Login
    Contenu x
    AAL2VerifyPasswordEsICSF
    • 22 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2VerifyPasswordEsICSF

    • Mis à jour le 22 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2VerifyPasswordEsICSF (
                               TDigipassBlob*   DPData,
                               TKernelParms*    CallParms,
                               aat_ascii*       aStorageKeyNameIn,
                               aat_ascii*       aInitialVectorIn,
                               aat_ascii*       aResponseIn,
                               aat_ascii*       aChallengeIn,
                               aat_ascii*       aServerPublicKey,
                               aat_ascii*       aReturnHostCodeOut,
                               aat_int32*       ReturnHostCodeLenOut);

    Description

    This function is an extension of AAL2VerifyPasswordICSF, offering the enhanced security feature. This feature prevents potential man-in-the-middle attacks in the architecture integrating software Digipass. A server public key, such as a certificate, can be used in input to diversify the challenge.

    This parameter is optional. If it is not used, this function is identical with AAL2VerifyPasswordICSF.

    The enhanced authentication feature is supported by Digipass 110 and DIGIPASS for Web.

    Parameters

      Table: Parameters (AAL2VerifyPasswordEsICSF)
    TypeNameUseDescription
    TDigipassBlob *DPDataI/Oauthenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect the changes.
    TKernelParms *CallParmsIStructure of runtime parameters to use during this function call.
    aat_ascii *aStorageKeyNameInIString of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data.
    aat_ascii *aInitialVectorInIString of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.1
    aat_ascii *aResponseInIString of up to 17+24 numeric or hexadecimal characters, left justified, null terminated or right padded with spaces. This is the dynamic password generated by the Digipass.
    aat_ascii *aChallengeInI

    String of up to 17 numeric characters, left justified, null terminated or right padded with spaces. This parameter holds the challenge that may have been proposed to the user to generate the password to verify.

    If no challenge was generated, this parameter should be NULL.

    aat_ascii *aServerPublicKeyIString of up to 1024 hexadecimal characters, null-terminated. This parameter is used as a diversifier to prevent man-in-the-middle attacks. If this parameter is NULL, diversification will not take place.
    aat_ascii *ReturnHostCodeOString of up to 17 numeric or hexadecimal characters, left-justified, null-terminated or right-padded with spaces. This is the code generated by Authentication Suite Server SDK (recommended buffer size is 18 bytes).
    aat_int32 *ReturnHostCodeLengthOPointer to a long integer that will contain the length of the return host code which has been generated.

    COBOL calling convention

    Entry point: AA2VPEIC
02   W-BLOB             PIC X(248).
02   W-KERNELPARMS.
     03   W-PARMCOUNT   PIC 9(8) USAGE BINARY.
     03   W-PARM01      PIC 9(8) USAGE BINARY.
     . . .
     03   W-PARM19      PIC 9(8) USAGE BINARY.
02   W-HOSTCODE         PIC X(17).
02   W-HOSTCODE-LENGTH  PIC 9(8) USAGE BINARY.
02   W-RETURN           PIC S9(8) USAGE BINARY.
02   W-PASSWORD         PIC X(17).
02   W-CHALLENGE        PIC X(17).
02   W-STORAGEKEY       PIC X(65).
02   W-SERVER-PUBKEY    PIC X(1025).
02   W-INITVECTOR       PIC X(17).
02   W-API-NAME          PIC X(8) VALUE 'AA2VPEIC'.
. . .
     CALL W-API-NAME USING
           BY REFERENCE W-BLOB
           BY REFERENCE W-KERNELPARMS
           BY REFERENCE W-STORAGEKEY
           BY REFERENCE W-INITVECTOR
           BY REFERENCE W-PASSWORD
           BY REFERENCE W-CHALLENGE
           BY REFERENCE W-SERVER-PUBKEY
           BY REFERENCE W-HOSTCODE
           BY REFERENCE W-HOSTCODE-LENGTH
           RETURNING W-RETURN

    Return codes

      Table:  Return codes (AAL2VerifyPasswordEsICSF)
    CodeMeaningCodeMeaning
    0Success804New password too long
    1000Success with context warning *806Static password change not supported
    1000Success with user warning *900Invalid session context handle
    1000Success with user & context warning *908HSM key not found
    1000Success with platform warning *951Invalid HSM key type for HSM decryption
    1000Success with platform & context1039Invalid response length with DP algorithm
    1000Success with platform & user warning *1040Invalid host code length with DP algorithm
    1000Success with platform & user & context1103Unlock Version 2 not supported
    1Code not verified1116Response check digit not allowed
    2Static password validation failed1117Challenge check digit not allowed
    130Invalid response pointer1118Unsupported BLOB
    131Missing required challenge-101Challenge too short
    132Unsupported token type-102Challenge too long
    140Challenge corrupted-103Challenge check digit wrong
    201Code replay attempt-105Challenge minimum length not allowed
    202Identification error threshold reached-106Challenge maximum length not allowed
    205Inactive days reached-107Challenge number wrong
    208Application disabled-108Challenge character invalid
    412Invalid checksum (software)-153Server public key too long
    413Invalid Base64 format-201Response length out of bounds
    414Invalid checksum (HSM)-202Response too short
    510Invalid Digipass data pointer-203Response too long
    600Invalid Gordian root information-204Response check digit wrong
    601Invalid Gordian today information-205Response character not decimal
    602Invalid Gordian tomorrow information-206Response character not hexadecimal
    603Invalid Gordian stimulus information-207Response character set not specified
    802Change password mandatory-1501Memory allocation failed
    803New password too short  

    * Specific score-based authentication codes; see AAL2VerifyPasswordEsICSF.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle