On This Page
FILTER BY TAG

Automatic Installation of Software and Encryption Keys on the PAX Terminal

A PAX terminal must have the required software installed and encryption keys injected to operate correctly. Terminals are configured to automatically download and install these components through a secure process known as
remote software and key injection
. This automated process enables merchants to perform injections securely at the point of sale, without manual intervention or the need for specialized equipment.
If the terminal shows an
Accessory update required
 error message when software is being installed, see Fix the Accessory Update Required Error on the PAX Terminal.
These types of software and encryption keys are automatically downloaded and installed on the terminal:
Operating system
PAX terminals operate on a preinstalled Android-based operating system known as
PayDroid
. Developed by PAX Technology, PayDroid is a customized version of the standard Android OS, specifically designed to support secure payment applications and services.
Although it shares the core framework of the Android OS, PayDroid includes modifications that enhance security and reliability for payment processing. It supports the installation of third-party applications. However, due to the sensitive nature of payment data, all apps must be approved by PAX before installation on the device.
Acceptance Devices app
The Acceptance Devices app installs only on terminals running the Acceptance Devices | PAX Acceptance Devices App in either Semi-Integrated or Standalone mode.
In Semi-Integrated mode, the app enables communication between the PAX terminal and the integrated POS system by using simple API requests over a local Wi-Fi network or through the cloud. In Standalone mode, the app enables transactions to be initiated directly from the terminal without requiring integration with a POS system.
Payment apps
To read payment card data and process payments, every PAX terminal must have BroadPOS Point-to-Point Encryption (P2PE) installed. BroadPOS P2PE is a payment app developed by PAX that manages card data encryption. It serves as the interface that enables a PAX terminal to perform these functions:
  • Acquire card information
  • Support inserted, tapped, swiped, and keyed entry modes
  • Capture PINs
  • Encrypt the transaction process
All PAX terminals ordered through
Cybersource
 and shipped by its distribution partner automatically include BroadPOS P2PE as part of the provisioning process.
Third-party POS app
This app installs only on devices running the Acceptance Devices | PAX All-in-One Solution. When integrating with the SDK or PAX All-in-One, a third-party POS app that includes the SDK is installed and run directly on the PAX terminal. On a debug device, you can install (or sideload) the app for development and testing by using a USB connection to your laptop. Mac users must use Android File Transfer to sideload applications. For more information about debug devices, see Ordering PAX Terminal Equipment.
Encryption keys
Every terminal running Acceptance Devices solutions is equipped with a set of encryption keys through remote key injection, after the terminal connects to a Wi-Fi network for the first time. The Online PIN key is responsible for encrypting and verifying PIN data in real time. The Secure Reading and Exchange of Data (SRED) key is used to encrypt card data captured at the Point of Interaction (POI). This process ensures P2PE between the terminal and the payment gateway.

Software Installation and Encryption Keys Injection on the PAX Terminal

Before a payment terminal can automatically perform remote software installation and encryption key injection, it must first be activated on the
Cybersource
 platform. To perform these automated processes, the terminal must be connected to the internet using a Wi-Fi or Ethernet connection.
The PAX terminal initiates this automated process to install software and inject encryption keys.
  1. System connection:
     The terminal establishes a secure link to the PAX terminal management system (PAXSTORE) using a Wi-Fi or Ethernet connection.
  2. Download initiation:
     The terminal automatically begins downloading all required software packages and encryption keys.
  3. Activity notification:
     The terminal makes a brief audible signal to indicate the start of the download process.
  4. Progress display:
     The terminal screen displays real-time status messages about the components being downloaded. If the terminal does not emit a sound or display download progress messages, open the PAXSTORE app on the Home screen to verify that the terminal is connected to the PAX terminal management system. You can also manually trigger downloads in the PAXSTORE app.

Fix the
Accessory Update Required
 Error on the PAX Terminal

The
Accessory Update Required
 error appears on the PAX terminal when the installed version of the Android SDK is incompatible with the BroadPOS P2PE version installed on the device.
To resolve this issue, update the terminal to the latest SDK version. If you need help with the update process, contact terminals@cybersource.com.
For more information about software installation, see Automatic Installation of Software and Encryption Keys on the PAX Terminal. For information about BroadPOS device logs, see Accessing Device Logs on a Test or Debug PAX Terminal.
RELATED TO THIS PAGE