Specifications

ManualsBrandsVeriFone ManualsGadgetsOmni 3740

100

PERFORMING DOWNLOADS

Omni 37xx Download Differences

94 OMNI 37XX REFERENCE MANUAL

not halt the process if a signature file fails to authenticate, but continues to the

next step: storing the downloaded files in their final locations in the terminal file

system.

6 Certificate files and signature files are retained in the RAM file system until the

file authentication process is complete. These special files are then either

deleted or automatically redirected to another file system or file group, as

previously described.

When an application file is authenticated, the operating system sets the file’s

read-only attribute to protect it from being modified while stored in terminal

memory. This is also true for a signature file retained in terminal memory.

When a signature file is assigned the read-only attribute, it is no longer

detected as a new signature file by the file authentication module on terminal

restart.

7 When all certificates and signature files are processed and special files

deleted or redirected as required, the terminal restarts and the *GO

application executes.

File Group Permissions

Now, consider how file authentication controls

who

(which business entity) can

store application files in which file groups in the Omni 37xx file system.

By inserting zero-length SETDRIVE.x and SETGROUP.n files into a download

list, you can specify which drive (

= I: RAM or F: flash) and which group (

= 1–

15) to store an application file. In addition to this file redirection protocol, the file

authentication module controls which files are allowed, under the authority of the

signer certificate used to sign them, to be stored in which file groups in the

Omni 37xx file system.

For example, if the terminal owner specifies that a

loyalty

application in be stored

GID2, the information is encoded in the sponsor and signer certificates issued by

the VeriFone CA for that terminal.

Chapter 5 discussed how signer certificates are required inputs to FILESIGN.EXE

when preparing a deployment terminal. Each signature file generated under that

signer certificate contains a logical link that allows the application to authenticate

and run on the terminal

only

if the signature files and corresponding target files

are downloaded into the target GID.

Although you

can

store files in any file group simply by selecting the target group

in system mode, the files you download are not authenticated for the target group

you selected unless they are properly signed under the authority of the sponsor

and signer certificates issued for that terminal.