FILE AUTHENTICATION
Planning for File Authentication
P200/P400 R
EFERENCE GUIDE 41
The PINpad supports the following download mechanisms:
All content, regardless of download mechanism, is downloaded to /mnt/flash/
install/dl. Content is not usable until it is actually installed by the Secure
Installer. The Secure Installer authenticates all downloaded content and then
installs it. At this point the content becomes usable. For example, the Secure
Installer installs authenticated downloaded application content to the application
user's home directory.
How Signature Files
Authenticate Target
Files
Signature files are downloaded together with their target application files in the
same data transfer operation. When an attempt is made to install an application
executable or data file, a matching signature and certificate must be present. The
operating system compares the application file's signature against the values
stored in the application file's calculated signature.
Determine
Successful
Authentication
All downloaded files must have an associated signature as part of the download
otherwise the installation fails. To ensure a target file successfully authenticated
after a download, confirm that all downloaded files are installed. If an application
file is not successfully authenticated, the operating system does not allow it to
install and run, either following the initial download or on subsequent PINpad
restarts.
Digital Certificates
and the File
Authentication
Process
The file authentication module always processes certificates before it processes
signature files. Digital certificates (*.crt files) generated by the Verifone CA
have two important functions in the file authentication process:
• They define the rules for file location and usage (for example, the valid file
group, replaceable *.crt files, parent *.crt files, whether child
*.crt files can exist, and so on).
• They convey the public cryptographic keys generated for PINpad sponsors
and signers that are the required inputs to the VeriShield File Signing Tool to
verify file signatures.
Download Mechanism Description
Serial Direct Supported over all serial ports (COM1/
COM2/COM3 and USB Serial Gadget
USB/SD Supported over USB memory devices and
micro SD memory
Netloader Verifone proprietary TCP-IP file transfer
NFS Network File System
To Next Page
Loading...
Need help?
General
