VX 520 Reference Guide VeriFone Part Number DOC252-004-EN-B, Revision B
VX 520 Reference Guide © 2011 VeriFone, Inc. All rights reserved. No part of the contents of this document may be reproduced or transmitted in any form without the written permission of VeriFone, Inc. The information contained in this document is subject to change without notice. Although VeriFone has attempted to ensure the accuracy of the contents of this document, this document may include errors or omissions.
CONTENTS P R EF AC E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Conventions and Acronyms . . . . . . . . . . . . . . . .
C ONTENTS C H AP T ER 4 Verix Terminal When to Use Verix Terminal Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Manager Local and Remote Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Verifying Terminal Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Entering Verix Terminal Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . File Groups . . . . . . . . . . . . . . .
C ONTENTS File Group Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Download an Operating System Update Provided by VeriFone . . . . . . . . . File Authentication for Back-to-Back Application Downloads . . . . . . . . . . . Timing Considerations Due to the Authentication Process. . . . . . . . . . . . . Optimize Available Memory Space for Successful Downloads. . . . . . . . . . Support for File Compression . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
C ONTENTS C H AP T ER 9 VeriFone Service Return a Terminal for Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 and Support Accessories and Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 Power Pack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Thermal Printer Paper. . . .
PREFACE This guide is your primary source of information for setting up and installing the VX 520 series of terminals. Audience Organization This document has two primary audiences, but is useful for anyone installing and configuring the VX 520 terminal: • Deployment Administrators who prepare multiple units for deployment to their customers, configuring the units with applications, network configurations, phone numbers, and security.
P REFACE Related Documentation Chapter 10, Troubleshooting Guidelines. Provides troubleshooting guidelines, should you encounter a problem in terminal installation and configuration. This guide also contains appendices for System Messages, Port Pinouts, ASCII Table, Keypress Scan Codes, and Glossary.
P REFACE Conventions and Acronyms Table 1 Document Conventions Convention CAUTION WARNING The caution symbol indicates possible hardware or software failure, or loss of data. The terminal is not waterproof or dust proof, and is intended for indoor use only. The lighting symbol is used as a warning when bodily injury might occur. Due to risk of shock do not use the terminal near water.
P REFACE Conventions and Acronyms Acronym Definitions Various acronyms are used in place of the full definition. Table 2 presents acronyms and their definitions.
CHAPTER 1 Terminal Overview This chapter provides a brief description of the VX 520 terminal: • The VX 520 is a high performance countertop terminal with enhanced communication options. • The VX 520 offers several communication options, enhanced display, increased processing power, expanded memory, and two USB peripheral ports. The VX 520 terminal uses a robust, sleek, and highly functional design. NOTE VeriFone ships variants of the VX 520 terminals for different markets.
TERMINAL O VERVIEW Features and Benefits Features and Benefits VX 520 terminals provide the right combination of features and functions. This includes a triple-track magnetic-stripe card reader, landed smart card reader, integrated PIN pad, a quiet internal thermal printer (ITP). The VX 520 GPRS is a portable, line- or battery-powered device with added GPRS wireless technology.
TERMINAL O VERVIEW Features and Benefits Countertop • Performance in a Handover Design • The 32-bit processing and multi-tasking capabilities ensures fast processing of payment, payment-related, and value-added applications. Exceptional display and printer graphics-handling capabilities that quickly render logos, graphical fonts, and character-based languages. • The VX 520 series of terminals ensures uncompromising reliability from VeriFone, the worldwide leader in e-payment.
TERMINAL O VERVIEW Features and Benefits 14 VX 520 REFERENCE GUIDE
CHAPTER 2 Terminal Setup This chapter describes the terminal setup procedure.
TERMINAL S ETUP Unpacking the Shipping Carton • CAUTION The terminal is not waterproof or dustproof, and is intended for indoor use only. Any damage to the unit from exposure to rain or dust may void any warranty. Electrical • Considerations • • Unpacking the Shipping Carton Do not use the terminal outdoors. Avoid using this product during electrical storms.
TERMINAL S ETUP Examining Terminal Features Examining Terminal Features Before you continue the installation process, notice the features of the VX 520 terminal (see Figure 2).
TERMINAL S ETUP Examining Terminal Features NOTE • A magnetic card reader, built into the right side. The icon at the right shows the proper swipe direction, with the stripe down and facing inward, toward the keypad. • The VeriFone logo blue indicator LED indicates power is ON. • An internal thermal printer. • A smart card reader, built into the front of the terminal. The icon indicates the proper card position and insertion direction.
TERMINAL S ETUP Examining Terminal Features Figure 4 and Figure 5 show the connection ports for the VX 520 terminal. POWER PORT RS-232 SERIAL PORT 23 RJ-11 TELEPHONE PORT %4( Figure 4 VX 520 Power and Connection Ports %4( HOST USB PORT ETHERNET PORT 23 CLIENT USB PORT Figure 5 Additional VX 520 Connection Ports WARNING Do not connect the terminal to the power supply until all the peripherals are attached.
TERMINAL S ETUP Examining Terminal Features To use the The connection ports offer multiple connectivity for the VX 520 terminal. Please connection ports refer to the following list of peripheral devices for the connectivity options.
TERMINAL S ETUP Installing the Smart Battery (VX 520 GPRS Only) Installing the Smart Battery (VX 520 GPRS Only) The smart battery fits in a slot on the back of the VX 520 GPRS terminal. The locking tab clicks when the battery is in place. The slot is keyed, so that there is only one way to insert the battery. Figure 6 Installing the Smart Battery Removal To remove the VX 520 GPRS smart battery, press the locking tab and pull the smart battery from its slot.
TERMINAL S ETUP Establishing Telephone Line Connections Establishing Telephone Line Connections Connect the telephone cord to the communication port on the terminal, then route it directly to a telephone wall jack (see Figure 8). This is a direct connection and the line is dedicated to the terminal. RJ-11 23 %4 ( Figure 8 WARNING 22 VX 520 REFERENCE GUIDE VX 520 Direct Telephone Connection To reduce the risk of fire, use only No.
TERMINAL S ETUP Installing the Paper Roll in the Printer Installing the Paper Roll in the Printer A fast, quiet thermal printer is built into the VX 520 terminal. Before you can process transactions that require a receipt or record, you must install a roll of thermal-sensitive paper in the printer. The VX 520 uses a roll of single-ply, thermal-sensitive paper for either the 38 mmor the 49 mm-diameter version. NOTE VeriFone ships variants of the VX 520 terminal for different markets.
TERMINAL S ETUP Installing the Paper Roll in the Printer 5 Drop the paper roll into the printer tray. Figure 10 Loading Paper Roll 6 Pull paper up past the glue residue. 7 Close the paper roll cover by gently pressing directly on the cover until it clicks shut, allowing a small amount of paper past the glue residue to extend outside the printer door. (see Figure 11). CAUTION To prevent the paper roll cover from damaging the print roller, always gently press down on the printer dust cover to close it.
TERMINAL S ETUP Installing/Replacing MSAM Cards 8 Tear the paper off against the serrated metal strip in the printer. NOTE For paper ordering information, refer to Accessories and Documentation. Installing/ Replacing MSAM Cards When you first receive your VX 520 terminal, you may need to install one or more MSAM cards or you may need to replace old cards. CAUTION Observe standard precautions when handling electrostatically sensitive devices. Electrostatic discharges can damage this equipment.
TERMINAL S ETUP Installing/Replacing MSAM Cards 4 Hold the MSAM cardholder panel, grasp firmly and pull upward to expose the MSAM slots. ( %4 23 Figure 13 Removing MSAM Cover 4 Remove any previously installed MSAM card by sliding the card from the MSAM cardholder. 5 Install an MSAM card by carefully sliding it into the slot until it is fully inserted.
TERMINAL S ETUP Installing/Replacing SIM Card (VX 520 GPRS Only) Installing/ The VX 520 GPRS terminal supports the installation of a SIM (Subscriber Identity Replacing SIM Module) card. Use the following procedure to replace or install a SIM card. Card (VX 520 1 Place the terminal upside down on a soft, clean surface to protect the display GPRS Only) from scratches. 2 Remove the battery. Figure 15 Removing the Smart Battery 3 After removing the battery, you will see the SIM compartment.
TERMINAL S ETUP Connecting Optional Devices Optional Device The VX 520 terminal has a port that can operate either as a PIN Pad port or an Connections RS-232 port, depending on the power source available. Connecting the PIN Pad or Smart Card Reader to the VX 520 Use the following procedures to connect a PIN Pad or smart card reader. NOTE When the VX 520 terminal is powered via the corded power supply, the terminal provides 4.0 A at 9.3V DC. This power will drive most VeriFone accessories.
TERMINAL S ETUP Connecting Optional Devices Figure 18 provides an example of a peripheral connection to the USB port. %4 ( ECRs require a separate power source. Before connecting a check reader or similar device, remove the power cord from and ensure that the indicator LED is not lit.
TERMINAL S ETUP Connecting the Terminal Power Pack Connecting the Terminal Power Pack CAUTION When you have finished connecting optional peripheral(s), you are ready to connect the VX 520 terminal to the provided power source. Using an incorrectly rated power supply may damage the terminal or cause it not to work as specified. Before troubleshooting, ensure that the power supply being used to power the terminal matches the requirements specified on the bottom of the terminal.
TERMINAL S ETUP Charging the Smart Battery (VX 520 GPRS Only) 7 Plug the AC power cord into a wall outlet or powered surge protector. WARNING Do not plug the power pack into an outdoor outlet or operate the terminal outdoors. Disconnecting the power during a transaction may cause transaction data files not yet stored in terminal memory to be lost. To protect against possible damage caused by lightning strikes and electrical surges, consider installing a power surge protector.
TERMINAL S ETUP Privacy Shield (Optional) Privacy Shield (Optional) The privacy shield protects the customers’ PIN entry from being seen by the cashier or other customers. The illustration shows an example of a VX 520 with the optional privacy shield. Figure 20 NOTE Using the Smart Card Reader VX 520 Optional Privacy Shield Merchants who install the terminal without the privacy shield must ensure the cardholder’s privacy when entering his PIN by positioning the terminal away from open view.
TERMINAL S ETUP Using the Magnetic Card Reader 3 Remove the card only when the application indicates the transaction is complete. Figure 21 CAUTION Using the Magnetic Card Reader Inserting a Smart Card Leave the smart card in the card reader until the transaction is complete. Premature card removal will invalidate the transaction. The VX 520 terminal supports credit or debit card transactions.
TERMINAL S ETUP Using the Magnetic Card Reader 34 VX 520 REFERENCE GUIDE
CHAPTER 3 Using the Terminal Keys Before proceeding to other tasks, familiarize yourself with the operational features of the VX 520 terminal keypad to enter data. This section describes how to use the keypad, which consists of a 12-key Telcostyle keypad, three color-coded keys below the keypad, the ALPHA key above the keypad, four ATM-style function keys (F1, F2, F3, and F4) to the right of the display (Figure 23), and four programmable function (PF) keys directly above the keypad.
U SING THE TERMINAL K EYS Data Entry Modes Data Entry Modes Before you can use the keys on the front panel to enter ASCII characters, the VX 520 terminal must be in a mode that accepts keyed data entry. There are two terminal operating modes, each enables you to press keys to enter data under specific circumstances: • Normal mode: This is the terminal operating mode where an application program is present in SRAM and currently running.
U SING THE TERMINAL K EYS Keypad Functions Keypad Functions NOTE The keypad is a 13-key arrangement, consisting of a 12-key Telco-style keypad and the ALPHA key (Figure 23). The terminal manager functions described in the Entering Verix Terminal Manager section requires you to enter numbers, letters, or symbols using the keypad. Using the keypad, you can enter up to 50 ASCII characters, including the letters A–Z, the numerals 0–9, and the following 20 special characters: (*), (,), (‘), (“), (-), (.
U SING THE TERMINAL K EYS Keypad Functions Use the ALPHA key to enter up to 50 different ASCII characters through the following procedure: 1 Press the key on the 12-key keypad that shows the desired letter or symbol (for example, press 2 to type 2, A, B, or C). The number (1–9 or 0) or the symbol (* or #) pressed now displays. 2 Press ALPHA once to display the first letter. Continuing our example, press the 2 key, then ALPHA to display the letter A.
U SING THE TERMINAL K EYS Keypad Functions Table 4 lists all the ASCII characters you can type using the ALPHA key and the Telco keypad. Table 4 Using ALPHA and the 12-Key Keypad Key to Press Without Pressing ALPHA Press ALPHA One Time Press ALPHA Two Times Press ALPHA Three Times 1 QZ. 1 Q Z .
U SING THE TERMINAL K EYS Programmable Function (PF) Key Descriptions Programmable Function (PF) Key Descriptions NOTE The row of four PF keys directly above the keypad (Figure 23) from left-to-right are referred to as PF1, PF2, PF3, and PF4. These keys can be assigned application-specific functions. Because such functions are often unique and can vary greatly between applications, they are not discussed in this manual.
CHAPTER 4 Verix Terminal Manager This chapter describes a category of terminal functions called terminal manager operations. • Press F2 and F4 at the same time and enter the password to invoke Verix Terminal Manager. See Entering Verix Terminal Manager. • Assign files and applications to groups for access control. See File Groups. • Use the system and file group passwords to secure applications and information on the terminal. See Passwords.
VERIX TERMINAL M ANAGER Local and Remote Operations Local and The terminal manager operations available on a VX 520 terminal can be divided Remote into the following two categories or types: Operations • Local operations address a stand-alone terminal and do not require communication or data transfers between the terminal and another terminal or computer. Perform local terminal manager operations to configure, test, and display information about the terminal.
VERIX TERMINAL M ANAGER Entering Verix Terminal Manager Entering Verix Terminal Manager To prevent unauthorized use of the Verix Terminal Manager menus, the VX 520 terminal OS requires a system password each time you enter terminal manager. To access the Verix Terminal Manager password entry screen, simultaneously press the F2 and the F4 keys.The default, factory-set system password is “1, Alpha, Alpha, 66831.
VERIX TERMINAL M ANAGER Passwords Passwords Handle passwords as you would PC passwords. System Password When you key in the system password to enter terminal manager, an asterisk (*) appears for each character you type. These asterisks prevent your password from being seen by an unauthorized person. You can use the ALPHA key to change the characters or symbols you enter. This does not cause additional asterisks to appear. NOTE Some application program downloads automatically reset the system password.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 5 Verix Terminal Manager Menus VERIX TERMINAL MGR 1> Clock 2> Contrast 3> Change Passwords 4> IPP Key Load ↑ Figure 26 ↑ ↓ Menu 3 To return to a previous menu, press the PF1 key (the leftmost key above the keypad). To go to the next menu, press the PF2 key. To return to the main terminal manager menu and cancel any changes, press the cancel key.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 6 Procedural Description Example Display Action Submenu Row Screens displayed on submenu selection Action required The Display column in Table 6 indicates what appears on the terminal display screen at each step of the procedure. Please note the following conventions used in this column: • If a prompt or message appears on the screen exactly as it is described, it is shown in Arial bold font and ALL CAPS. For example, DOWNLOAD NEEDED.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Enter and Exit Verix To enter terminal manager after you have turned on the VX 520 terminal, follow Terminal Manager the procedure described in Table 7. NOTE On successful completion, some operations automatically exit terminal manager and restart the terminal. Other operations require that you exit terminal manager and restart the terminal. To manually exit terminal manager, select 1> RESTART in VERIX TERMINAL MGR.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 7 Enter Verix Terminal Manager Display Action TERMINAL MGR ENTRY Please Enter Password ___________ If an application prompt appears and you choose to enter terminal manager, you are prompted to type the system password. Use the default password “1, Alpha, Alpha, 66831”. Use to delete the entry and correct any mistakes. If you enter an incorrect password, the terminal exits the TERMINAL MGR ENTRY screen. Verify your password and reenter it.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Edit Keyed Files A keyed file is a collection of individual records that contain data and are identified by unique search keys. You can edit the data directly from the terminal keypad using the terminal’s built-in keyed file editor. Each record has two parts: parameter and value. A parameter identifies the record while value is the information assigned to a specific parameter.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action VERIX TERMINAL MGR To restart the terminal, select 1> RESTART. To edit the CONFIG.SYS or another keyed file, select 2> EDIT PARAMETERS. (For more information, refer to the Edit Keyed Files section that follows this main menu description.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action GID nn: *APNAME To create a new variable, select 1> ADD VARIABLE. FILE CONFIG.SYS 1> Add Variable If the GID contains a keyed file, you have the option to create a new file (1> NEW), find files (2> FIND), edit (3> EDIT) or clear files (4> CLEAR). GID nn: *APNAME Parameter: nn Value: nn 1> New 2> Find Note: 3> Edit 4>Clear Use 2> FIND to search for a keyed file.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action 2> EDIT PARAMETERS 2> FIND After selecting FIND, enter the parameter name to GID nn: *APNAME locate and press PARAMETER: ___________________ ___________________ parameter is displayed on the next screen. Press to select the parameter and go back to the parameter editor.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display VTM DOWNLOAD MGR Gnn Action Select to download single or multiple applications. 1> Single-app 2> Multi-app VTM DOWNLOAD MGR Gnn 1> Full dnld 2> Partial dnld Select full or partial download. A full download will delete all data on the group’s RAM and flash memory. The flash memory is then merged before downloading new data. A partial download only adds new files to the group’s memory.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action VERIX TERMINAL MGR DOWNLOAD Gnn If a FULL multiple download has been previously done, this screen appears instead of the previous two screens. This screen lists all the erased GIDs on the previous download. Select CONTINUE to erase all RAM and flash memory. The flash memory is then merged.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action VTM DOWNLOAD MGR Gnn Choose 3> COM2 to download via the COM 2 port. Unit Receive Mode WAITING FOR DOWNLOAD To return to the main menu without saving your selection, press . Select 4> SD CARDto download from a stored digital (SD) card. Unavailable To return to the main menu without saving your selection, press . Press 5> MEMORY STICK to download from a memory stick.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action Choose 2> COM6 to download via the COM 6 port. Unavailable To return to the main menu without saving your selection, press VTM DOWNLOAD MGR Gnn *ZP HOST ADDR (IP:PORT) ___________________ ___________________ . If you selected 6> TCPIP and *ZP (TCP address) is not defined, you must enter a valid TCP address (up to 40 characters long including the colon and port number) and press Note: .
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action VTM DOWNLOAD MGR Gnn If *ZA (application ID) is not defined, you must enter a valid application ID (up to 10 characters long) and *ZA APPLICATION ID ______________ press VTM DOWNLOAD MGR Gnn You can view the specified values on the confirmation screen. Select 1> EDIT to go back and modify the specifications or 2> START to begin the download. *ZA= nnnn *ZP= nnnn *ZR= nnnn *ZT= nnnn .
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action 4> MEMORY USAGE MEMORY USAGE RAM FILES INUSE AVAIL nnnn nnnn nnnn ↓ This screen displays how much RAM is used and how much is available. • INUSE - Closest estimate of used memory (in KB). • AVAIL - Lowest number of free memory (in KB). Select the PF1 key to view Flash memory usage.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 8 Verix Terminal Manager Menu 1 Display Action FLASH DIRECTORY I: CONFIG.SYS nn MM/DD/YYYY Gnn This screen displays the Flash memory information. - Press . to print the information. PRINT Menu 2 In this menu, you can view the Enterprise Open Source (EOS) directory files, clear memory, calibrate the screen, view terminal information and logs, and run diagnostic functions.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 2> CLEAR MEMORY To clear a file group’s memory, enter the group ID and VERIX TERMINAL MGR press Group ID: nn . 2> CLEAR MEMORY To choose an option in the menu, press the corresponding number on the keypad or scroll down to VTM MGR MEMORY CLEAR 1> Clear CONFIG.SYS 2> Clear GID Files 3> Clear all Groups the option using the PF3 button then press the PF4 key to scroll up the menu options. .
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 4> TERMINAL INFO F3 VTM MGR TERMINAL INFO Serl No PTID Part Rev OS VER nnn-nnn-nnn 12000000 XXXXXXXXXXXX nn QT00E20B ↓ The following screens show configuration information specific to your terminal. For a detailed description of each screen, see TERMINAL INFORMATION. Use the PF1 and PF2 keys to scroll through the terminal information screens. To return to the main menu, press .
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 5> DIAGS To choose an option in the menu, press the corresponding number on the keypad or scroll down to VERIX DIAGS MGR 1> Printer Diag 2> IPP Diag 3> ICC Diags 4> Keyboard Diag 5> Mag Card Diag 6> Debugger the option using the PF3 button then press the PF4 key to scroll up the menu options. . Use To run printer diagnostics and test the printer, select 1> PRINTER DIAG.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 5> DIAGS 3 > ICC DIAGS VoyLib 03.06 0000 VxOS11 PSCR Build 04 SCRLIB 2.B 2/10 1> SMART CARD DIAG 2> LIST SYNC DRIVERS 3> EXIT When you select 3, the software library version appears. Choose 1> SMART CARD DIAG to run diagnostics on the Smart Card reader. Select 2> LIST SYNC DRIVERS to view the drivers. Select 3> EXIT to return to the VERIX DIAGS MGR screen, or press or .
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 5> DIAGS 6 > DEBUGGER Select 6> DEBUGGER to run the debugging application for the terminal. VERIX TERMINAL MGR Group ID: nn Enter the current password for the selected file group VERIX TERMINAL MGR and press Please enter Password for GID nn ----------------- . If you enter an incorrect password, PLEASE TRY AGAIN appears. Press . Verify your password and reenter it.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 5> DIAGS > PF1 KEY > TAMPER LOG The Tamper Log screen displays a list of possible tamper events. The list is sorted from the most current tamper event to the oldest event. The date is displayed in MM/DD/YY format, while the time is displayed as a 24-hour clock.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 5> DIAGS > PF1 KEY > USB INFO USB DEVICE INFO USB Device 1 Info Serial No ************************************* Vendor ID 0X0000 NOT AVAILABLE Release NO 00.00 ↓ USB DEVICE INFO Product ID 0X0000 ************************************* HUB 0 Port 1 Class 9 Sub Class 0 ↓ ↑ USB DEVICE INFO Power Speed To go back to the VERIX DIAGS MGR screen, press .
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 9 Verix Terminal Manager Menu 2 Display Action 6 > SYSTEM ERROR LOG VERIX ERROR LOG TYPE 1 TASK 2 GID 2 TIME 070806150146 CPSR 20000030 PC 7042A126 LR 70420C5D ADDR 00000008 The error log screen displays internal diagnostic information about the most recent unrecoverable software error. If you report a terminal problem, you may be asked to provide this information.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Menu 3 In this menu, you can adjust the clock, display contrast, change passwords, and check the IPP key loading mode. NOTE When entering any password, an asterisk (*) appears on the display screen for each character you type. These asterisks prevent your password from being seen by an unauthorized person. Pressing the ALPHA key changes the characters or symbols you enter, but does not cause additional asterisks to appear.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 10 Verix Terminal Manager Menu 3 Display Action 1> CLOCK 1> INCREMENT HOUR TIME AND DATE Select 1> INCREMENT HOUR to add an hour to the current time setting. HH:MM:SS MM:DD:YY 1> CLOCK 2> EDIT TIME Enter the new time in HOURS:MINUTES:SECONDS (HH:MM:SS) format. VTM TIME Current Time: HH:MM:SS New Time: __/__/__ To correct a mistake, press to delete and enter the correct number; press to set the new time.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 10 Verix Terminal Manager Menu 3 Display Action 2> CONSOLE SETTINGS VTM CONSOLE MGR 1> Console Beeper 2> Console Beeper 3> Console Backlight 4> Console Backlight 5> Contrast 6> Contrast ↓ Turn the terminal beeper sounds on or off by pressing the 1 or 2 key. OFF ON OFF ON DOWN UP ↑ Switch the backlight on or off by pressing the 3 or 4 key. ↓ Select 5> CONTRAST UP or 6> CONTRAST DOWN to increase or decrease display contrast respectively.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 10 Verix Terminal Manager Menu 3 Display Action VTM PASSWORD MGR Type the new password and press NEW Note: __________ . The new password MUST be five to ten characters long. If you enter a new password that is less than or exceeds the required number of characters, the terminal will sound an alarm and display an error screen.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 10 Verix Terminal Manager Menu 3 Display Action 4> KEY MANAGEMENT 1> IPP KEY LOAD VERIX TERMINAL MGR Please enter Password for GID nn _________ Enter the current password for the selected file group and press . If you enter an incorrect password, PLEASE TRY AGAIN appears. Press . Verify your password and reenter it.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus Table 10 Verix Terminal Manager Menu 3 Display Action RKL Key Status Private key hash Press to return to the KEY MANAGEMENTscreen.
VERIX TERMINAL M ANAGER Verix Terminal Manager Menus 74 VX 520 REFERENCE GUIDE
CHAPTER 5 File Authentication This chapter discusses VeriShield’s file authentication security architecture and provides the following: • Overview of the VeriShield file authentication module, and the organizational infrastructure that supports it (see Introduction to File Authentication).
F ILE A UTHENTICATION Introduction to File Authentication Special Files Used The following specially formatted files support the file authentication process: in the File • A digital certificate is a digital public document used to verify the signature of Authentication a file. Process • A digital signature is a piece of information based on both the file and the signer’s private cryptographic key. The file sender digitally signs the file using a private key.
F ILE A UTHENTICATION Introduction to File Authentication Certificates Contain Keys That Authenticate Signature Files • Sponsor certificate: Certifies a client’s sponsorship of the terminal. It does not convey the right to sign and authenticate files. To add flexibility to the business relationships that are logically secured under the file authentication process, a second type of certificate is usually required to sign files.
F ILE A UTHENTICATION Introduction to File Authentication How File File authentication consists of three basic processes: Authentication 1 Development: The VeriShield File Signing Tool creates a signature file for Works each application file to authenticate. 2 Pre-deployment: An optimal certificate structure is determined, and the necessary certificates and keys are created.
F ILE A UTHENTICATION Introduction to File Authentication Figure 27 illustrates the development process. DEPLOYMENT PROCESS FULLY DEBUGGED APPLICATION FILE DEVELOPER CREATES APPLICATION. APPLICATION FILE CREATED (WITH DEVELOPERASSIGNED NAME). APPLICATION FILE SDK VERISHIELD DEVELOPER CERTIFICATE DEVELOPER KEY DEVELOPER APPLIES FOR SIGNER CERTIFICATE SIGNATURE FILE (.P7S) DEBUG APPLICATION FILE; MAKE NECESSARY CHANGES. 1) DEVELOPMENT OS SEARCHES FOR A .P7S FILE. 2) IF A .
F ILE A UTHENTICATION Introduction to File Authentication Pre-Deployment Process In this process: 1 A sponsor goes to the VeriFone CA Web site and requests certificates for deployment terminals. 2 Based on information provided by the sponsor through the VeriFone CA Web site, the VeriFone CA determines the required certificate structure. 3 The VeriFone CA generates the following items for the sponsor: a Smart card containing a set of certificates and private key. b Smart card PIN.
F ILE A UTHENTICATION Introduction to File Authentication Deployment Process In this process: 1 The sponsor provides the application file (from the development process), the smart card, and smart card PIN (from the pre-deployment process) as inputs to VeriShield. 2 VeriShield extracts the signer key, signer certificate, and sponsor certificate from the smart card. 3 VeriShield uses the extracted data, along with the application file, to create a signature file (*.p7s).
F ILE A UTHENTICATION Introduction to File Authentication Figure 29 illustrates the deployment process. DEVELOPMENT PROCESS PRE-DEPLOYMENT PROCESS SIGNER SMART CARD SMART CARD PIN FULLY DEBUGGED APPLICATION FILE SIGNER CERTIFICATE VERISHIELD FILE SIGNING TOOL SIGNATURE FILE (*.*.P7S) SIGNER CERTIFICATE SPONSOR CERTIFICATE 1) DEVELOPMENT OS SEARCHES FOR A *.*.P7S FILE. 2) IF A *.*.P7S FILE IS FOUND, OS THEN SEARCHES FOR A MATCHING APPLICATION FILE.
F ILE A UTHENTICATION Introduction to File Authentication Planning for File File authentication is an integral part of every VX 520 terminal. To safeguard the Authentication terminal’s logical security, the file authentication module requires that any executable code file must be successfully authenticated before the operating system allows it to execute on the terminal.
F ILE A UTHENTICATION Introduction to File Authentication It is not mandatory to always download a signature file and its target application file at the same time. For example, you can download the corresponding signature file in a separate operation.
F ILE A UTHENTICATION Introduction to File Authentication For non-executable files, it is the application’s responsibility to confirm that all of the files it uses successfully authenticated on download completion, and when the application executes the first time following a restart. NOTE Because the application is responsible for verifying data files and prompt files, it is recommended that each application checks the ATTR_NOT_AUTH bit of all relevant files on restart.
F ILE A UTHENTICATION Introduction to File Authentication A development set of higher-level certificates is downloaded into each VX 520 terminal upon manufacture. When you take a new VX 520 terminal out of its shipping carton, certificate data is already stored in the terminal’s certificate tree. In this just-out-of-the-box condition, the VX 520 terminal is called a development terminal. A sponsor requests a set of digital certificates from the VeriFone CA to establish sponsor and signer privileges.
F ILE A UTHENTICATION Introduction to File Authentication Deployment Terminals While the application development process is being completed and while the new application is being tested on a development terminal, a sponsor can order specific sponsor and signer certificates from the VeriFone CA to use to logically secure sponsor and signer privileges when the VX 520 terminal is prepared for deployment.
F ILE A UTHENTICATION Introduction to File Authentication Figure 30 illustrates the certificate trees in development and deployment terminals.
F ILE A UTHENTICATION Introduction to File Authentication Table 13 Differences Between Required Inputs Development Terminals Deployment Terminals The following three unique inputs, which are issued at customer request by the VeriFone CA, are required for the file signing process, as well as the application files you want to sign and authenticate: • • Signer certificate, with the filename VxSIGN.CRT • Signer private key, with the filename VXSIGN.
F ILE A UTHENTICATION Introduction to File Authentication Replace a Sponsor Certificate A sponsor may need to clear the current sponsor certificate from a terminal so that a new sponsor can load certificates and applications. To do this, the original sponsor must order a “clear” smart card from the VeriFone CA. The clear smart card is specific to the requesting sponsor.
F ILE A UTHENTICATION File Authentication and the File System File Authentication and the File System Application Memory Logically Divided Into File Groups The memory of a VX 520 terminal is logically divided into two main areas, or partitions: • Operating System • Applications The application partition is further divided into sub-partitions. These sub-partitions are called file groups or GIDs.
F ILE A UTHENTICATION File Authentication and the File System application is usually the main application stored in Group 1 and called from the *GO variable in the CONFIG.SYS file in GID1. • The main application stored in GID1 can access files, secondary applications, or function libraries stored in any other file group. • The application downloaded into GID1 is always the primary application for the terminal.
F ILE A UTHENTICATION File Authentication and the File System If the signature file authenticates its target file, and if the *FA variable is present in the CONFIG.SYS file of the target file group and is set to 1, the signature file is retained in memory and is automatically moved, if necessary, into the same file system as the target file it authenticates.
F ILE A UTHENTICATION VeriShield File Signing Tool The normal size of a signature file is approximately 400 bytes. Depending on the application’s size and on how memory space is allocated, the area available for storing multiple signature files must be carefully managed. The memory space required by a certificate file is also approximately 400 bytes, but certificate files are temporary.
F ILE A UTHENTICATION VeriShield File Signing Tool • Graphical interface mode (Windows NT or Windows 95): Use the VeriShield File Signing Tool dialog box to select the file to sign, and assign a name and destination location for the generated signature file on the host computer. When you run the VeriShield File Signing Tool under Windows, you can sign only one file at a time. You can also specify to store the target file in the target file group’s RAM (default location) or in the flash file system.
F ILE A UTHENTICATION VeriShield File Signing Tool Table 15 Command-Line Mode Switches for the VeriShield File Signing Tool Switch Description Requirements -F, -f Name of the application file to sign (*.out, *.lib, or other file type). Required for development terminals and for deployment terminals. -S, -s Name of the signature file (*.p7s) for the VeriShield File Signing Tool to generate for the target application file. Required for development terminals and for deployment terminals.
F ILE A UTHENTICATION VeriShield File Signing Tool Please note also how the command-line mode switches described in Table 15 are used in this example: filesign -L -f file.out -s file.p7s -c vxsign.crt -k vxsign.key • The -L switch indicates to store the application file in the flash file system instead of the target group’s (default) RAM file system. (The target group for the download must be selected from terminal manager when the download is performed.
F ILE A UTHENTICATION VeriShield File Signing Tool • When all entries are complete, press ALT+O or click the OK button to execute the VeriShield File Signing Tool and generate the signature file, otherwise, press ALT+A or click Cancel to exit the VeriShield File Signing Tool. When the necessary signature files are generated to authenticate the application or applications on the VX 520 terminal, perform the application download procedure.
CHAPTER 6 Performing Downloads This chapter contains information and procedures to allow you to perform the various types of data transfers required to: • Develop applications for the VX 520 terminal. • Prepare VX 520 terminals for deployment. • Maintain VX 520 terminals installations in the field. • Transfer data to and from terminals. In this chapter, information pertaining to file authentication is only discussed in the context of procedures while performing file downloads.
P ERFORMING D OWNLOADS Download Tools terminal). A special cable (VPN 05651-xx) connects the RS-232 serial ports of the two systems. NOTE • Back-to-back downloads: File and data transfer from a sending terminal to a receiving VX 520 terminal. A special cable (VPN 05651-xx) connects the RS-232 serial ports of the two terminals. • USB downloads: File and data transfer from a USB-connected drive. The terminal searches for the VeriFone.zip file on the drive and downloads data from it.
P ERFORMING D OWNLOADS Download Content DDL.EXE is a Windows program included in the Verix V DTK (Verix V Developer’s Toolkit). NOTE Download Content No special software tool or utility is required to perform back-to-back application downloads. Only a serial cable connected between two terminals is required. This data transfer procedure, invoked from within terminal manager, is handled by the OS software and firmware of the sending and receiving VX 520 terminals.
P ERFORMING D OWNLOADS Full and Partial Downloads Full and Partial Downloads When preparing to initiate a download procedure, choose either a full or partial download and the COM1 port, through the Verix Terminal Manager menu options (refer to Chapter 4). Depending on the type of files you are downloading and the download method you are using, there are some restrictions on whether a full or partial download is permitted.
P ERFORMING D OWNLOADS Full and Partial Downloads Table 16 Download Type Full operating system download Types of Full and Partial Downloads Description and Effects An entire OS version transfers from a host PC to the VX 520 terminal. Files related to file authentication and terminal configuration settings can be included in a full OS download. During this process, RAM is cleared.
P ERFORMING D OWNLOADS Support for Multiple Applications Support for Multiple Applications • Partial downloads are routinely performed by many applications. This procedure, which can be automated by an application running on a remote host computer, permits the host application to update data files and terminal configuration settings in a VX 520 terminal and then return control to the main application.
P ERFORMING D OWNLOADS Use of RAM and Flash Memory Physical and The VX 520 operating system controls physical access to GIDs 1–15 using Logical Access to password-protected terminal manager functions. File Groups To download data into a specific file group, first enter terminal manager and choose the target group by making the appropriate menu selections, then, enter the correct password for that file group. Each file group has its own CONFIG.SYS file. The CONFIG.
P ERFORMING D OWNLOADS Use of RAM and Flash Memory Defragment Flash Before performing an application download, defragment terminal flash memory. For Application For information on performing this terminal manager operation, see Verix Terminal Downloads Manager Menu 2. To ensure the best results when performing back-to-back downloads, defragment the flash memory of both the sending and receiving terminals.
P ERFORMING D OWNLOADS Use of RAM and Flash Memory If you do not insert a SETDRIVE.F special file in the download list, all files download by default into the RAM (Drive I:) of the target file group. You can also insert a zero-length file with the name SETDRIVE.I into the download list at any point to indicate that all following files will download into RAM. For example, the following batch download list loads the executable code file FOO.OUT into the RAM of the selected file group (default Group 1).
P ERFORMING D OWNLOADS Use of RAM and Flash Memory If you do not insert SETGROUP.n special files into the download list, all files download into the target group selected in terminal manager. If no number is added to the SETGROUP filename, SETGROUP.1 (GID1) is assumed. Restrictions on File The VX 520 file system restricts how you can redirect files to other file groups. Redirection Here are the important points to remember: • The main application must always be downloaded into GID1.
P ERFORMING D OWNLOADS Use of RAM and Flash Memory Using DDL.EXE to The version of DDL.EXE included in the VX 520 SDK allows you to change the Automatically default drive and file group for a direct download by preceding the filename(s) on Redirect Files the DDL command line with a special filename. The syntax is as follows: SETDRIVE. where, drive letter is I: for RAM, (default) or F: for flash, and/or SETGROUP. where, group number is 1–15.
P ERFORMING D OWNLOADS File Authentication Requirements In this type of data transfer operation, some file redirection does occur automatically as a result of the file authentication procedure that occurs on the receiving terminal. This redirection process is transparent during the download. Briefly, all files initially download into RAM, and are then redirected based on the directory and subdirectory names of the sending terminal’s file system. Signature files must always be authenticated in RAM.
P ERFORMING D OWNLOADS File Authentication Requirements • Application files other than executables (for example, font and data files) may also require logical security under file authentication. In these cases, each protected non-executable file also requires a corresponding signature file. • Digital certificates (*.crt) and signature files (*.p7s) are required to authenticate both application files and operating system files, which must be downloaded into the RAM of the target file group.
P ERFORMING D OWNLOADS File Authentication Requirements 3 The file authentication module builds a list of all newly detected certificates and signature files. If no new certificates or signature files are located, the module just returns. If one or more new files of this kind are detected, the file authentication module starts processing them based on the list. 4 Certificates are always processed first (before signature files). The processing routine is called one time for each certificate in the list.
P ERFORMING D OWNLOADS File Authentication Requirements 5 Signature files are now processed (after certificate files). The file authentication module calls the signature checking routine once for each new signature file it detects. Each *.p7s file is checked as it is detected; a list is not built and multiple processing passes are not required. • If a signature file is authenticated, *AUTHENTIC* is displayed and the target file is flagged authentic.
P ERFORMING D OWNLOADS File Authentication Requirements File Group This section discusses how file authentication controls who (which business Permissions entity) can store application files in which file groups in the VX 520 file system. By inserting zero-length SETDRIVE.x and SETGROUP.n files into a download list, you can specify which drive (x = I: RAM or F: flash) and in which group (n = 1–15) to store an application file.
P ERFORMING D OWNLOADS File Authentication Requirements • Before initiating an OS download, either full or partial, ensure that enough memory space is available in Group 1 RAM to temporarily store the OS files, verify that any application files can also be stored in Group 1. • If a full OS download was selected in Verix Terminal Manager, the terminal automatically restarts and the new OS is processed and replaces the existing OS.
P ERFORMING D OWNLOADS File Authentication Requirements • All certificates transfer to Group 1 RAM on the receiving terminal, except for the highest-level platform root certificate, which can never be transferred to another terminal. • When certificates are detected by the file authentication module of the receiving terminal, they are processed exactly as in a direct download: All certificates are checked one by one and, on authentication, are added to the certificate tree of the receiving terminal.
P ERFORMING D OWNLOADS Effect of Downloads on Existing Files and Data Optimize Available One certificate file or signature file requires approximately 400 bytes of memory Memory Space for space. The application designer must account for the extra memory required to Successful download and store these special files. Downloads When planning your download procedure, carefully consider the total amount of memory space required to store certificates and signature files and the application files.
P ERFORMING D OWNLOADS Set Up the Download Environment • NOTE Set Up the Download Environment All current passwords are retained on the receiving terminal during an application or operating system download (direct, by telephone, and back-toback). This includes the terminal manager password and file group passwords. If required, you can replace existing file group passwords with new values as part of the data transfer operation.
P ERFORMING D OWNLOADS Set Up the Download Environment Cable Connection There are two cables for direct downloads: for Direct • DB-25 serial connector (VPN 26263-02) Downloads • DB-9 connector (VPN 26264-01) The following steps describe how to establish the cable link between the sending host computer and the receiving VX 520 terminal (see Figure 34): 1 Connect the DIN-type connector on one end of the cable to the COM1 (or COM2) serial I/O port on the download computer.
P ERFORMING D OWNLOADS Set Up the Download Environment 2 Confirm that the parameters for the download by telephone are set in the download tool. 3 Confirm that the receiving VX 520 terminal has a direct telephone line connection. 4 Ensure that the correct keyed variables used to control downloads by telephone are stored in the CONFIG.SYS file of the target file group on the receiving terminal.
P ERFORMING D OWNLOADS Set Up the Download Environment Table 17 Common Steps to Start a Download Step Display Action 3 If an application already resides on the terminal, an application-specific prompt is displayed. If no application resides on the terminal or an application error is detected, the following message is displayed: DOWNLOAD NEEDED DOWNLOAD NEEDED For more information on startup errors, see STARTUP ERRORS.
P ERFORMING D OWNLOADS Direct Application Downloads Table 17 Common Steps to Start a Download Step Display Action 5 VERIX TERMINAL MGR The first of three VERIX TERMINAL MGR menus is displayed. To toggle through to the other two menus, press the PF1 and PF2 keys.
P ERFORMING D OWNLOADS Direct Application Downloads Use the terminal manager menu options to clear the entire RAM or flash or specific file groups on the receiving terminal (as necessary). Perform a flash defragment (merge) operation to optimize the flash file system (as necessary, the application itself can issue a function call to defragment the flash on restart after the download.) For more information on terminal manager operations, refer to Chapter 4, Verix Terminal Manager.
P ERFORMING D OWNLOADS Direct Application Downloads Table 18 Step 1 Direct Application Download Procedure Display VERIX TERMINAL MGR GROUP ID: nn Action Enter the target file group for the download. FILE GROUP _1 (Group 1) is displayed as the default selection. Note: File Group 1 is reserved for the operating system. Try using a different file group when downloading additional applications. For more information on operating system downloads, see Direct Operating System Downloads.
P ERFORMING D OWNLOADS Direct Application Downloads Table 18 Direct Application Download Procedure Step Display Action 4 VTM DOWNLOAD MGR Gnn Select 2> COM1 for a direct application download. When you press 2, the terminal is ready to receive the application download from the host computer. 1> Modem 2> COM1 3> COM2 4> SD Card 5> Memory Stick 6> TCPIP ↓ Press the PF1 key to view more system download modes.
P ERFORMING D OWNLOADS Direct Application Downloads Table 18 Direct Application Download Procedure Step Display Action 6 **VERIFYING FILES** CHECK CERTIFICATE On startup, the file authentication module authenticates any new signature files downloaded with the OS files. FILENAME.CRT *AUTHENTIC* **VERIFYING FILES** COMPARE SIGNATURE FILENAME.P7S FILENAME.OUT *FAILED* When the signature file authentication routine starts, the status display informs you of the progress of the authentication process.
P ERFORMING D OWNLOADS Direct Operating System Downloads Direct Operating System Downloads Hardware Checklist This section provides the hardware and software checklist needed for direct operating system downloads. The procedure for direct operating system downloads is also discussed. The correct cable connects the download computer serial port (COM1 or COM2) to the RS-232 serial port (COM1) of the VX 520 terminal (refer to Cable Connection for Direct Downloads).
P ERFORMING D OWNLOADS Direct Operating System Downloads An OS download does not overwrite terminal configuration settings, including the current date and time, passwords, and modem country code. If required, you can download new terminal configuration settings together with the OS files. The certificate tree that exists on the receiving terminal is not modified unless one or more new certificate files required to authenticate the new OS are being downloaded to the terminal.
P ERFORMING D OWNLOADS Direct Operating System Downloads Table 19 Step 3 Direct Operating System Download Procedure Display Action VTM DOWNLOAD MGR Select a full or partial OS download. To return to the first VERIX TERMINAL MGR menu, press . 1> Full dnld 2> Partial dnld 4 VTM DOWNLOAD MGR Gnn 1> Modem 2> COM1 3> COM2 4> SD Card 5> Memory Stick 6> TCPIP ↓ 5 ↑ ↓ VTM DOWNLOAD MGR Gnn ***_______ DOWNLOADING NOW Select 2> COM1 for a direct application download.
P ERFORMING D OWNLOADS Direct Operating System Downloads Table 19 Direct Operating System Download Procedure Step Display Action 6 **VERIFYING FILES** CHECK CERTIFICATE When the OS download is complete, the terminal restarts automatically. The file authentication module on the receiving terminal begins to check for new certificate (*.crt) and signature (*.p7s) files included in the download. These special files then process one at a time; certificates process first, then signature files. FILENAME.
P ERFORMING D OWNLOADS Download by Telephone Download by Telephone Hardware Checklist The procedure to perform an application or OS download by telephone is similar to that of direct application (see Table 18) and direct operating system downloads (see Table 19). Set up the dial-up telephone line and modem connection on the host computer. Set up the direct telephone line connection on the receiving VX 520 terminal, as described in Telephone Line Connection for Telephone Downloads.
P ERFORMING D OWNLOADS Download by Telephone Table 20 Download by Telephone Procedure Step Display Action 2 VERIX TERMINAL MGR EDIT GROUP nn PASSWORD __________ Enter the password for Group 1 and press . If you enter an incorrect password, PLEASE TRY AGAIN appears. Press and type in a valid password. Press to confirm the newly entered password. 3 VTM DOWNLOAD MGR Select a full or partial OS download.
P ERFORMING D OWNLOADS Download by Telephone Table 20 Download by Telephone Procedure Step Display Action 7 VTM DOWNLOAD MGR Gnn If *ZA (application ID) is not defined, you must enter a valid application ID (up to 10 *ZA APPLICATION ID ______________ characters long) and press VTM DOWNLOAD MGR Gnn You can view the specified values on the confirmation screen. Select 1> EDIT to go back and modify the specifications or 2> START to begin the download. 8 *ZA= nnnn *ZP= nnnn *ZR= nnnn *ZT= nnnn .
P ERFORMING D OWNLOADS Download by Telephone Table 20 Download by Telephone Procedure Step Display Action 10 **VERIFYING FILES** COMPARE SIGNATURE On startup, the file authentication module on the receiving terminal begins to check for new certificate (*.crt) and signature (*.p7s) files included in the download. These special files then process one at a time; certificates process first, then signature files. FILENAME.P7S FILENAME.OUT *AUTHENTIC* **VERIFYING FILES** COMPARE SIGNATURE FILENAME.
P ERFORMING D OWNLOADS Back-to-Back Application Downloads Back-to-Back Application Downloads Hardware Checklist This section provides the hardware and software checklist needed for back-toback application downloads. The procedure for back-to-back terminal downloads is also discussed. The correct serial cable connects the RS-232 ports of the sending and receiving VX 520 terminals (refer to Cable Connection for Back-to-Back Application Downloads).
P ERFORMING D OWNLOADS Back-to-Back Application Downloads Checklist for Effects on Files and Settings in the Receiving Terminal A back-to-back application download overwrites existing applications, libraries, or any other files stored in the RAM of the receiving terminal. All CONFIG.SYS records and settings on the receiving terminal—protected and non-protected—are replaced by those of the sending terminal.
P ERFORMING D OWNLOADS Back-to-Back Application Downloads The PC transfers files to the Gold terminal. Download Application Files to Target Terminal 1 Configure a Gold terminal for an application download operation to a deployment terminal: • If the *FA variable (if present in the application) is set to 0, you can reset it to 1. For more information on the *FA variable, refer to the Verix V Programmers Manual (VPN 23230).
P ERFORMING D OWNLOADS Back-to-Back Application Downloads Figure 35 illustrates these two phases and how they relate to each other. PC CONFIGURED FOR DOWNLOAD OPERATION. PC TRANSFERS FILES TO GOLD TERMINAL. 1. IF *FA VARIABLE IS PRESENT, *FA MUST = 1. SDK 2. ALL CERTIFICATES, .P7S FILES, APPLICATIONS, AND SO ON MUST BE PRESENT. 3. DOWNLOAD IS MIRROR COPY OF WHAT TO DEPLOY. 4. CABLE CONNECTED BETWEEN PC AND GOLD TERMINAL. 5. INITIATE THE DOWNLOAD. GOLD TERMINAL CONFIGURED TO RECEIVE PC DOWNLOAD.
P ERFORMING D OWNLOADS Back-to-Back Application Downloads NOTE • The Target terminal has no applications loaded. • There is enough memory in the Target terminal to complete the download. The Target terminal does not display an error message if there is not enough memory to complete the download. The Gold terminal displays DOWNLOAD INCOMPLETE before returning to VERIX TERMINAL MGR MENU 2. • You are performing a full download.
P ERFORMING D OWNLOADS Download from a USB Flash Drive Download from a USB Flash Drive The procedure provided in Table 22 guides you through the process of downloading multiple applications from a USB flash drive. Before you begin, make sure that the USB device is properly inserted in the terminal’s USB port and the VeriFone.zip file resides in the device. VeriFone.zip is the only filename recognized by the system as a downloadable file. For more information on how to build a VeriFone.
P ERFORMING D OWNLOADS Download from a USB Flash Drive Each RAM folder should contain a CONFIG.SYS file of parameters for applications running in that GID (Figure 37). Figure 37 Config.sys File Inside a GID Folder Use the following instructions to build a CONFIG.SYS downloadable file: 1 Open Notepad and create a .txt file containing parameter and value pairs. 2 Run the Variable Length Record (VLR) utility to convert the text file to a downloadable file format (vlr -c input.file output.file).
P ERFORMING D OWNLOADS Download from a USB Flash Drive After creating a CONFIG.SYS downloadable file, move the created file to the proper folder. Then, create a new .zip file named VeriFone.zip on your root drive and move all the required GID folders into the .zip file. Make sure that Save Full Path Info is selected. Transfer the VeriFone.zip file into a flash drive and you are ready start downloading the applications into a terminal. Figure 38 142 VX 520 REFERENCE GUIDE Moving GID files to VERIFONE.
P ERFORMING D OWNLOADS Download from a USB Flash Drive USB Flash Drive To begin downloading from a USB flash drive, insert the flash drive into the USB Download port of the VX 520 terminal and follow the instructions on Table 22. Procedure Table 22 USB Flash Drive Download Procedure Step Display Action 1 VERIX TERMINAL MGR DOWNLOAD Enter the target file group for the download. FILE GROUP _1 (Group 1) is displayed as the default selection.
P ERFORMING D OWNLOADS Download from a USB Flash Drive Table 22 Step USB Flash Drive Download Procedure Display 4 VERIX TERMINAL MGR DOWNLOAD Gnn Action Select whether to run a full or partial download. Note: 1> Full dnld 2> Partial dnld If you selected 1> FULL DNLD on a single application download, a screen will appear warning you that all existing files in the selected group will be deleted. Press F3 to cancel or F4 to continue downloading an application.
P ERFORMING D OWNLOADS Download from a USB Flash Drive Table 22 Step 8 USB Flash Drive Download Procedure Display VERIX TERMINAL MGR DOWNLOAD Gnn USB DOWNLOAD COMPLETE Action The terminal will automatically download the file VeriFone.zip from the USB flash drive. USB DOWNLOAD COMPLETE appears on the terminal screen after a successful download. If you performed a full download, the terminal restarts automatically.
P ERFORMING D OWNLOADS Download from a USB Flash Drive Table 22 USB Flash Drive Download Procedure Step Display Action 8 If the downloaded application successfully authenticates, the corresponding application prompt or logo is displayed upon restart. The terminal can now process transactions. Note: The message DOWNLOAD NEEDED appears if: • The *GO variable is not set. DOWNLOAD NEEDED • *GO does not specify that an application is present.
CHAPTER 7 Specifications This chapter discusses power requirements, dimensions, and other specifications of the VX 520 terminal. Power NOTE VX 520 terminal: 9.3V DC; 4.0 A The VX 520 uses an 18-watt wall-mount power supply as a standard power source. An optional 36-watt power supply may also be used for all other variants of the VX 520. However, the VX 520 GPRS requires the 36-watt power supply to optimize battery charging.
S PECIFICATIONS External Dimensions External • Dimensions • NOTE 148 VX 520 REFERENCE GUIDE Length: 203 mm (7.9 in) Width: 87 mm (3.4 in) VeriFone ships variants of the VX 520 terminal for different markets. Your terminal may have a different configuration. The basic processes described in this guide remain the same, regardless of terminal configuration.
CHAPTER 8 Maintenance The VX 520 terminal has no user-maintainable parts. Clean the Terminal To clean the terminal, use a clean cloth slightly dampened with water and a drop or two of mild soap. For stubborn stains, use alcohol or an alcohol-based cleaner. CAUTION Never use thinner, trichloroethylene, or ketone-based solvents – they may cause deterioration of plastic or rubber parts. Do not spray cleaners or other solutions directly onto the keypad or terminal display.
M AINTENANCE Smart Card Reader 150 VX 520 REFERENCE GUIDE
CHAPTER 9 VeriFone Service and Support For terminal problems, contact your local VeriFone representative or service provider. For product service and repair information: Return a Terminal for Service NOTE • USA – VeriFone Service and Support Group, 1-800-VeriFone (837-4366), Monday - Friday, 8 A.M. - 8 P.M., Eastern time • International – Contact your VeriFone representative Before returning a VX 520 terminal to VeriFone, you must obtain an MRA number.
VERI F ONE S ERVICE AND S UPPORT Accessories and Documentation c Complete the Inquiry Contact Form at http://www.verifone.com/aboutus/contact/contact_form.cfm. NOTE • Address the Subject box with to “VeriFone MRA Dept.” • Reference the model and part number in the Note box. One MRA number must be issued for each VX 520 terminal you return to VeriFone, even if you are returning several of the same model. 3 Describe the problem(s).
VERI F ONE S ERVICE AND S UPPORT Accessories and Documentation Connectors Thermal Printer Paper NOTE Supplementary Hardware VPN 26263-02 DB-25-type serial connectors VPN 26264-01 DB-9-type connectors VPN 05651-00 Back-to-back download cable VPN PPR 268-001-01-A 38 mm (1.49 in) diameter, 57 mm (2.24 in) wide VPN PPR 252-001-01-A 49 mm (1.93 in) diameter, 57 mm (2.24 in) wide VeriFone ships variants of the VX 520 terminal for different markets.
VERI F ONE S ERVICE AND S UPPORT Accessories and Documentation 154 VX 520 REFERENCE GUIDE
CHAPTER 10 Troubleshooting Guidelines The troubleshooting guidelines provided in the following section are included to assist you to successfully install and configure your VX 520 terminal. If you have problems operating your VX 520 terminal, please read through these troubleshooting examples. If the problem persists even after performing the outlined guidelines or if the problem is not described below, contact your local VeriFone representative for assistance.
TROUBLESHOOTING G UIDELINES Terminal Does Not Dial Out Terminal Does If the terminal does not dial out: Not Dial Out • Check the telephone line connections. • Check that the telephone line is working by plugging it into a working telephone and listening for a dial tone. • Replace the telephone cable that connects the terminal with a cable you know is working correctly. • If the problem persists, contact your local VeriFone service provider.
TROUBLESHOOTING G UIDELINES Transactions Fail To Process Transactions Fail To Process There are several reasons why the terminal may not be processing transactions. Use the following steps to troubleshoot failures. Check the Magnetic Card Reader • Perform a test transaction using one or more different magnetic stripe cards to ensure the problem is not a defective card. • Ensure that you are swiping cards properly.
TROUBLESHOOTING G UIDELINES Printer Does Not Print Printer Does Not If the printer does not work properly: Print • Check terminal power connection. • Check if the printer is out of paper and that the roll is properly installed. Open the paper roll cover and install a new roll of printer paper or ensure that the roll is feeding from the bottom. • Verify that the printer roller and paper roll dust cover are properly installed.
APPENDIX A System Messages This appendix describes two categories of error and information messages. For ease of use, these messages are grouped alphabetically in each of these two categories. These messages include the following: Error Messages • Digital certificate displays and signature file downloaded to the terminal. • File authentication module processes. • File compression module use messages from the VeriCentre DMM terminal management and download tool.
S YSTEM M ESSAGES Error Messages Table 23 Error Messages Display Action LOAD DBMON.OUT The DBMON.OUT debugging monitor program is included in the SDK, but is not stored in the terminal memory of a factory unit. To use the debugging tool, you must sign, download, and authenticate the DBMON.OUT application.
S YSTEM M ESSAGES Error Messages Table 23 Error Messages Display Action VERIX TERMINAL MGR DOWNLOAD Gnn GID: nn APP ID: nnnn STATUS: DOWNLOADING The following error message may occur while connecting to a host during a modem or wireless download: • BAD RX COMM - The terminal received too many bad packets. • BAD TX COMM - The host received too many bad packets. • LOST CARRIER - The carrier was lost during download.
S YSTEM M ESSAGES Error Messages Table 23 Error Messages Display Action PRINTER ID VERSION STATUS PRINTER BUSY P 0PRED1A1 22 TEST F3 When you select TEST F3 or PAPER FEED F4 from the printer diagnostics screen, terminal manager first checks if the printer is currently active. If it is, PRINTER BUSY is displayed. PAPER FEED F4 REMOTE DIAGNOSTICS ERROR LOAD TERMINAL MANAGEMENT AGENT The (optional) Terminal Management Agent (TMA) software is not resident in the VX 520 terminal.
S YSTEM M ESSAGES Error Messages Table 23 Error Messages Display Action STARTUP ERRORS The following error messages may occur if a defect is found on the *GO variable. *GO is a variable in the CONFIG.SYS file and is the first thing that runs on startup if available. DOWNLOAD NEEDED • NO *GO VARIABLE - There is no *GO environment variable in the group one CONFIG.SYS file. • *GO NOT FOUND - The *GO variable is set but the executable file is missing.
S YSTEM M ESSAGES Information Messages Table 23 Error Messages Display Action **VERIFYING FILES** CHECK CERTIFICATE This message appears on screen when the file authentication module fails to authenticate a new digital certificate. *FAILED* is displayed for five seconds and the terminal beeps three times to draw attention to the filename of the certificate that could not be authenticated. FILENAME.CRT *FAILED* This message remains on screen until all new certificates are checked, one by one.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action VERIX TERMINAL MGR DOWNLOAD Gnn UNIT RECEIVE MODE ***_______ VERIX TERMINAL MGR DOWNLOAD Gnn An application is being downloaded to a receiving VX 520 terminal from a host PC directly over a serial cable. The terminal displays a series of asterisks (*) to indicate the progress of the download (each asterisk represents 10% of the download). When ten asterisks appear, the data transfer is complete.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action ERROR LOG VERIX TERMINAL MGR ERR LOG TYPE 1 TASK 2 TIME 060302201212 CPSR 40000010 PC 00000004 LR 70448B23 ADDR 27FFFFEF9 The following information helps developers interpret the cause of the most recent unrecoverable software error that occurred on the terminal: This first screen displays the following: • TYPE (error type), where the error type code is: • 1= Data abort: attempt to access data at an invalid address.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action INTERNAL PIN PAD DIAGNOSTICS INFORMATION INTERNAL PIN PAD MEMORY TEST PASSED IPP8 EMUL01A 07/05 OD SN: 246021114A009999 BAUD: 1200 RESET F3 MODE: VISA EXIT F4 After an internal PIN pad diagnostic session, the firmware version and download date, IPP serial number, baud rate, and mode are displayed.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action RAM DIRECTORY Gnn 36 MM/DD/YY 36 MM/DD/YY 36 MM/DD/YY PRINT The following screens display the contents of the RAM and flash directories. If there are no files inside a RAM or flash directory, is displayed.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action PRINTER DIAGNOSTICS INFORMATION PRINTER ID VERSION STATUS P 0PRED1A1 22 TEST F3 This screen displays the printer ID, firmware version, and the printer status appear. See the Verix eVo OS Programmers Manual (VPN DOC00301) for specifics on application development and the internal thermal printer.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action STARTUP INFORMATION VERIFONE VX 520 QT00E20B 12/22/2009 Verix COPYRIGHT 1997-2009 VERIFONE ALL RIGHTS RESERVED At startup, the terminal displays a copyright notice screen that shows the terminal model number, the OS version of the VX 520 stored in the terminal’s flash memory, the date the firmware was loaded into the terminal, and the copyright notice.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action **VERIFYING FILES** CHECK CERTIFICATE This message appears on screen when the file authentication module successfully authenticates a new digital certificate. *AUTHENTIC* is displayed for five seconds and the terminal beeps three times to draw attention to the filename of the certificate that could not be authenticated. FILENAME.
S YSTEM M ESSAGES Information Messages Table 24 Information Messages Display Action VERIX TERMINAL MGR TERM INFO MDM TYPE 22 VER B305xx00yy00zz00 MODEM CTRY 89 I1 042 I3 CX81802-V32 • MDM TYPE - determines the modem type (0 = none, ↑ ↓ 4 = 14.
APPENDIX B Port Pinouts The tables in this appendix list pinouts for the VX 520 terminals. PIN Pad Serial Port Connector 1 10 LOOKING INTO CONNECTOR a. RS-232 Port PIN Function Description 1 NC No connection 2 VPINpad +9V DC regulated powera 3 NC No connection 4 NC No connection 5 GND Power ground 6 /RXD Receive data 7 /TXD Transmit data 8 NC No connection 9 NC No connection 10 NC No connection PIN Function Description 1 NC No connection Maximum 450 mA.
P ORT P INOUTS Ethernet Port Ethernet Port USB Pinout Connector Connector 1 2 3 4 2 3 174 VX 520 REFERENCE GUIDE – Description 1 TXD+ Transmit data + 2 TXD- Transmit data - 3 RXD+ Receive data + 4 NC No connection 5 NC No connection 6 RXD- Receive data - 7 NC No connection 8 NC No connection Function Description 1 USB_5V_EXT 5V USB Power (200mA) 2 nUSB_DEVICE USB Device Signal - 3 pUSB_DEVICE USB Device Signal + 4 GND USB Ground 4 Plug DC Input Jack Pol
APPENDIX C ASCII Table ASCII Values Table 25 The following section shows the ASCII table for the VX 520 display.
ASCII TABLE ASCII Values 176 VX 520 REFERENCE GUIDE
APPENDIX D Keypress Scan Codes Keypress Scan Codes Table The following section shows the Keypad Scan Code table for the VX 520.
K EYPRESS S CAN C ODES Keypress Scan Codes Table Dual Keypress When certain pairs of keys are pressed, the console driver detects it and returns a combined scan code. There are two restrictions to this event: • One of the pair of keys must be from column three of the physical keypad above (control chars: d, cancel, bksp, clear, enter), otherwise the first key scanned of the pair is returned as a single key. • The second key must be a numeric key (‘0’ -’9’).
GLOSSARY Access Code A code number dialed to gain access to a telephone line, such as dialing the number 9 to reach an outside line. Application ID An alphanumeric code that identifies an application program downloaded to a terminal from a download computer. For ZonTalk 2000 application downloads, the application ID is stored in the CONFIG.SYS record which begins with the *ZA key. A VX 520 application ID can be up to 21 characters long.
G LOSSARY Carrier Usually, an analog signal that is selected to Dedicated line A leased or private telephone line match the characteristics of a particular transmission system. The carrier signal on a phone line is modulated with frequency or amplitude variations to allow a terminal to transmit or receive data using a modem. A carrier signal transmits data from a host computer to a VX 520 terminal over an analog telephone line.
G LOSSARY Fixed prompt A system prompt or message stored Leased line A private telephone line leased from as part of system firmware in terminal memory. Fixed prompts appear on the terminal display to alert the user to specific system occurrences or malfunctions, and to prompt the user to enter specific information or select options. the phone company. See Dedicated line. Flash memory An area of non-volatile memory where files can be stored. The VX 520 also has a RAM-based file system.
G LOSSARY Normal Mode The operating mode for normal POS terminal A terminal used at the point of sale, transaction processing. The main application (downloaded and authenticated) starts and displays an application prompt, indicating that the terminal is in normal mode. In this mode, the terminal is ready to process transactions. See Chapter 4, Verix Terminal Manager. which is usually at a merchant site where a customer pays for goods or services received.
G LOSSARY Remote host computer A host computer connected to a VX 520 terminal over a dial-up telephone line to download files or data, or to process transactions. The opposite of remote is local. through a terminal card reader. The VX 520 card reader has a bi-directional swipe direction. The user must hold the card so that the magnetic stripe is faces in and towards the keyboard.
G LOSSARY Telephone line The standard telephone wiring connecting your phone or terminal to a local or private telephone company. Terminal Any device capable of sending and receiving data over a data link, such as a telephone line or a RS-232 cable. Some terminals, such as the VX 520, can print receipts and display information and graphics on a screen. Terminal ID An alphanumeric code that identifies a terminal to a download computer.
INDEX A accessories 152 documentation 153 ordering 153 power packs 152 telephone line cord 153 thermal printer paper 153 VeriFone cleaning kit 153 ATR test 169 B back-to-back application downloads checklist for effects on files and settings in the receiving terminal 136 hardware checklist 135 software checklist 135 back-to-back downloads 99, 100 file authentication 115 redirect files during 109 set up environment 118 battery charging 31 C certificates and signature files 110 charging Smart battery 31 clea
I NDEX E effect on existing files and data 117 file authentication 114 file authentication and back-to-back application downloads 115 file authentication and downloading applications to specific file groups 114 file authentication and optimizing available memory space 117 file authentication and timing considerations 116 file authentication process 101 file authentication requirements 110 certificates and signature files 110 file compression 117 file groups 52, 58 file system organization 104 full and par
I NDEX I definition 76 development certificates 86 downloading a certificate 86 downloading sponsor and signer certificates 87 file size 94 hierarchical relationships 76, 85 how they are authenticated 85 in a development terminal 86 main functions 85 platform root certificate 76 signer certificate 77, 89 sponsor certificate 77 file authentication keys customer signer private key 89 how private cryptographic keys are conveyed to customers 76 private cryptographic key 76 public cryptographic key 85 relations
I NDEX N non-protected records 49 descriptions 40 protected records 49 O R operating system downloads 103 optimize memory space 117 optional devices connecting 27 reset date and time 171 N P paper jams troubleshooting 156 paper roll installation 23 paper rolls for thermal printers 23, 156 partial application downloads 102 partial OS download 127 passwords 43, 44 file group 70 manufacturer’s default 68 peripheral devices troubleshooting 156 peripherals troubleshooting 156 PIN pad 171 port pinouts 173
I NDEX U number of resets 171 password 43, 44 service and support 151 using terminal keys 35 verify status 42 terminal features general 17 terminal manager 41 CONFIG.
VeriFone, Inc. 2099 Gateway Place, Suite 600 San Jose, CA, 95110 USA Tel: (800) VeriFone (837-4366) www.verifone.