EasyManuals Logo

VeriFone VX 520 Reference Guide

VeriFone VX 520
190 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #85 background imageLoading...
Page #85 background image
FILE AUTHENTICATION
Introduction to File Authentication
VX 520 R
EFERENCE GUIDE 85
For non-executable files, it is the application’s responsibility to confirm that all
of the files it uses successfully authenticated on download completion, and
when the application executes the first time following a restart.
Digital Certificates
and the File
Authentication
Process
The file authentication module always processes certificates before it processes
signature files. Digital certificates (*.crt files) generated by the VeriFone CA
have two important functions in the file authentication process:
They define the rules for file location and usage (for example, the valid file
group, replaceable *.crt files, parent *.crt files, whether child *.crt files
can exist, and so on).
They convey the public cryptographic keys generated for terminal sponsors
and signers that are the required inputs to the VeriShield File Signing Tool to
verify file signatures.
Hierarchical Relationships Between Certificates
All digital certificates are hierarchically related to one another. Under the rules of
the certificate hierarchy managed by the VeriFone CA, a lower-level certificate
must always be authenticated under the authority of a higher-level certificate. This
rule ensures the overall security of VeriShield.
To manage hierarchical relationships between certificates, certificate data is
stored in terminal memory in a special structure called a certificate tree. New
certificates are authenticated based on data stored in the current certificate tree.
The data from up to 21 individual related certificates (including root, OS, and other
VeriFone-owned certificates) can be stored concurrently in a certificate tree.
This means that a new certificate can only be authenticated under a higher-level
certificate already resident in the terminal’s certificate tree. This requirement can
be met in two ways:
The higher-level certificate may have already been downloaded to the terminal
in a previous or separate operation.
The higher-level certificate can be downloaded together with the new
certificate as part of the same data transfer operation.
NOTE
Because the application is responsible for verifying data files and prompt files, it
is recommended that each application checks the ATTR_NOT_AUTH bit of all
relevant files on restart.
NOTE
Each successfully authenticated file is also write-protected. That is, the file’s
read-only attribute is set. If the read-only file is removed or if the file is modified in
any way while stored in the terminal, the ATTR_NOT_AUTH bit is automatically set
to 1. If the modified file is an executable, it is no longer allowed to run.

Table of Contents

Other manuals for VeriFone VX 520

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the VeriFone VX 520 and is the answer not in the manual?

VeriFone VX 520 Specifications

General IconGeneral
Processor400 MHz ARM11
Card ReadersMagnetic stripe, EMV chip
Operating Temperature0°C to 50°C (32°F to 122°F)
Display128x64 pixel backlit LCD
ConnectivityDial-up, Ethernet
ContactlessOptional
Printer18 lines per second
SecurityPCI PTS 3.0 approved
Weight500g
Dimensions203 mm x 87 mm x 77 mm (8.0 in x 3.4 in x 3.0 in)

Related product manuals