Login
    Contenu x
    AAL2GenUnlockAuthCodeICSF
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2GenUnlockAuthCodeICSF

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2GenUnlockAuthCodeICSF (
                                 TDigipassBlob*   DPData,
                                 TKernelParms*    CallParms,
                                 aat_ascii*       aStorageKeyNameIn,
                                 aat_ascii*        aInitialVectorIn,
                                 aat_int32        UnlockAuthIndex,
                                 aat_ascii*       UnlockAuthCode,
                                 aat_int32*       UnlockAuthCounter);

    Description

    If a user's Digipass authenticator is locked because of wrong PIN entries, the Digipass administrator has to authenticate the user before verifying the Digipass unlock code. This function generates unlock authentication codes, which are used to authenticate the user during a Digipass unlock operation. AAL2AuthorizeUnlock validates the unlock authentication code before generating the unlock code.

    An unlock authentication code is valid only once. After it has been used, a new unlock authentication code needs to be generated. It is possible to generate multiple unlock authentication codes at a time.

    Important notes

    • Unlock authentication codes need to be used in the given sequence. Codes that are skipped will no longer be valid.
    • It is not mandatory to implement the unlock user authentication in the way described. OneSpan proposes this function as an option but the integrator is free to implement other authentication mechanisms. However, OneSpan strongly recommends that you implement a strong authentication process in any unlock scheme.
    • In case of Unlock V2 support, the unlock authentication code generation function must be used with the dedicated Unlock V2 BLOB instead of the Digipass authentication BLOB.

    Parameters

      Table: Parameters (AALGenUnlockAuthCodeICSF)
    TypeNameUseDescription
    TDigipassBlob *DPDataI/Oauthenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
    TKernelParms *CallParmsIStructure of runtime parameters to use during this function call.
    aat_ascii * aStorageKeyNameInIString of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data.
    aat_ascii * aInitialVectorInIString of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
    aat_int32UnlockAuthIndexI

    This parameter contains the unlock authentication index value; possible parameter values range from 0 to 5:

    • 0: current unlock authentication code
    • 1: next unlock authentication code
    • 2: …
    aat_ascii * UnlockAuthCodeOUnlock authentication code. 8 numeric characters which the user needs to provide to the administrator for authentication during a Digipass unlock procedure.
    aat_int32 *UnlockAuthCounterOOptional value. This parameter receives the counter value used to generate the unlock authentication code.

    COBOL calling convention

    Entry point: AA2GUAIC
02   W-BLOB               PIC X(248).
02   W-KERNELPARMS.
     03  W-PARMCOUNT      PIC 9(8) USAGE BINARY.
     03  W-PARM01         PIC 9(8) USAGE BINARY.
     . . .
     03  W-PARM19         PIC 9(8) USAGE BINARY.
02   W-RANDOM-NBR         PIC X(9).
02   W-UNLOCK-AUTHCODE    PIC X(9).
02   W-STORAGEKEY         PIC X(65).
02   W-INITVECTOR         PIC X(17).
02   W-RETURN             PIC S9(8) USAGE BINARY.
02   W-UNLOCK-INDEX       PIC S9(8) USAGE BINARY.
02   W-UNLOCK-COUNTER     PIC S9(8) USAGE BINARY.
02   W-API-NAME            PIC X(8) VALUE 'AA2GUAIC'.
. . .
     CALL W-API-NAME USING
           BY REFERENCE W-BLOB
           BY REFERENCE W-KERNELPARMS
           BY REFERENCE W-STORAGEKEY
           BY REFERENCE W-INITVECTOR
           BY VALUE W-UNLOCK-INDEX
           BY REFERENCE W-UNLOCK-AUTHCODE
           BY REFERENCE W-UNLOCK-COUNTER
           RETURNING W-RETURN

    Return codes

      Table: Return codes (AAL2GenUnlockAuthCodeICSF)
    CodeMeaningCodeMeaning
    0Success812Invalid unlock authentication index
    138Unlock function not supported900Invalid session context handle
    412Invalid checksum (software)908HSM key not found
    413Invalid Base64 format1000Function does not support EMV-CAP
    414Invalid checksum (HSM)1104Virtual token is not a primary token
    510Invalid Digipass data pointer1118Unsupported BLOB
    811Invalid unlock authentication code pointer-1501Memory allocation failed
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle