Manualshelf

User's Manual Part 3

ManualsBrandsVeriFone ManualsElectronicsPoint of Sale Terminal
61626364656667686970
FILE AUTHENTICATION
Introduction to File Authentication
98 OMNI 3600 REFERENCE MANUAL
Special Files Used
in the File
Authentication
Process
The following specially formatted files support the file authentication process:
A digital certificate is a digital, public document used to verify the signature
of a file.
A digital signature is a piece of information based on both the file and the
signers private cryptographic key. The file sender digitally signs the file
using a private key. The file receiver uses a digital certificate to verify the
sender’s digital signature.
Signer private keys (*.key files) are securely conveyed to clients on smart
cards. The secret passwords required by clients to generate signature files,
using signer private keys, are sent as PINs over a separate channel such as
registered mail or encrypted e-mail.
Some files, such as private key files, are encrypted and password-protected for
data security. Others, such as digital certificates and signature files, do not need
to be kept secure to safeguard the overall security of VeriShield.
Within the FILESIGN.EXE tool, you can recognize the special file types that
support the file authentication process by their filename extensions:
All digital certificates are generated and managed by the VeriFone CA, and are
distributed on request to Omni 3600 clients — either internally within VeriFone or
externally to sponsors.
All certificates that are issued by the VeriFone CA for the Omni 3600 platform, and
for any VeriFone platform with the VeriShield security architecture, are
hierarchically related. That is, a lower-level certificate can only be authenticated
under the authority of a higher-level certificate.
The security of the highest-level certificate, called the platform root certificate, is
tightly controlled by VeriFone.
The required cryptographically-related private keys that support the file
authentication process are also generated and distributed by the VeriFone CA.
Certificates Contain Keys That Authenticate Signature Files
Sponsor certificate: Certifies a client’s sponsorship of the terminal. It does
not, however, convey the right to sign and authenticate files. To add flexibility
to the business relationships that are logically secured under the file
authentication process, a second type of certificate is usually required to sign
files.
A sponsor certificate is authenticated under a higher-level system certificate,
called the application partition certificate.
File Type Extension
Signature *.p7s
Private key *.key
Digital certificate *.crt