Software Integrity
Software integrity has several interpretations. For some, integrity is synonymous with security — resilience to hacks and privacy violations. For others, high integrity means that no unauthorized changes have been made to the delivered software.
GK Software implemented different functionalities to ensure a proper software integrity f.e.
- The installation package includes signatures for all Java archives. The signature has been signed with a private software delivery key of GK Software SE. The public key complies at least to a key strength of RSA with 2048 bit.
- When starting the application, the Java Runtime verifies whether all packages are intact and if every single .jar-file has its correct signature in a correspondent .as2-file. If the signature is incorrect or a .jar-file has been manipulated, the application will not run.
- our POS loads their needed *.jar files only on startup. Once the POS is up and running an exchanged *.jar file has no negative impact on the solution.
- *.jar files are checked every time the POS application is started, therefore we recommend an application restart at least every 36hrs or better together each night fully automatically together with the EOD (End of Day) process.
- If one or more *.jar files are exchanged, manipulated or corrupted, the POS application will not start and your on-site staff should contact their support for deeper investigation.