
Chapter 10
Secure Certificate
10.1Overview
This chapter is extracted from the NAR Secure Certificate document, part
The secure certificate file is a descriptor of all of the software components that are necessary to make up one or more applications that are going to be downloaded to the Secure PIN Entry Device, such as the i6500.
Terms used in this chapter are explained in Terminal Architecture on page 69.
10.2Secure Certificate
If the secure Code MACing option is enabled, the downloaded application must provide what is called a “secure certificate file” (certific.txt). This file contains security information for every file and application to be downloaded. It can also indicate which application, code file, or data file needs to be deleted. This certificate is mandatory if Code MACing is enabled.
During the terminal download process, if the downloaded certificate file is valid and the download is successful, SSA will replace the previous copy, if it exists, with the new copy.
The secure certificate file will also be used each time the terminal starts up to authenticate the MAC of the user application’s CFS and DFS if the security option “Terminal Startup Verify MAC Option” is enabled.
The following section describes how the securing process uses the secure certificate and gives practical considerations for application developers.
10.3Securing Process
The securing process can be used during the validation of the application code files and application data files.
The secure certificate will be downloaded into the data file system (DFS) first, along with code files and data files. The secure certificate contains all
1.The secure certificate is used to validate the complete download of all required download files. If Code MACing is enabled, downloading any file that is not listed in the secure certificate file causes the download to fail.
2.The maintenance application sends a request to SSA to validate the secure certificate file.
100 | Chapter 10 Secure Certificate |
| Section 10.1 Overview |