Verifone OMNI3600D Point of Sale Terminal User Manual

VeriFone Inc Point of Sale Terminal

User Manual Part IV

FILE AUTHENTICATIONIntroduction to File AuthenticationOMNI 3600 REFERENCE MANUAL 101Figure 35 The Development ProcessPre-Deployment ProcessIn this process:1A sponsor goes to the VeriFone CA Web site and requests certificates for deployment terminals.2Based on information provided by the sponsor through the VeriFone CA Web site, the VeriFone CA determines the required certificate structure.3VeriFone CA generates the following items for the sponsor:aSmart card containing a set of certificates and keys.bSmart card PIN.4VeriFone CA sends the smart card and smart card PIN to the sponsor.5The sponsor uses the smart card and smart card PIN as inputs for the deployment process.
FILE AUTHENTICATIONIntroduction to File Authentication102 OMNI 3600 REFERENCE MANUALRefer to Figure 36 illustrates the pre-deployment process.Figure 36 The Pre-Deployment ProcessDeployment ProcessIn this process:1The sponsor provides the application file (from the development process) and the smart card and smart card PIN (from the pre-deployment process) as inputs to VeriShield.2VeriShield extracts the signer key, signer certificate, and sponsor certificate from the smart card.3VeriShield uses the extracted data, along with the application file, to create a signature file (*.p7s).4VeriShield creates files suitable for downloading from the extracted smart card data.5The signature file, the application file, and the extracted signer and sponsor certificates are downloaded into a deployment terminal, where the following actions occur:aThe terminal’s operating system searches for signature files.bIf a signature file is found, the operating system then searches for a matching application file.
FILE AUTHENTICATIONIntroduction to File AuthenticationOMNI 3600 REFERENCE MANUAL 103cIf a matching application file is found, the operating system compares the signature file’s signature against the values stored in the application file’s calculated signature.dIf the values match, the two files are authenticated and the ATTR_NOT_AUTH bit is set to 0.6Each successfully authenticated executable application file is allowed to run on the terminal (otherwise, the executable remains stored in the terminal memory but is not allowed to run).Figure 37 illustrates the deployment process.
FILE AUTHENTICATIONIntroduction to File Authentication104 OMNI 3600 REFERENCE MANUALFigure 37 The Deployment ProcessPlanning for FileAuthenticationFile authentication is an integral part of every Omni 3600 terminal. To safeguard the terminal’s logical security, the file authentication module requires that any executable code file must be successfully authenticated before the operating system allows it to execute on the terminal.
FILE AUTHENTICATIONIntroduction to File AuthenticationOMNI 3600 REFERENCE MANUAL 105Authentication Requirements for Specific File TypesFor the purposes of file authentication, executable code files include two file types that can be recognized by their filename extensions:Depending on the logical security requirements of specific applications, other types of files used by an application (that is, non-executable files) also need to be authenticated:•Data files (*.dat) that contain sensitive customer information or other data that needs to be secure•Font files (*.vft or *.fon) that may need to be secure to prevent unauthorized text or messages from being displayed on the terminal screen•Any other type of file used by an application and that the application designer wishes to logically secure using file authentication requirementsDecide Which Files to Authenticate in a Specific ApplicationThe first step in the file authentication process is to determine which files must be authenticated for an application to meet its design specifications for logical security under the VeriShield security architecture.In most cases, application designers make these decisions based on specifications provided by the terminal sponsor. Which files to authenticate can be completely transparent to the person or business entity responsible for signing, downloading, and authenticating an application prior to deployment.How (and When) Signature Files Authenticate Their Target FilesSignature files are usually downloaded together with their target application files in the same data transfer operation. This recommended practice lets you specify and confirm the logical security status of the Omni 3600 terminal each time you perform an application download.When the file authentication module detects a new signature file after a terminal restart, it locates and attempts to authenticate the target file that corresponds to the new signature file.It is not mandatory to always download a signature file at the same time as its target application file. For example, you can download the corresponding signature file in a separate operation. A non-authenticated application can reside in the terminal memory, but is not authenticated or allowed to run on the terminal until the signature files for the application executable files are processed by the file authentication module after a subsequent download procedure and terminal restart.File Type ExtensionCompiled and linked application files *.outGlobal function libraries *.lib
FILE AUTHENTICATIONIntroduction to File Authentication106 OMNI 3600 REFERENCE MANUALDetermine Successful AuthenticationTo ensure the Omni 3600 terminal’s logical security, never assume that a target file was authenticated simply because it downloaded to the Omni 3600 terminal together with its signature file.There are several ways to ensure a target file successfully authenticated after a download:•Confirm all downloaded executable files run. If an executable code file is not successfully authenticated, the operating system does not allow it to execute and run, either following the initial download or on subsequent terminal restarts. The effect of this rule depends on whether or not all executable files successfully authenticated:•If the executable file that failed to authenticate is the main application (*.out) specified in the CONFIG.SYS *GO variable, the main application is not allowed to run.•If the executable that failed to authenticate is a secondary executable (*.out) or shared library (*.lib) used by the main application, the CONFIG.SYS *GO application executes and runs until it issues a function call to that library. When the main application attempts to access a non-authenticated executable, the main application may crash.•Visually (and audibly) confirm file authentication during the process. When the file authentication module is invoked at terminal restart and detects a new signature file, it displays status information on screen indicating success or failure of the authentication of each target file based on its corresponding signature file. (A similar status display also appears on screen when you download digital certificates.)You can watch the screen display following the download to see if a specific target file fails to be authenticated. If this happens, FAILED displays on screen for five seconds below the filenames of the target and signature files, and the terminal beeps as an alert.An application program can issue a function call to read the ATTR_NOT_AUTH bit’s current value for all relevant files to verify that were successfully authenticated. If the ATTR_NOT_AUTH bit’s binary value is 1, the file did not authenticate; if 0, the file did authenticate.For non-executable files, it is the application’s responsibility to confirm that all of the files it uses successfully authenticated on download completion, and when the application executes the first time following a restart.NOTE Because the application is responsible for verifying data files and prompt files, it is recommended that each application check the ATTR_NOT_AUTH bit of all relevant files on restart.
FILE AUTHENTICATIONIntroduction to File AuthenticationOMNI 3600 REFERENCE MANUAL 107Digital Certificatesand the FileAuthenticationProcessThe file authentication module always processes certificates before it processes signature files. Digital certificates (*.crt files) generated by the VeriFone CA have two important functions in the file authentication process:•They define the rules for file location and usage (for example, the valid file group, replaceable *.crt files, parent *.crt files, whether child *.crt files can exist, and so on).•They convey the public cryptographic keys generated for terminal sponsors and signers that are the required inputs to the file signing tool, FILESIGN.EXE, to verify file signatures.Hierarchical Relationships Between CertificatesAll digital certificates are hierarchically related to one another. Under the rules of the certificate hierarchy managed by the VeriFone CA, a lower-level certificate must always be authenticated under the authority of a higher-level certificate. This rule ensures the overall security of VeriShield.To manage hierarchical relationships between certificates, certificate data is stored in terminal memory in a special structure called a certificate tree. New certificates are authenticated based on data stored in the current certificate tree. The data from up to 21 individual related certificates (including root, OS, and other VeriFone-owned certificates) can be stored concurrently in a certificate tree.This means that a new certificate can only be authenticated under a higher-level certificate already resident in the terminal’s certificate tree. This requirement can be met in two ways:•The higher-level certificate may have already been downloaded to the terminal in a previous or separate operation.•The higher-level certificate can be downloaded together with the new certificate as part of the same data transfer operation.A development set of higher-level certificates is downloaded into each Omni 3600 terminal at manufacture. When you take a new Omni 3600 terminal out of its shipping carton, certificate data is already stored in the terminal’s certificate tree. In this just-out-of-the-box condition, the Omni 3600 terminal is called a development terminal.Typically, a sponsor requests an additional set of digital certificates from the VeriFone CA to establish sponsor and signer privileges. This additional set of certificates are then downloaded to the Omni 3600 terminal when the terminal is being prepared for deployment. When this procedure is complete, the Omni 3600 terminal is called a deployment terminal.NOTE Each successfully authenticated file is also write-protected. That is, the file’s read-only attribute is set. If the read-only file is removed or if the file is modified in any way while stored in the terminal, the ATTR_NOT_AUTH bit is automatically set to 1. If the modified file is an executable, it is no longer allowed to run.
FILE AUTHENTICATIONIntroduction to File Authentication108 OMNI 3600 REFERENCE MANUALAdd New CertificatesWhen you add a new certificate file to an Omni 3600 terminal, the file authentication module detects it by filename extension (*.crt). On restart, the terminal then attempts to authenticate the certificate under the authority of the resident higher-level certificate stored in the terminal’s certificate tree or one being downloaded with the new certificate.In a batch download containing multiple certificates, each lower-level certificate must be authenticated under an already-authenticated, higher-level certificate. Whether or not the data a new certificate contains is added to the terminal’s certificate tree depends on if it is successfully authenticated. The following points explain how certificates are processed:•If a new certificate is successfully authenticated, the information it contains is automatically stored in the terminal’s certificate tree. The corresponding certificate file (*.crt) is then deleted from that file group’s RAM.•If the relationship between the new certificate and an existing higher-level certificate cannot be verified, the authentication procedure for the new certificate fails. In this case, the certificate information is not added to the certificate tree and the failed certificate file (usually ~400 bytes) is retained in application memory.Development TerminalsA development terminal is an Omni 3600 terminal still maintaining the original factory set of certificates in its certificate tree. This set of certificates includes several higher-level system certificates and a special client certificate called a default signer certificate (see Figure 38).In the development terminal, the level of logical security provided by the file authentication module is minimal, even though applications must still be signed and authenticated before they can run on the terminal. In most application development and test environments, tight security is not required, and the flexibility offered by the Omni 3600 development terminal is more important.Deployment TerminalsWhile the application development process is being completed and while the new application is being tested on a development terminal, a sponsor can order specific sponsor and signer certificates from the VeriFone CA to use to logically secure sponsor and signer privileges when the Omni 3600 terminal is prepared for deployment.NOTE With the factory set of certificates stored in the terminal memory, anyone who has the Omni 3600 SDK and included file signing tool, FILESIGN.EXE, can generate valid signature files for downloading and authenticating files on the Omni 3600 platform.
FILE AUTHENTICATIONIntroduction to File AuthenticationOMNI 3600 REFERENCE MANUAL 109Customer-specific sponsor and signer certificates are usually downloaded to an Omni 3600 terminal as part of the standard application download procedure performed by a deployment service. In this operation, the new sponsor and signer certificates replace the development sponsor certificate that is part of the factory set of certificates, as shown in Figure 38.When the sponsor and signer certificates are downloaded and successfully authenticated, the terminal is ready to deploy.Ultimately, it is the sponsor’s decision how to implement the logical security provided by file authentication on a field-deployed terminal. Additional certificates can be obtained from the VeriFone CA any time, to implement new sponsor and signer relationships in deployment terminals.Figure 38 Certificate Trees in Development and Deployment TerminalsPermanency of the Certificate TreeThe data contained in a digital certificate is stored in the terminal’s certificate tree when the certificate is authenticated, and the certificate file itself is erased from RAM.The certificate tree file is stored in a reserved area of non-volatile memory and is therefore relatively permanent. New certificate data can be added to the existing certificate tree (up to a maximum of 21 certificates).
FILE AUTHENTICATIONIntroduction to File Authentication110 OMNI 3600 REFERENCE MANUALRequired Inputs to the File Signing ProcessThe required inputs to the file signing process are somewhat different for development terminals than deployment terminals. The significant differences shown in Table 19.Replace a Sponsor CertificateA sponsor may need to clear the current sponsor certificate from a terminal so that a new sponsor can load certificates and applications. To do this, the original sponsor must order a “clear” smart card from the VeriFone CA. The clear smart card is specific to the requesting sponsor. It restores a deployment terminal to the development state (refer to Figure 39) by:•Deleting the current sponsor and signer certificates from the terminal’s application partition.•Restoring the default certificate to the terminal’s application partition.Table 19 Differences Between Required InputsDevelopment Terminals Deployment TerminalsManufacturing inputs to the file signing process are included, together with the file signing tool, FILESIGN.EXE, in the Omni 3600 SDK. These inputs make it possible for anyone who has the Omni 3600 SDK to sign and authenticate files.The required inputs to FILESIGN.EXE must be obtained from the VeriFone CA to logically secure the sponsor and signer privileges for the terminal.The following two factory inputs are required for the file signing process, in addition to the application files you want to sign and authenticate:•Default signer certificate, with the filename K2SIGN.CRT •Default signer private key, with the filename K2SIGN.KEYThe following three unique inputs, which are issued at customer request by the VeriFone CA, are required for the file signing process, as well as the application files you want to sign and authenticate:•Customer signer certificate: This unique certificate is a required input for FILESIGN.EXE and must be downloaded to the terminal along with the signature files and target application files to authenticate, unless already downloaded to the terminal in a previous operation.•Customer signer private key: The VeriFone CA issues this unique, encrypted private key file (*.key) to an authorized signer at the sponsor’s request. The signer private key is a required input to FILESIGN.EXE, but does not have to be downloaded to the terminal.•Customer signer PIN: The VeriFone CA issues this unique password to an authorized signer at the sponsor’s request. The customer signer password is a required input to FILESIGN.EXE, but it does not have to be downloaded to the terminal.Note: A default signer password is not a required entry when using FILESIGN.EXE to sign files for an Omni 3600 development terminal.Note: The customer sponsor certificate, which authenticates the customer signer certificate, is usually downloaded to the terminal with the customer signer certificate, but it is not a required FILESIGN.EXE input when signing files to be downloaded to, and authenticated on, a deployment terminal.
FILE AUTHENTICATIONIntroduction to File AuthenticationOMNI 3600 REFERENCE MANUAL 111Figure 39 Certificate Replacement ProcessFile Authenticationand the Omni 3600File SystemApplication Memory Logically Divided Into File GroupsThe memory of an Omni 3600 terminal is logically divided into two main areas, or partitions: One partition is for the operating system and the other partition is reserved for applications. The application partition is further divided into sub-partitions. These sub-partitions are called file groups or GIDs.This system of partitions and sub-partitions makes it possible to store multiple applications in terminal memory and prevent these applications from overlapping or otherwise interfering with each other’s operation.There are a total of 16 file groups (Figure 40). Group 0 is the name of the operating system partition. Group 1 is reserved for the main application. Groups 2–14 are available for related executable files or secondary applications. Group 15 is open, and used for shared files.NOTE The process for replacing a signer certificate is the same as for replacing a sponsor certificate.
FILE AUTHENTICATIONIntroduction to File Authentication112 OMNI 3600 REFERENCE MANUALFigure 40 Omni 3600 Application Memory PartitionsRules for Storing Applications in Specific File GroupsHere are some important Omni 3600 file system features, as they relate to storing application files in specific file groups, and how these features affect the file authentication process:•Most applications consist of more than one executable. For each executable to run on the terminal, it must be signed and authenticated. •Although not enforced by the operating system, it is recommended that only one application be stored per file group in the application partition. Any number of executable files can, however, be stored in a single file group.•Using the CONFIG.SYS *GO variable, you can specify only one application to automatically execute following a download and terminal restart. The defined application is usually the main application stored in Group 1 and called from the *GO variable in the CONFIG.SYS file in GID1.•The main application stored in GID1 can access files, secondary applications, or function libraries stored in any other file group.•The application downloaded into GID1 is always the primary application for the terminal. This application is owned by the primary terminal sponsor (sponsor A) in cases where there are multiple sponsors. •The Group 1 application controls any and all secondary applications stored in terminal memory. That is, a secondary application can only be invoked by a RUN command issued by the Group 1 application.•An application stored in Groups 2–15 can only access files stored in its own file group and in Group 15. For example, an application authorized by the sponsor to be authenticated in Group 4 can only access files and libraries stored in Group 4 and Group 15.•If multiple applications (main and secondary) are to run on the same terminal, each .OUT and/or shared library file must have its own matching signature file. NOTE The Omni 3600 operating system only enforces the rule that the main application always be stored in GID1. You can, for example, store a shared library in any file group. Rules for Storing Applications in Specific File Groups states reasons to follow the guidelines previously described for storing applications and libraries in specific file groups.
FILE AUTHENTICATIONIntroduction to File AuthenticationOMNI 3600 REFERENCE MANUAL 113Because each application is responsible for verifying its own data and prompt files, the other application files should have their own matching signature files. The master .OUT file should validate that these additional signature files are authenticate before the signature files are used.•If two or more applications are to run on the same terminal, the signature files for the respective applications must be downloaded, together with the corresponding target files, into the specific file group(s) for which the applications are authorized. If an application is downloaded into a group for which is it not authorized, file authentication for that application fails.If, for example, Application B is downloaded into GID4, where it is authorized to run, but the signature files for all Application B executable files are downloaded into GID7, file authentication for Application B fails and it is not allowed to run.•Each certificate contains an attribute to verify if an application is valid for a particular group. Authenticate Files Stored in the RAM or Flash of a File GroupAll *.p7s files are loaded into RAM and contain flags that indicate if the file to verify is stored in flash or RAM. A signature file must know if its matching application file is stored in flash or RAM. If a signature file cannot locate its matching application file, the application file is not authenticated. If the signature file authenticates its target file, and if the *FA variable is present in the CONFIG.SYS file of the target file group and is set to 1, the signature file is retained in memory and is automatically moved, if necessary, into the same file system as the target file it authenticates. That is, if the target file is stored in the flash, the signature file is also stored in the flash; if the target file is stored in RAM, the signature file is also stored in RAM.If the signature file authenticates its target file and the *FA variable is present in the CONFIG.SYS file of the target file group and is set to 0, the signature file is erased when its target file is authenticated.If you intend to perform back-to-back downloads, as described in Chapter 4, all signature files must be retained in the Omni 3600 terminal’s application memory, together with the target application files they authenticate. NOTE To control if signature files are retained or deleted when they are processed by the file authentication module, you must use the protected CONFIG.SYS variable *FA as documented in the Verix Operating System Programmer’s Manual.
FILE AUTHENTICATIONThe FILESIGN.EXE File Signing Tool114 OMNI 3600 REFERENCE MANUALRestrictions on Downloading Different File TypesA typical application download includes a variety of different file types. There are the following restrictions on how you can download different kinds of files to the Omni 3600 terminal and how files are stored in the file system:The normal size of a signature file is approximately 400 bytes. Depending on the application’s size and on how memory space is allocated, the area available for storing multiple signature files must be carefully managed. The memory space required by a certificate file is also approximately 400 bytes, but certificate files are temporary. When a certificate is authenticated, the data it contains is copied to the certificate tree, and the certificate file is erased from the target file group’s RAM.TheFILESIGN.EXEFile SigningToolTo generate the signature files required for file authentication, you must sign all executable files and other files to be logically protected, using the FILESIGN.EXE software tool. This section discusses use of this tool, which is included in the Omni 3600 SDK.The file signing tool, FILESIGN.EXE, generates a formatted file called a signature file, recognized by the filename extension *.p7s.You can run FILESIGN.EXE on a host computer (PC) in DOS command-line mode, or invoke the program under Windows NT or Windows 95 and then use the FileSign dialog box to make the required entries.FILESIGN.EXESystemRequirementsThe FILESIGN.EXE tool requires one of the following computing environments:•Windows NT, Version 4.0, SP5•Windows 95, with Internet Explorer Version 5.0The SP5 and Internet Explorer Version 5.0 software can be downloaded from the Microsoft Web site located at www.microsoft.com.File Type RestrictionCertificate (*.crt) Must be downloaded into the RAM of the target file group (GID1–GI15) selected in system mode.Signature (*.p7s) Must be downloaded into the RAM of the target file group (GID1–GID15) that you select in system mode.Operating system Must be downloaded into Group 1 RAM. When the OS files and related certificates and signature files are authenticated, they are automatically moved from Group 1 RAM into the Group 0 sub-partition, reserved for the operating system.NOTE The file signing process for operating system files is done for Omni 3600 customers by the VeriFone CA. For operating system updates, VeriFone provides customers with a complete download package that includes all certificates and signature files required for authentication.
FILE AUTHENTICATIONThe FILESIGN.EXE File Signing ToolOMNI 3600 REFERENCE MANUAL 115Operating Modesfor FILESIGN.EXEFILESIGN.EXE can run on the host computer in two user modes:•Command-line mode (Windows PC DOS shell): Command-line mode is useful for application developers who perform batch file downloads and is convenient when using file download tools provided by VeriFone such as VeriCentre Download Management Module (DMM), ZonTalk 2000, and the direct download utility, DDL.EXE. In command-line mode, you can sign a batch of files in a single operation.•Graphical interface mode (Windows NT or Windows 95): Use the FileSign dialog box (Figure 41) to select the file to sign and assign a name and destination location for the generated signature file on the host computer. When you run the FILESIGN.EXE tool under Windows, you can sign only one file at a time.You can also specify to store the target file in the target file group’s RAM (default location) or in the flash file system. If required, you can navigate through the file system on your PC to select the signer certificate file (*.crt) and signer private key file (*.key) to use as inputs to the file signing process.Figure 41 FileSign Dialog Box for FILESIGN.EXE Under WindowsNOTE If the entry of a signer password is a required input, a secondary dialog box displays to enter and confirm the password. Please also note that a signer password is required for a deployment terminal, but not for a development terminal.
FILE AUTHENTICATIONThe FILESIGN.EXE File Signing Tool116 OMNI 3600 REFERENCE MANUALCommand-LineEntries forFILESIGN.EXETab le 20 lists and describes the switches that make up the command-line mode syntax for FILESIGN.EXE.Table 20 Command-Line Mode Switches for FILESIGN.EXEaSwitch Description Requirements-C, -c Signer certificate file name (*.crt). Required input for development terminals and deployment terminals.For development terminals, you can use the default signer certificate, K2SIGN.CRT.For deployment terminals, you must use the signer certificate issued by the VeriFone CA.-K, -k Signer private key filename (*.key). Required input for development terminals and deployment terminals.For development terminals, you can use the default signer private key, K2SIGN.KEY.For deployment terminals, you must use the signer private key provided by the VeriFone CA.-P, -p Signer password for decrypting the signer private key.Required input only for deployment terminals.The VeriFone CA issues and securely conveys this password to an authorized signer.-F, -f Name of the application file to sign (*.out, *.lib, or other file type).Required for development terminals and for deployment terminals.-S, -s Name of the signature file (*.p7s) for FILESIGN.EXE to generate for the target application file.Required for development terminals and for deployment terminals.-L, -l Specifies to store the target application file to sign and authenticate in the flash (drive F:) file system.If you do not use this switch to specify flash as the target file destination, it is stored by default in the RAM file system (drive I:).Optional entry.This switch assigns an F: prefix to the name of the *.out or *.lib file to download, and also stores this information in the signature file as part of the special filetype attribute.NOTE: Signature files must be downloaded into the target file group’s RAM.If the target file is authenticated, the corresponding *.p7s file is moved to the same memory area as the target file it authenticates. For example, if the target file is stored in flash (F:), its *.p7s file is moved into the flash file system. If, however, you set the *FA variable in the file group’s CONFIG.SYS file to 0, all signature files are deleted from RAM when file authentication is complete.a. The switches described in Tab l e 2 0 are not case-sensitive and can be entered on the command line in any order.
FILE AUTHENTICATIONThe FILESIGN.EXE File Signing ToolOMNI 3600 REFERENCE MANUAL 117Command-LineMode SyntaxExampleIn the FILESIGN.EXE command-line entry example below, please note that the syntax used applies to an Omni 3600 development terminal with the factory set of certificates, and not to a deployment terminal. The differences are as follows:•The default signer certificate and default signer key file names that are provided by VeriFone as part of the Omni 3600 SDK are entered on the command line instead of customer-specific customer signer certificate and customer signer private key file names, and•The switch for signer password (-P password) is not used, because a customer signer password is only required to sign and authenticate files for Omni 3600 deployment terminals being prepared for deployment.Please note also how the command-line mode switches described in Table 20 are used in this example:filesign -L -f file.out -s file.p7s -c k2sign.crt -k k2sign.key•The -L switch indicates to store the application file in the flash file system instead of the target group’s (default) RAM file system. (The target group for the download must be selected from system mode when the download is performed.)•The -f switch indicates that the application file “file.out” must be signed by the FILESIGN.EXE tool. Executable files, such as *.out and *.lib files, must always be signed if they are to run on the terminal following a download. Depending on the application’s logical security requirements, other types of files, such as data files and font files, may also need to be signed and are authenticated on download.•The -s switch is followed by the name of the signature file to generate, file.p7s.•The -c switch is followed by the name of the default signer certificate to use for file authentication with the development terminal, “k2sign.crt”.•The -k switch is followed by the name of the default signer private key file, k2sign.key. A signer private key is a required input to the file signing process for development terminals and for deployment terminals.FILESIGN.EXEGraphicalInterface ModeWhen you execute FILESIGN.EXE in the Windows environment, the FileSign dialog box displays (see Figure 41). The FileSign dialog box has four entry fields, each of which is followed by a “Next” [...] selection button, as well as one check box, and the OK and Cancel buttons:•Press ALT-C or click on the [...] button to the right of the “Certificate” field to locate and select the certificate file (*.crt) you want to use to sign the file.•Press ALT-K or click on the [...] button to the right of the “Key” field to locate and select the signer private key file (*.key).
FILE AUTHENTICATIONThe FILESIGN.EXE File Signing Tool118 OMNI 3600 REFERENCE MANUAL•Press ALT-F or click on the [...] button to the right of the “File to be signed” field to locate and select the application file (*.out, *.lib, or other) to sign. If necessary, you can also modify the filename.If you want to store the file in flash memory on download to the terminal, check the “Stored in FLASH” checkbox. This adds the “F:” prefix to the target file name.•Press ALT-S or click on the [...] button to the right of the “Signature file” field to enter a filename for the signature file to be generated. The filename extension must always be *.p7s. You can also choose another directory to store the generated signature file.•When all entries are complete, press ALT-O or click the OK button to execute FILESIGN.EXE and generate the signature file. Or, press ALT_A or click Cancel to exit the FILESIGN.EXE utility.When the necessary signature files are generated to authenticate the application or applications on the Omni 3600 terminal, you are ready to perform the application download procedure.For more information about file authentication within the context of specific download procedures, please refer to Chapter 4.
OMNI 3600 REFERENCE MANUAL 119CHAPTER 6Troubleshooting and ServiceThis chapter discusses:•typical problems encountered and their resolution,•cleaning and maintenance, •product specifications, and•where to go for more information.VeriFone follows stringent quality control standards in the manufacture of Omni 3600 terminals. Each unit that leaves the factory receives numerous tests to ensure quality and reliable operation. However, should you encounter a problem in operation, read this section for possible causes and solutions.Smart Card The smart card implementation is a proprietary hardware solution that has no serviceable parts.System Messages Appendix A lists all system messages, including informational and error messages, and prompts, that may appear on the Omni 3600 display panel. For an explanation of a message that indicates some terminal malfunction occurred, please refer to the descriptions in Appendix A.Use RemoteDiagnostics toIdentify ProblemsCertain problems with a specific Omni 3600 terminal can be identified by a computer running a diagnostic test program. The diagnostic computer can be connected directly to a docked terminal by a cable or through a telephone line connection.Troubleshooting The troubleshooting guidelines provided in this section identify various problems and suggest appropriate corrective action(s). If you have problems operating your Omni 3600 terminal, please read through these troubleshooting examples. If the problem persists or if it is not described below, contact your local VeriFone representative for assistance.NOTE Perform only those adjustments or repairs specified in this guide. For all other services, contact your local VeriFone distributor or service provider. Service conducted by parties other than authorized VeriFone representatives may void the product warranty.NOTE The Omni 3600 terminal comes equipped with tamper-evident labels. Do not, under any circumstance, attempt to disassemble the terminal.
TROUBLESHOOTING AND SERVICETroubleshooting120 OMNI 3600 REFERENCE MANUALTerminal DisplayDoes Not ShowCorrect orReadableInformation1Dock the Omni 3600 terminal in a base station.2Check all cable connections and verify that the telephone line is properly connected.3Recharge or replace the battery.4Check display contrast by performing a local diagnostic test of the terminal display in system mode (refer to System Mode Menu 5 in Chapter 3).5If the problem persists, contact your local VeriFone representative for assistance.Smart Battery WillNot ChargeThe smart battery must initially receive a full charge to set the battery’s charge capacity memory. Allow the Omni 3600 terminal to remain connected to the power pack for a minimum of 2 hours, maximum of 4 hours to ensure the battery receives a full charge.Since the smart battery has a ‘memory’ of its initial charge, this is the maximum charge it will take. If the initial charge was not long enough or insufficient, battery use hours are shortened.Telephone LineConnection DoesNot Work Properly1Check the telephone line cord and all telephone connections.2If you are using a pass-through (Telset) connection, check that the telephone handset is seated properly in its cradle. Also, check the line using another telephone base unit. If the other telephone works, have the defective telephone repaired or replaced.3If you are using a direct (Telco) connection, check the Telco cable by plugging it into a working telephone and listening for a dial tone. If this test does not work, replace the Telco cable. If it is determined that the telephone line is dead, contact your local telephone company to check the status of the line.4If the problem persists, contact your local VeriFone representative for assistance.Printer Does NotWork1Check battery status. The printer will not print if there is an insufficient charge remaining in the battery to complete the print operation.2Check if the printer is out of paper. Open the paper roll cover and install a new roll of printer paper.3Perform a test of the integrated thermal printer as described in Printer Test in Chapter 1.4If the problem persists, contact your local VeriFone representative for assistance.NOTE Conserve battery power by turning the Omni 3600 terminal off when not in use. If the terminal is not to be used for several days, remove the battery from the terminal as it continues to discharge even when the terminal is turned off.
TROUBLESHOOTING AND SERVICETroubleshootingOMNI 3600 REFERENCE MANUAL 121Serial Port DoesNot Work1The serial port on the back panel of the base station is identified by the “RS232” icon. Check that the device connected to the serial port has power and is functioning properly. If possible, perform a self-test on the device in question.2The cable connecting the optional device to the base station serial port may be defective. Try a different serial cable.3If the problem persists, contact your local VeriFone representative for assistance.Terminal Does NotProcessTransactionsThere are several possible reasons why the terminal may not be operating properly or processing transactions. To check the most likely causes, follow the steps below.Step 1: Check the magnetic card reader1Test the magnetic card reader as described in System Mode Menu 5 in Chapter 3.2Perform a test transaction using several different magnetic stripe cards to ensure the problem is not a defective card.3Make sure you are swiping cards properly. With the Omni 3600 card reader, the black, magnetic stripe on the card should face down, away from the keypad.4Process a transaction manually using the keypad instead of the card reader. If the manual transaction works, the problem may be a defective card reader. Contact your VeriFone distributor or service provider.5If the manual transaction does not work, proceed to Step 3.Step 2: Check the smart card reader1Perform a test transaction using several different smart cards to ensure the problem is not a defective card.2Make sure you are inserting the cards properly. With the Omni 3600 smart card reader, the chip on the card should face down and inward.3Ensure the MSAM cards are properly inserted and the cardholders are properly secured as described in Install/Replace MSAM Cards in Chapter 1.4Process a transaction manually using the keypad instead of the card reader. If the manual transaction works, the problem may be a defective card reader. Contact your VeriFone distributor or service provider.5If the manual transaction does not work, proceed to Step 3.
TROUBLESHOOTING AND SERVICECleaning and Care122 OMNI 3600 REFERENCE MANUALStep 3: Check the telephone line1Connect to a working telephone and check for a dial tone. If there is no dial tone, replace the Telco cable.2If the problem appears to be with the telephone line, check with the party you are trying to call to see if their system is operational. If they are not experiencing difficulties with their line, contact the telephone company and have your line checked.3If the telephone line works, contact your local VeriFone representative for assistance.Keypad Does NotRespond1Check the display panel. If it displays the wrong character or nothing at all when you press a key, follow the steps outlined in Terminal Display Does Not Show Correct or Readable Information.2If pressing a function key does not perform the expected action, refer to the user documentation for that application to be sure you are entering data correctly.3Perform a local diagnostic test of the keyboard in system mode (refer to System Mode Menu 5 in Chapter 3).4If the problem persists, contact your local VeriFone representative for assistance.Cleaning andCareThis section discusses keeping the Omni 3600 terminal and Omni 3600 base clean.For normal dirt, use a clean cloth slightly dampened with water and a drop or two mild soap. For stubborn stains, use alcohol or an alcohol-based cleaner.Base Contacts It is important that the exposed contacts in the docking cradle of the base stay clean and unbent. Gently swab the contacts with alcohol or contact cleaner to remove dirt.CAUTION Never use thinner, acetone, trichloroethylene, or ketone-based solvents — these chemicals can deteriorate plastic or rubber parts. Do not spray cleaners or other solutions directly onto the keypad or display.CAUTION Avoid touching the contacts in the raised area in the center of the base. Finger oils tarnish contacts, causing bad connections. If the battery charge state or terminal power LEDs do not light when the terminal is docked or there is a high occurrence of bad or incomplete data transfers, clean the contacts.
TROUBLESHOOTING AND SERVICEVeriFone Service and SupportOMNI 3600 REFERENCE MANUAL 123Smart Card ReaderVeriFoneService andSupportFor Omni 3600 terminal or base problems, contact your local VeriFone representative or service provider. Visit www.verifone.com to locate a representative near you.For Omni 3600 product service and repair information:•(USA) VeriFone Service and Support Group, 1-800-837-4366, Monday–Friday, 8 A.M.–8 P.M. eastern time•(International) Contact your local VeriFone representativeFor Omni 3600 supplies:•VeriFone Online Store at www.store.verifone.com.•(USA) VeriFone Customer Development Center, 1-800-837-4366, Monday–Friday, 7 A.M.–8 P.M. mountain time•(International) Contact your local VeriFone representativeReturn a Terminal,Omni 3600 Base,or Smart BatteryBefore returning an Omni 3600 terminal, base, or smart battery to VeriFone, you must obtain a Merchandise Return Authorization (MRA) number. The following procedure describes how to return one or more terminals or base for repair or replacement (U.S. customers only):1Gather the following information from the printed labels (Figure 42) on the bottom of each Omni 3600 terminal and base station you are returning:•Product ID, including the model and part number. For example, “OMNI 3600” and “P096-XXX-XX”•Serial number (S/N XXX-XXX-XXX)2Contact VeriFone:•Within the U.S., call VeriFone toll-free at 800-VeriFone (837-4366)•Internationally, contact your local VeriFone representative. To locate a representative near you, visit www.verifone.com 3Select the MRA option from the automated message. The MRA department is open Monday–Friday, 8 A.M.–8 P.M., eastern time.CAUTION Do not attempt to clean the smart card reader. Doing so may void your warranty. For smart card reader service, contact your VeriFone distributor or service provider.NOTE International customers, please contact your local VeriFone representative for assistance with your service, return, or replacement.
TROUBLESHOOTING AND SERVICEVeriFone Service and Support124 OMNI 3600 REFERENCE MANUAL4Give the MRA representative the information gathered in Step 1.If the list of serial numbers is long, you can fax the list, along with the information gathered in Step 1, to the MRA department. Include a telephone number where you can be reached and your fax number.Please print clearly to the attention of the “VeriFone MRA Dept.” and send your fax to 502-329-5947 (U.S.). You will be issued an MRA number and the fax will be returned to you.5Describe the problem and provide the shipping address to return the repaired or replacement unit.6Keep a record of the following items:•Assigned MRA number(s)•VeriFone serial number assigned to the Omni 3600 terminal or base station you are returning for service or repair•Shipping documentation, such as airbill numbers used to trace the shipment•Model(s) returned (model and part numbers are located on the bottom of each terminal or base station)Figure 42 Information Labels on Bottom of TerminalNOTE One MRA number must be issued for each terminal or base station you return to VeriFone, even if you are returning several of the same model.
TROUBLESHOOTING AND SERVICESpecificationsOMNI 3600 REFERENCE MANUAL 125SpecificationsPowerRequirementsDC power (all Omni 3600 terminals and base stations): DC: 19VDC; 3.16ADC power pack (all Omni 3600 terminals and base stations):•Input: 100–240 V ~ (100–240VAC); 50–60 Hz; 1.5A•Output: 19VDC; 3.16ABarrel connector polarity (all Omni 3600 terminals and base stations): Environmental Omni 3600 terminal:•Operating temperature: 0° to 40° C (32° to 104° F)•Storage temperature: – 18° to + 66° C (0° to 150° F)•Relative humidity: 15% to 90%; no condensationBase station:•Operating temperature: 0° to 55° C (32° to 131° F)•Storage temperature: – 40° to + 70° C (-40° to 158° F)•Relative humidity: 15% to 90%; no condensationDimensions • Height: 69 mm (2.72 inches)•Width: 95 mm (3.74 inches)•Length: 220 mm (8.64 inches)Weight • Terminal weight: 568 g (1.25 lb)•with battery installed: 681 g (1.5 lb)•with battery and paper roll installed: 710 g (1.56 lb)•Shipping weight: 1264 g (2.78 lb): The shipping weight for the Omni 3600 terminal includes: shipping carton, one terminal, power pack and cable, one smart battery, paper roll, and one Quick Installation Guide.•Base station weight: 378 g (0.83 lb)•Shipping weight: 498 g (1.098 lb): The shipping weight for the Omni 3600 base station includes: shipping carton, one base station, one Telco cable, and one Quick Installation Guide.
TROUBLESHOOTING AND SERVICEAccessories and Documentation126 OMNI 3600 REFERENCE MANUALAccessoriesandDocumentationAccessories and documentation available for the Omni 3600 are listed in this section. When ordering, please refer to the part number on the left. How to Order • VeriFone Online Store at www.store.verifone.com•USA: VeriFone Customer Development Center, 1-800-837-4366, Monday–Friday, 7 A.M.–8 P.M., PST•International: Contact your local VeriFone representativeDownload Cables and AdaptersCables for Optional PeripheralsBase StationTelco CableAntennaContact your VeriFone distributor to determine the exact antenna for your Omni 3600 terminal.Smart BatteryPower PackContact your local VeriFone distributor to determine which power pack fits your needs.05651-xx MOD10-MOD10 (base station-to-base station)26263-xx 02xxx MOD10-PC DB25F (base station-to-PC)26264-xx 02xxx MOD10-PC DB9F (base station-to-PC)22536-01 MOD10 adapter (terminal-to-terminal/PC/telephone)07041-xx MOD10-MDIN9 (CR 600/CR 1000icheck readers)P096-201-00 Base station00124-17 2.1-m (7’) telephone line cord, black color, with modular RJ11-type connectors22066-XX Replacement antenna. 22044-02 12V battery pack22161-01 DC power pack (universal)21973-01 Power cable (U.S.)
TROUBLESHOOTING AND SERVICEAccessories and DocumentationOMNI 3600 REFERENCE MANUAL 127Thermal Printer PaperVeriFone Cleaning KitDocumentationCRM0043 Standard-grade thermal printer paper, 57-mm (2.25”) width, 7.62-m (25’) length; single roll 02746-01 Cleaning kit22377 Omni 3600 Quick Installation Guide22378 Omni 3600 Base Station Quick Installation Guide22060 Omni 3600 Installation Guide19733 Verix Operating System Programmer’s Manual
TROUBLESHOOTING AND SERVICEAccessories and Documentation128 OMNI 3600 REFERENCE MANUAL
OMNI 3600 REFERENCE MANUAL 129APPENDIX ASystem MessagesThis appendix describes error and information messages that may appear when the Omni 3600 terminal is in system mode. For ease of use, these messages are grouped alphabetically. These messages include those:•displayed digital certificate and signature file download to the terminal•processed by the file authentication module•displayed when using the file compression module of the VeriCentre DMM terminal management and download toolThis message displays when DEBUGGER F4 in SYS MODE MENU 4 is selected and the debugging monitor program, DBMON.OUT, is already running on the terminal.This message displays when an attempt was made to invoke a system mode function not allowed to execute while an application is running on the terminal. The requested function is not invoked, and the application continues to run in the background.Some system mode functions, such as setting the date and time, can be performed in this mode even with the application running in background, and this message does not display. For other system mode functions, such as downloads and RAM or flash clear operations, you must restart the terminal and re-enter system mode before the application starts (within three seconds).To restart the terminal and enter system mode:1Press the cancel key until the SYS MODE MENU 1 displays. 2Select RESTART F4.3Enter system mode within three seconds of seeing the VeriFone copyright screen—before the application begins—by simultaneously pressing F2 and F4.ALREADY DEBUGGINGAPPLICATIONALREADY RUNNINGPLEASE RESTARTDEVICE BUSYPLEASE RESTARTSTAND ALONE
SYSTEM MESSAGES130 OMNI 3600 REFERENCE MANUALThis message displays when a system mode function queried an internal device that is busy. This message can also occur if you entered system mode with an application running.For example, if the application opened the magnetic stripe card reader and you try to invoke the card reader diagnostic through MAG CARD READER F4 in SYS MODE MENU 5, the attempt fails and this message appears. Restart the terminal and enter system mode before the application starts.The operating system is unable to start the application specified in the *GO variable for the following reasons:•No application resident in the terminal.•The *GO variable is not set in the Group 1 CONFIG.SYS file.•The application file specified in the *GO variable does not exist in Group 1. (The *GO variable cannot specify an application file stored in a file group other than Group 1.)•The application or a shared library used by the application either does not exist or is not authenticated. All executables must be authenticated to run on the terminal.•There is not enough memory available to run the application requested in the *GO variable.A corrupt file is detected in the flash file system during terminal start up, after power-on, or during restart. This message may indicate a hardware problem or the error condition may be resolved through another download of the file.The DEBUGGER F4 option in SYS MODE MENU 4 was selected. The debugging monitor program, DBMON.OUT, is included in the SDK, but is not stored in the terminal memory of a factory unit. To use the debugging tool, you must sign, download, and authenticate the DBMON.OUT application.This message displays if you select REMOTE DIAGS F2 in SYS MODE MENU 4 and the (optional) Terminal Management Agent (TMA) software is not resident in the Omni 3600 terminal. The TMA software is required to perform remote diagnostics. For more information about support for remote diagnostics, contact your VeriFone service provider.DOWNLOAD NEEDEDFLASH CHKSUM ERRORLOAD DBMON.OUTLOAD TERMINALMANAGEMENT AGENT
SYSTEM MESSAGESOMNI 3600 REFERENCE MANUAL 131This message displays when you select CONFIG INFO F2 in SYS MODE MENU 3 and press the PF2 key (below the down arrow) two times. This third display, in a series of four, provides the following information about the current terminal configuration:•MODL: The model number assigned to the terminal on manufacture.•CTRY: The name or abbreviation (up to 42 characters) of the country of manufacture.•KEYPAD: A code (0–5) to indicate keypad type.•DISPLAY: A code (000000, 000001, or xxxyyy) to indicate display unit type.•MAG RDR: A code (0–4) to indicate magnetic stripe card reader type.•PRINTER: A code (0 or 1) to indicate that a thermal printer is integrated.This message displays when you select CONFIG INFO F2 in SYS MODE MENU 3 and press the PF2 key (below the down arrow) three times. This fourth display, in a series of four, provides the following information about the current terminal configuration:•PINPAD: A code (0 or 1) to indicate that a PIN pad is integrated.•LIFE: The number of seconds the terminal has run since first powered on.•RSET: The date and time when the terminal was last reset, in yymmddhhmmss format.•RCNT: The total number of times the terminal has been reset.•MODEM CTRY: The current two-digit modem country code setting. For additional information about modem country codes, see the Verix Operating System Programmer’s Manual.This message displays if you enter an incorrect system mode password or an incorrect file group password. Repeat the password entry and press the enter key.MODL O3600MCTRY GENKEYPAD 0DISPLAY 128064MAG RDR 3PRINTER 1↑↓PINPAD 1LIFE 730810RSET 020829000536RCNT 198MODEM CTRY ?↑↓PLEASE TRY AGAIN
SYSTEM MESSAGES132 OMNI 3600 REFERENCE MANUALThis message displays when you select CONFIG INFO F2 in SYS MODE MENU 3 and press the PF2 key (below the down arrow) to display the next screen. This second display, in a series of four, provides the following information about the current terminal configuration:•RAM: The RAM (SRAM) size in kilobytes (KB).•FLASH: The flash memory size in KB.•SERNO: The serial number assigned to the terminal on manufacture.•PTID: The permanent terminal ID assigned to the terminal on manufacture. If no PTID is assigned, the default value is “12000000.”•PART: The part number assigned to the terminal on manufacture.•VERS: The hardware version number assigned to the terminal on manufacture.A corrupt file is detected in the RAM file system at terminal start up, after power-on, or during restart. This message may indicate a hardware problem or the error condition may be resolved through another download of the file.This message displays when you select CONFIG INFO F2 in SYS MODE MENU 3. This first display, in a series of four, provides the following information about the current terminal configuration:•INUSE: The number of bytes of memory space currently being used in the RAM file system (RAM FILES) or the flash file system (FLASH FILES).•AVAIL: The number of bytes of memory space currently available in the RAM file system (RAM FILES) or the flash file system (FLASH FILES).RAM 1024FLASH 2048SERNO 024-546-755PTID 12443328PART P096-100-02VERS 6↑↓RAM CHKSUM ERRORRAM FILES 5 INUSE 31686 AVAIL 960630FLASH FILES 1 INUSE 3232 AVAIL 1766232↑↓RECEIVING NOW
SYSTEM MESSAGESOMNI 3600 REFERENCE MANUAL 133In back-to-back downloads, the Target (receiving) terminal displays this message on data transfer initiation when pressing the asterisk key (*). To stop the upload, press the cancel key on either terminal (Gold or Target).This message displays when you select FLASH FILES F4 in SYS MODE MENU 2 and select CLEAR GROUP_nn F2 or CLEAR ALL FILES F3 to clear files from the flash memory of a specific file group (Group 1–15) or from the entire flash memory. This message remains until the files either within the file group or all files in flash are deleted.If you select CLEAR ALL FILES F3, only application file(s) stored in the flash-based file system—not the files stored in RAM—are erased. This message displays when you select RAM FILES F3 in SYS MODE MENU 2 and select CLEAR GROUP_nn F2 or CLEAR ALL FILES F3 to clear files from the RAM of a specific file group (Group 1–15) or from the entire RAM. This message remains until the files either within the file group or all files in RAM are deleted. If you select CLEAR ALL FILES F3, only the application file(s) stored in RAM—not the files stored in flash—are erased. If you erase the main application stored in the RAM file system, the terminal displays DOWNLOAD NEEDED after the VeriFone copyright screen on terminal restart.Note that clearing the RAM does not erase the keyed variable settings stored in protected CONFIG.SYS records—that is, in records that start with an asterisk (*).This message displays when you select FLASH FILES F4, followed by DEFRAG F4 in SYS MODE MENU 2 to perform defragmentation (coalesce) of the flash memory file system. PLEASE WAIT remains displayed during the defragmentation process. On successful completion, the terminal automatically restarts.An application is being downloaded to a receiving Omni 3600 terminal from a host PC, either directly over a serial cable or by telephone. This message also displays on the Target terminal in a back-to-back download. SYS MODE CLEARCLEARING FLASHPLEASE WAITSYS MODE CLEARCLEARING RAMPLEASE WAITSYS MODE DEFRAGRECLAIMING FLASHPLEASE WAITSYS MODE DOWNLOADDOWNLOADING NOW
SYSTEM MESSAGES134 OMNI 3600 REFERENCE MANUALThe terminal displays a series of asterisks (*) to indicate the progress of the download (each asterisk represents 10% of the file is downloaded). When ten asterisks appear, the data transfer is complete.This message displays when you select EDIT F3 in SYS MODE MENU 3 to invoke the keyed file editor to edit files (such as, CONFIG.SYS), as follows:•FILE: Make the appropriate menu selections to select or create a file to edit•KEY: Search for a specific keyed record•VALUE: Add a new value for a selected keyed recordThis information appears when you select ERROR LOG F3 in SYS MODE MENU 4. The following information helps developers interpret the cause of the most recent unrecoverable software error that occurred on the terminal:•TYPE: The error type code. For a description of error types (codes 2–11), refer to Chapter 3.•FRAME: The value of the stack frame.•USP: The value of the user stack pointer.•TCB: The value of the task control block.•TIME: The binary-coded decimal clock time when the last error occurred in yymmddhhmmss format.If you report a system error to VeriFone, you may be asked to provide the information displayed in this screen. For detailed information about the error log function and the terms listed above, please refer to the Verix Operating System Programmer’s Manual.SYS MODE EDIT*KEY KEY F2VALUE F3↑↓←→SYS MODE ERR LOGTYPEFRAMEUSPTCBTIMESYS MODE KBD TESTKEYCODE nn
SYSTEM MESSAGESOMNI 3600 REFERENCE MANUAL 135This message displays when you initiate a local diagnostic test of the terminal keyboard through KEYBOARD DIAG F3 in SYS MODE MENU 5. When invoked, the decimal ASCII keycode of each key you press (test) appears to the right of KEYCODE. For example, pressing the 1 key on the terminal keypad displays the corresponding ASCII keycode, 31. This message displays when you initiate the procedure for modifying existing system mode passwords through PASSWORDS F4 in SYS MODE MENU 3. Additional menu options display to let you change the password of a file group (F2) or the system mode password (F3). This message displays when you select PASSWORDS F4 in SYS MODE MENU 3 to modify the existing system mode password. •NEW: Make the appropriate menu selections to enter the new password.•AGAIN: Repeat the entry to confirm the new password. •PASSWORD CHANGED: Displays when the new password is accepted.In a back-to-back download, the Gold (sending) terminal displays this message when you initiate an upload from the receiving terminal. To stop the upload, press the cancel key on either terminal.When you invoke a local system mode diagnostic test of the magnetic stripe card reader, status information appears for data track (TRK1, TRK2, and TRK3) on a magnetic stripe card. To perform this test, select MAG CARD DIAG F4 in SYS MODE MENU 5 and swipe a magnetic stripe card through the card reader:•NO DATA or VALID DATA: A successful test of the magnetic-stripe card reader displays for each track. Actual data stored on data tracks does not display.•An error condition generates one of the following error messages for each track with an error:SYS MODE PASSWORDFILE GROUP nnGROUP nn PASSWORDSYS MODE PASSWORDNEWAGAINPASSWORD CHANGEDSYS MODE UPLOADUPLOADING NOWTRK1:TRK2:TRK3:
SYSTEM MESSAGES136 OMNI 3600 REFERENCE MANUAL•NO DATA•NO START•NO END•LRC ERR•PARITY ERR•REVERSE ENDPress the cancel key to end the local diagnostic test of the card reader. If you are using the file compression module in DMM, information similar to what is shown above appears when an error occurs during file extraction from a downloaded ZIP archive. Note the error number and error codes (xxxxx and yyyyy) and try to download the archive again.If you are using the file compression module in DMM, information similar to what is shown above appears when a compressed file archive downloaded to the terminal decompresses (unzipped), and the files extracted from the archive. This message displays when the file authentication module detects a new digital certificate, together with the filename of the certificate to authenticate, during a download to the Omni 3600 terminal. If the authentication is successful, Authentic displays; otherwise, Failed displays for five seconds and the terminal beeps three times to draw attention to the filename of the certificate that could not be authenticated.This message remains on screen until all new certificates are checked, one by one. In special cases where system certificates are being installed, System Certificate displays instead of Check Certificate.** UNZIP Error nxxxxxxyyyyyyUNZIP stuff.zipmyprog.outmydata.txt6x8.fon10x14.fon...** VERIFYING FILES **Check Certificate(or System Certificate)filename.crt** Authentic **(or ---Failed---)
SYSTEM MESSAGESOMNI 3600 REFERENCE MANUAL 137The file authentication module detected a new signature file, together with the application file for which the signature file was generated, during a download to the Omni 3600 terminal. If the authentication is successful, Authentic displays; otherwise, Failed appears for five seconds and the terminal beeps three times to draw attention to the filename of the certificate that could not be authenticated.This message remains on screen until all new signature files are checked. New digital certificates are always checked first, followed by new signature files, in an uninterrupted process.** VERIFYING FILES **Compare Signaturemyfile.p7smyfile.out** Authentic ** (or ---Failed---)
SYSTEM MESSAGES138 OMNI 3600 REFERENCE MANUAL
LEARNING PRODUCTS TEMPLATE VERSION 2.1 USER’S GUIDE 139APPENDIX BASCII TableAn ASCII table for the Omni 37xx display is in Figure 43. The table is formatted for quick reference, as follows:•The letters and numbers in the column to the left of the table and in the row above the table are, when combined, the hexadecimal value of an ASCII character located in the corresponding row and column coordinate.•The numbers shown in white on a black background within the table itself are the decimal value of the ASCII character in that table cell. •The large character located in the middle of each cell is the ASCII character.For example, to determine the hexadecimal value of the plus (+) sign:1Locate the plus sign ASCII character in the table (decimal 43).2From this position, follow the row to the left and view the hexadecimal value in the column outside the table. This value (2) is the first character of the ASCII character’s hexadecimal value.3Now, from the plus sign, follow the column to the top of the table and view the hexadecimal value in the row above the table. This value (B) is the second part of the hexadecimal value.
ASCII TABLE140 LEARNING PRODUCTS TEMPLATE VERSION 2.1 USER’S GUIDEFigure 43 ASCII Table for the Learning Products Template Version 2.1 Display
OMNI 3600 REFERENCE MANUAL 141APPENDIX COmni 3600 Base Unit Port PinoutsThe tables in this appendix list pinouts for the Omni 3600 base unit connectors.RS232 PortTelco PortTelset PortConnector Pin Function Description1TXCLK Transmit clock signal2 NC No connection3CD Carrier detect4DTR Data terminal ready5GND Power ground6 /RXD Receive data7/TXD Transmit data8CTS Clear to send9RTS Request to send10 RXCLK Receive clock signal110LOOKING INTOCONNECTORConnector Pin Function Description1NC No connection2NC No connection3Tip Telephone line4Ring Telephone line5NC No connection6NC No connection16LOOKING INTOMOD 6P4CConnector Pin Function Description1NC No connection2NC No connection3Tip Telephone line4Ring Telephone line5NC No connection6NC No connection16LOOKING INTOMOD 6P4C
OMNI 3600 BASE UNIT PORT PINOUTS142 OMNI 3600 REFERENCE MANUALBarrel ConnectorPolarity
OMNI 3600 REFERENCE MANUAL 143GLOSSARYAccess code A code number dialed to gain ac-cess to a telephone line, such as dialing the number 9 to reach an outside line.Application ID An alphanumeric code that identi-fies an application program downloaded to a termi-nal from a download computer. For ZonTalk 2000 application downloads, the application ID is stored in the CONFIG.SYS record which begins with the *ZA key. An Omni 3600 application ID can be up to 21 characters long. For VeriCentre Download Manage-ment Module, the application ID, as well as other CONFIG.SYS variables, may differ from those used for ZonTalk 2000.Application program The ordered set of pro-grammed instructions by which a computer performs an intended task or series of tasks.Application prompt The information shown on the terminal’s display panel when power is applied to the terminal, assuming that an application program has already been downloaded into the terminal’s memory and authenticated by the Omni 3300 file au-thentication module. The application prompt often contains a graphical logo, and date and time, but it can consist of anything the programmer chooses for that purpose.ASCII Abbreviation for American Standard Code for Information Interchange. A 7-bit code (with no parity bit) that provides a total of 128 bit patterns. ASCII codes are widely used for information interchange in data processing and communication systems.Back-to-back application download The pro-cess of copying the contents of one terminal’s appli-cation memory to another terminal’s application memory. A terminal-to-terminal application upload require that the sending and receiving terminal be connected to each other by a serial cable. The same operation as a terminal-to-terminal application up-load.”Bar code Optical binary code imprinted on mer-chandise in retail stores. To support specific applica-tions, an optional bar code reader can be attached to the Omni 3600 to read and process bar codes.Bar code reader A pencil- or wand-shaped optical scanner used to read bar codes. To read the code, you drag the tip of the bar code reader across the length of the bar code, in a left-to-right or right-to-left direction.Base station This unit allows the Omni 3600 ter-minal to obtain land-line connections and perform back-to-back downloads.Baud The number of times per second that a sys-tem, especially a data transmission channel, chang-es state. The state of a system may represent a bit, digit, or symbol. For a POS terminal, the baud rate indicates the number of bits per second that are transmitted or received by the terminal’s serial ports and modem.Bit Short for binary digit. Either of the two digits 0 and 1 in the binary number system. Also, a unit of in-formation equal to one binary decision. The bit is the smallest unit of storage and hence of information in any binary system within a computer. Block A collection of data units such as words, characters, or records (generally more than a single word) that are stored in adjacent physical positions in memory or on a peripheral storage device. A block can therefore be treated as a single unit for reading, writing, and other data communication operations.Boot loader Also called a bootloader or bootstrap loader. A short program, stored in flash EPROM, that allows the terminal to continue operating during an operating system download procedure, until the new operating system is downloaded into terminal mem-ory.Buffer A temporary memory for data, normally used to accommodate the difference in the rate at which two devices can handle data during a transfer.
GLOSSARY144 OMNI 3600 REFERENCE MANUALByte A term developed to indicate a measurable number of consecutive binary digits that are usually operated on as a unit. For the Omni 3600, a byte consists of eight bits. See also Bit.Calendar/clock chip A microchip inside the Omni 3600 terminal which keeps track of the current date and time.Card reader Also called magnetic stripe card read-er. The slot on the right side of the Omni 3600 termi-nal that automatically reads data stored in the magnetic stripe on the back of a specially-encoded card when you swipe the card through the slot.Carrier Usually, an analog signal that is selected to match the characteristics of a particular transmission system. The carrier signal on a phone line is modu-lated with frequency or amplitude variations to allow a terminal to transmit or receive data using a mo-dem. A carrier signal transmits data from a host com-puter to an Omni 3600 terminal over an analog telephone line.Certificate Also called a digital certificate. A digital document or file that attests to the binding of a public key to an individual or entity, and that allows verifica-tion that a specific public key does in fact belong to a specific individual.Character An element of a given character set. Al-so, the smallest unit of information in a record. A let-ter, numeral, or other symbol to express information.CONFIG.SYS file A special keyed file that is stored in terminal memory and which contains sys-tem and application configuration parameters. Each record in a CONFIG.SYS file is identified by an al-phanumeric search key. In the Omni 3600 file sys-tem, there is one password-protected CONFIG.SYS file per file group (Groups 1–15). You can modify CONFIG.SYS records using the keyed file editor. See Keyed file editor.CPU Abbreviation for central processing unit. The principal operating part of a computer system that controls the interpretation and execution of instruc-tions stored in memory.Data Information prepared, often in a particular for-mat, for a specific purpose. Data is to be distin-guished from applications or program instructions. In the Omni 3600 terminal, application files and data files can be stored in RAM or flash memory.Data entry The process of using a keyboard, card reader, or other device to input data directly into a system.Data packet A group of bits of fixed maximum size and well-defined format that is switched and trans-mitted as a composite whole through a packet switching network. Any message that exceeds the maximum size is partitioned and carried as several packets. Data packets are formed by the controller in the sending data terminal and the data is extracted and reassembled by the controller at the receiving end.Dedicated line A leased or private telephone line that is used for a particular communications pur-pose, such as to connect an Omni 3600 base station to a host computer. See Leased line.Default A value, parameter, option, or attribute that is assigned by the program or system when another has not been assigned by the user.Delete To remove a record, field, or item of data.Diagnostics Techniques employed for detection and isolation of malfunctions and errors in programs, systems, and devices. In a diagnostic test, a pro-gram or routine is run to detect failures or potential failures. These tests and routines help detect and isolate problems in a terminal or peripheral device.Dial-up line A standard public telephone line. The switching equipment on a dial-up line requires that a party dial the other party before a connection can be made.Direct download The process of transferring files and/or data from a download computer to a terminal over a serial cable connection and in a local, as op-posed to a remote, system environment.Display The screen on the Omni 3600 terminal that shows numerals, letters, and punctuation symbols in selected fonts, graphics in various formats, informa-tion entered from the keypad, as well as system prompts and messages.
GLOSSARYOMNI 3600 REFERENCE MANUAL 145Docking/Docked The act of placing a Omni 3600 terminal in the docking cradle of a base station. The following can occur when the Omni 3600 terminal is docked:•A telephone line connection can be established to transfer data and files and effect downloads•The smart battery can be recharged (the battery can also be recharged through the terminal)•You can perform back-to-back downloads by connecting to another base station with a docked terminalDownload To transfer files or data from a host computer or sending terminal over a communication link to a receiving terminal.DTMF Dual-tone multi-frequency. The ordinary dial tone on a telephone line.File authentication A process through which one proves and verifies the origin of a file, the identity of the sender, and the integrity of the information it con-tains.Firmware System software, including the operating system, boot loader, default display font, and system messages, stored in terminal flash memory.Fixed prompt A system prompt or message stored as part of system firmware in terminal memory. Fixed prompts appear on the terminal display to alert the user to specific system occurrences or malfunc-tions, and to prompt the user to enter specific infor-mation or select options.Flash memory An area of non-volatile memory where files can be stored. The Omni 3600 also has a RAM-based file system. Files can be stored in RAM (drive I:) or in flash (drive F:) memory area of any file group (Groups 1–15).Host computer Also called a download computer. The primary or controlling computer in a multiple computer operation. Also, a computer—usually a PC running Windows NT or Windows 95 or 98—used to prepare programs for download to POS terminals. Host computers are also used to process transac-tions that originate from a distributed network of POS terminals.Input The process of entering data into a process-ing system or a peripheral device such as a terminal, or the data that is entered.Interface A common boundary between two sys-tems, devices, or programs. Also, to interact.Keyed file character set A limited set of 95 ASCII characters, from 00h to 5Fh (or 0 to 95 deci-mal), that is used by the Omni 3600 keyed file editor. Although an application program can download all 95 characters in this set, you can only enter 50 of these characters from the terminal keypad: 0–9, A–Z, and 14 special characters.Keyed file editor A keyed file editor lets you cre-ate new records or modify existing records stored in a keyed file such as CONFIG.SYS. See CON-FIG.SYS file.Keyed file record ASCII data, or variables, stored in the terminal’s CONFIG.SYS file(s). A keyed file record consist of two parts: a search key that identi-fies the record, and the data or variable stored in the record. See CONFIG.SYS file.Keypad A small keyboard or section of a keyboard containing a smaller number of keys, generally those used in simple calculators. The 16-key core keypad of the Omni 3600 terminal is used to enter data and perform operations.Leased line A private telephone line leased from the phone company. See Dedicated line.Line cord A telephone-type cord with modular plugs on each end to connect the base station to a dial-up telephone line.Local functions Operations performed at the ter-minal only and not in interaction with a host comput-er. For the Omni 3600, local functions such as internal diagnostics are performed in system mode. See Chapter 3.Manual transaction A transaction involving the manual entry of account information from the termi-nal keypad instead of automatic entry of the informa-tion from a reading device, such as a magnetic stripe card reader.
GLOSSARY146 OMNI 3600 REFERENCE MANUALMemory A device or medium that can retain infor-mation for subsequent retrieval. The term is most frequently used to refer to the internal storage of a computer (or a terminal) that can be directly ad-dressed by operating instructions. In the Omni 3600, files can be stored in battery-backed RAM or in non-volatile flash memory.Messages Words and symbols appearing on the display screen which inform the user of the terminal of the result of a process, or if an error has occurred. The term “prompt” is used when the displayed mes-sage is requesting the user to enter information or to select an option.Modem Modulator/demodulator. A device that con-verts a digital bit stream into an analog signal to transmit over an analog communication channel (modulation), and converts incoming analog signals back into digital signals (demodulation). The internal modem in the Omni 3600 base station lets the termi-nal communicate with a host computer over a dial-up telephone line.Non-volatile memory A memory or storage medi-um that retains data in the absence of power so that the data is available when power is restored. For the Omni 3600, application files and data files can be stored in battery-backed RAM or non-volatile flash memory, according to the requirements of the appli-cation. Normal Mode The operating mode for normal transaction processing. The main application (down-loaded and authenticated) starts and displays an ap-plication prompt, indicating that the terminal is in normal mode. In this mode, the terminal is ready to process transactions. See also System Mode.Packet A group of bits of fixed maximum size and well-defined format that is switched and transmitted as a composite whole through a packet switching network. Any message that exceeds the maximum size is partitioned and carried as several packets.Packet-switched networks Networks of com-puters or computing devices in which communica-tion resources are allocated dynamically on a variety of levels to multiple communicating entities. Messag-es between entities are partitioned into segments, or packets, with a fixed maximum size.Parameter A variable that is usually assigned a constant value for a specific subroutine, procedure, or function. Parameters stored in terminal memory or in the CONFIG.SYS file(s), enable a host or down-load computer to identify to terminal configuration.Password A group of characters that identify a user to the system so that they can gain access to the system or part of that system. Passwords are used to ensure the security of computer systems by regulating the amount of access freedom. The pass-word used to enter system mode is called the system mode password. In the Omni 3600 file system, each file group (Groups 1–15) also has its own password.PC Abbreviation for personal computer. Usually, PC refers to an IBM-compatible personal computer.Peripheral device In a computer system, any equipment that provides the processing unit with out-side communication. Typical peripheral devices for a POS terminal include PIN pads, bar code wands, and check readers.Port An opening or connection that provides electri-cal or physical access to a system or circuit. Also, a connection point with associated control circuitry that allows I/O devices to be connected to the internal bus of a microprocessor.POS terminal A terminal used at the point of sale, which is usually at a merchant site where a customer pays for goods or services received. Information concerning the sale can be entered into the terminal and transmitted to a remote host computer for verifi-cation and processing.Power pack A unit for transforming and converting electrical power from one AC voltage level to another AC voltage level, or from AC to DC, for electronic de-vices.Prompt A short message, sent from a process to a user, indicating that the process expects the user to present fresh data. For example, a prompt appears on the terminal display asking the user to enter spe-cific information. See Messages.Protocol An agreement that governs the proce-dures used to exchange information between coop-erating entities. For example, protocols govern the format and timing of messages exchanged between devices in a communication system, such as be-tween a terminal and a host computer.
GLOSSARYOMNI 3600 REFERENCE MANUAL 147PTID Permanent terminal ID. An optional identifier that can be permanently assigned to a VeriFone ter-minal at the factory, upon customer request. The PTID has two parts: a 2-digit manufacturer ID (12 for VeriFone) and a unique 8-digit terminal ID. If no PTID is assigned, the default PTID value is 1200000000.Pulse dialing A method of telephone dialing that specifies a phone number by the number of electrical pulses sent.RAM Random-access memory. The type of memo-ry in which storage locations are addressable and can therefore be accessed in any order. In the Omni 3600 terminal, the RAM (or SRAM) is com-monly used to store applications and temporary data generated during a transaction. The RAM is battery-backed, meaning that if power is turned off, data stored in this area of volatile memory is not lost. Application files and data can also be stored in the non-volatile flash memory system. By default, files downloaded to the terminal are stored in the RAM of the target file group(s). The RAM file sys-tem is called drive I:. See Flash memory.Remote host computer A host computer con-nected to a Omni 3600 base station over a dial-up telephone line to download files or data, or to pro-cess transactions. The opposite of remote is local.RS232 Also RS-232C. A widely used standard in-terface that covers the electrical connection between data communication equipment, such as a modem, and data terminal equipment, such as a microcom-puter or computer terminal. The RS232 interface standard was developed by the EIA (Electronic In-dustries Association) and is essentially equivalent to the CCITT’s V.24 interface.Scroll To move all or part of the information dis-played on a screen up or down, left or right, to allow new information to appear. For the Omni 3600, text that does not fit entirely within the display area can be scrolled to the left or right using the pound (#) and asterisk (*) keys.Search key Also called key. In the Omni 3600, a short character string used by an application to iden-tify a keyed file record stored in CONFIG.SYS file(s). For example, *ZA or *OT. A keyed file record consist of two parts: a search key to identify the record, and the variable data stored in the record. See also Keyed file record and CONFIG.SYS file.Serial port A connection point through which digi-tal information is transferred one digital bit at a time. Same as serial interface. The Omni 3600 base sta-tion has one serial port, labeled RS232. The main serial port on a download computer is usually as-signed the device ID, COM1.Signature file A digital file with the filename exten-sion *.p7s generated in an industry-standard format by the file signing tool, FILESIGN.EXE. The output of the file signing tool is a signature file in an industry-standard format. SRAM See RAM.Subroutine A software routine that can be part of another routine. When a main routine calls a subrou-tine, program control is transferred to the subroutine. When the subroutine is completed, control reverts to the instruction in the main routine immediately fol-lowing the subroutine call.Swipe The action of sliding a magnetic stripe card through a terminal card reader. The Omni 3600 card reader has a bi-directional swipe direction. The user must hold the card so that the magnetic stripe is fac-es down and towards the printer.System Mode For the Omni 3600, system mode temporarily disables normal mode operations, allow-ing you to perform local functions such as down-loads, diagnostics, and other operations that cannot be performed while the application program is run-ning.At startup, the terminal displays a copyright notice screen that shows the version of Omni 3600 system firmware stored in terminal flash memory, the date it was loaded into the terminal, and the copyright no-tice. This screen appears for three seconds. To enter system mode, simultaneously press the F2 and F4 keys during this three-second period. Pressing any other key(s) during that period resets the copyright notice screen to display an additional three seconds.See also Local functions and Normal Mode.
GLOSSARY148 OMNI 3600 REFERENCE MANUALSystem mode password A unique set of charac-ters entered by the user to access the system mode local functions of the terminal. A default password is supplied with each terminal. For the Omni 3600 ter-minal, the default system password set at manufac-ture is: Z66831. To prevent unauthorized access, change the default password to a confidential password on terminal de-ployment. Store the new password in a safe place, as it is impossible to restore the terminal default password without sending the unit to VeriFone for service.Telephone download The process of transferring an application program and/or data from a remote host or download computer to a terminal over a tele-phone line.Telephone jack Also, telephone line wall jack. In-sert a modular connector into a telephone jack or re-ceptacle. Also, modular-type sockets for connecting telephone line cords. The Omni 3600 base station has two RJ45-type telephone jacks on the back pan-el: The TELSET jack is used for pass-through con-nections; the TELCO jack is used for a direct connection to a telephone line wall jack.Telephone line The standard telephone wiring connecting your phone or terminal to a local or pri-vate telephone company.Terminal Any device capable of sending and re-ceiving data over a data link, such as a telephone line or a RS-232 cable. Some terminals, such as the Omni 3600, can print receipts and display informa-tion and graphics on a screen.Terminal ID An alphanumeric code that identifies a terminal to a download computer. In this way, the download computer can determine what data or ap-plication programs to download to that terminal. For ZonTalk 2000 downloads, the Omni 3600 terminal ID is stored in the *ZT record in the CONFIG.SYS file. This variable should not exceed 10 characters in length. Not the same as PTIDTerminal-to-terminal application upload The process of copying the application memory contents of one terminal to the application memory of another terminal. A terminal-to-terminal application upload requires that the base stations of the sending and re-ceiving terminals be connected to each other by a serial cable. See also Back-to-back application download.Tone dialing Also called touch-tone dialing. A method of telephone dialing that uses different pitched tones to specify a phone number. See also DTMF.Track 1, 2, or 3 data Information stored on tracks 1, 2, or 3 of a debit or credit card magnetic stripe, which can be read by a magnetic card reader device, such as the one that is integrated in the Omni 3600 terminal.Transaction An exchange of data resulting in a transfer of goods, services, value, and/or information between two parties. Variable A string of characters that denotes some value stored within the computer and that can be changed during execution. A variable may be inter-nal to a program, in which case it is held in memory, or external if the program must perform an input op-eration to read its value. See Parameter.Volatile memory A type of memory where the contents are destroyed if the power supply to the memory is interrupted. When volatile memory, such as SRAM, is used for crucial applications, it is often back up by battery-supplied power. Compare with Non-volatile memory.Wireless The Omni 3600 terminal a continuous, virtual link through a radio connection to upload transaction data files to and download applications and OS updates from your merchant business pro-cessor. This connection is stand-alone, not requiring unit docking. See Docking/Docked.
OMNI 3600 REFERENCE MANUAL 149INDEXAaccessories 126cables 126documentation 127ordering 126power packs 126telco cable 126thermal printer paper 127VeriFone cleaning kit 127ALPHA key 33antenna 21installation 21orientation 21replacement 22application debugging 52application partition certificate 98ASCII table 139Bbackspace key 33back-to-back downloads 57, 58file authentication 74redirect files during 68batteryextend battery life 14battery status 56Ccablesordering 126cancel key 33cancel tone 14certificate tree 107certificatesadd new certificates 109application partition certificate 98certificate tree 107default signer certificate 108development certificates 107download sponsor and signer certificates 109hierarchical relationships 98, 107platform root certificate 98signer certificate 99sponsor certificate 98certificates and signature files 69check readers 30clear all flash files 46clear RAM 46clock 44CONFIG.SYS file 60and file groups 63CONFIG.SYS files 52credit/debit card transactions 20Ddata entry modesnormal mode 32system mode 32date and time 44determine last reset 49DDL.EXE 59debugging 53debugging applications 52default signer certificate 108defragment flash 46defragment flash memory 44development certificates 107diagnostics 54, 119digital certificates 107direct connection 28displayASCII table 139troubleshooting 120display contrast 43display panel test 54documentation 126ordering 127downloadsapplications and related files 59back-to-back 57application downloadshardware checklist 91software checklist 91cable connection 80set up environment 78using MOD10 adapters 80back-to-back application 58by telephone 58, 88hardware checklist 88software checklist 88
INDEXE150 OMNI 3600 REFERENCE MANUALcertificates 109definition 57, 145differences 62direct 58, 80, 81cable connections 78, 79checklist 81hardware checklist 80operating system downloads 85hardware checklist 85software checklist 85software checklist 80with MOD10 adapter 79direct download utility (DDL) 59download types 60effect on existing files and data 76file authentication and back-to-back application downloads 74file authentication and downloading a new oper-ating system 73file authentication and downloading applica-tions to specific file groups 72file authentication and optimizing available memory space 75file authentication and timing considerations 75file authentication procedure for 70file authentication process 59file authentication requirements 69certificates and signature files 69file compression 76file groups 45file system 62full and partial downloads 60full application 60full operating system 61full OS 85host PC 57MOD10 adapter 58, 77operating system files 59OS files and file authentication 73partial 85partial application 60partial operating system 61redirecting files during 64redirecting files to flash memory 65redirecting files to other file groups 66redirection of files during downloads 64back-to-back downloads 68how operating system files are redirected 68using DDL.EXE to automatically redirect files67restrictions on redirecting files to other file groups 66rules for the file system 63select port 45select type 45set up the download environment 77set up the download environment for application or OS downloads by telephone 77setting up the download environment 77store the main application in File Group 1 63support for multiple applications 62physical and logical access to file groups 63telephone 80terminal configuration settings 59tools 58types of download operations 57use of RAM and flash memory 63defragmenting the flash 64implications for data transfers 63wireless 57, 58Eenter key 35error log 52, 53Ffile authentication 69*GO variable executes application following authentication 106and downloads 70authenticating files in specific file groups 112back-to-back downloads 74certificate file size 114certificates 98, 107add new certificates 109application partition certificate 98certificate tree 107default signer certificate 108development certificates 107download sponsor and signer certificates109hierarchical relationships 98, 107platform root certificate 98signer certificate 99sponsor certificate 98confirm successful authentication 106deployment process 102development process 99digital signature 98downloading OS files and 73failed authentication 106file signing 114file signing operating system files 114files used 98
INDEXGOMNI 3600 REFERENCE MANUAL 151FILESIGN.EXE 114command-line mode 115graphical interface mode 115switches for command-line entries 116syntax 117system requirements 114guidelines for downloading specific file types 114keys 98private cryptographic key 98public cryptographic key 107non-executable application files 105pre-deployment process 101relationship to file groups 111signature file size 114VeriFone Certificate Authority 97VeriShield security architecture 97file group password 39file groups 38, 62file authentication and 111keyed records 49password 39, 45, 51passwords 46store main application in Group 1 63file system 62filesCONFIG.SYS 52keyed 52placing in terminal directories 64FILESIGN.EXE 114flash 45clear all files 46defragment 46display memory used 48flash memory 63defragment 44downloads to 44full application download 60full download 45full OS download 85function keys 31, 33GGIDs 62, 63Iinstall terminal power pack 11installationantenna 21direct connection 28MSAM cards 16optional device(s) 29paper roll 14pass-through connection 29peripherals 30power connection (base unit) 26printer test 16terminal location 7unpack the shipping carton 8using the smart card reader 20integrated PIN pad 49diagnostic 55key loading mode 55Kkey value 50, 52keyboard test 54keyed files 52keyed records 49keypadtroubleshooting 122keypad description 32keys 31, 33ALPHA 33backspace 33cancel 33cancel/off 14enter 35enter/on 14public cryptographic key 107Llocation recommendations 7Mmagnetic card reader 20magnetic card reader test 54maintenancereturning a terminal 123memory spaceoptimization 75MOD10 adapter 58, 77installation 77modem country code 49MSAM cards 16cardholders 17installation 16multiple applicationssupport for 62
INDEXN152 OMNI 3600 REFERENCE MANUALNnon-protected records 52Ooperating system downloads 61optimize memory space 75optional devices, connecting 29Ppaper rollinstalling 14partial application downloads 60partial download 45partial OS download 85pass-through connection 29password 38, 39passwords 39file group 46, 51manufacturer’s default 48peripherals 29cables 126check readers 30installation 30printers 30PF keys 31, 35PIN pad 49platform root certificate 98Port pinouts 141portsdownloads and 45peripheral devices 29power 11Tel co 28telephone line 28Tel set 28power pack 126ordering 126terminal connection 11power port 11, 26printerdisplay information on 55install paper 14out-of-paper indicator 14paper roll 14paper storage 14power-on test 16test in system mode 16troubleshooting 120printer paperordering 127private cryptographic key 98programmable function keys 35protected records 52public cryptographic key 107RRAM 45, 63clear 46display memory used 48remote diagnostics 119reset date and time 49restart the terminal 44SSecureKit 55servicereturning a terminal 123signature file 114signer certificate 99SIM cardinstallation 18smart battery 14smart battery status 56smart cardtransactions 20smart card reader 20sponsor certificate 98system messages 119system mode 37CONFIG.SYS 52debugging applications in 53diagnostics in 54display memory used 48display panel test 54download port selection 45download type 45entering 42error log display 53file group password 46file groups 38, 45integrated PIN pad 49IPP test 55keyboard test 54local and remote operations 37mag card reader test 54menu 1 43menu 2 44menu 3 47menu 4 52menu 5 54menu 6 55
INDEXTOMNI 3600 REFERENCE MANUAL 153menu 7 56menus 40password 51procedures 41RAM 46restart the terminal 44terminal downloads 45tests 54system mode operationsprotected and non-protected records 52system password 39Ttelco cable, ordering 126Telco port 28telephone connectionsdirect 28telephone downloads 80, 88telephone line connectionspass-through 29telephone line cord, see telco cable. 126Telset port 28terminalaccessories 126ASCII table for display 139clock 44configuration information 48data entry modes 32documentation 126downloads 45file editor 52keys 31life of 49number of resets 49password 38, 39repair 123replacement 123restart 44service and support 123specifications 125troubleshooting 120turn off 14turn on 14verify status 38terminal features 10optional peripheral ports 29Telco port 28Telset port 28testsdisplay panel 54integrated PIN pad 55keyboard 54magnetic card reader 54time 44timing considerations and downloads 75troubleshootingdisplay 120keypad 122printer 120remote diagnostics 119serial port connection 121system messages 119transactions 121Uupload 57Vvariables 60VeriCentre Download Management Module (DMM) 52, 58VeriFone Certificate Authority 97VeriShield 97Wwireless downloads 58wireless transactions 20ZZonTalk 2000 52, 59
Omni 3600Reference ManualPart Number 22379, Revision AVeriFone, Inc.2455 Augustine DriveSanta Clara CA 95054-3002Tel: 800-VeriFone (837-4366)www.verifone.comVERIXOPERATINGENVIRONMENTSOFTPAYE-PAYMENTAPPLICATIONVERIXDEVELOPMENTTOOLSDEVELOPERTOOLKITVERISHIELDSECURITYARCHITECTUREOMNI 33XXMULTI-APPLICATIONAPPLIANCESVERICENTREAPPLIANCEMANAGEMENTSUITERADIO MODEMOMNI 3600APPLIANCESHAND-HELD OMNI 37XXHAND-OVER-COUNTERMULTI-APPLICATIONAPPLIANCES

Navigation menu