FILE AUTHENTICATION
Introduction to File Authentication
V200
C REFERENCE GUIDE 35
A sponsor certificate is authenticated under a higher-level system certificate,
called the application partition certificate.
• Signer certificate: Certifies the right to sign and authenticate files for terminals
belonging to the sponsor.
A signer certificate is authenticated under the authority of a higher-level client
certificate (the sponsor certificate).
The required sponsor and signer certificates must either have been previously
downloaded and authenticated on the terminal, or they must be downloaded
together with the new signature and target files to authenticate correctly.
Signer Private Keys Are Issued to Secure the File Signing Process
Signer private keys are loaded onto a smart card. This smart card is securely
delivered to the business entity that the terminal sponsor has authorized to sign,
download, and authenticate applications to run on the sponsor’s terminal.
The Verifone CA can also issue additional sets of sponsor and signer certificates,
signer private keys to support multiple sponsors, and multiple signers for a
specific platform.
To establish the logical security of applications to download to a terminal, the
designated signer uses the signer private key issued by the Verifone CA as this is
a required input to the VeriShield File Signing Tool. Every signature file contains
information about the signer private key used to sign it.
When a signature file is generated using a signer private key. Successful
authentication depends on whether the signer private key used to sign the target
file matches the signer certificate stored in the terminal’s certificate tree.
How File
Authentication
Works
File authentication consists of three basic processes:
1 Certificate Request: An optimal certificate structure is determined, and the
necessary certificates and keys are created.
2 Development: The file signing software tool creates a signature file for each
application file to authenticate.
3 Deployment: The development and pre-deployment processes, once
complete, are used in combination to prepare a terminal for deployment.
Only one sponsor certificate is permitted per terminal.
To Next Page
Loading...
Need help?
General
