Digital Certificates And The File Authentication Process - VeriFone VX 680 Reference Manual

Hide thumbs Also See for VX 680:

Installation manual (66 pages)

User manual (15 pages)

Quick reference manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

Table of Contents

NOTE

Digital Certificates

and the File

Authentication

Process

For non-executable files, it is the application's responsibility to confirm that all

of the files it uses successfully authenticated on download completion, and

when the application executes the first time following a restart.

Because the application is responsible for verifying data files and prompt files, it

is recommended that each application check the ATTR_NOT_AUTH bit of all

relevant files on restart.

Each successfully authenticated file is also write-protected. That is, the file's

read-only attribute is set. If the read-only file is removed or if the file is modified in

any way while stored in the terminal, the ATTR_NOT_AUTH bit is automatically

set to 1. If the modified file is an executable, it is no longer allowed to run.

The file authentication module always processes certificates before it processes

signature files. Digital certificates (*.crt files) generated by the Verifone CA

have two important functions in the file authentication process:

•

They define the rules for file location and usage (for example, the valid file

group, replaceable *.crt files, parent *.crt files, whether child

*.crt files can exist, and so on).

•

They convey the public cryptographic keys generated for terminal sponsors

and signers that are the required inputs to the VeriShield File Signing Tool to

verify file signatures.

Hierarchical Relationships Between Certificates

All digital certificates are hierarchically related to one another. Under the rules of

the certificate hierarchy managed by the Verifone CA, a lower-level certificate

must always be authenticated under the authority of a higher-level certificate. This

rule ensures the overall security of VeriShield Retain.

To manage hierarchical relationships between certificates, certificate data is

stored in terminal memory in a special structure called a certificate tree. New

certificates are authenticated based on data stored in the current certificate tree.

The data from up to 21 individual related certificates (including root, OS, and other

Verifone-owned certificates) can be stored concurrently in a certificate tree.

This means that a new certificate can only be authenticated under a higher-level

certificate already resident in the terminal's certificate tree. This requirement can

be met in two ways:

•

The higher-level certificate may have already been downloaded to the terminal

in a previous or separate operation.

•

The higher-level certificate can be downloaded together with the new

certificate as part of the same data transfer operation.

ILE

UTHENTICATION

Introduction to File Authentication

VX 680 R

EFERENCE

UIDE

Table of Contents

Show Quick Links

Quick Links:
Passwords
System Password

Hide quick links:

Table of Contents

Digital Certificates And The File Authentication Process - VeriFone VX 680 Reference Manual

Hide quick links:

Related Manuals for VeriFone VX 680

Related Content for VeriFone VX 680

Table of Contents