User's Manual Part 4

FILE AUTHENTICATION
Introduction to File Authentication
O
MNI 3600 REFERENCE MANUAL 105
Authentication Requirements for Specific File Types
For the purposes of file authentication, executable code files include two file types
that can be recognized by their filename extensions:
Depending on the logical security requirements of specific applications, other
types of files used by an application (that is, non-executable files) also need to be
authenticated:
Data files (*.dat) that contain sensitive customer information or other data that
needs to be secure
Font files (*.vft or *.fon) that may need to be secure to prevent unauthorized
text or messages from being displayed on the terminal screen
Any other type of file used by an application and that the application designer
wishes to logically secure using file authentication requirements
Decide Which Files to Authenticate in a Specific Application
The first step in the file authentication process is to determine which files must be
authenticated for an application to meet its design specifications for logical
security under the VeriShield security architecture.
In most cases, application designers make these decisions based on
specifications provided by the terminal sponsor. Which files to authenticate can be
completely transparent to the person or business entity responsible for signing,
downloading, and authenticating an application prior to deployment.
How (and When) Signature Files Authenticate Their Target Files
Signature files are usually downloaded together with their target application files in
the same data transfer operation. This recommended practice lets you specify
and confirm the logical security status of the Omni 3600 terminal each time you
perform an application download.
When the file authentication module detects a new signature file after a terminal
restart, it locates and attempts to authenticate the target file that corresponds to
the new signature file.
It is not mandatory to always download a signature file at the same time as its
target application file. For example, you can download the corresponding
signature file in a separate operation. A non-authenticated application can reside
in the terminal memory, but is not authenticated or allowed to run on the terminal
until the signature files for the application executable files are processed by the
file authentication module after a subsequent download procedure and terminal
restart.
File Type Extension
Compiled and linked application files *.out
Global function libraries *.lib