Ingenico 6500 ユーザーズマニュアル
104
Chapter 10 Secure Certificate
Section 10.5 Secure Certificate Descriptor Sections
text entry key are not injected, or if download key is not injected.
The three security options (Visa PED Mode, Prompt MACing, and Code MACing) can only
be turned off through the key injection module.
be turned off through the key injection module.
If the Visa PED mode section indicates to turn Visa PED mode on, but the platform code
files (in the download package or terminal) cannot pass the authentication or cannot find
MAC information in the certificate file, then Visa PED mode cannot turn on and the
download fails.
files (in the download package or terminal) cannot pass the authentication or cannot find
MAC information in the certificate file, then Visa PED mode cannot turn on and the
download fails.
If the Visa PED Mode section indicates to turn Code MACing on, but the platform and
financial application code files (in the download package or terminal) cannot pass the
authentication or cannot find MAC information in the certificate file, Code MACing cannot
turn on and the download fails.
financial application code files (in the download package or terminal) cannot pass the
authentication or cannot find MAC information in the certificate file, Code MACing cannot
turn on and the download fails.
Note: The first line of the file must end with a carriage return and line feed.
The second line is considered to begin at the first character immediately after the
first carriage return and line feed characters of the file.
first carriage return and line feed characters of the file.
10.5.3
Application Descriptor Section
The application descriptor section is an area of the secure certificate file that contains
information pertaining to the application code files.
information pertaining to the application code files.
The section identifier [Appl]<cr><lf> marks the beginning of the application descriptor
section within the file. The section ends before the start of the next section identifier (i.e.,
encountered by <cr><lf>[), or the end of the file.
section within the file. The section ends before the start of the next section identifier (i.e.,
encountered by <cr><lf>[), or the end of the file.
There must be at least one application descriptor; otherwise, the secure validation process
fails. Only the first application descriptor is accepted and parsed within the application
section.
fails. Only the first application descriptor is accepted and parsed within the application
section.
The application descriptor is in the format:
MAC=12345678 applname dstfilename.ext authmethod encrypt
srcfilename.ext
The first field of the application descriptor is the MAC for the application.
MAC= is a text string identifying that the pre-calculated fingerprint follows
12345678 is the Hex ASCII representation of the most significant 4 bytes of the
MAC applied by the securing utility prior to download.
MAC applied by the securing utility prior to download.
applname represents the application name of the application binary being loaded.
For instance: CA2100_IBMEF
For instance: CA2100_IBMEF
dstfilename.ext represents the code file name of the application binary file residing
in the terminal. For instance: WW002G011010
in the terminal. For instance: WW002G011010
authmethod represents the code file authentication method, i.e., the MAC
calculation method that the code file used. Possible values:
calculation method that the code file used. Possible values:
— SHA1+MAC