Login
    Contenu x
    AAL2VerifyDeviceCodeICSF
    • 22 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2VerifyDeviceCodeICSF

    • Mis à jour le 22 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2VerifyDeviceCodeICSF (
                                TDigipassBlob    *DPMAData,
                                TKernelParms     *CallParms,
                                aat_ascii        *aStorageKeyNameIn,
                                aat_ascii        *aInitialVectorIn,
                                aat_ascii        *Challenge,
                                aat_ascii        *DeviceCode,
                                aat_ascii        *DeviceID,
                                aat_int32        *DeviceIDLength,
                                aat_int32        *pDeviceType);

    Description

    This function verifies the device code provided by the Digipass device using the master activation application data. It also extracts in case of SUCCESS:

    • Digipass device ID
    • Digipass device type

    It is only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). For more information, refer to the Authentication Suite Server SDK Product Guide.

    If a challenge has been used to generate the Activation Message 1 (AALGenMessageActivation1) received by the Digipass device, the same challenge is necessary to validate the device code.

    Score-based Digipass

    For Digipass devices that integrate the score-based algorithm, Authentication Suite Server SDK performs a score-based authentication to validate the device code. This allows retrieving the Digipass scoring value. Once Authentication Suite Server SDK has successfully validated the device code, it returns either SUCCESS or SUCCESS with the relevant scoring warning code.. See the list of return codes in Table: Return codes (AAL2VerifyDeviceCodeICSF) for more details.

    Parameters

      Table: Parameters (AAL2VerifyDeviceCodeICSF)
    TypeNameUseDescription
    TDigipassBlobDPMADataI/ODigipass master activation application BLOB of the Digipass serial number license that will be used for the activation. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
    TKernelParms *CallParmsIStructure of runtime parameters to use during this function call.
    aat_ascii *aStorageKeyNameInIString of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data.
    aat_ascii *aInitialVectorInIString of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
    aat_ascii *ChallengeI

    Optional string of 16 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This parameter must hold the challenge that was used initially to generate Activation Message 1. If no challenge was used to generate Activation Message 1, this parameter must be NULL.

    aat_ascii *DeviceCodeI

    String of up to 26+1 characters, null-terminated. It contains the device code generated by the Digipass device.

    aat_ascii *DeviceIDO

    Output string of 8+1 hexadecimal characters, null-terminated. If the device code has been successfully verified, this parameter contains the value of the Digipass device ID.

    aat_int32 *DeviceIDLengthI/O

    In input, this parameter must indicate the size of the allocated buffer for the DeviceID parameter (recommended 9 bytes). In output, this parameter indicates the length of the DeviceID string (without the null-terminated character).

    aat_int32 *pDeviceTypeO

    In output, this parameter contains the Digipass device type if the device code has been successfully verified (from 0 to 31).

    COBOL calling convention

    Entry point: AA2VDCIC
02   W-MA-BLOB             PIC X(248).
02   W-KERNELPARMS.
     03  W-PARMCOUNT      PIC 9(8) USAGE BINARY.
     03   W-PARM0         PIC 9(8) USAGE BINARY.
     . . .
     03  W-PARM19         PIC 9(8) USAGE BINARY.
02   W-CHALLENGE          PIC X(17).
02   W-DEVICE-CODE        PIC X(27).
02   W-DEVICE-ID          PIC X(9).
02   W-DEVICE-ID-LENGTH   PIC 9(8) USAGE BINARY VALUE 9.
02   W-DEVICE-TYPE        PIC S9(8) USAGE BINARY.
02   W-RETURN             PIC S9(8) USAGE BINARY.
02   W-STORAGEKEY         PIC X(65).
02   W-INITVECTOR         PIC X(17).
02   W-API-NAME            PIC X(8) VALUE 'AA2VDCIC'.
. . .
     CALL W-API-NAME USING
           BY REFERENCE W-MA-BLOB
           BY REFERENCE W-KERNELPARMS
           BY REFERENCE W-STORAGEKEY
           BY REFERENCE W-INITVECTOR
           BY REFERENCE W-CHALLENGE
           BY REFERENCE W-DEVICE-CODE
           BY REFERENCE W-DEVICE-ID
           BY REFERENCE W-DEVICE-ID-LENGTH
           BY REFERENCE W-DEVICE-TYPE
           RETURNING W-RETURN

    Return codes

      Table:  Return codes (AAL2VerifyDeviceCodeICSF)
    CodeMeaningCodeMeaning
    0Success1040Invalid host code length with DP algorithm
    10001Success with context warning*1103Unlock Version 2 not supported
    10002Success with user warning*1116Response check digit not allowed
    10003Success with user & context warning*1117Challenge check digit not allowed
    10004Success with platform warning*1118Unsupported BLOB
    10005Success with platform & context warning*1263Device ID buffer too small
    10006Success with platform & user warning*1264Invalid master application
    10007Success with platform & user & context warning*1265Invalid master application data pointer
    1Code not verified1276Invalid device code pointer
    130Invalid response pointer1277Invalid device ID pointer
    140Challenge corrupted1278Invalid device ID length pointer
    201Code replay attempt1280Invalid device type pointer
    202Identification error threshold reached1281Invalid device code length
    205Inactive days reached1282Invalid device code check digit
    208Application disabled1283Invalid device code character
    412Invalid checksum (software)1284Invalid device code
    413Invalid Base64 format1285Master key derivation failed
    414Invalid checksum (HSM)-102Challenge too long
    600Invalid Gordian root information-103Challenge check digit wrong
    601Invalid Gordian today information-105Challenge minimum length not allowed
    602Invalid Gordian tomorrow information-106Challenge maximum length not allowed
    603Invalid Gordian stimulus information-107Challenge number wrong
    900Invalid session context handle-108Challenge character invalid
    908HSM key not found-201Response length out of bounds
    951Invalid HSM key type for HSM decryption-205Response character not decimal
    1000Function does not support EMV-CAP-206Response character not hexadecimal
    1025Buffer too small-207Response character set not specified
    1039Invalid response length with DP algorithm  

    * Specific score-based authentication codes; for more information, refer to  Score-based Digipass.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle