Specifications

PERFORMING DOWNLOADS
File Authentication Requirements
114 VX 520 REFERENCE GUIDE
File Group
Permissions
This section discusses how file authentication controls who (which business
entity) can store application files in which file groups in the VX 520 file system.
By inserting zero-length SETDRIVE.x and SETGROUP.n files into a download list,
you can specify which drive (x = I: RAM or F: flash) and in which group
(n = 1–15) to store an application file. In addition to this file redirection protocol,
the file authentication module controls which files are allowed, under the authority
of the signer certificate used to sign them, to be stored in which file groups in the
VX 520 file system.
For example, if the terminal owner specifies storing a loyalty application in GID2,
the information is encoded in the sponsor and signer certificates and issued by
the VeriFone CA for that terminal.
Chapter 5 discusses how signer certificates are required inputs to the VeriShield
File Signing Tool when preparing a deployment terminal. Each signature file
generated under that signer certificate contains a logical link that allows the
application to authenticate and run on the terminal only if the signature files and
corresponding target files are downloaded into the target GID.
Although you can store files in any file group simply by selecting the target group
in terminal manager, the files downloaded are not authenticated for the selected
target group unless they are properly signed under the authority of the sponsor
and signer certificates issued for that terminal.
Download an
Operating System
Update Provided by
VeriFone
Because the operating system software for the VX 520 is developed and
controlled by VeriFone for its customers, VeriFone provides the necessary
certificates and signature files to ensure the authenticity and integrity of the
operating system update as part of the download package.
The file authentication procedure for OS downloads is much the same as
application downloads, with the following exceptions:
VeriFone provides all files required for the OS download, including:
The operating system files (such as Q.out, 1.out, and 2.out).
An encrypted list of the new files, called VFI.PED.
A signature file generated by the VeriFone CA under the authority of a
higher-level OS partition sponsor certificate, called VFI.crt. The file
authentication logic on the receiving terminal uses this signature file to
confirm the origin and authenticity of the encrypted list of files, VFI.PED.
The entire OS package must download into Group 1 RAM. If you select a
target group other than Group 1, the operation fails.
NOTE
Operating system files can only be transferred to a VX 520 terminal using a
PC-to-terminal download procedure, either direct or by telephone. OS files
cannot be downloaded to a VX 520 terminal in a back-to-back operation.