Terminal Registration
Introduction
This document describes the terminal registration and configuration process for EP2 Terminals.
Initial state
Terminals should have the following data already installed to the terminal in the factory:
- Sfey Root CA Certificate — used for issuing Sfey Service Center EP2
<TLS Root Certificate SC Primary>, EP2<TLS Root Certificate SC Secondary>and Device Key Signing Certificate (DKSK-CERT).
Process flow
The terminal configuration process works as follows:
- Terminals should be described in the Sfey TMS. The following information should be provided:
- Service Center Registration endpoint URL
- Terminals should be manually described in the Sfey Service Center. The following information should be provided:
- Device type
- Device serial number
- EP2
<Terminal Identification>
- The terminal uses the SC Device API registration endpoint of the
Service Center to register itself. The following information should be provided in the request:
- Device type
- Device serial number
- Key Encryption Certificate (
DKEK-CERT) chain (FEIG certificateTerminal Key Encryption Key X.509 certificate)
- The terminal receives a registration response from the Service Center. The following information will be returned:
- Device Key Signing Certificate (
DKSK-CERT) chain (used by Service Center for signing the EP2<Component Secret>and<Service Center Public Key>) - EP2
<Communication Addr Service Center Config> - EP2
<Service Center Identifier> - EP2
<Terminal Identification> - EP2
<Timeout Service Center Config Srv Req> - EP2
<TLS Root Certificate SC Primary> - EP2
<TLS Root Certificate SC Secondary> - EP2
<Component Secret> - EP2
<Service Center Public Key Index> - EP2
<Service Center Public Key>
- Device Key Signing Certificate (
- The terminal uses the EP2 SI-Config interface of the Service Center to request the EP2 Terminal Configuration Data (TCD). See the EP2 Terminal Specification, Use Case: Get Configuration Data.
- The terminal uses the EP2 SI-Init interface of the Acquirer to request EP2 Init Data. See the EP2 Terminal Specification, Use Case: Get Initialisation Data.
EP2 Basic Parameters
Terminal gets the EP2 Basic Parameters from the SC Device API registration endpoint as follows:
| Basic Parameter | Response field | Comments |
|---|---|---|
<Terminal Identification> | $.terminalId | |
<Communication Addr Service Center Config> | $.tms.configAddress | |
<Service Center Identifier> | $.tms.id | |
<Timeout Service Center Config Srv Req> | $.tms.configTimeout | |
<TLS Root Certificate SC Primary> | $.deviceKeys[?(@.keyTypeName == 'SC_ROOT_CERT')][0].keyData | In X.509 DER format, see Device Keys |
<TLS Root Certificate SC Secondary> | $.deviceKeys[?(@.keyTypeName == 'SC_ROOT_CERT')][1].keyData | In X.509 DER format, see Device Keys |
<Component Secret> | $.deviceKeys[?(@.keyTypeName == 'TERM_EP2_SECRET')].keyData | In TR-34 format, see Device Keys |
<Service Center Public Key Index> | $.deviceKeys[?(@.keyTypeName == 'SC_EP2_PUBKEY')].keyData | In TR-34 format, see Device Keys |
<Service Center Public Key> | $.deviceKeys[?(@.keyTypeName == 'SC_EP2_PUBKEY')].keyData | In TR-34 format, see Device Keys |
<TLS Client Certificate Trm> | - | Not returned, SC doesn't support terminal client certificates |
- in
TR-34format, signed with theDevice Key Signing Key Private Key(DKSK-PRIV) and encrypted with theDevice Key Encryption Key Public Key(DKEK-PUB)