11 Verifone Ocius Sentinel
This document covers EFTLink Integration with Ocius Sentinel Payment Systems. It should be read in conjunction with the Oracle Retail EFTLink Framework Installation and Configuration Guide.
EFTLink General
This document assumes static EFTLink configuration. When deploying with a POS that supports dynamic configuration, all property settings referred to below should be set on the POS, and not directly into local property files.
System Architecture
EFTLink connects to the Ocius Sentinel application using a proprietary socket protocol. Normally the Ocius Sentinel application, which is configured to run in a screenless state, is installed on the same PC as the POS application.
Note:
This document does not cover the installation of the Ocius Sentinel application itself.
Fileset
In addition to standard EFTLink files:
-
Cores/OciusSentinel/ociussentinelcore.jar
-
ocius.properties
-
ocius_receipt.properties
(only if using XML receipt data, can be auto-deployed, see XML Receipts). -
receipt template files (only if using XML receipt data, can be auto deployed, see XML Receipts).
Language
There are no translation files in ociussentinelcore.jar
Ocius Sentinel is deployed in the UK, so the language set in the EFTLink framework should be English, which is the default.
See the Oracle Retail EFTLink Framework Installation and Configuration Guide, EFTLink General Information section, Translation sub-section.
EftlinkConfig.properties
DisplayLanguage = EN
Core Classname
The following should have been set in EftlinkConfig.properties
by installcore.bat or installcore.sh
EPSCore0 = manito.eft.ocius_sentinel.OciusSentinelCore
Configuration Settings
The core is configured via properties contained in the ocius.properties
file, which is copied from cores/OciusSentinel folder to the root eftlink folder by installcore.bat
or installcore.sh
.
Key Settings
These must be set. Since these two properties must be encrypted by default, see Password Encryption.
Table 11-1 Verifone Ocius Sentinel - Key Settings
Setting | Description | Example |
---|---|---|
user.id |
The user ID to send to the terminal when logging on. The ID is allocated by the Ocius Sentinel and needs to be encrypted for default configuration. |
|
user.pin |
The user PIN to send to the terminal when logging on. The PIN is allocated by the Ocius Sentinel and needs to be encrypted for default configuration. |
|
manager.pin |
The manager PIN to send to the terminal when logging on. The PIN is allocated by the Ocius Sentinel and needs to be encrypted for default configuration. |
|
user.id.iv |
User ID initialization vector, as provided when encrypting User ID. |
|
user.pin.iv |
User pin initialization vector, as provided when encrypting User pin. |
|
Optional Configuration Settings
There are a large number of optional settings that usually do not need to be set or modified, but for completeness they are defined here. In the property file all are commented with default values or empty.
Table 11-2 Verifone Ocius Sentinel - Optional Configuration Settings
Setting | Description | Default |
---|---|---|
ip.address |
The IP address of the Ocius Sentinel software. |
|
ip.port |
The IP port of the terminal. |
|
progress.ip.port |
The progress IP port of the terminal. |
25001 |
ocius.payment.application.on.device |
Identifies whether the providers client is running on the Pin Pad |
false |
crypto.keygenType |
Sets keygen algorithm type. |
AES |
crypto.cipherType |
Sets cipher algorithm type. |
AES/CBC/PKCS5Padding |
crypto.keySize |
Sets size of the key store. |
128 |
crypto.iterations |
Sets number of iterations. |
100000 |
account.id |
The account ID to send with each transaction. This option is used in some deployments, and Verifone would indicate the value to use. |
blank |
account.id.iv |
When used with encrypted account.id, specifies Account ID initialization vector, as provided when encrypting account.id. |
blank |
auto.logon |
If this is set true, then the core will log on to the terminal automatically when it receives a transaction (if the POS has not already sent a logon command). |
|
pause.before.auto.logon |
The number of milliseconds to wait before issuing an automatic logon command to Sentinel. This is to allow for an issue with Sentinel which causes it to occasionally reject or lose messages which are sent too soon after a previous communication. |
|
auto.logon.pause |
The number of milliseconds to wait after an auto logon before sending a transaction. The pause should be for several seconds. |
NA |
merchant.receipt.path |
The folder where Ocius Sentinel is to place the merchant receipt. If undefined (commented or blank value) the file would be expected at the root of the same drive, which is where Ocius Sentinel puts the receipt by default. |
|
merchant.receipt.filename |
The name that Ocius Sentinel will use for the merchant receipt. Default is Receipt1.txt, it can be modified in the Ocius Sentinel application, and if so, the name used should be entered here. |
Receipt1.txt |
customer.receipt.path |
The folder where Ocius Sentinel is to place the customer receipt. This is only relevant if xml. If undefined (commented or blank value) the file would be expected at the root of the same drive, which is where Ocius Sentinel puts the receipt by default. |
|
customer.receipt.filename |
The name that Ocius Sentinel is to use for the customer receipt. Default is Receipt2.txt. This can be modified in the Ocius Sentinel application, and if so, the name used must be entered here. |
Receipt2.txt |
report.path |
The folder where Ocius Sentinel is to place the report file. |
|
report.filename |
The name that Ocius Sentinel is to use for the report file. |
Report.txt |
progress.ip.port |
The port that the core listens on for status messages from Ocius Sentinel. |
|
tear.merchant.receipt.text |
The text to be displayed at the POS when prompting the operator to remove the merchant receipt from the printer. |
Please Tear Merchant Receipt |
tear.customer.receipt.text |
The text to be displayed at the POS when prompting the operator to remove the customer receipt from the printer. |
Please Tear Customer Receipt |
strip.receipt.carriage.returns |
Ocius Sentinel delivers receipts with lines terminated by both carriage return and linefeed characters. If this option is set true, then the carriage return characters will be removed. |
|
max.cashback.length |
The maximum length permitted for a cashback amount. |
|
duplicate.receipt.title |
An extra title to add to the top of a receipt which is reprinted in response to the "Re-print/Continue" message. |
where the \n indicates a linefeed. Leave blank to suppress this title. |
suppress.merchant.receipt |
Whether to suppress printing of the merchant receipt so only a customer copy is provided. |
|
offer.reprint |
Whether to display the "Re-print/Continue" dialogue after printing a receipt. |
|
defer.customer.receipt |
If true, this will cause the customer receipt to be sent as part of the final CardServiceResponse when payment processing is complete. |
|
account.on.file.mode |
This may be set to an integer from 0 to 4 inclusive. Values are defined in the Ocius Sentinel integration guide v1.5 as follows: 0 - Not Set 1 - Do Not Register (the default) 2 - Register 3 - Register Only 4 - Register, decline transaction if registration fails. |
NA |
card.read.mode |
This may be set to 0, 1 or 2 and defines what type of card is to be read when the core receives a card read request: 0 - Non EFT card 1 - EFT card 2 - Automatic based on the EFTLink background flag set by the POS, background=true reads a non-EFT card, otherwise an EFT card is expected (this is the default behaviour for this setting). |
NA |
remove.card.after.read |
If true, this should cause Ocius Sentinel to prompt for the card to be removed after a card read. In practice it has been found that Sentinel ignores this setting. |
NA |
encrypted.passwords |
user.id, user.pin, account.id and transax.account.id must be encryped using the encryption utility. See Password Encryption. |
NA |
auto.confirm.licence.key |
If true (the default), then there will be an automatic response to the LicenceDetailConfirmation status from Ocius Sentinel. |
|
card.wait.mode |
If true the core will send CARDWAIT records, otherwise it will operate in standard mode. |
|
wait.record.header/ wait.record.header.cnp |
This is the header text to display on the PED when it prompts for the card details to be presented. |
The default is for the section to be left blank. |
wait.record.body/wait.record.body.cmp |
This is the body text to display on the PED when it prompts for the card details to be presented. |
The default is for the section to be left blank. |
wait.record.footer/ wait.record.footer.cnp |
This is the footer text to display on the PED when it prompts for the card details to be presented. |
The default is for the section to be left blank. |
wait.record.timeout/ wait.record.timeout.cnp |
This is the time in seconds for the PED to wait for the card details to be presented. |
0 (no timeout) |
wait.record.capture.method s/ wait.record.capture.methods.cnps |
This is a hex bitmap of the capture methods that the PED is to allow. The hex bitmap is comprised of the following hex values:
|
The default is for the core to leave this blank, in which case Sentinel will apply the following default:
|
wait.record.fallback.methods.cnps |
This is a hex bitmap of the fallback methods that the PED is to allow. The hex bitmap is comprised of the following hex values: Fallback from ICC to Swipe = 01 Fallback from Swipe to Key = 02 |
The default is for the core to leave this blank, in which case Sentinel will apply the following default:
|
auto.offline |
If true, the core will automatically instruct Ocius Sentinel to work offline if the remote server is unavailable. |
|
reference |
This setting configures the customer reference generated by the core. It may contain any text except commas, but the following case-sensitive keywords will be substituted with corresponding data: Date: the transaction date provided by the POS in the form YYMMDD Time: the transaction time provided by the POS in the form HHMMSS Transnum: the transaction number provided by the POS User: the operator ID provided by the POS when it logged on to EFTLink Pos: the POS ID provided by the POS when it logged on to EFTLink |
|
simple.cnp.enabled |
For telesales if a card has been keyed via a previous card swipe and customer address capture is not required as part of the subsequent transaction then this setting should be set true. Note: In this mode <CNP>true</CNP> is added to the XML receipt data for telesales. |
|
transax.account.id |
The account ID to use for Transax. When used with encrypted transax.account.id, specifies Transax Account ID initialization vector, as provided when encrypting transaxaccount.id. |
NA |
transax.types.requiring.card |
The Transax transaction types which require card entry at the PED. This may be any combination of the letters A, B, M, O or P without spaces or separators. |
|
transax.declined.operator.message |
If a Transax payment is declined or otherwise fails, this optional setting can be used to provide an acknowledgeable message to bring the failure to the attention of the operator. The default value is blank (no message will be displayed). If required, the value may be static text. For example: transax.declined.operator.message=Transax Payment Void Or it may be used to display one of the fields of a Transax XML receipt. For example. transax.declined.operator.message=<Message> |
|
auto.confirm.auth.code |
If this is set true, then Ocius Sentinel status 20 (Confirm Auth Code) will be answered automatically. |
NA |
voice.referral.amount.text |
This defines the label shown against the transaction amount in the voice referral prompt. If the POS already displays the amount elsewhere on the screen then voice.referral.amount.text may be set to blank to exclude it from the message sent by the core. |
Amount: |
voice.referral.compact.dialogue |
If true, the two stage referral dialogue where the operator must first confirm that the authorization has been accepted before entering the authorization code will be reduced to a single dialogue where the operator may immediately enter an authorization code or blank to cancel. |
false |
signature.verification.reprint.option |
By default the signature verification dialogue offers two options to confirm or reject the signature. If this setting has a value a third option will be displayed which will cause the signature slip to be reprinted. The value should be the text to be displayed, for example Reprint. The default is blank which disables this option. Note: offer.reprint provides a more general purpose reprint mechanism. |
|
defer.void.receipts |
If true then void customer receipts will not be printed immediately but will be embedded in the final response from the core. Applies only in XML mode. |
|
suppress.final.declined.message |
If the POS displays its own declined message on receiving a payment failure response from the core then this setting may be used to suppress any similar display message from the core. |
|
suppress.cnp.signature.receipt |
If true then the signature receipt will be suppressed for telesales transactions when simple.cnp.enabled is true. Applies only for XML based receipts. |
|
auto.translate.status.messages |
Indicates whether the core should translate status messages according to the recommendations in the Ocius Sentinel Integration Guide. If false, then status messages can still be translated. |
|
space.out.status.messages |
Indicates whether status text from Ocius Sentinel should be spaced out for display, for example ExpiryDateRequired becomes Expiry Date Required. |
|
ped.unavailable.retry.pause |
If status message 55 (PEDUnavailable) is received this setting specifies the number of milliseconds to wait before requesting Ocius Sentinel to retry. |
0 |
legacy.printing |
Enables file-based printing if set to true, otherwise socket-based printing will be used. |
|
cancel.card.wait.delay |
When card.wait.mode=true this setting defines the minimum interval in milliseconds between a card swipe request from the POS and a cancellation of the card swipe (abort). This is to allow for a limitation in Ocius Sentinel which cannot cope with the two messages being sent in proximity. The delay is only applied if needed and the default interval is 1000ms. |
|
max.login.ready.wait |
After a processing a login request from the POS this is the maximum time to wait in milliseconds for a Ready status from Ocius Sentinel before returning a login success response to the POS. If this setting is zero, then the wait will be indefinite. |
|
await.ready.after.transaction |
The default behavior for the core is to wait for Ocius Sentinel to complete all necessary actions after a payment including having the customer remove the card from the PED before responding to the POS with the result. To allow the transaction to complete at the POS without waiting for card removal set await.ready.after.transaction=false. |
true |
store.merchant.receipt |
If true, the merchant receipt will not be printed but will be sent to the POS to be stored in an electronic audit journal (where the POS supports this capability). |
|
use.ocius.card.text |
If true EFTLink will use the card scheme name provided by Ocius Sentinel rather than performing a look-up in its Card Range File. |
|
separate.receipt.lines |
If true, the deferred (embedded) customer receipt will be sent as separate lines rather than as a single block of text containing line breaks. This is to cater for POS systems which have a limit to the length of continuous text that they can accept. |
|
auto.logoff |
If the response to a logon request to Ocius Sentinel indicates that a user is already logged in then this setting will cause the core to send a logoff followed by another logon. |
|
deploy.default.templates |
If true, then a default set of receipt templates will be created by EFTLink if they do not already exist in the EFTLink folder at start up. Applies only when XML receipts are in use. |
|
dummy.void.receipts |
If true, then the core will generate a dummy success response and receipt for a payment refund request without any interaction with Ocius Sentinel. |
|
fixed.receipt.merchant.text |
When using Ocius Sentinel's preformatted receipts (as opposed to XML based receipts) this defines the text within the receipt which identifies it as a merchant receipt. |
|
fixed.receipt.customer.text |
When using Ocius Sentinel's preformatted receipts (as opposed to XML based receipts) this defines the text within the receipt which identifies it as a customer receipt. |
|
fixed.receipt.signature.text |
When using Ocius Sentinel's preformatted receipts (as opposed to XML based receipts) this defines the text within the receipt which identifies it as a signature receipt. |
|
fixed.receipt.void.text |
When using Ocius Sentinel's preformatted receipts (as opposed to XML based receipts) this defines the text within the receipt which identifies it as a void receipt. |
|
fixed.receipt.declined.text |
When using Ocius Sentinel's preformatted receipts (as opposed to XML based receipts) this defines the text within the receipt which identifies it as a declined receipt. |
|
download.retry.limit |
As part of the login process Ocius Sentinel may detect and attempt to download a software update. It is possible at this stage for Sentinel to send status 75 (Download Still Being Prepared) in which case this setting defines the number of times to retry the software download. |
|
cancel.download.on.failure |
If a software download fails due to reaching the retry limit, this setting defines whether a download cancellation command should be sent to Ocius Sentinel in order to allow the POS to login and proceed with sales operations. If no cancellation command is sent, then the operator will need to interact with the (Windows) Ocius Sentinel application manually in order to cancel the download or attempt further retries. |
|
ocius.sentinel.exe.path |
After a successful software download Ocius Sentinel will send status 58 (Restart After Software Update) indicating that it needs to be restarted. In response to this the core will send a message instructing Ocius Sentinel to shut down and will then re-launch the application by running an executable file, the location of which is defined by this setting. |
|
ocius.sentinel.restart.pause |
When restarting Ocius Sentinel after a software download this setting defines the delay in milliseconds between instructing Sentinel to shut down and restarting it. |
|
offline.reconnect.retry.limit |
When Ocius Sentinel reports that it is offline from the remote server this setting can be used to configure a number of connection retries. A value of -1 indicates unlimited retries. If a connection still cannot be established after the required number of retries then the auto.offline setting applies. |
|
gift.card.type |
Defines the type of gift card supported by the core where 0 = Park Retail (the default) 1 = SVS Note: The POS may override this setting to specify the gift card type in its request message. |
NA |
report.card.events |
If true, then the core will send DeviceEvent messages to the POS when a card is inserted into or removed from the PED. This is determined from status messages sent to the core by Ocius Sentinel. |
|
print.dcc.quote |
If true, then the core will print a DCC currency conversion quote at the point when the customer is asked to make a DCC decision at the PED. |
|
keystore.name |
The name of the keystore file containing the key for decrypting passwords. Since the keystore file will be created in the cores/OciusSentinel folder, the property can either include the relative path, or the keystore file can be copied to the base EFTLink folder. Example with path keystore.name = cores/OciusSentinel/ocius.keystore Example where the keystore file has been copied to the base EFTLink folder keystore.name = myfile.dat |
|
send.ocius.update.to.pos |
Whether to display the status update from Ocius to the POS or not. |
|
Translating and Suppressing Status Messages
Status messages sent by Ocius Sentinel for display at the POS can
be translated or suppressed by adding entries to ocius.properties
. Each message is identified by a number and the Ocius Sentinel integration
guide lists all the possible messages.
As an example, status message 1 displays the text Enter
Gratuity
. To change this to "Enter Tip" the following entry
can be added to ocius.properties
:
status.1=Enter Tip
To suppress this message, leave the text blank (nothing after the equal sign) as follows:
status.1=
Overriding Other Text Messages
There are several other messages and prompts which are provided by the core itself and these are also configurable. The settings in ocius.properties are listed below with their defaults:
-
confirm.auth.code.prompt=Confirm Transaction?
-
confirm.auth.code.yes.option=Yes - Confirm Txn
-
confirm.auth.code.no.option=No - Decline Txn
-
voice.referral.prompt=Call Auth Centre
-
voice.referral.tel.text=Tel:
-
voice.referral.mid.text=MID:
-
voice.referral.tid.text=TID:
-
voice.referral.amount.text=Amount: £
-
voice.referral.trailing.text=
-
voice.referral.yes.option=Authorise
-
voice.referral.no.option=Abort
-
voice.referral.auth.entry.prompt=Enter Auth Code (or blank to cancel)
-
signature.verification.prompt=Valid Signature?
-
signature.verification.yes.option=Yes - Confirm Txn
-
signature.verification.no.option=No - Decline Txn
-
signature.verification.reprint.option=
-
cashback.prompt=Please enter cashback amount
-
declined.card.removal.prefix.text= Declined –
-
svs.partial.payment.title=PARTIAL PAYMENT ONLY
-
svs.requested.amount.text=Requested £
-
svs.available.amount.text=Available £
-
svs.outstanding.amount.text=Outstanding £
-
svs.partial.payment.yes.option=Continue
-
svs.partial.payment.no.option=Cancel
Positioning Dialogue Options
For POS systems which support this it is possible to specify the position or order of some dialogue options using index numbers. The index should be an integer with value 1 or higher. The maximum index number allowed, and the interpretation of the number will depend upon the implementation at the POS, for example in the case of Retail-J there are 8 button positions available down the right-hand side of the screen so the index numbers would range from 1 to 8.
The following settings are available:
confirm.auth.code.yes.position
confirm.auth.code.no.position
voice.referral.yes.position
voice.referral.no.position
signature.verification.yes.position
signature.verification.no.position
signature.verification.reprint.position
svs.partial.payment.yes.position
svs.partial.payment.no.position
XML Receipts
Ocius Sentinel can supply raw receipt data in XML form rather than as formatted text. The directory path where Ocius writes these files should be setup in Ocius and points to the working directory of EFTLink, example C:\eftlink. There are a considerable number of data fields available in this way (see the latest Ocius Sentinel Integration Guide for a full list). Here is an example of an XML signature receipt received by the core from Sentinel:
<VoucherDetails> <TrainingMode>false</TrainingMode> <ReceiptType>Signature</ReceiptType> <Header>B & Q</Header> <PTID>PW001654</PTID> <TID>04380001</TID> <MID>21249872</MID> <MkTransactionID>1552313</MkTransactionID> <TxnDateTime>2010-12-06 20:40:37.845 CET</TxnDateTime> <CardScheme>Visa</CardScheme> <PAN>*********2222</PAN> <ExpiryDate>12/12</ExpiryDate> <TxnType>Sale</TxnType> <CaptureMethod>SWIPED</CaptureMethod> <CustomerPresent>true</CustomerPresent> <ECommerce>false</ECommerce> <ContAuth>false</ContAuth> <AccountOnFile>false</AccountOnFile> <PinEntered>false</PinEntered> <CreditDebitMessage>Please debit my account</CreditDebitMessage> <CurrencySymbol>£</CurrencySymbol> <CurrencyAbbreviation>GBP</CurrencyAbbreviation> <Amount>1.00</Amount> <Total>1.00</Total> <CVM>Please Sign Below</CVM> <KeepText1>Please Keep This Receipt</KeepText1> <KeepText2>For your Records</KeepText2> <EFTSN>0508</EFTSN> <AuthCode>789DE</AuthCode> <Reference>101206 61 1 1</Reference> <Footer>B & Q</Footer> <GratuityBoxRequired>false</GratuityBoxRequired> <ExtendedReceipt>false</ExtendedReceipt> <DisableCurrencySymbol>false</DisableCurrencySymbol> <AuthOnly>false</AuthOnly> <CardSchemePrintText></CardSchemePrintText> <PrintAttempts>1</PrintAttempts> <ContactlessMSD>false</ContactlessMSD> <TokenRegistrationResult>NotSet</TokenRegistrationResult> <TokenRegistrationOnly>false</TokenRegistrationOnly> </VoucherDetails>
In XML mode the core must be configured to convert the XML data into formatted text receipts. Formatting is achieved using template files in which free text and XML fields can be positioned and left, right or center justified as required. Any number of templates can be created, and you would typically expect to have seven or more, one for each of the merchant, signature, customer, merchant void, customer void, merchant declined and customer declined receipts, and further templates for any extended functionality (for example gift cards).
Below is example of a template file:
Example 11-1 customer_template.txt
<WIDTH=36> <CENTRE>Customer Test Template ------------------------------------ Card Sale<RIGHT><Total> <PAN> ------------------------------------ Card : <CardScheme> Number : <PAN><RIGHT><CaptureMethod> AID : <AID> App Date : <AppEff> Cryptogram : <CID>/<AC> Auth Code : <AuthCode> Merchant ID: <MID> Terminal ID: <TID> ------------------------------------ <CreditDebitMessage> <CENTRE><CVM>
In the template, XML element names are specified in angled brackets like this <CVM> and each will be substituted with the actual value supplied by Sentinel. There are four special directives used for formatting which are:
-
<WIDTH=nn>
This specifies the maximum width of the receipt in columns. -
<CENTRE>
This will center any text which appears after it on the same line. -
<RIGHT>
This will right-justify any text which appears after it on the same line. -
<SUPPRESS>
The receipt will not be printed.
Note:
All the above directives must be uppercase to be recognized.
In order to decide which template to use for a receipt the core
will read a file called ocius_receipt.properties
in
which templates can be selected by looking for one or more values
in the XML data. This file contains entries in the form
template-filename=<XML-element-1>required-value<XML-element-2>required-value
If all of the XML elements listed on the line have the specified value, then that template file will be used. Below is an example file:
Example 11-2 ocius_receipt.properties
template_customer_keyed_swiped.txt=<ReceiptType>Customer<CaptureMethod>SWIPED template_merchant_keyed_swiped.txt=<ReceiptType>Merchant<CaptureMethod>SWIPED template_signature.txt=<ReceiptType>Signature
When looking for a match templates are checked in the order that
they appear in ocius_receipt.properties
. If no matching
template is found, then the core will return the entire XML data in
place of a formatted receipt. If a template appears which does not
specify any XML fields to match on (nothing after the equal sign)
then that template will always be treated as a match.
It is also possible to match partial values using one or more of the flags [PREFIX], [SUFFIX] or [CONTAINS] followed by the partial text to match. For example:
template_customer_contactless.txt= <ReceiptType>Customer<CaptureMethod>[SUFFIX]CONTACTLESS
The above will match when ReceiptType has the fixed value Customer
and CaptureMethod
is any text
followed by CONTACTLESS
.
Keystore
The encryption key must be generated and stored in a keystore. To achieve this, the following steps must be followed:
Password Encryption
Default configuration requires user.id, user.pin and, where used,
account.id and transax.account.id to be encrypted in ocius.properties
.
user.id, user.pin, account.id, transax.account.id, and manager.pin is allocated or configured in the Ocius Sentinel software itself and varies from site to site.
To achieve this, the following steps must be followed:
Windows Operating Systems
To encrypt a password; open a command prompt and change directory to eftlink's location.
-
Type
encrypt.bat –e <keystore name> <properties file> <password>
.For example,
encrypt.bat –e ocius.keystore ocius.properties[
followed by the required password as a final parameter]. -
Password and initialization vector will be outputted to the console.
Copy and paste it to the appropriate property in
ocius.properties
.
To re-encrypt a password (or multiple passwords) with new encryption settings; open a command prompt and change directory to eftlink's location.
-
Type
encrypt.bat –r <keystore name> <properties> <encrypted passwords colon separated> <previous initialization vectors colon separated> <keygen type> <cipher type> <key size> <iterations>.
For example,
encrypt.bat –r ocius.keystore ocius.properties [Encrypted password1: Encrypted password2] [Encrypted password iv1: Encrypted password iv2] AES AES/CBC/PKCS5Padding 128 10000.
-
Re-encryption uses existing crypto settings in the properties file to decrypt the password. Once the password is decrypted, a new keystore file is generated using the new crypto parameters specified at the command line and the new encrypted password / initialization vector is generated.
-
When using AES algorithm with a keysize that is greater than 128, you may get java.security.InvalidKeyException: Illegal key size or default parameters. If so, Additional Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files will need to be downloaded and extracted to
%JAVA_HOME%/jre/lib/security/
Linux Systems
Note:
You may be required to give script file(s) execution rights. This can be accomplish by opening a terminal window and typing:
sudo chmod +x <PathToFile>
for example, sudo chmod +x /opt/eftlink/encrypt.sh
To encrypt a password; open a terminal window and change directory to eftlink's location.
-
Type:
sudo./encrypt.sh -e <keystore name> <properties> <password>.
For example,
sudo ./encrypt.sh -e adyen.keystore adyen.properties [followed by the required password as a final parameter].
-
Password and initialization vector will be outputted to the console.
-
Copy and paste it to
adyen.password
andadyen.password.iv
inadyen.properties
.
To re-encrypt a password with new encryption settings; open a command prompt and change directory to eftlink location.
-
Type:
sudo./encrypt.sh -r <keystore name> <properties> <encrypted password> <previous initialization vector> <keygen type> <cipher type> <key size> <iterations>
.For example,
sudo ./encrypt.sh -r adyen.keystore adyen.properties [Encrypted password] [Encrypted password iv] AES AES/CBC/PKCS5Padding 128 10000.
-
Re-encryption uses existing crypto settings in the properties file to decrypt the password. Once the password is decrypted, a new keystore file is generated using the new crypto parameters specified at the command line and the new encrypted password / initialization vector is generated.
-
When using AES algorithm with a key size that is greater than 128, you may get java.security.InvalidKeyException: Illegal key size or default parameters. If so, Additional Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files will need to be downloaded and extracted to
$JAVA_HOME/jre/lib/security/
Administration Functions
The terminal has some administration/maintenance functions. These can only be invoked from a dedicated EFT Maintenance menu button.
EFTLink uses DeviceProxy messages to display input prompts on the POS to manage these functions.
Table 11-3 Ocius Sentinel - Administration Functions
Function | Description |
---|---|
Customer receipt reprint |
Prints the last customer receipt. |
Supported Functions
The following operations are supported by this implementation of the Ocius Sentinel interface.
Table 11-4 Ocius Sentinel- Supported Functions
Function | Description |
---|---|
Logon |
Sends a PED Logon request to the Ocius Sentinel client. |
Logoff |
Sends a PED Logoff request to the Ocius Sentinel client. |
Payment |
Sends payment request to the terminal. Terminal will return a response message with formatted receipt strings for customer and/or merchant receipts. In an event of referral where authorization cannot be obtained online then a prompt for authorization code will appear; authorization code must be obtained via telephone and entered here. If successful, appropriate receipts will be printed at the end of transaction. |
Refund |
Sends refund request to the terminal. This will refund a transaction with specified amount. |
Card Read |
EFTLink sends a card swipe request to receive data for non-pci cards. The full pan is returned in clear text, unencrypted and without tokenization. PCI cards will return a blank PAN. |
X Reports (reconciliation without closure) |
Print a report showing the sales, returns, voids, and other register activity that occurred on the register from the beginning of a register shift until the present moment. |
Z reports (reconciliation with closure) |
Print a day report and close the current day. Manual alternative to automated reconciliation with closure. |
SVC Payment (VX820 only) |
EFTLink sends a gift or merchandise credit card payment request to the OPI EPS. If there are not enough funds available, only the funds available will be deducted. The POS client will have to settle the transaction with another tender in this scenario. The Transaction Inquiry scenario outlined in the Payment/Payment with Loyalty section also applies to this transaction type. |
SVC Activate (VX820 only) |
EFTLink sends a gift or merchandise credit card activation request to the OPI EPS. The Transaction Inquiry scenario outlined in the Payment/Payment with Loyalty section also applies to this transaction type. |
SVC Add Value (VX820 only) |
EFTLink sends a gift or merchandise credit card add value request to the OPI EPS. This will only add value to an account that has been activated. The Transaction Inquiry scenario outlined in the Payment/Payment with Loyalty section also applies to this transaction type. |
SVC Balance Enquiry (VX820 only) |
EFTLink sends a gift or merchandise credit card balance enquiry request to the OPI EPS. |
SVC Unload (VX820 only) |
EFTLink sends a gift or merchandise credit card cash out request to the OPI EPS. All funds are deducted from the account and the cash back amount is returned to the POS. The account is not deactivated as part of this process. The Transaction Inquiry scenario outlined in the Payment/Payment with Loyalty section also applies to this transaction type. |