename extensions: File Type Extension Compiled and linked application files *.out Global function libraries *.
F ILE A UTHENTICATION Introduction to File Authentication Determine Successful Authentication To ensure the Omni 3600 terminal’s logical security, never assume that a target file was authenticated simply because it downloaded to the Omni 3600 terminal together with its signature file. There are several ways to ensure a target file successfully authenticated after a download: • • Confirm all downloaded executable files run.
F ILE A UTHENTICATION Introduction to File Authentication NOTE Digital Certificates and the File Authentication Process Each successfully authenticated file is also write-protected. That is, the file’s readonly attribute is set. If the read-only file is removed or if the file is modified in any way while stored in the terminal, the ATTR_NOT_AUTH bit is automatically set to 1. If the modified file is an executable, it is no longer allowed to run.
F ILE A UTHENTICATION Introduction to File Authentication Add New Certificates When you add a new certificate file to an Omni 3600 terminal, the file authentication module detects it by filename extension (*.crt). On restart, the terminal then attempts to authenticate the certificate under the authority of the resident higher-level certificate stored in the terminal’s certificate tree or one being downloaded with the new certificate.
F ILE A UTHENTICATION Introduction to File Authentication Customer-specific sponsor and signer certificates are usually downloaded to an Omni 3600 terminal as part of the standard application download procedure performed by a deployment service. In this operation, the new sponsor and signer certificates replace the development sponsor certificate that is part of the factory set of certificates, as shown in Figure 38.
F ILE A UTHENTICATION Introduction to File Authentication Required Inputs to the File Signing Process The required inputs to the file signing process are somewhat different for development terminals than deployment terminals. The significant differences shown in Table 19. Table 19 Differences Between Required Inputs Development Terminals Deployment Terminals Manufacturing inputs to the file signing process are included, together with the file signing tool, FILESIGN.EXE, in the Omni 3600 SDK.
F ILE A UTHENTICATION Introduction to File Authentication NOTE The process for replacing a signer certificate is the same as for replacing a sponsor certificate. Figure 39 File Authentication and the Omni 3600 File System Certificate Replacement Process Application Memory Logically Divided Into File Groups The memory of an Omni 3600 terminal is logically divided into two main areas, or partitions: One partition is for the operating system and the other partition is reserved for applications.
F ILE A UTHENTICATION Introduction to File Authentication Figure 40 NOTE Omni 3600 Application Memory Partitions The Omni 3600 operating system only enforces the rule that the main application always be stored in GID1. You can, for example, store a shared library in any file group. Rules for Storing Applications in Specific File Groups states reasons to follow the guidelines previously described for storing applications and libraries in specific file groups.
F ILE A UTHENTICATION Introduction to File Authentication Because each application is responsible for verifying its own data and prompt files, the other application files should have their own matching signature files. The master .OUT file should validate that these additional signature files are authenticate before the signature files are used.
F ILE A UTHENTICATION The FILESIGN.EXE File Signing Tool Restrictions on Downloading Different File Types A typical application download includes a variety of different file types. There are the following restrictions on how you can download different kinds of files to the Omni 3600 terminal and how files are stored in the file system: File Type Restriction Certificate (*.crt) Must be downloaded into the RAM of the target file group (GID1– GI15) selected in system mode. Signature (*.
F ILE A UTHENTICATION The FILESIGN.EXE File Signing Tool Operating Modes for FILESIGN.EXE FILESIGN.EXE can run on the host computer in two user modes: • Command-line mode (Windows PC DOS shell): Command-line mode is useful for application developers who perform batch file downloads and is convenient when using file download tools provided by VeriFone such as VeriCentre Download Management Module (DMM), ZonTalk 2000, and the direct download utility, DDL.EXE.
F ILE A UTHENTICATION The FILESIGN.EXE File Signing Tool Command-Line Entries for FILESIGN.EXE Table 20 Table 20 lists and describes the switches that make up the command-line mode syntax for FILESIGN.EXE. Command-Line Mode Switches for FILESIGN.EXEa Switch Description Requirements -C, -c Signer certificate file name (*.crt). Required input for development terminals and deployment terminals. For development terminals, you can use the default signer certificate, K2SIGN.CRT.
F ILE A UTHENTICATION The FILESIGN.EXE File Signing Tool Command-Line Mode Syntax Example In the FILESIGN.EXE command-line entry example below, please note that the syntax used applies to an Omni 3600 development terminal with the factory set of certificates, and not to a deployment terminal.
F ILE A UTHENTICATION The FILESIGN.EXE File Signing Tool • Press ALT-F or click on the [...] button to the right of the “File to be signed” field to locate and select the application file (*.out, *.lib, or other) to sign. If necessary, you can also modify the filename. If you want to store the file in flash memory on download to the terminal, check the “Stored in FLASH” checkbox. This adds the “F:” prefix to the target file name. • Press ALT-S or click on the [...
CHAPTER 6 Troubleshooting and Service This chapter discusses: • typical problems encountered and their resolution, • cleaning and maintenance, • product specifications, and • where to go for more information. VeriFone follows stringent quality control standards in the manufacture of Omni 3600 terminals. Each unit that leaves the factory receives numerous tests to ensure quality and reliable operation.
TROUBLESHOOTING AND S ERVICE Troubleshooting Terminal Display Does Not Show Correct or Readable Information 1 Dock the Omni 3600 terminal in a base station. 2 Check all cable connections and verify that the telephone line is properly connected. 3 Recharge or replace the battery. 4 Check display contrast by performing a local diagnostic test of the terminal display in system mode (refer to System Mode Menu 5 in Chapter 3).
TROUBLESHOOTING AND S ERVICE Troubleshooting Serial Port Does Not Work 1 The serial port on the back panel of the base station is identified by the “RS232” icon. Check that the device connected to the serial port has power and is functioning properly. If possible, perform a self-test on the device in question. 2 The cable connecting the optional device to the base station serial port may be defective. Try a different serial cable.
TROUBLESHOOTING AND S ERVICE Cleaning and Care Step 3: Check the telephone line 1 Connect to a working telephone and check for a dial tone. If there is no dial tone, replace the Telco cable. 2 If the problem appears to be with the telephone line, check with the party you are trying to call to see if their system is operational. If they are not experiencing difficulties with their line, contact the telephone company and have your line checked.
TROUBLESHOOTING AND S ERVICE VeriFone Service and Support Smart Card Reader CAUTION Do not attempt to clean the smart card reader. Doing so may void your warranty. For smart card reader service, contact your VeriFone distributor or service provider. VeriFone Service and Support For Omni 3600 terminal or base problems, contact your local VeriFone representative or service provider. Visit www.verifone.com to locate a representative near you.
TROUBLESHOOTING AND S ERVICE VeriFone Service and Support 4 Give the MRA representative the information gathered in Step 1. If the list of serial numbers is long, you can fax the list, along with the information gathered in Step 1, to the MRA department. Include a telephone number where you can be reached and your fax number. Please print clearly to the attention of the “VeriFone MRA Dept.” and send your fax to 502-329-5947 (U.S.). You will be issued an MRA number and the fax will be returned to you.
TROUBLESHOOTING AND S ERVICE Specifications Specifications Power Requirements DC power (all Omni 3600 terminals and base stations): DC: 19VDC; 3.16A DC power pack (all Omni 3600 terminals and base stations): • Input: 100–240 V ~ (100–240VAC); 50–60 Hz; 1.5A • Output: 19VDC; 3.
TROUBLESHOOTING AND S ERVICE Accessories and Documentation Accessories and Documentation How to Order Accessories and documentation available for the Omni 3600 are listed in this section. When ordering, please refer to the part number on the left. • VeriFone Online Store at www.store.verifone.com • USA: VeriFone Customer Development Center, 1-800-837-4366, Monday– Friday, 7 A.M.–8 P.M.
TROUBLESHOOTING AND S ERVICE Accessories and Documentation Thermal Printer Paper CRM0043 Standard-grade thermal printer paper, 57-mm (2.25”) width, 7.
TROUBLESHOOTING AND S ERVICE Accessories and Documentation 128 OMNI 3600 REFERENCE MANUAL
APPENDIX A System Messages This appendix describes error and information messages that may appear when the Omni 3600 terminal is in system mode. For ease of use, these messages are grouped alphabetically.
S YSTEM M ESSAGES This message displays when a system mode function queried an internal device that is busy. This message can also occur if you entered system mode with an application running. For example, if the application opened the magnetic stripe card reader and you try to invoke the card reader diagnostic through MAG CARD READER F4 in SYS MODE MENU 5, the attempt fails and this message appears. Restart the terminal and enter system mode before the application starts.
S YSTEM M ESSAGES MODL O3600M CTRY GEN KEYPAD DISPLAY MAG RDR PRINTER ↑ 0 128064 3 1 ↓ This message displays when you select CONFIG INFO F2 in SYS MODE MENU 3 and press the PF2 key (below the down arrow) two times. This third display, in a series of four, provides the following information about the current terminal configuration: • MODL: • CTRY: • KEYPAD: A code (0–5) to indicate keypad type. • DISPLAY: A code (000000, 000001, or xxxyyy) to indicate display unit type.
S YSTEM M ESSAGES RAM FLASH SERNO PTID PART VERS ↑ 1024 2048 024-546-755 12443328 P096-100-02 6 ↓ This message displays when you select CONFIG INFO F2 in SYS MODE MENU 3 and press the PF2 key (below the down arrow) to display the next screen. This second display, in a series of four, provides the following information about the current terminal configuration: • RAM: • FLASH: The flash memory size in KB. • SERNO: The serial number assigned to the terminal on manufacture.
S YSTEM M ESSAGES In back-to-back downloads, the Target (receiving) terminal displays this message on data transfer initiation when pressing the asterisk key (*). To stop the upload, press the cancel key on either terminal (Gold or Target).
S YSTEM M ESSAGES The terminal displays a series of asterisks (*) to indicate the progress of the download (each asterisk represents 10% of the file is downloaded). When ten asterisks appear, the data transfer is complete. SYS MODE EDIT *KEY KEY F2 VALUE F3 ↑ ↓ ← → This message displays when you select EDIT F3 in SYS MODE MENU 3 to invoke the keyed file editor to edit files (such as, CONFIG.
S YSTEM M ESSAGES This message displays when you initiate a local diagnostic test of the terminal keyboard through KEYBOARD DIAG F3 in SYS MODE MENU 5. When invoked, the decimal ASCII keycode of each key you press (test) appears to the right of KEYCODE. For example, pressing the 1 key on the terminal keypad displays the corresponding ASCII keycode, 31.
S YSTEM M ESSAGES • • • • • • NO DATA NO START NO END LRC ERR PARITY ERR REVERSE END Press the cancel key to end the local diagnostic test of the card reader. ** UNZIP Error n xxxxxx yyyyyy If you are using the file compression module in DMM, information similar to what is shown above appears when an error occurs during file extraction from a downloaded ZIP archive. Note the error number and error codes (xxxxx and yyyyy) and try to download the archive again. UNZIP stuff.zip myprog.out mydata.txt 6x8.
S YSTEM M ESSAGES ** VERIFYING FILES ** Compare Signature myfile.p7s myfile.out ** Authentic ** (or ---Failed---) The file authentication module detected a new signature file, together with the application file for which the signature file was generated, during a download to the Omni 3600 terminal.
S YSTEM M ESSAGES 138 OMNI 3600 REFERENCE MANUAL
APPENDIX B ASCII Table An ASCII table for the Omni 37xx display is in Figure 43. The table is formatted for quick reference, as follows: • The letters and numbers in the column to the left of the table and in the row above the table are, when combined, the hexadecimal value of an ASCII character located in the corresponding row and column coordinate. • The numbers shown in white on a black background within the table itself are the decimal value of the ASCII character in that table cell.
ASCII TABLE Figure 43 140 ASCII Table for the Learning Products Template Version 2.1 Display LEARNING PRODUCTS TEMPLATE VERSION 2.
APPENDIX C Omni 3600 Base Unit Port Pinouts The tables in this appendix list pinouts for the Omni 3600 base unit connectors.
O MNI 3600 B ASE U NIT P ORT P INOUTS Barrel Connector Polarity 142 OMNI 3600 REFERENCE MANUAL
GLOSSARY Access code A code number dialed to gain access to a telephone line, such as dialing the number 9 to reach an outside line. chandise in retail stores. To support specific applications, an optional bar code reader can be attached to the Omni 3600 to read and process bar codes. Application ID An alphanumeric code that identi- Bar code reader A pencil- or wand-shaped optical fies an application program downloaded to a terminal from a download computer.
G LOSSARY Byte A term developed to indicate a measurable number of consecutive binary digits that are usually operated on as a unit. For the Omni 3600, a byte consists of eight bits. See also Bit. guished from applications or program instructions. In the Omni 3600 terminal, application files and data files can be stored in RAM or flash memory. Data entry The process of using a keyboard, card Calendar/clock chip A microchip inside the Omni 3600 terminal which keeps track of the current date and time.
G LOSSARY Docking/Docked The act of placing a Omni 3600 terminal in the docking cradle of a base station. The following can occur when the Omni 3600 terminal is docked: Input The process of entering data into a processing system or a peripheral device such as a terminal, or the data that is entered.
G LOSSARY Memory A device or medium that can retain information for subsequent retrieval. The term is most frequently used to refer to the internal storage of a computer (or a terminal) that can be directly addressed by operating instructions. In the Omni 3600, files can be stored in battery-backed RAM or in nonvolatile flash memory. Messages Words and symbols appearing on the display screen which inform the user of the terminal of the result of a process, or if an error has occurred.
G LOSSARY PTID Permanent terminal ID. An optional identifier that can be permanently assigned to a VeriFone terminal at the factory, upon customer request. The PTID has two parts: a 2-digit manufacturer ID (12 for VeriFone) and a unique 8-digit terminal ID. If no PTID is assigned, the default PTID value is 1200000000. Pulse dialing A method of telephone dialing that specifies a phone number by the number of electrical pulses sent. RAM Random-access memory.
G LOSSARY System mode password A unique set of characters entered by the user to access the system mode local functions of the terminal. A default password is supplied with each terminal. For the Omni 3600 terminal, the default system password set at manufacture is: Z66831. To prevent unauthorized access, change the default password to a confidential password on terminal deployment.
INDEX A accessories 126 cables 126 documentation 127 ordering 126 power packs 126 telco cable 126 thermal printer paper 127 VeriFone cleaning kit 127 ALPHA key 33 antenna 21 installation 21 orientation 21 replacement 22 application debugging 52 application partition certificate 98 ASCII table 139 B backspace key 33 back-to-back downloads 57, 58 file authentication 74 redirect files during 68 battery extend battery life 14 battery status 56 C cables ordering 126 cancel key 33 cancel tone 14 certificate tre
I NDEX E certificates 109 definition 57, 145 differences 62 direct 58, 80, 81 cable connections 78, 79 checklist 81 hardware checklist 80 operating system downloads 85 rules for the file system 63 select port 45 select type 45 set up the download environment 77 set up the download environment for application or OS downloads by telephone 77 setting up the download environment 77 store the main application in File Group 1 63 support for multiple applications 62 physical and logical access to file groups 63
I NDEX G FILESIGN.
I NDEX N N non-protected records 52 O operating system downloads 61 optimize memory space 75 optional devices, connecting 29 P paper roll installing 14 partial application downloads 60 partial download 45 partial OS download 85 pass-through connection 29 password 38, 39 passwords 39 file group 46, 51 manufacturer’s default 48 peripherals 29 cables 126 check readers 30 installation 30 printers 30 PF keys 31, 35 PIN pad 49 platform root certificate 98 Port pinouts 141 ports downloads and 45 peripheral devi
I NDEX T menu 7 56 menus 40 password 51 procedures 41 RAM 46 restart the terminal 44 terminal downloads 45 tests 54 system mode operations protected and non-protected records 52 system password 39 magnetic card reader 54 time 44 timing considerations and downloads 75 troubleshooting display 120 keypad 122 printer 120 remote diagnostics 119 serial port connection 121 system messages 119 transactions 121 T U telco cable, ordering 126 Telco port 28 telephone connections direct 28 telephone downloads 80, 8
VeriFone, Inc. 2455 Augustine Drive Santa Clara CA 95054-3002 Tel: 800-VeriFone (837-4366) www.verifone.