Manualshelf

User's Manual Part 4

ManualsBrandsVeriFone ManualsElectronicsPoint of Sale Terminal
12345678910
FILE AUTHENTICATION
Introduction to File Authentication
108 OMNI 3600 REFERENCE MANUAL
Add New Certificates
When you add a new certificate file to an Omni 3600 terminal, the file
authentication module detects it by filename extension (*.crt). On restart, the
terminal then attempts to authenticate the certificate under the authority of the
resident higher-level certificate stored in the terminal’s certificate tree or one being
downloaded with the new certificate.
In a batch download containing multiple certificates, each lower-level certificate
must be authenticated under an already-authenticated, higher-level certificate.
Whether or not the data a new certificate contains is added to the terminal’s
certificate tree depends on if it is successfully authenticated. The following points
explain how certificates are processed:
If a new certificate is successfully authenticated, the information it contains is
automatically stored in the terminal’s certificate tree. The corresponding
certificate file (*.crt) is then deleted from that file group’s RAM.
If the relationship between the new certificate and an existing higher-level
certificate cannot be verified, the authentication procedure for the new
certificate fails. In this case, the certificate information is not added to the
certificate tree and the failed certificate file (usually ~400 bytes) is retained in
application memory.
Development Terminals
A development terminal is an Omni 3600 terminal still maintaining the original
factory set of certificates in its certificate tree. This set of certificates includes
several higher-level system certificates and a special client certificate called a
default signer certificate (see Figure 38).
In the development terminal, the level of logical security provided by the file
authentication module is minimal, even though applications must still be signed
and authenticated before they can run on the terminal. In most application
development and test environments, tight security is not required, and the
flexibility offered by the Omni 3600 development terminal is more important.
Deployment Terminals
While the application development process is being completed and while the new
application is being tested on a development terminal, a sponsor can order
specific sponsor and signer certificates from the VeriFone CA to use to logically
secure sponsor and signer privileges when the Omni 3600 terminal is prepared for
deployment.
NOTE
With the factory set of certificates stored in the terminal memory, anyone who has
the Omni 3600 SDK and included file signing tool, FILESIGN.EXE, can generate
valid signature files for downloading and authenticating files on the Omni 3600
platform.