Specifications

ManualsBrandsVeriFone ManualsBusiness equipmentVX 520

111

112

113

114

115

116

117

118

119

120

PERFORMING DOWNLOADS

File Authentication Requirements

VX 520 R

EFERENCE GUIDE 111

• Application files other than executables (for example, font and data files) may

also require logical security under file authentication. In these cases, each

protected non-executable file also requires a corresponding signature file.

• Digital certificates (*.crt) and signature files (*.p7s) are required to

authenticate both application files and operating system files, which must be

downloaded into the RAM of the target file group.

• Certificate files are deleted from application memory after they are

authenticated. If a certificate is not authenticated, it is retained in terminal

memory.

• If the *FA variable in the CONFIG.SYS file of the target group is set to 1,

signature files are redirected to the same location where the application file it

authenticates is stored. If *FA is 0, signature files are deleted from RAM when

the file authentication process is complete.

File Authentication

Process During an

Application

Download

In the following example of a typical file authentication process, assume the

following:

• An application is being downloaded to prepare a VX 520 deployment terminal

for deployment. That is, a sponsor certificate and a signer certificate download

in batch mode to GID1 RAM of the receiving terminal, together with the

application to authenticate.

• A signature file is generated for each executable that comprises the

application on the download computer using the VeriShield File Signing Tool,

with the signer certificate, signer private key, and signer password as required

inputs. These signature files are also downloaded to the receiving terminal.

In a typical batch application download, file authentication proceeds as follows:

1 All certificate files (*.crt), signature files (*.p7s), and application files

(*.out, *.lib, *.fon, *.vft, *.dat, and so on) download to the VX 520

deployment terminal in batch mode.

2 When the terminal restarts after the download, the file authentication module

searches the RAM-based file system for the following two file types:

• Authenticated certificate files (*.crt) to add to the permanent certificate

tree.

• Signature files (*.p7s) that authenticate corresponding target application

files.

Certificate files and signature files can download into the RAM of any file

group. For this reason, the file authentication module searches through the

entire file system (all file groups) for new files with these filename extensions

each time the terminal restarts.