AAL2ProcMessageResponse

  • Published on Mar 13, 2026
  • 2 minute(s) read
Prev Next

The request message generation functionality is applicable:

  • To hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing) and if the Secure Channel feature has been ordered (configured by OneSpan at the time of order).
  • To hardware Digipass authenticators based on the single-device licensing model and able to perform operations based on the Secure Channel protocol.

For more information, refer to the Authentication Suite Server SDK Product Guide.

Function prototype

aat_int32 AAL2ProcMessageResponse (
                                   aat_ascii       *PKBlob,
                                   TKernelParms    *CallParms,
                                   aat_ascii       *ResponseMessage,
                                   aat_ascii       *RequestMessage,
                                   aat_ascii       *ResponseBody,
                                   aat_int32       *ResponseBodyLength);

Description

This function is used to extract a clear response body from a response message, using the payload key embedded into the payload key BLOB.

The payload key BLOB, mandatory only if the response message is protected (encrypted and/or signed) must be mandatorily the one corresponding to the Digipass serial number of the client device that generated the response message.

For Digipass client devices supporting the two-way Secure Channel, the response message will be sent back by the device as a reply to a request message.

Response message processing is only applicable to hardware and software Digipass compliant with the Secure Channel protocol.

If the response message was correctly processed and contains a Secure Channel request error that is detected by the device, the return code is dependent on the Secure Channel request error code byte (return code = offset + code byte with offset = 5000).). See the list of return codes in Table: Return codes (AAL2ProcMessageResponse) for more details.

Parameters

  Table: Parameters (AAL2ProcMessageResponse)
TypeNameUseDescription
aat_ascii *PKBlobI

Contains the payload key BLOB that has been generated for the Digipass instances activated with a particular serial number license (in case of the multi-device licensing model) or that has been imported for the Digipass authenticator with a particular serial number license (in case of single-device licensing model). The payload key BLOB parameter is mandatory only if the information message is protected (encrypted and/or signed); can be NULL or empty if the information message is not protected (neither encrypted nor signed).

TKernelParms *CallParmsIStructure of runtime parameters to use during this function call.
aat_ascii *ResponseMessageI

Hexadecimal character string containing the response message that has been generated by the Digipass client device in reply to a request message. The string length must be a multiple of 2 with a maximum length of 1070 characters.

aat_ascii *RequestMessageI

Hexadecimal character string containing the request message that has been used by the Digipass device to generate the response message. String length must be multiple of 2 with a maximum length of 1070 characters.

aat_ascii *ResponseBodyO

String of up to 1024+1 hexadecimal characters, null-terminated. In case of a successful operation, this parameter contains the clear response body extracted from the ResponseMessage.

aat_int32 *ResponseBodyLengthI/O

In input, this parameter must indicate the size of the allocated buffer for the ResponseBody parameter (recommended are 1025 bytes).

In output, this parameter indicates the length of the RequestBody string (without the null-terminated character).

Return codes

  Table:  Return codes (AAL2ProcMessageResponse)
CodeMeaningCodeMeaning
0Success1348Invalid response message pointer
412Invalid checksum1349Invalid response body pointer
413Invalid Base64 format1350Invalid response body length pointer
807Serial number not equal1351

Response body buffer too small

1119Unsupported payload key BLOB1352Nonces are not equal
1285Master key derivation failed1353Payload key BLOB is mandatory
1288Invalid serial number prefix1354Invalid request message type
1289Invalid serial number suffix1355Invalid response message type
1302AES CTR encryption failed1361Invalid authentication tag
1303Invalid request message pointer1362Invalid response message error length
1337Unsupported message protocol version5001[1]Unsupported request message protocol version
1338Unsupported message type5002[1]Unsupported request message type
1341Message is not hexadecimal5003[1]Unsupported request message protection type
1342Invalid response message length5004[1]Invalid request message length
1344Invalid request message length5005[1]Invalid request message; character not hexadecimal
1345Invalid request message protection type5006[1]Incorrect serial number in the request message
1346Invalid message response protection type5007[1]Invalid authentication tag in the request message
  1. Specific request error message codes