Specifications

ManualsBrandsVeriFone ManualsGadgetsOmni 3740

FILE AUTHENTICATION

Introduction to File Authentication

MNI 37XX REFERENCE MANUAL 69

Replace a Sponsor Certificate

A sponsor may need to clear the current sponsor certificate from a terminal so that

a new sponsor can load certificates and applications. To do this, the original

sponsor must order a “clear” smart card from the VeriFone CA. The clear smart

card is specific to the requesting sponsor. It restores a deployment terminal to the

development state (refer to Figure 18) by:

• Deleting the current sponsor and signer certificates from the terminal’s

application partition.

• Restoring the default certificate to the terminal’s application partition.

Table 16 Differences Between Required Inputs

Development Terminals Deployment Terminals

Manufacturing inputs to the file signing

process are included, together with the file

signing tool, FILESIGN.EXE, in the

Omni 37xx SDK. These inputs make it

possible for anyone who has the Omni 37xx

SDK to sign and authenticate files.

The required inputs to FILESIGN.EXE must be obtained from the

VeriFone CA to logically secure the sponsor and signer privileges

for the terminal.

The following two factory inputs are required

for the file signing process, in addition to the

application files you want to sign and

authenticate:

• Default signer certificate, with the

filename K2SIGN.CRT

• Default signer private key, with the

filename K2SIGN.KEY

The following three unique inputs, which are issued at customer

request by the VeriFone CA, are required for the file signing

process, as well as the application files you want to sign and

authenticate:

• Customer signer certificate: This unique certificate is a

required input for FILESIGN.EXE and must be downloaded to

the terminal along with the signature files and target application

files to authenticate, unless already downloaded to the terminal

in a previous operation.

• Customer signer private key: The VeriFone CA issues this

unique, encrypted private key file (*.key) to an authorized signer

at the sponsor’s request. The signer private key is a required

input to FILESIGN.EXE, but does not have to be downloaded to

the terminal.

• Customer signer PIN: The VeriFone CA issues this unique

password to an authorized signer at the sponsor’s request. The

customer signer password is a required input to FILESIGN.EXE,

but it does not have to be downloaded to the terminal.

Note: A default signer password is not a

required entry when using

FILESIGN.EXE to sign files for an

Omni 37xx development terminal.

Note: The customer sponsor certificate, which authenticates the

customer signer certificate, is usually downloaded to the

terminal with the customer signer certificate, but it is not a

required FILESIGN.EXE input when signing files to be

downloaded to, and authenticated on, a deployment

terminal.

NOTE

The process for replacing a signer certificate is the same as for replacing a

sponsor certificate.