Hapter; File Authentication; Introduction To File Authentication; The Verifone Certificate Authority - VeriFone V200c Reference Manual

C 4

HAPTER

File Authentication

This chapter discusses the following VeriShield file authentication security
architecture, VeriShield file authentication module, and the organizational
infrastructure that supports it.
This chapter also explains how the file authentication process may affect the tasks
normally performed by application programmers, deployers, site administrators, or
entities authorized to download files to a terminal.
Lastly, this chapter explains how to generate the signature files required to
perform downloads and authenticate files on the unit using the file signing utility
(see VeriShield File Signing Tool (FST)).
In Performing Downloads, the topic of file authentication is also discussed in the
context of specific file download procedures.
Introduction to
The unit has a security architecture, called VeriShield, which has both physical
File
and logical components. The logical security component of the VeriShield
Authentication
architecture, which is part of the unit's operating system software, is called file
authentication (FA).
FA is a secured process for authenticating files using digital signatures,
cryptographic keys, and digital certificates. This process makes it possible for the
sponsor of a device to logically secure access to the device by controlling who is
authorized to download application files to that device. It verifies the file's origin,
sender's identity, and integrity of the file's information.
The Verifone To manage the tools and processes related to FA, Verifone has established a
Certificate Authority
centralized Verifone Certificate Authority, or Verifone CA. This agency is
responsible for managing keys and certificates. The Verifone CA uses an
integrated set of software tools to generate and distribute digital certificates and
private cryptographic keys to customers who purchase terminals.
33
V200 R G
C EFERENCE UIDE