Distribution Server Sync

A Trust1Connector instance can optionally be configured to be managed by a Distribution Service.

For more information about the Distribution Service, please read our guide at

IntroductionT1C-Distribution-Service v3 Guide

Distribution Service Guide

Sync Sequence

Prior to version 3.6.1, the following use cases are performed:

• Sync the CORS values registered

• Sync the Transactions File (use case transactions)

• Sync for SSL Certificate Rotation

• Sync for T1C-API updates

• Sync the generic configuration:

  • DS cycle

Prior to version 3.6.1, the above mentioned sync use cases are executed in separate requests towards the Distribution Service.

From version 3.6.1 all use cases are executed in a single request towards the Distribution Service.

About the 'When' ...

A timer start running at startup to trigger the sync use cases. The timer can be set using the CLI param: ds.cycle (by default set to 8 hours or 28800 seconds).

To avoid a high load of simulateous synchronization, a random intial value is provided at startup preceeding the ds cycle timer configuered.

Sync CORS values registered

When using the Trust1Connector for a new application domain, as a prerequisite, the application domain URI must be registered at the Distribution Service. A business user can login to the DS dashboard, and update the CORS domains for a given application.

Sync Transaction File

A Trust1Connector instance is keeping track of anonymised transaction data. The transactions are related to the following use cases:

• identity reads,

• authentications,

• digital signatures,

• PIN verifications,

• file downloads,

• file uploads,

• file prints

As the Trust1Connector supports 2 business models:

• transaction based model (transaction counter)

• install based model (paper use, 1 user = 1 license/user-device)

From the Distribution Servicer, an application can scope a transaction using labels and/or tags. A label is linked to the registered domain name (aka. x amount of transactions are done in the socpe of application with label "XYZ"). When the application is hosted on the customer/partner side for multiple business customers, and additional TAG can be used to differentiate/scope transactions on a B2B-base (aka. x amount of transactions are done in the scope of application with label "XYZ" for customer "123").

Both fields are used by the Distribution Service when preparing customer billing.

Sync SSL Certificate

When a Trust1Connector instance SSL certificate is almost expired, the Distribution Servcer supports SSL certificate rotation dynamically.

The following diagram depicts the flow briefly.

The outcome of this flow is:

• certificate is still valid, nothing needs to be done

• certificate must be renewed:

  • download certificate

  • update device config

  • restart the T1C-API (without impacting user)

The restart after a certificate renewal does NOT impact the user. This happens silently and no administrator rights are needed