User's Manual Part 4

ManualsBrandsVeriFone ManualsElectronicsPoint of Sale Terminal

FILE AUTHENTICATION

Introduction to File Authentication

MNI 3600 REFERENCE MANUAL 107

Digital Certificates

and the File

Authentication

Process

The file authentication module always processes certificates before it processes

signature files. Digital certificates (*.crt files) generated by the VeriFone CA have

two important functions in the file authentication process:

• They define the rules for file location and usage (for example, the valid file

group, replaceable *.crt files, parent *.crt files, whether child *.crt files can

exist, and so on).

• They convey the public cryptographic keys generated for terminal sponsors

and signers that are the required inputs to the file signing tool, FILESIGN.EXE,

to verify file signatures.

Hierarchical Relationships Between Certificates

All digital certificates are hierarchically related to one another. Under the rules of

the certificate hierarchy managed by the VeriFone CA, a lower-level certificate

must always be authenticated under the authority of a higher-level certificate. This

rule ensures the overall security of VeriShield.

To manage hierarchical relationships between certificates, certificate data is

stored in terminal memory in a special structure called a certificate tree. New

certificates are authenticated based on data stored in the current certificate tree.

The data from up to 21 individual related certificates (including root, OS, and other

VeriFone-owned certificates) can be stored concurrently in a certificate tree.

This means that a new certificate can only be authenticated under a higher-level

certificate already resident in the terminal’s certificate tree. This requirement can

be met in two ways:

• The higher-level certificate may have already been downloaded to the terminal

in a previous or separate operation.

• The higher-level certificate can be downloaded together with the new

certificate as part of the same data transfer operation.

A development set of higher-level certificates is downloaded into each Omni 3600

terminal at manufacture. When you take a new Omni 3600 terminal out of its

shipping carton, certificate data is already stored in the terminal’s certificate tree.

In this just-out-of-the-box condition, the Omni 3600 terminal is called a

development terminal.

Typically, a sponsor requests an additional set of digital certificates from the

VeriFone CA to establish sponsor and signer privileges. This additional set of

certificates are then downloaded to the Omni 3600 terminal when the terminal is

being prepared for deployment. When this procedure is complete, the Omni 3600

terminal is called a deployment terminal.

NOTE

Each successfully authenticated file is also write-protected. That is, the file’s read-

only attribute is set. If the read-only file is removed or if the file is modified in any

way while stored in the terminal, the ATTR_NOT_AUTH bit is automatically set to

1. If the modified file is an executable, it is no longer allowed to run.