Expiring Security Certificates and System
Software |
Return to
Overview page
Download PDF |
Several product lines including the T42XX and M42XX were designed by Hypercom using
a cryptographic certificate structure to manage the device and associated system software authenticity. This structure provides
secure payment architecture necessary to comply with PCI requirements.
Each of the cryptographic certificates and system
software signers has an expiry date that was set by Hypercom when the certificate or software signer was created. From our
analysis, it appears that Hypercom initially set the lifetime of some system software components to ten years.
In addition
to the software expirations, each device is loaded with a PED certificate during the manufacturing process with an expiration date.
From 2007 through April 2012, this expiration was ten years from the date of manufacture or repair. Beginning April 2012,
the PED certificate expiration is fifteen years.
Note: If a terminal has gone through a repair, the PED certificate
is reloaded and the PED certificate expiration would be ten or fifteen years from the date of repair depending on when the repair
occurred.
Below are the four separate elements that should be noted: |
| |
1. Boot Software
2. Application Manager
Software
3. Standard Terminal ACL
4. PED Certificate |
Next expiry date, October 19, 2015
Next expiry date, October 19, 2015
October 19, 2015 (All Models and Revisions)
10 years, 2007-March 2012, thereafter 15 years |
Note: Customers that have implemented Term-Lock or App-Lock have a custom
Terminal ACL that will have a later expiration date. If you have implemented Term-Lock or App-Lock and do not know the expiration
of your ACL, please email HypercomCertExpiry@equinoxpayments.com
to request the expiration date of your custom ACL. |
OCTOBER 19, 2015 is the next date some revisions of the T42XX and M42XX terminals
will expire. Please refer to the tables on following pages for a list of hardware and software versions and their corresponding
expiration dates. The Terminal ACL for all models will expire on October 19, 2015. |
Note: The T4100 does NOT have the capability to perform a boot update. The
T4100 is a pre-PCI device and has reached its End-of-Service date as of April 30, 2013. The boot and ACL for the T4100 will expire
on October 19, 2015. It is recommended that these terminals be removed from service prior to October 19, 2015. |
Resolution
Equinox has re-signed the Terminal ACL, a single version of the Boot software for the T/M4200, and multiple versions of the
Application Manager software with an extended expiration date. This re-signed software must then be loaded into all devices to prevent
a failure due to software expiration. The Terminal ACL will be packaged with Application Manager and your application. |
There are no App Manager dependencies on a boot version so only one version is signed
and available for field updates. There are older versions of Application Manager currently listed on the tables below that are not
re-signed. If you require one of these versions to address terminals in the field, please contact your Equinox representative to
request a re-signed version. |
Access Equinox FTP Site
Use the following FTP login credentials
to download the file listed below to your local hard-drive: |
| |
URL address:
Username:
Password:
| https://ftp1.equinoxpayments.com/
Eqxftp
CSS2015$ftp1 |
On the FTP site, locate the specific folder: T4200 and then download the T4200
Boot Signature Upgrade.zip file. This file contains documentation on how to perform the updates. |
Options for Addressing a PED Certificate |
1.
2. |
You may add an Apollo CFD to the T42XX creating a two-piece solution that eliminates
the approaching expiry of both the PED and Application Manager Certificate. The Apollo CFD becomes the secure device with a new PED
Certificate and Application Manager with new expiration dates of 2029, rendering the T42XX as a non-secure merchant facing
device.
Note: The Boot software and Terminal ACL on the T/M4200 must be updated prior to adding the Apollo CFD.
Update the PED Certificate for an additional 15 years. This can be done either at Equinox Payments or at an Authorized Repair
Facility (ARF). Updating the PED Certificate is a non-warranty repair and regular fees will apply. |
Equinox Support
Equinox can provide
direct ship customers with a list of serial numbers and the corresponding Boot and PED certificate expiration dates. If you are
not a direct ship customer and you have a list of serial numbers but do not know what revision they are, you can provide us with
a serial number list and we will provide the hardware revision. |
Equinox offers a variety of alternative cost effective solutions to either replace
or enhance the value of legacy terminals. Please contact an Equinox representative to discuss what products will best fit your
needs. |
Expiration Dates |
T4200 and M4200 Boot Software
The Terminal ACL for all revisions will expire on October 19, 2015 |
| Boot Version
| Expiration Date
| New Expiration Date
|
| 20070627 |
10/19/2015 |
Not Re-signed |
| 20071210 |
10/19/2015 |
Not Re-signed |
| 20090423 |
10/19/2015 |
Not Re-signed |
| 20090709 |
07/20/2019 |
Not Re-signed |
| 20150227 |
N/A |
10/11/2029 |
|
|
T4200 and M4200
Application Manager Software
The Terminal ACL for all revisions will expire on October 19,
2015 |
Application
Manager Revision
| Packaged with these SPOS32 versions
| Expiration Date
| New Expiration
Date
|
| 20080228 |
2.0.68, 2.0.69, 2.1.22, 2.2.18 |
10/19/2015 |
Not Re-signed |
| 20080904 |
2.0.86, 2.0.87, 2.1.28, 2.3.17, 2.3.20 |
10/19/2015 |
Not Re-signed |
| 20090210 |
2.0.94, 2.0.100, 2.0.103 |
10/19/2015 |
Not Re-signed |
| 20090417 |
2.2.23, 2.3.23, 2.3.25, 3.0.61, |
10/19/2015 |
Not Re-signed |
| 20090420 |
2.0.42, 2.0.87, 2.0.94, 2.0.110, 2.0.111, 2.0.112,
2.1.28, 2.2.23, 2.3.25, 2.3.30, 3.0.88, 3.0.92,
3.0.93, 3.1.31 |
10/19/2015 |
10/11/2029 |
| 20090923 |
3.0.90, 3.0.92, 3.0.92.1, 3.0.93, |
07/20/2019 |
10/11/2029 |
| 20100121 |
3.0.101, 3.0.105, 3.1.31, 3.1.64, 3.1.67, 3.1.81,
3.1.81.2, 3.1.84 |
07/20/2019 |
10/11/2029 |
| 20100129 |
3.0.107, 3.1.89, 3.3.49 |
07/20/2019 |
10/11/2029 |
| 20101203 |
2.0.111, 2.1.19, 3.0.93, 3.0.107, 3.0.108, 3.0.110,
3.1.64.3, 3.1.64.4, 3.1.64.5, 3.1.64.6, 3.1.64.8,
3.1.64.12, 3.1.81.2, 3.1.89, 3.1.122, 3.1.125,
3.1.129, 3.1.144, 3.1.162, 3.1.167, 3.1.203,
3.3.60, 3.3.86, 3.3.97, 3.3.99, 3.3.128, 3.3.144,
3.3.159, 3.3.163, 3.3.171 |
07/20/2019 |
10/11/2029 |
| 20101222 |
3.2.23 |
07/20/2019 |
Not Re-signed |
| 20110615 |
3.0.110, 3.1.129, 3.2.26, 3.3.86, 3.3.128, 3.3.144,
3.3.159, 3.3.163, 3.3.171, 3.3.175, 3.3.179 |
07/20/2019 |
10/11/2029 |
| 20121212 |
4.1, 4.0, 3.4, |
12/04/2022 |
10/11/2029 |
|
|
T4200 and M4200
Part Number Revisions and Boot Versions
The Terminal ACL for all revisions will expire on October 19,
2015 |
| Part Number
| Model
| Revs with Boot
Expiration of
10/19/2015
| Revs with Boot
Expiration of
07/20/2019
| |
Part Number
| Model
| Revs with Boot
Expiration of
10/19/2015
| Revs with Boot
Expiration of
07/20/2019
|
| 010332-016R |
T4230 |
A - ZPD |
ZPE - ZYR |
|
010332-389E |
T4220 |
N/A |
A - D |
| 010332-025R |
T4230 |
A - ZSD |
ZSE - ZYR |
|
010332-407R |
T4210 |
A - Y |
Z - Z1 |
| 010332-306R |
T4210 |
A - ZVD |
ZVE - ZYS |
|
010332-412R |
T4220 |
A - Y |
Z - Z1 |
| 010332-307R |
T4210 |
A - ZR1 |
N/A |
|
010341-001R |
M4230 |
A - ZAB |
ZAC - ZHS |
| 010332-311R |
T4220 |
A - ZUD |
ZUE - ZYS |
|
010341-005R |
M4240 |
A - ZKD |
ZKE - ZZL |
| 010332-312R |
T4220 |
A - ZQ1 |
N/A |
|
010341-007R |
M4230 |
A - ZFF |
ZFG - ZHS |
| 010332-348R |
T4210 |
A - ZKE |
N/A |
|
010341-012R |
M4240 |
A - Y |
Z - ZHM |
| 010332-349R |
T4220 |
A - ZKE |
N/A |
|
010341-019R |
M4230 |
A - S |
T - ZHJ |
| 010332-350R |
T4210 |
A - ZJB |
N/A |
|
010341-024R |
M4230 |
A - Q |
R - ZHS |
| 010332-351R |
T4210 |
A - ZHD |
ZHE - ZYS |
|
010341-038E |
M4230 |
N/A |
A - ZHS |
| 010332-352R |
T4220 |
A - ZHD |
ZHE - ZYS |
|
010341-039E |
M4240 |
N/A |
A - G |
| 010332-353R |
T4220 |
A - ZME |
N/A |
|
010344-001R |
M4205 |
A - Z |
ZAA - ZBJ |
| 010332-358R |
T4210 |
A - ZFD |
ZFE - ZYS |
|
010344-003R |
M4205 |
A - ZBA |
ZBB - ZBV |
| 010332-359R |
T4220 |
A - ZFD |
ZFE - ZYS |
|
010344-006R |
M4205 |
A - Z |
ZAA - ZAE |
| 010332-363R |
T4210 |
A - S |
T - ZYE |
|
010344-007R |
M4205 |
A - ZAA |
ZAB - ZBV |
| 010332-371R |
T4210 |
A - T |
U - ZYK |
|
010344-008R |
M4205 |
A - ZAA |
ZAB - ZBV |
| 010332-372R |
T4220 |
A - T |
U - ZYS |
|
010344-017R |
M4205 |
A - C |
D - ZBV |
| 010332-373E |
T4210 |
N/A |
A - ZYR |
|
010344-018R |
M4205 |
N/A |
A - L |
| 010332-374E |
T4220 |
N/A |
A - ZYR |
|
|
|
|
|
|
|
Frequently Asked Questions |
| This section provides answers to commonly asked questions. |
| Q. |
Is it required to perform the boot update &
reloading of Application Manager & ACL in two separate steps? |
| A. |
Yes, the process described in this guide is
the recommended and most reliable way to perform the updates. |
| Q. |
Is the Terminal pad in a
non-functional state after applying the boot update? |
| A. |
No, the terminal will be
fully functional after the boot update is complete. |
| Q. |
How do I know if the boot update was successful?
|
| A. |
At the end of the update, the new boot version
is displayed. You can also perform a version check to verify the boot
version. |
| Q. |
Is there anything that tells
us the ACL update actually applied? |
| A. |
There is no version number for
the ACL and no way to check the validity date. The only indicator is the confirmation
of a
successful download. |
| Q. |
What is the terminal behavior when the Boot
expires? |
| A. |
When the terminal is rebooted after the expiry of
the boot, the terminal will be non-functional. The screen will be
blank and it will emit
three beeps. In this condition, the terminal can only be restored to normal operation by the
Equinox repair facility. |
| Q. |
What is the terminal behavior
when the ACL expires? |
| A. |
When the terminal is rebooted
after the expiry of the ACL, the terminal will be unable to launch applications. When
attempting to launch an application, the terminal will display Err Sec: Sign App Required and
return to the
desktop. The terminal can still perform a download so once the updated
ACL is loaded, the terminal will return to
normal operation. |
| Q. |
Will I have to reload my encryption keys after
these updates are complete? |
| A. |
No, these updates have no impact on keys that
are in the terminal. |
| Q. |
What is the expiry date of
the boot that is being loaded during this process? |
| A. |
The 20150227 boot version for
the T4200 and M4200 terminals has an expiry date of October 11, 2029. |
| Q. |
Can the PED certificate be updated remotely with
a download? |
| A. |
No, the only option for a PED certificate update
is sending the terminal for repair. |
| Q. |
Can the T4100 be updated with
boot app manager and ACL? |
| A. |
No. The T4100 does NOT have
the capability to perform a boot update. The T4100 is a pre-PCI device and has
reached its
End-of-Service date as of April 30, 2013. The boot and ACL for the T4100 will expire on October 19,
2015. |
| Q. |
Can the PED certificate be updated remotely with a
download? |
| A. |
No, the only option for a PED certificate update
is sending the terminal for repair. |
| Q. |
Do these expirations affect the
Apollo product line? |
| A. |
No, there are no imminent software
or certificate expirations for the Apollo product line. All of the software and
certificates
for the Apollo product line have an expiry date in 2037. |
|
|
Contact Us |
| If you have any questions, please contact your Equinox Payments Customer
Support Specialist directly or use any of the methods below: |
| |
Email:
Phone:
| HypercomCertExpiry@equinoxpayments.com
1.877.497.3726 |
Note: For any communication method used, please leave your Name,
Phone Number, Email Address and specific Reason for contacting us. |