F
ILE
A
UTHENTICATION
Introduction to File Authentication
V
X
810 R
EFERENCE
G
UIDE
69
Certificates Contain Keys That Authenticate Signature Files
•
A
sponsor certificate
certifies a client’s sponsorship of the device. It does
not, however, convey the right to sign and authenticate files. To add flexibility
to the business relationships that are logically secured under the file
authentication process, a second type of certificate is usually required to sign
files.
A sponsor certificate is authenticated under a higher-level system certificate,
called the application partition certificate.
•
A
signer certificate
certifies the right to sign and authenticate files for devices
belonging to the sponsor.
A signer certificate is authenticated under the authority of a higher-level client
certificate (the sponsor certificate).
The required sponsor and signer certificates must either have been previously
downloaded and authenticated on the device, or they must be downloaded
together with the new signature and target files to authenticate.
Signer Private Keys Are Issued to Secure the File Signing Process
Signer private keys are loaded onto a smart card. This smart card is securely
delivered to the business entity that the device sponsor has authorized to sign,
download, and authenticate applications to run on the sponsor’s device.
The VeriFone CA can also issue additional sets of sponsor and signer certificates,
signer private keys to support multiple sponsors, and multiple signers for a
specific platform.
To establish the logical security of applications to download to a V
x
810, the
designated signer uses the signer private key issued by the VeriFone CA as this is
a required input to the VeriShield File Signing Tool.
A signature file is generated using a signer private key. Successful authentication
depends on whether the signer private key used to sign the target file matches the
signer certificate stored in the device’s certificate tree.
NOTE
Only one sponsor certificate is permitted per device.
NOTE
The signer private keys loaded onto the smart card is the only copy of the private
key.
Содержание DUET Vx810
Страница 1: ...VeriFone Part Number 24964 Revision B Vx810 Reference Guide ...
Страница 14: ...VX810 OVERVIEW Features and Benefits 14 VX810 REFERENCE GUIDE ...
Страница 90: ...VeriShield File Signing Tool 90 VX810 REFERENCE GUIDE ...
Страница 130: ...PERFORMING DOWNLOADS Back to Back Application Downloads 130 VX810 REFERENCE GUIDE ...
Страница 148: ...Information Messages 148 VX810 REFERENCE GUIDE ...
Страница 150: ...PORT PINOUTS COM Port 150 VX810 REFERENCE GUIDE ...
Страница 158: ...GLOSSARY 158 VX810 REFERENCE GUIDE ...