This function is an extension of AAL2VerifyPasswordEx, offering the enhanced security feature. This feature prevents potential man-in-the-middle attacks in the architecture integrating software Digipass authenticators. A server public key, such as a certificate, can be used in input to diversify the challenge.
This parameter is optional. If it is not used, this function is identical with AAL2VerifyPasswordEx.
The enhanced authentication feature is supported by Digipass 110 and Digipass for Web.
Parameters
Table: Parameters (AAL2VerifyPasswordEs)
Type
Name
Use
Description
TDigipassBlob *
DPData
I/O
authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
TKernelParms *
CallParms
I
Structure of runtime parameters to use during this function call.
aat_ascii *
Password
I
String of up to 17+24 numeric or hexadecimal characters, left-justified, null-terminated or right-padded with spaces. This is the dynamic password generated by the Digipass authenticator.
aat_ascii *
Challenge
I
String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This parameter holds the challenge that was proposed to the user to generate the password to verify. If no challenge was generated, this parameter should be NULL.
aat_ascii *
aServerPublicKey
I
String of up to 1024 hexadecimal characters, null-terminated. This parameter is used as a diversifier to prevent man-in-the-middle attacks. If this parameter is NULL, diversification will not take place.
aat_ascii *
ReturnHostCode
O
String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the code generated by Authentication Suite Server SDK (recommended buffer size is 18 bytes).
aat_int32 *
ReturnHostCodeLength
O
Pointer to a long integer that indicates the length of the generated return host code.
Return codes
Table: Return codes (AAL2VerifyPasswordEx)
Code
Meaning
Code
Meaning
0
Success
802
Change password mandatory
10001
Success with context warning*
803
New password too short
10002
Success with user warning*
804
New password too long
10003
Success with user & context warning*
1039
Invalid response length with DP algorithm
10004
Success with platform warning*
1040
Invalid host code length with DP algorithm
10005
Success with platform & context warning*
1103
Unlock Version 2 not supported
10006
Success with platform & user warning*
1116
Response check digit not allowed
10007
Success with platform & user & context warning*
1117
Challenge check digit not allowed
1
Code not verified
1118
Unsupported BLOB
2
Static password validation failed
-101
Challenge too short
130
Invalid response pointer
-102
Challenge too long
131
Missing required challenge
-103
Challenge check digit wrong
132
Unsupported token type
-105
Challenge minimum length not allowed
140
Challenge corrupted
-106
Challenge maximum length not allowed
201
Code replay attempt
-107
Challenge number wrong
202
Identification error threshold reached
-108
Challenge character invalid
205
Inactive days reached
-153
Server public key too long
208
Application disabled
-201
Response length out of bounds
412
Invalid checksum
-202
Response too short
413
Invalid Base64 format
-203
Response too long
510
Invalid Digipass data pointer
-204
Response check digit wrong
600
Invalid Gordian root information
-205
Response character not decimal
601
Invalid Gordian today information
-206
Response character not hexadecimal
602
Invalid Gordian tomorrow information
-207
Response character set not specified
603
Invalid Gordian stimulus information
-1501
Memory allocation failed
* Specific score-based authentication codes; for more information, refer to Score-based Digipass.
Cet article vous a-t-il été utile ?
Merci pour vos commentaires! Notre équipe vous répondra
