Login
    Contenu x
    AAL2DeriveTokenBlobs
    • 22 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2DeriveTokenBlobs

    • Mis à jour le 22 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2DeriveTokenBlobs (
                                TDigipassBlob   *DPData[8],
                                TKernelParms    *CallParms,
                                aat_int16       *Appl_Count,
                                aat_ascii       *Challenge,
                                aat_ascii       *Derivationcode,
                                 aat_word32      DerivationCodeFormat);,

    Description

    This function derives the Digipass data of a software Digipass authenticator based on the Digipass SDK 4.0 or later for software Digipass authenticators compliant with the standard one-step activation (in the context of single-device licensing (SDL)). Refer to the Authentication Suite Server SDK Product Guide for more information.

    Digipass data derivation is allowed only for applications supporting the feature (Call the AAL2GetTokenProperty function with property DERIVATION_SUPPORTED to check if a authenticator application supports the feature).

    If supported by the software Digipass authenticator, this feature is used to bind a software Digipass authenticator with its hosting device. In this case, during the activation process, the software Digipass authenticator can create a diversifier based on a device’s fingerprint and can provide a derivation code based on the diversifier, an OTP, and an optional challenge.

    AAL2DeriveTokenBlobs allows applying the derivation to the authenticator application BLOBs on the server-side.

    When reactivating the same Digipass authenticator on another device, the Digipass data must be derived again on the server-side using AAL2DeriveTokenBlobs with the new derivation code. The Digipass instance on the old device will not work anymore.

    The derivation code is validated using the first authenticator application BLOB of the authenticator application BLOB table (DPData) input parameter. This first authenticator application BLOB MUST match the authenticator application used for generating the derivation code on the client. This first authenticator application BLOB MUST support either Response-Only or Challenge/Response authentication.

    For example, it means that when the application named AUTH_APP1 is used for generating the derivation code on the client-side, the first authenticator application BLOB must relate to the AUTH_APP1 application.

    Application names are exposed during import process.

    In addition, the derivation will fail if one or more authenticator application BLOB does not support the derivation feature.

    Score-based Digipass

    For Digipass devices that integrate the score-based algorithm, Authentication Suite Server SDK performs a score-based authentication to validate the derivation code. This allows retrieving the Digipass scoring value. Once Authentication Suite Server SDK has successfully validated the BLOBs, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in AAL2DeriveTokenBlobs for more details.

    Parameters

      Table: Parameters (AAL2DeriveTokenBlobs)
    TypeNameUseDescription
    TDigipassBlob * [8]DPDataI/OArray of authenticator application BLOB pointers. Upon return from the function call, these BLOBs must be rewritten to the application database to reflect the changes.
    TKernelParms *CallParmsIStructure of runtime parameters to use during this function call.
    aat_int16Appl_countINumber of applications in the authenticator application BLOB array. (1 to 8)
    aat_ascii *ChallengeI

    String of up to 17 numeric characters, left justified, null-terminated or right padded with spaces. This parameter holds the challenge that may have been proposed to the user to generate the derivation code (if the first authenticator application BLOB is a Challenge/Response application).

    If no challenge is used to generate the derivation code, this parameter must be NULL.

    aat_ascii *DerivationCodeI

    String of up to 27+1 decimal or hexadecimal characters, null-terminated. This is the derivation code generated by the Digipass device.

    This derivation code can contain hexadecimal characters if the OTP response output is hexadecimal.

    aat_word32DerivationCodeFormatIReserved. Must be set to 0.

    Return codes

      Table: Return codes (AAL2DeriveTokenBlobs)
    CodeMeaningCodeMeaning
    0Success1000Function does not support EMV-CAP
    10001Success with context warning*1039Invalid response length with DP algorithm
    10002Success with user warning*1040Invalid host code length with DP algorithm
    10003Success with user & context warning*1103Unlock Version 2 not supported
    10004Success with platform warning*1109Invalid derivation code
    10005Success with platform & context warning*1110Invalid derivation code pointer
    10006Success with platform & user warning*1111Invalid derivation code length
    10007Success with platform & user & context warning*1112Invalid character in derivation code
    1Code not verified1113Derivation code check digit is wrong
    131Missing required challenge1114Invalid derivation code format parameter
    132Unsupported token type1118Unsupported BLOB
    140Challenge corrupted-101Challenge too short
    201Code replay attempt-102Challenge too long
    202Identification error threshold reached-103Challenge check digit wrong
    205Inactive days reached-105Challenge minimum length not allowed
    208Application disabled-106Challenge maximum length not allowed
    412Invalid checksum-107Challenge number wrong
    413Invalid Base64 format-108Challenge character invalid
    510Invalid Digipass data pointer-201Response length out of bounds
    600Invalid Gordian root information-202Response too short
    601Invalid Gordian today information-203Response too long
    602Invalid Gordian tomorrow information-205Response character not decimal
    603Invalid Gordian stimulus information-206Response character not hexadecimal
    807Serial number not equal-207Response character set not specified
    808Invalid application count value-1501Memory allocation failed

    * Specific score-based authentication codes. For more information, refer to Score-based Digipass.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle