Secure Certificate, Securing Process | Ingenico 6500 specs

Chapter 10

Secure Certificate

10.1Overview

This chapter is extracted from the NAR Secure Certificate document, part 0190-00252- 0103, revision 1.03.

The secure certificate file is a descriptor of all of the software components that are necessary to make up one or more applications that are going to be downloaded to the Secure PIN Entry Device, such as the i6500.

Terms used in this chapter are explained in Terminal Architecture on page 69.

10.2Secure Certificate

If the secure Code MACing option is enabled, the downloaded application must provide what is called a “secure certificate file” (certific.txt). This file contains security information for every file and application to be downloaded. It can also indicate which application, code file, or data file needs to be deleted. This certificate is mandatory if Code MACing is enabled.

During the terminal download process, if the downloaded certificate file is valid and the download is successful, SSA will replace the previous copy, if it exists, with the new copy.

The secure certificate file will also be used each time the terminal starts up to authenticate the MAC of the user application’s CFS and DFS if the security option “Terminal Startup Verify MAC Option” is enabled.

The following section describes how the securing process uses the secure certificate and gives practical considerations for application developers.

10.3Securing Process

The securing process can be used during the validation of the application code files and application data files.

The secure certificate will be downloaded into the data file system (DFS) first, along with code files and data files. The secure certificate contains all security-related information, and information about all of the code files and data files in the download package. The securing process is composed of the following steps:

1.The secure certificate is used to validate the complete download of all required download files. If Code MACing is enabled, downloading any file that is not listed in the secure certificate file causes the download to fail.

2.The maintenance application sends a request to SSA to validate the secure certificate file.

100	Chapter 10 Secure Certificate
	Section 10.1 Overview

Image 108

Ingenico 6500 manual Secure Certificate, Securing Process

Contents

Ingenico Page Table of Contents Chapter Supervisor Menu Diagnostic Menu Chapter Secure Certificate 100 Revision History Page Introduction Payment TypesTwo Terminal Models Connectivity About this Manual Conventions Used in this Manual Kits JavaPOS Software Development Kit Unicapt 32 Software Development Kit Accessing the Extended Menu Extended Menu OverviewOverview Navigating the Extended Menu Finding the Current Setting Finding Options in the Extended Menu COM2 Ibmeft NcreftGems Dhcp COM2 COM3COM1 COM2 COM3 USB SAM Extended Menu Overview System Configuration Menu System ConfigChanging the Date and Time YYYY/MM/DD Enable/Disable Beep Tones Changing the Display ContrastChanging the Beep Tones Display Contrast Changing the Beep Length Beep Tone StatusBeep Length Changing the Beep Tones ToneMidtone Setting Backlight to Off When Idle System Configuration Updating BacklightTurning the Backlight On or Off Turning the Backlight On or Off Idle Timeout Idle TimeoutsBacklight System Info Menu Finding Version NumbersSystem Info Versions Checking the Security Information Security InfoSecurity Info Xxxxxxxxx RAM Info RAM Info Viewing All Parameter Values DisplayActionView Parameter Ingnar OFF IbmeftNone ETH Dhcp NONE/AUTO Auto Ingenico 6500 User’s Guide Supervisor Menu Password Changing the Supervisor Menu PasswordSupervisor Menu Application File in Terminal Reading the Application FileSupervisor Menu Erasing the Application File File MenuRead Erase Setting the Key Injection Port Security Setting the Key Index Injecting KeysInject Keys Setting the Application Number Index SelectX Finding the Key Check Value Terminal Keys App SelectAAAAApp Select Finding the Key Check Value Application Keys Application Keys Application KeysAPP1 APP2 Erasing Application Keys Erase App KeysErase App Keys Erase App Keys? System Parameters Injecting a Serial Number Setting the Download Method System Parameters MenuSys Parameters Download Method Selecting the Download Port Download PortDownload Port Port1 Setting Up the Port Selecting the Download Interface TypePortX Setting the Baud Rate Setup PortPort Baud Rate Setting the Data Bits Data BitsData Bits Setting the Stop Bits Set PortStop Bits Stop Bits Setting the Parity ParityParity Defining the LAN Address LAN AddressLAN Address Setting the Retry Count Retry CountRetry Count Setting the Response Timeout Response TMOResponse TMO Setting the Poll Timeout Poll TMOPoll TMO Setting the Turnaround Timeout Turnaround TMOTurnaround TMO Defining the Dhcp Address Port3Port3 Defining the Local IP Address Local IPLocal IP Setting the Local IP Port Number Local IP PortLocal IP Port Defining the Server IP Address Server IP Setting the Server IP Port Number Server IP Port Masking Your IP Address IP Add MaskXXX.XXX.XXX.XXX Setting the Gateway GatewayGateway Updating… Setting the Primary DNS Primary DNSPrimary DNS Setting the Secondary DNS Secondary DNSSecondary DNS Setting the Domain Name Setting Up the Phone Number to DialDial Dial Phone Num Setting Up the Modem Speed Modem Speed Changing the Position of the Host Port or Aux Port Host Port Aux Port Configuring the Host Port Auto Detect Feature Disabling or Enabling the Auto Detect FeatureAuto Detect AD On/Off Setting the Auto Detect Timeout AD TimeoutAD Timeout Setting the Auto Detect Retry Times AD Retry TimesAD Retry Times Editing Parameters Parameter Editor Parameter Name Description Value Data Parlcdcontrast Pareftllevelnum Rescommrecerror Parameter Name Resbdlcfsdwnerror PARCOM1BAUDRATE PARCOM1INTERFACET PARCOM2PARITY PARCOM3BAUDRATE Parethgateway Parapplcomment Diagnostic Menu Testing the Display ContrastDiagnostic Menu Diagnostic Menu Testing the Keypad Testing the BeeperKeypad Keypad Testing the RS232 Connection BeeperRS232 RS232 Testing the RS485 Tailgate Connection Tailgate Testing the USB Port USB Diagnostic Testing the Magnetic Stripe Reader Mag Stripe Reader Testing the Smart Card Reader Smart Card Reader Testing the SAMs Testing the Touch Screen Touch Screen Testing Signature Capture Extended Menu Press , Enter to select Diagnostic MenuDiagnostic Menu Press , Enter to select Signature Capture Signature Capture Testing Pen Calibration Pen Calibration Testing Finger Calibration Finger Calibration SCV Verification Architecture System Architecture Host Connections Terminal Architecture Operating System Maintenance Application System and Security Application Digitizer Transmitting DataUser Application Download File Architecture Key Architecture Sponsor Key KTK Terminal Based KeysKey Name Index Length Description of Key Application Based Keys Special KeysMaster Keys Key Name Description of Key Security Options Session KeysDukpt Keys Wtpk Prompts Authentication Key Options Change Terminal ID OptionPrompt MACing Possible Values Description Code MACing Double-Length Key MAC CalculationPossible Encryption Description Values Visa PED Mode Option Atalla Key Block Protection OptionTerminal Startup Verify MAC Option Financial Key Option Secure Certificate Secure CertificateSecuring Process Ingenico 6500 User’s Guide 101 Secure Certificate Descriptor Sections Secure Certificate MAC Descriptor Section Visa PED Mode Descriptor Section Possible Description Values Application Descriptor Section SHA1+MAC Secure File Descriptor Section 106 Non-Secure File Descriptor Section Applname filename.ext class existence Delete Application Code File Descriptor Section Delete Data File Descriptor SectionDelete Whole Application Descriptor Section Ibmeft Download PrerequisitesPreparation Timing Outline of Download Process Steps Feedback Ingenico 6500 User’s Guide 111 112 Download Errors Error Opening PortHardware settings in the Ingenico 6500 have been changed Communications port is not working Received 3 NAKs or Timeout SendVISAPacket Default Setup Configuration Error Bad ProgCRC Error Configuration Default Value Comm Receive Error Not Enough DFS Space IBM EFT Troubleshooting Card Read Error1EFT Device Not Available EFT Device Not Available During Check Authorization