Login
    Contenu x
    AAL2AuthorizeUnlockICSF
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2AuthorizeUnlockICSF

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2AuthorizeUnlockICSF(
                               TDigipassBlob*   DPData,
                               TKernelParms*    CallParms,
                               aat_ascii*       aStorageKeyNameIn,
                               aat_ascii*       aInitialVectorIn,
                               aat_ascii*       aUnlockAuthCode,
                               aat_ascii*       RandomNumber,
                               aat_ascii*       UnlockCode);

    Description

    If a user's Digipass authenticator is locked because of wrong PIN entries, the Digipass administrator will be able to unlock this user with this function, which performs the following actions:

    • Validating the unlock authentication code
    • If the unlock authentication code is correct, obtaining the initialized unlock information of the user's Digipass authenticator from the authenticator application BLOB and performing the unlock code calculation.

    This function authenticates the user and generates an unlock code that the user enters into the Digipass authenticator in response to the displayed random number.

    If a Digipass instance has more than one application and an unlock mechanism not based on Unlock V2, AAL2SyncTokenBLOB should be called to synchronize the unlock authentication counter value stored in the different authenticator application BLOBs after a call to AAL2AuthorizeUnlock.

    In case of Unlock V2 support, the Authorize Unlock function must be used with the dedicated Unlock V2 BLOB instead of the Digipass authentication BLOB. The synchronization mentioned above is not applicable in this case.

    Parameters

      Table: Parameters (AAL2AuthorizeUnlockICSF)
    TypeNameUseDescription
    TDigipassBlob *DPDataI/Oauthenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
    TKernelParms *CallParmsIStructure of runtime parameters to use during this function call.
    aat_ascii *aStorageKeyNameInIString of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data.
    aat_ascii *aInitialVectorInIString of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
    aat_ascii *UnlockAuthCodeI

    String of up to 8 numeric characters, null-terminated or padded with spaces. This parameter holds the unlock authentication code that is generated by AAL2GenUnlAuthCode.

    aat_ascii * RandomNumberIString of up to 8 numeric characters, null-terminated or padded with spaces. This parameter holds the random number that is generated and displayed by a Digipass authenticator when it gets locked.
    aat_ascii * UnlockCodeOString of 7 or 8 numeric characters which the user needs to enter into the Digipass authenticator to unlock it.

    COBOL calling convention

    Entry point: AA2AUKIC

02 W-BLOB                PIC X(248).
02 W-KERNELPARMS.
     03 W-PARMCOUNT      PIC 9(8) USAGE BINARY.
     03 W-PARM01         PIC 9(8) USAGE BINARY.
     . . .
     03 W-PARM19         PIC 9(8) USAGE BINARY.
02 W-RANDOM-NBR          PIC X(9).
02 W-UNLOCK-AUTHCODE     PIC X(9).
02 W-RANDOM-NBR          PIC X(9).
02 W-UNLOCK-CODE         PIC X(9).
02 W-STORAGEKEY          PIC X(65).
02 W-INITVECTOR          PIC X(17).
02 W-RETURN              PIC S9(8) USAGE BINARY.
02 W-API-NAME            PIC X(8) VALUE 'AA2AUKIC'.

. . .

CALL W-API-NAME USING
       BY REFERENCE W-BLOB
       BY REFERENCE W-KERNELPARMS
       BY REFERENCE W-STORAGEKEY
       BY REFERENCE W-INITVECTOR
       BY REFERENCE W-UNLOCK-AUTHCODE
       BY REFERENCE W-RANDOM-NBR
       BY REFERENCE W-UNLOCK-CODE
       RETURNING W-RETURN.

    Return codes

      Table: Return codes (AAL2AuthorizeUnlockICSF)
    CodeMeaningCodeMeaning
    0Success813Unlock authentication code is too short
    133Invalid RandomNumber pointer814Unlock authentication code is too long
    134Invalid UnlockCode pointer900Invalid session context handle
    138Unlock function not supported908HSM key not found
    208Application disabled951Invalid HSM key type for HSM decryption
    209Grace period expired1000Function does not support EMV-CAP
    210Allowed use count reached1104Virtual token is not a primary token
    211Virtual token not supported1118Unsupported BLOB
    412Invalid checksum (software)-101Random number too small
    413Invalid Base64 format-102Random number too long
    414Invalid checksum (HSM)-103Random number check digit wrong
    510Invalid Digipass data pointer-104Random number character not decimal
    810Unlock authentication code validation failed-310Invalid reserved parameter
    811Invalid unlock authentication code pointer-1501Memory allocation failed
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle