The device code validation functionality is only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). For more information, refer to the Authentication Suite Server SDK Product Guide.
Function prototype
aat_int32 AAL2VerifyDeviceCode (
TDigipassBlob *DPMAData,
TKernelParms *CallParms,
aat_ascii *Challenge,
aat_ascii *DeviceCode,
aat_ascii *DeviceID,
aat_int32 *DeviceIDLength,
aat_int32 *pDeviceType);
Description
This function verifies the device code provided by the Digipass device using the master activation application data. It also extracts in case of SUCCESS:
- Digipass device ID
- Digipass device type
It is only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). For more information, refer to the Authentication Suite Server SDK Product Guide.
If a challenge has been used to generate the Activation Message 1 (AALGenMessageActivation1) received by the Digipass device, the same challenge is necessary to validate the device code.
If challenge is not used, the kernel parameter CheckChallenge has to be set to 0 to disable the challenge checking.
Score-based Digipass
For Digipass devices that integrate the score-based algorithm, Authentication Suite Server SDK performs a score-based authentication to validate the device code. This allows retrieving the Digipass scoring value. Once Authentication Suite Server SDK has successfully validated the device code, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2VerifyDeviceCode) for more details.
Parameters
Return codes
| Code | Meaning | Code | Meaning |
|---|---|---|---|
| 0 | Success | 1116 | Response check digit not allowed |
| 10001 | Success with context warning[1] | 1117 | Challenge check digit not allowed |
| 10002 | Success with user warning[1] | 1118 | Unsupported BLOB |
| 10003 | Success with user & context warning[1] | 1263 | Device ID buffer too small |
| 10004 | Success with platform warning[1] | 1264 | Invalid master application |
| 10005 | Success with platform & context warning[1] | 1265 | Invalid master application data pointer |
| 10006 | Success with platform & user warning[1] | 1276 | Invalid device code pointer |
| 10007 | Success with platform & user & context warning[1] | 1277 | Invalid device ID pointer |
| 1 | Code not verified | 1278 | Invalid device ID length pointer |
| 140 | Challenge corrupted | 1280 | Invalid device type pointer |
| 201 | Code replay attempt | 1281 | Invalid device code length |
| 202 | Identification error threshold reached | 1282 | Invalid device code check digit |
| 205 | Inactive days reached | 1283 | Invalid device code character |
| 208 | Application disabled | 1284 | Invalid device code |
| 412 | Invalid checksum | 1285 | Master key derivation failed |
| 413 | Invalid Base64 format | -102 | Challenge too long |
| 600 | Invalid Gordian root information | -103 | Challenge check digit wrong |
| 601 | Invalid Gordian today information | -105 | Challenge minimum length not allowed |
| 602 | Invalid Gordian tomorrow information | -106 | Challenge maximum length not allowed |
| 603 | Invalid Gordian stimulus information | -107 | Challenge number wrong |
| 1000 | Function does not support EMV-CAP | -108 | Challenge character invalid |
| 1025 | Buffer too small | -201 | Response length out of bounds |
| 1039 | Invalid response length with DP algorithm | -205 | Response character not decimal |
| 1040 | Invalid host code length with DP algorithm | -206 | Response character not hexadecimal |
| 1103 | Unlock Version 2 not supported | -207 | Response character set not specified |
- Specific score-based authentication code (see Score-based DIGIPASS)