FILE AUTHENTICATION
Introduction to File Authentication
86 VX 520 REFERENCE GUIDE
A development set of higher-level certificates is downloaded into each
VX 520 terminal upon manufacture. When you take a new VX 520 terminal out of
its shipping carton, certificate data is already stored in the terminal’s certificate
tree. In this just-out-of-the-box condition, the VX 520 terminal is called a
development terminal.
A sponsor requests a set of digital certificates from the VeriFone CA to establish
sponsor and signer privileges. This set of certificates are then downloaded to the
VX 520 terminal when the terminal is being prepared for deployment. When this
procedure is complete, the VX 520 terminal is called a deployment terminal.
Add New Certificates
When you add a new certificate file to a VX 520 terminal, the file authentication
module detects it by filename extension (*.crt). On restart, the terminal then
attempts to authenticate the certificate under the authority of the resident higher-
level certificate stored in the terminal’s certificate tree or one being downloaded
with the new certificate.
In a batch download containing multiple certificates, each lower-level certificate
must be authenticated under an already-authenticated, higher-level certificate.
Whether or not the data a new certificate contains is added to the terminal’s
certificate tree depends on if it is successfully authenticated. The following points
explain how certificates are processed:
• If a new certificate is successfully authenticated, the information it contains is
automatically stored in the terminal’s certificate tree. The corresponding
certificate file (*.crt) is then deleted from that file group’s RAM.
• If the relationship between the new certificate and an existing higher-level
certificate cannot be verified, the authentication procedure for the new
certificate fails. In this case, the certificate information is not added to the
certificate tree and the failed certificate file (usually ~400 bytes) is retained in
the application memory.
Development Terminals
A development terminal is a VX 520 terminal with a Sponsor and Signer certificate
issued to someone who intends to use the terminal for application development.
An application developer must apply for a Sponsor/Signer certificate to allow
loading an application. (see Figure 30).
In the development terminal, , the level of logical security provided by the file
authentication module is the same as a deployment application. In most
application development and test environments, tight security is not required, and
the flexibility offered by the VX 520 development terminal is more important.
With the factory set of certificates stored in the terminal memory, anyone who
has the VX 520 SDK and VeriShield File Signing Tool can generate valid
signature files for downloading and authenticating files on the VX 520 platform.
To Next Page
Loading...
Need help?
General
