FILE AUTHENTICATION
Introduction to File Authentication
VX 520 R
EFERENCE GUIDE 85
For non-executable files, it is the application’s responsibility to confirm that all
of the files it uses successfully authenticated on download completion, and
when the application executes the first time following a restart.
Digital Certificates
and the File
Authentication
Process
The file authentication module always processes certificates before it processes
signature files. Digital certificates (*.crt files) generated by the VeriFone CA
have two important functions in the file authentication process:
• They define the rules for file location and usage (for example, the valid file
group, replaceable *.crt files, parent *.crt files, whether child *.crt files
can exist, and so on).
• They convey the public cryptographic keys generated for terminal sponsors
and signers that are the required inputs to the VeriShield File Signing Tool to
verify file signatures.
Hierarchical Relationships Between Certificates
All digital certificates are hierarchically related to one another. Under the rules of
the certificate hierarchy managed by the VeriFone CA, a lower-level certificate
must always be authenticated under the authority of a higher-level certificate. This
rule ensures the overall security of VeriShield.
To manage hierarchical relationships between certificates, certificate data is
stored in terminal memory in a special structure called a certificate tree. New
certificates are authenticated based on data stored in the current certificate tree.
The data from up to 21 individual related certificates (including root, OS, and other
VeriFone-owned certificates) can be stored concurrently in a certificate tree.
This means that a new certificate can only be authenticated under a higher-level
certificate already resident in the terminal’s certificate tree. This requirement can
be met in two ways:
• The higher-level certificate may have already been downloaded to the terminal
in a previous or separate operation.
• The higher-level certificate can be downloaded together with the new
certificate as part of the same data transfer operation.
Because the application is responsible for verifying data files and prompt files, it
is recommended that each application checks the ATTR_NOT_AUTH bit of all
relevant files on restart.
Each successfully authenticated file is also write-protected. That is, the file’s
read-only attribute is set. If the read-only file is removed or if the file is modified in
any way while stored in the terminal, the ATTR_NOT_AUTH bit is automatically set
to 1. If the modified file is an executable, it is no longer allowed to run.
To Next Page
Loading...
Need help?
General
