User's Manual
Table Of Contents
- VX 675
- Contents
- Preface
- Terminal Overview
- Terminal Setup
- Selecting Terminal Location
- Unpacking the Shipping Carton
- Examining Terminal Features
- Examining Connection Ports
- Installing the Paper Roll
- Installing the SIM Card
- Installing the SD Card
- Using the Battery
- Battery Behavior (No Power Pack)
- Connecting the Terminal Power Pack
- Charging the Battery
- Using the VX 675 Base Stations
- Powering Up the Base
- Docking the Terminal on the Base
- Undocking the Terminal from the Base
- Conducting Wireless Transactions
- Conducting Smart Card Transactions
- Using the Magnetic Card Reader
- Connecting to USB Host
- VX 675 ECR (Fiscal Module) Support
- VX 675 3G and GPS Support
- Using the Terminal Keys
- Verix Terminal Manager
- File Authentication
- Performing Downloads
- Downloads and Uploads
- Download Methods
- Download Tools
- Download Content
- Full and Partial Downloads
- Support for Multiple Applications
- Use of I: drive and F: drive
- File Authentication Requirements
- Required Certificates and Signature Files
- The File Authentication Process During an Application Download
- File Group Permissions
- Download an Operating System Update Provided by VeriFone
- File Authentication for Back-to-Back Application Downloads
- Timing Considerations Due to the Authentication Process
- Support for File Compression
- Effect of Downloads on Existing Files and Data
- Direct Operating System Downloads
- Back-to-Back Application Downloads
- Specifications
- Maintenance
- VeriFone Service and Support
- System Messages
- Troubleshooting Guidelines
- Port Pinouts
- ASCII Table
- VX 675 Battery Information
- Glossary
- Application ID
- Application program
- Application prompt
- ASCII
- Back-to-back application download
- Baud
- Bit
- Block
- Boot loader
- Buffer
- Byte
- Calendar/clock chip
- Card reader
- Carrier
- Certificate
- Character
- CONFIG.SYS file
- CPU
- Data
- Data entry
- Data packet
- Default
- Delete
- Diagnostics
- Direct download
- Display
- Download
- File authentication
- Firmware
- Fixed prompt
- Flash memory
- Host computer
- Input
- Interface
- Keyed file character set
- Keyed file editor
- Keyed file record
- Keypad
- Local functions
- Manual transaction
- Memory
- Messages
- Non-volatile memory
- Normal Mode
- Packet
- Packet-switched networks
- Parameter
- Password
- PC
- Peripheral terminal
- Port
- POS terminal
- Power pack
- Prompt
- Protocol
- PTID
- RAM
- Remote host computer
- Scroll
- Search key
- Serial port
- Signature file
- mDRAM
- Subroutine
- Swipe
- Verix Terminal Manager
- Verix Terminal Manager password
- Terminal
- Terminal ID
- Terminal-to-terminal application upload
- Track 1, 2, or 3 data
- Transaction
- Variable
- Volatile memory
- Index
- Contact VeriFone
FILE AUTHENTICATION
Introduction to File Authentication
VX 675 R
EFERENCE GUIDE 85
For non-executable files, it is the application’s responsibility to confirm that all
of the files it uses successfully authenticated on download completion, and
when the application executes the first time following a restart.
Digital Certificates
and the File
Authentication
Process
The file authentication module always processes certificates before it processes
signature files. Digital certificates (*.crt files) generated by the VeriFone CA
have two important functions in the file authentication process:
• They define the rules for file location and usage (for example, the valid file
group, replaceable *.crt files, parent *.crt files, whether child
*.crt files can exist, and so on).
• They convey the public cryptographic keys generated for terminal sponsors
and signers that are the required inputs to the VeriShield File Signing Tool to
verify file signatures.
Hierarchical Relationships Between Certificates
All digital certificates are hierarchically related to one another. Under the rules of
the certificate hierarchy managed by the VeriFone CA, a lower-level certificate
must always be authenticated under the authority of a higher-level certificate. This
rule ensures the overall security of VeriShield Retain.
To manage hierarchical relationships between certificates, certificate data is
stored in terminal memory in a special structure called a certificate tree. New
certificates are authenticated based on data stored in the current certificate tree.
The data from up to 21 individual related certificates (including root, OS, and other
VeriFone-owned certificates) can be stored concurrently in a certificate tree.
This means that a new certificate can only be authenticated under a higher-level
certificate already resident in the terminal’s certificate tree. This requirement can
be met in two ways:
• The higher-level certificate may have already been downloaded to the terminal
in a previous or separate operation.
• The higher-level certificate can be downloaded together with the new
certificate as part of the same data transfer operation.
NOTE
Because the application is responsible for verifying data files and prompt files, it
is recommended that each application check the ATTR_NOT_AUTH bit of all
relevant files on restart.
NOTE
Each successfully authenticated file is also write-protected. That is, the file’s
read-only attribute is set. If the read-only file is removed or if the file is modified in
any way while stored in the terminal, the ATTR_NOT_AUTH bit is automatically set
to 1. If the modified file is an executable, it is no longer allowed to run.