P
ERFORMING
D
OWNLOADS
File Authentication Requirements
106
V
X
810 R
EFERENCE
G
UIDE
When the signature file successfully authenticates its target file, it is
automatically moved to the same file system and file group as the target file it
authenticates (that is, if *FA = 1).
The processing routine gives visible and audible indications when a specific
signature file authenticates successfully. The file authentication module does
not halt the process if a signature file fails to authenticate, but continues to the
next step, storing the downloaded files in their final locations in the device file
system.
6
Certificate files and signature files are retained in the SRAM file system until
the file authentication process is complete. These special files are either
deleted or automatically redirected to another file system or file group, as
previously described.
When an application file is authenticated, the operating system sets the file’s
read-only attribute to protect it from being modified while stored in device
memory. This is also true for a signature file retained in device memory. When
a signature file is assigned the read-only attribute, it is no longer detected as a
new signature file by the file authentication module on device restart.
7
When all certificates and signature files are processed and special files are
deleted or redirected as required, the device restarts and the *GO application
executes.
File Group
Permissions
This section discusses how file authentication controls who (which business
entity) can store application files in which file groups in the V
x
810 file system.
By inserting zero-length SETDRIVE.x and SETGROUP.n files into a download list,
you can specify which drive (x = I: SRAM or F: flash ROM) and in which group (n
= 1–15) to store an application file. In addition to this file redirection protocol, the
file authentication module controls which files are allowed, under the authority of
the signer certificate used to sign them, to be stored in which file groups in the
V
x
810 file system.
For example, if the device owner specifies storing a loyalty application in GID2,
the information is encoded in the sponsor and signer certificates and issued by
the VeriFone CA for that device.
Chapter 5
discussed how signer certificates are required inputs to the VeriShield
File Signing Tool when preparing a deployment device. Each signature file
generated under that signer certificate contains a logical link that allows the
application to authenticate and run on the device only if the signature files and
corresponding target files are downloaded onto the target GID.
Although you can store files in any file group simply by selecting the target group
in system mode, the files downloaded are not authenticated for the selected target
group unless they are properly signed under the authority of the sponsor and
signer certificates issued for that device.
Содержание DUET Vx810
Страница 1: ...VeriFone Part Number 24964 Revision B Vx810 Reference Guide ...
Страница 14: ...VX810 OVERVIEW Features and Benefits 14 VX810 REFERENCE GUIDE ...
Страница 90: ...VeriShield File Signing Tool 90 VX810 REFERENCE GUIDE ...
Страница 130: ...PERFORMING DOWNLOADS Back to Back Application Downloads 130 VX810 REFERENCE GUIDE ...
Страница 148: ...Information Messages 148 VX810 REFERENCE GUIDE ...
Страница 150: ...PORT PINOUTS COM Port 150 VX810 REFERENCE GUIDE ...
Страница 158: ...GLOSSARY 158 VX810 REFERENCE GUIDE ...