AAL2VerifySignature

Mis à jour le 22 Jan 2025
4 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype

aat_int32 AAL2VerifySignature (
                               TDigipassBlob*   DPData,
                               TKernelParms*    CallParms,
                               aat_ascii*       Signature,
                               aat_ascii        SignedDataFields [8][20],
                               aat_int32        FieldCount,
                               aat_int32        DeferredSignatureData);

Description

This function is called by passing the necessary data to perform signature validation and integrity control, based on the signature code generated by the user's Digipass authenticator, and up to eight signed data fields on which authentication and integrity control are performed. The exact number of valid data fields is given in FieldCount.

You may also need to use AAL2VerifySignatureEx, which provides you with a signature confirmation code.

With Digipass 110, AAL2VerifySignatureEs must be used instead of AAL2VerifySignature.

This function is used to perform signature validation on the standard signature process involving up to eight signed data fields.
This function cannot be used to perform signature validation of a Secure Channel transaction (signature based on a Secure Channel request message). For signature validation of a Secure Channel transaction, AAL2VerifyMessageSignature must be used instead of AAL2VerifySignature.

OnLineSG

The OnlineSG kernel parameter determines in which mode the signature is used.

OnlineSG = 0 (default): The signature is verified in offline mode.
Choose this mode exclusively for fax banking applications (big time step, signature not presented in sequence).
In offline mode, the Digipass authenticator is not synchronized with the authenticator application BLOB. LastTimeUsed, LastTimeShift are not updated. EventValue will be updated only if the Digipass event value used to generate the signature is greater than the event value stored in the authenticator application BLOB.
The Digipass time (time of Digipass at the generation of the initial online signature) can be passed to the offline signature validation function using the DeferredSignatureData parameter (with 0, the current time is used). The Digipass time can be read after an online AAL2VerifySignature call using AAL2GetTokenProperty with the property LAST_TIME_USED | INT_VALUE. The INT_VALUE flag allows obtaining the LastTimeUsed value as integer value enclosed in the Value parameter of the function.
For more information, refer to AAL2GetTokenProperty and AAL2GetTokenInfoEx.
OnlineSG = 1: The signature is verified in online mode.
Choose this mode for web applications (small time step, signature presented in sequence). Several signatures are allowed within the same Digipass TimeStep (except identical successive ones).
OnlineSG = 2: The signature is verified in online mode.
Identical to OnlineSG = 1, except that only one signature per Digipass TimeStep is allowed.
OnlineSG = 3: The signature is verified in offline mode.

In offline mode, the Digipass authenticator is not synchronized with the authenticator application BLOB. LastTimeUsed, LastTimeShift are not updated. EventValue will be updated only if the Digipass event value used to generate the signature is greater than the event value stored in the authenticator application BLOB.

The event counter (Digipass counter at the generation of the initial online signature) must be passed to the offline signature validation function using the DeferredSignatureData parameter. The Digipass counter can be read after an online AAL2VerifySignature call using AAL2GetTokenProperty with the property EVENT_VALUE | INT_VALUE. The INT_VALUE flag allows obtaining the EventValue value as integer value enclosed in the Value parameter of the function.

Score-based Digipass

For Digipass devices that integrate the score-based algorithm, Authentication Suite Server SDK performs a score-based signature validation which allows retrieving the Digipass scoring value. Once Authentication Suite Server SDK has successfully validated the signature, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2VerifySignature) for more details.

Parameters

Table: Parameters (AAL2VerifySignature)
Type	Name	Use	Description
TDigipassBlob *	DPData	I/O	authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	Signature	I	Up to 16 numeric or hexadecimal characters, null-terminated or padded with spaces.
aat_ascii [8][20]	Signed data fields	I	Array of 8 left-justified, null-terminated, or space-padded strings of max. 20 characters. This parameter holds the 8 possible data fields that are entered into the Digipass authenticator to generate a signature. The Digipass data fields are limited to 16 decimal, hexadecimal, or alphabetic characters.
aat_int32 *	FieldCount	I	Numeric value from 1 to 8 indicating the number of data fields to use from the SignedDataFields array.
aat_int32 *	Deferred signature data	I	Must be 0 if signature is validated in online mode (OnlineSG=1 or 2). If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.) If this parameter is >0, the filled parameter must be the Digipass time, not the host time. If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.

Return codes

Table: Return codes (AAL2VerifySignature)
Code	Meaning	Code	Meaning
0	Success	510	Invalid Digipass data pointer
10001	Success with context warning*	1103	Unlock Version 2 not supported
10002	Success with user warning*	1116	Response check digit not allowed
10003	Success with user & context warning *	1117	Challenge check digit not allowed
10004	Success with platform warning*	1118	Unsupported BLOB
10005	Success with platform & context warning *	-101	Data field too short
10006	Success with platform & user warning*	-102	Data field too long
10007	Success with platform & user & context warning*	-103	Data field check digit wrong
1	Signature not verified	-105	Challenge minimum length not allowed
132	Unsupported token type	-106	Challenge maximum length not allowed
139	Invalid signature pointer	-107	Challenge number wrong
141	Invalid field count	-108	Challenge character invalid
148	Invalid data field pointer	-201	Response length out of bounds
203	Sign error threshold reached	-202	Response too short
204	Duplicate signature found	-203	Response too long
205	Inactive days reached	-204	Response check digit wrong
206	Chronological signature error	-205	Response character not decimal
207	Deferred signature not allowed with OnLineSG not Null	-206	Response character not hexadecimal
208	Application disabled	207	Response character set not specified
412	Invalid checksum	-1501	Memory allocation failed
413	Invalid Base64 format

* Specific score-based authentication codes; For more information, refer to Score-based Digipass.

Cet article vous a-t-il été utile ?

What's Next

AAL2VerifySignatureEs

Table des matières

Function prototype
Description
Parameters
Return codes