Digital Certificates And The File Authentication Process - VeriFone Vx810 Reference Manual

Hide thumbs Also See for Vx810:

Reference manual (158 pages)

Installation manual (36 pages)

User manual (28 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

ILE

UTHENTICATION

Introduction to File Authentication

NOTE

Digital Certificates

and the File

Authentication

Process

810 R

EFERENCE

For non-executable files, it is the application that will confirm that all of the files

it uses is successfully authenticated on download completion, and when the

application executes the first time following a restart.

Each successfully authenticated file is also write-protected. That is, the file's

read-only attribute is set. If the read-only file is removed or if the file is

modified in any way while stored in the device, the ATTR_NOT_AUTH bit is

automatically set to 1. If the modified file is an executable, it is no longer

allowed to run.

Because the application is responsible for verifying data files and prompt files, it

is recommended that each application check the ATTR_NOT_AUTH bit of all

relevant files on restart.

The file authentication module always processes certificates before it processes

signature files. Digital certificates (*.crt files) generated by the VeriFone CA have

two important functions in the file authentication process:

•

They define the rules for file location and usage (for example, the valid file

group, replaceable *.crt files, parent *.crt files, whether child *.crt files can

exist, and so on).

•

They convey the public cryptographic keys generated for device sponsors and

signers that are the required inputs to the VeriShield File Signing Tool to verify

file signatures.

Hierarchical Relationships Between Certificates

All digital certificates are hierarchically related to one another. Under the rules of

the certificate hierarchy managed by the VeriFone CA, a lower-level certificate

must always be authenticated under the authority of a higher-level certificate. This

rule ensures the overall security of VeriShield.

To manage hierarchical relationships between certificates, certificate data is

stored in device's memory in a special structure called a certificate tree. New

certificates are authenticated based on data stored in the current certificate tree.

The data from up to 21 individual related certificates (including root, OS, and other

VeriFone-owned certificates) can be stored concurrently in a certificate tree.

This means that a new certificate can only be authenticated under a higher-level

certificate already resident in the device's certificate tree. This requirement can be

met in two ways:

•

The higher-level certificate may have already been downloaded onto the

device in a previous or separate operation.

•

The higher-level certificate can be downloaded together with the new

certificate as part of the same data transfer operation.

UIDE

Table of Contents

Digital Certificates And The File Authentication Process - VeriFone Vx810 Reference Manual

Related Manuals for VeriFone Vx810

Related Content for VeriFone Vx810

Table of Contents