Filter
Top Products
100 Chapter 10 Secure Certificate
Section 10.1 Overview
Chapter 10
Secure Certificate
10.1 Overview
This chapter is extracted from the NAR Secure Certificate document, part 0190-00252-
0103, revision 1.03.
The secure certificate file is a descriptor of all of the software components that are
necessary to make up one or more applications that are going to be downloaded to the
Secure PIN Entry Device, such as the i6500.
Terms used in this chapter are explained in Terminal Architecture on page 69.
10.2 Secure Certificate
If the secure Code MACing option is enabled, the downloaded application must provide
what is called a “secure certificate file” (certific.txt). This file contains security information for
every file and application to be downloaded. It can also indicate which application, code file,
or data file needs to be deleted. This certificate is mandatory if Code MACing is enabled.
During the terminal download process, if the downloaded certificate file is valid and the
download is successful, SSA will replace the previous copy, if it exists, with the new copy.
The secure certificate file will also be used each time the terminal starts up to authenticate
the MAC of the user application’s CFS and DFS if the security option “Terminal Startup
Verify MAC Option” is enabled.
The following section describes how the securing process uses the secure certificate and
gives practical considerations for application developers.
10.3 Securing Process
The securing process can be used during the validation of the application code files and
application data files.
The secure certificate will be downloaded into the data file system (DFS) first, along with
code files and data files. The secure certificate contains all security-related information, and
information about all of the code files and data files in the download package. The securing
process is composed of the following steps:
1. The secure certificate is used to validate the complete download of all required
download files. If Code MACing is enabled, downloading any file that is not listed in the
secure certificate file causes the download to fail.
2. The maintenance application sends a request to SSA to validate the secure certificate
file.