AAL2GetTokenProperty

Mis à jour le 22 Jan 2025
4 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype

aat_int32 AAL2GetTokenProperty (
                           TDigipassBlob*      DPData,
                            TKernelParms*       CallParms,
                            aat_int32          Property,
                            aat_ascii*          Value);

Description

This function can be used to obtain the value of the properties listed in Table: List of properties for AAL2GetTokenProperty.

Table: List of properties for AAL2GetTokenProperty
Information	Property	Size	Description
Authenticator model	TOKEN_MODEL	5+1	5 characters, Digipass 300, Digipass 700 etc.
Usage count	USE_COUNT	6+1	6 digits, 000000 to 999999 (returned value capped to 999999 in case the authenticator is used more often than 999999 times)
Last time used	LAST_TIME_USED	24+1	24 characters Ddd Mmm DD HH:MM:SS YYYY
Last time shift	LAST_TIME_SHIFT	Up to 11+1	Up to 11 signed digits, +/- seconds
Is time based algorithm?	TIME_BASED_ALGO	3+1	3 characters, YES/NO
Is event based algorithm?	EVENT_BASED_ALGO	3+1	3 characters, YES/NO
Is static PIN supported?	PIN_SUPPORTED	3+1	3 characters, YES/NO. Indicates whether the static PIN is supported.
Is unlock supported?	UNLOCK_SUPPORTED	3+1	3 characters, YES/NO
Is PIN change mode ON?	PIN_CH_ON	3+1	3 characters, YES/NO
PIN length	PIN_LEN	2+1	2 digits, 00 to 08. Current static PIN length.
PIN minimum length	PIN_MIN_LEN	2+1	2 digits, 00 to 08. Static PIN minimum length.
Is PIN feature enabled?	PIN_ENABLED	3+1	3 characters, YES/NO. Indicates whether the PIN is enabled.
Is PIN change forced?	PIN_CH_FORCED	3+1	3 characters, YES/NO. Indicates whether the PIN has to be changed at the next logon attempt.
Virtual authenticator type	VIRTUAL_TOKEN_TYPE	7+1	Up to 8 characters. The following options are available: BACKUP PRIMARY NA Type of virtual authenticator.
Virtual authenticator grace period	VIRTUAL_TOKEN_GRACE_PERIOD	24+1	24 characters Ddd Mmm DD HH:MM:SS YYYY. Expiration date of the virtual authenticator's grace period.
Virtual authenticator remain use	VIRTUAL_TOKEN_REMAIN_USE	3+1	3 digits, 000 to 255. Remaining uses of virtual authenticator.
Last response type	LAST_RESPONSE_TYPE	8+1	Up to 8 characters. The following options are available: BACKUP PRIMARY NA Last valid response type.
Error count	ERROR_COUNT	6+1	6 digits, 000000 to 032767. Error counter value. (Returned value capped to 032767 in case more than 032767 failed validations occur.)
Event value	EVENT_VALUE	10+1	10 digits, 0000000000 to 4294967294. For event-based algorithms, the current event value stored in the authenticator application BLOB. This is the greatest event value received for a valid verification, which is not necessarily the latest valid verification performed (fora non-sequential signature presentation). .
Last event value	LAST_EVENT_VALUE	10+1	10 digits, 0000000000 to 4294967294 For event-based algorithms, the event value from the last valid verification (used for a non-sequential signature presentation).
Is synchronization window used?	SYNC_WINDOWS	3+1	3 characters, YES/NO.Indicates whether the initial synchronization window will be used to perform the next validation for this Digipass instance.
Is primary authenticator enabled?	PRIMARY_TOKEN_ENABLED	3+1	3 characters, YES/NO
Is virtual authenticator supported?	VIRTUAL_TOKEN_SUPPORTED	3+1	3 characters, YES/NO
Is virtual authenticator enabled?	VIRTUAL_TOKEN_ENABLED	3+1	3 characters, YES/NO
Codeword value	CODE_WORD	8+1	8 characters, 00000000 to FFFFFFFF. Application codeword.
Authentication mode	AUTH_MODE	2+1	2 characters Possible values: RO for Response-Only application SG for signature application CR for Challenge/Responseapplication MM for multi-mode application UL for Unlock V2 application
OATH Challenge/Response authentication suite	OCRA_SUITE	40+1	String of up to 40 characters containing the operating mode for the OCRA algorithm. Algorithm:CryptoFunction:DataInput NA for non-OCRA authenticator; e.g. OCRA-1:HOTP-SHA1-6:C-QN08-T32S: OCRA version 1 HMAC SHA1 crypto function with truncation of a 6-digit value for the OTP Counter- and time-based with 8-byte numeric challenge and time-step of 32 seconds
Does application support derivation?	DERIVATION_SUPPORTED	3+1	3 characters, YES/NO Indicates if the derivation is supported or not for the authenticator application. The Derivation feature is available (but optional) for software Digipass authenticators based on Digipass SDK 4.0 or higher.
Maximum dataFields number	MAX_DTF_NUMBER	2+1	2 digits, 00 to 08. Maximum number of data fields that are supported by the application.
Datafield 1 minimum length	DTF1_MIN_LEN	2+1	2 digits, 00 to 16. Minimum length configured for data field 1, excluding the checksum check digit, if any.
Datafield 1 maximum length	DTF1_MAX_LEN	2+1	2 digits, 00 to 16. Minimum length configured for data field 1, excluding the checksum check digit, if any.
Does Datafield 1 use a check digit?	DTF1_CHK	3+1	3 characters, YES/NO. Indicates if data field 1 uses a checksum check digit. If any, the data field 1 input will have to be between dtf1 min len +1 and dtf1 max len +1.
Datafield 2 to 8 minimum length	From DTF2_MIN_LEN To DTF8_MIN_LEN	2+1	2 digits, 00 to 16. Identical to the property DTF1_MIN_LEN, but related to data fields 2 to 8.
Datafield 2 to 8 maximum length	From DTF2_CHK To DTF8_CHK	2+1	2 digits, 00 to 16. Identical to the property DTF1_MAX_LEN, but related to data fields 2 to 8.
Do Datafield 2 to 8 use a check digit?	From DTF2_CHK To DTF8_CHK	3+1	3 characters, YES/NO. Identical to the property DTF1_CHK, but related to data fields 2 to 8.
Response length	RESPONSE_LEN	2+1	2 digits, 00 to 16. Length of the response configured for the application, excluding the response checksum check digit, if any, and excluding the static PIN, if any.
Response format	RESPONSE_FORMAT	16+1	Up to 16 characters. The response format can be HEX, DEC1 or DEC2 (hexadecimal, Decimal1 or Decimal2).
If Response Check supported?	RESPONSE_CHK	3+1	3 characters, YES/NO. Indicates if the response configured for the application uses a checksum check digit. If any, the OTP or signature for this application will have a length of response length +1.
Time Step	TIME_STEP	6+1	6 digits to 000000 to 262144. Decimal value of the time step in seconds for time-based applications.
If Triple DES algorithm is used?	TRIPLE_DES_USED	3+1	3 characters, YES/NO. Indicates if the application uses the 3DES algorithm.
Does application support Secure Channel message signature?	SECURE_CHANNEL_MSG_SIG_SUPPORTED	3+1	3 characters, YES/NO. Indicates if the Secure Channel message signature validation is supported for the authenticator application.
Does application support offline data block generation?	OFFLINE_AUTHENTICATION_SUPPORTED	3+1	3 characters, YES/NO. Indicates if the offline data block generation (for offline authentication with the Authentication Suite Server SDK Offline Module) is supported by an authenticator application.

Parameters

Table: Parameters (AAL2GetTokenProperty)
Type	Name	Use	Description
TDigipassBlob *	DPData	I	This is the authenticator application BLOB.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_int32	Property	I	Indicates the property to obtain.
aat_ascii *	Value	O	Value for the specified property as described in Table: List of properties for AAL2GetTokenProperty.

Return codes

Table: Return codes (AAL2GetTokenProperty)
Code	Meaning	Code	Meaning
0	Success	518	Invalid property
412	Invalid checksum	701	Invalid input buffer pointer
413	Invalid Base64 format	1118	Unsupported BLOB
510	Invalid Digipass data pointer	-1501	Memory allocation failed

In addition, requested properties can be retrieved with their integer value instead of an ASCII value.

To select the integer value output

Add the flag INT_VALUE to the requested property.

Example

TKernelParms KernelParms;

TDigipassBlob DPData;

aat_ascii szLastTimeUsed[24+1];

aat_int32 LastTimeUsed;

...
...
AAL2GetTokenProperty(&DPData, &KernelParms, LAST_TIME_USED, szLastTimeUsed);

AAL2GetTokenProperty(&DPData, &KernelParms, LAST_TIME_USED | INT_VALUE, (aat_ascii*) &LastTimeUsed);

// output example : Wed Aug 8 10:24:36 2007
printf("%s\n", szLastTimeUsed);

// output example: 1186568676
printf("%d\n", LastTimeUsed);

The following properties are compatible with the INT_VALUE output:

USE_COUNT
LAST_TIME_USED
LAST_TIME_SHIFT
TIME_BASED_ALGO
PIN_ENABLED
UNLOCK_SUPPORTED
PIN_CH_ON
PIN_CH_FORCED
PIN_LEN
PIN_MIN_LEN
PRIMARY_TOKEN_ENABLED
VIRTUAL_TOKEN_SUPPORTED
VIRTUAL_TOKEN_ENABLED
ERROR_COUNT
EVENT_VALUE
EVENT_BASED_ALGO
LAST_EVENT_VALUE
SYNC_WINDOWS
CODE_WORD
DERIVATION_SUPPORTED
MAX_DTF_NUMBER
From DTF1_MIN_LEN To DTF8_MIN_LEN
From DTF1_MAX_LEN To DTF8_MAX_LEN
From DTF1_CHK To DTF8_CHK
RESPONSE_LEN
RESPONSE_CHK
TIME_STEP
TRIPLE_DES_USED
SECURE_CHANNEL_MSG_SIG_SUPPORTED
OFFLINE_AUTHENTICATION_SUPPORTED

The following properties are not compatible with the INT_VALUE output:

TOKEN_MODEL
VIRTUAL_TOKEN_TYPE
VIRTUAL_TOKEN_GRACE_PERIOD
VIRTUAL_TOKEN_REMAIN_USE
LAST_RESPONSE_TYPE
AUTH_MODE
OCRA_SUITE
RESPONSE_FORMAT

Cet article vous a-t-il été utile ?

What's Next

AAL2MigrateBlob

Table des matières

Function prototype
Description
Parameters
Return codes
Example