Specifications

PERFORMING DOWNLOADS

Omni 37xx Download Differences

MNI 37XX REFERENCE MANUAL 91

• A signature file must be downloaded together with each executable that

makes up an application. An executable can be a compiled and linked object

file (*.out) or a shared function library (*.lib).

In most cases, an application consists of multiple executables and requires a

number of corresponding signature files.

• In a typical batch application download, all files, including executables,

signature files, and any required certificates, download together in the same

operation.

• After the download is complete and the terminal restarts, the file

authentication module is invoked if a new signature file (or certificate) is

detected. If the application (executable) is authenticated, it is allowed to run on

the terminal. Otherwise, it does not execute.

• If one executable file is required by an application that consists of multiple

executables fails to authenticate, the main application may crash when it

attempts to access the non-authenticated executable.

• Application files other than executables (for example, font and data files) may

also require logical security under file authentication. In these cases, each

protected non-executable file also requires a corresponding signature file.

• Digital certificates (*.crt) and signature files (*.p7s) required to authenticate

both application files and operating system files must always be downloaded

into RAM of the target file group.

• Certificate files are deleted from application memory after they are

authenticated. If a certificate is not authenticated, it is retained in the terminal

memory.

• If the *FA variable in the CONFIG.SYS file of the target group is set to 1,

signature files are redirected to the same location where the application file it

authenticates is stored. If *FA is 0, signature files are deleted from RAM when

the file authentication process is complete.

The File Authentication Process During an Application Download

In the following example of a typical file authentication process, it is assumed that

we:

• are downloading an application to prepare an Omni 37xx deployment terminal

for deployment. That is, a sponsor certificate and a signer certificate download

in batch mode to GID1 RAM of the receiving terminal, together with the

application to authenticate.

• generated a signature file for each executable that comprises the application

on the download computer using FILESIGN.EXE, with the signer certificate,

signer private key, and signer password as required inputs. These signature

files are also downloaded to the receiving terminal.

In a typical batch application download, file authentication proceeds as follows: