AAL2VerifySignatureEs

Function prototype

aat_int32 AAL2VerifySignatureEs (
                                 TDigipassBlob*   DPData,
                                 TKernelParms*    CallParms,
                                 aat_ascii*       Signature,
                                 aat_ascii*       SignedDataFields [8],
                                 aat_int32        FieldCount,
                                 aat_int32        DeferredSignatureData
                                 aat_ascii*       aServerPublicKey,
                                 aat_ascii*       ConfirmationCode,
                                 aat_ascii*       ConfirmationCodeLength);

Description

This function is an extension of AAL2VerifySignatureEx, offering the enhanced security feature. This feature prevents potential man-in-the-middle attacks in the architecture integrating software Digipass authenticators. A server public key, such as a certificate, can be used in input to diversify the challenge.

In addition, this function introduces pre-processing on the DataFields in input; each DataField can have up to 32000 characters.

The enhanced signature validation function is supported by Digipass 110 and Digipass for Web.

Parameters

Table: Parameters (AAL2VerifySignatureEs)
Type	Name	Use	Description
TDigipassBlob *	DPData	I/O	authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	Signature	I	String of up to 17 numeric characters, left-justified, null-terminated, or right-padded with spaces.
aat_ascii *[8]	SignedDataFields	I	Array of 8 null-terminated strings of up to 32000 printable ASCII-EBCDIC invariant characters. This parameter holds the 8 possible data fields that are used to generate a signature. For a list of the characters that can be used for the data fields, see Supported data fields charset.
aat_int32	FieldCount	I	Numeric value from 1 to 8 indicating the number of data fields to use from the SignedDataFields array.
aat_int32	Deferred signature data	I	Must be 0 if signature is validated in online mode (OnlineSG=1 or 2). If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.) If this parameter is >0, the filled parameter must be the Digipass time, not the host time. If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.
aat_ascii *	aServerPublicKey	I	String of up to 1024 hexadecimal characters, null-terminated. This parameter is used as a diversifier to prevent man-in-the-middle attacks. If this parameter is NULL, diversification will not take place.
aat_ascii *	Confirmation code	O	String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the confirmation code generated by Authentication Suite Server SDK (recommended buffer size is 18 bytes).
aat_int32 *	Confirmation CodeLength	O	Pointer to a long integer that indicates the length of the generated return host code.

Return codes

Table: Return codes (AAL2VerifySignatureEs)
Code	Meaning	Code	Meaning
0	Success	510	Invalid Digipass data pointer
10001	Success with context warning[1]	1103	Unlock Version 2 not supported
10002	Success with user warning[1]	1116	Response check digit not allowed
10003	Success with user & context warning[1]	1117	Challenge check digit not allowed
10004	Success with platform warning[1]	1118	Unsupported BLOB
10005	Success with platform & context warning[1]	-101	Data field too short
10006	Success with platform & user warning[1]	-103	Data field check digit wrong
10007	Success with platform & user & context warning[1]	-105	Challenge minimum length not allowed
1	Signature not verified	-102	Data field too long
132	Unsupported token type	-106	Challenge maximum length not allowed
139	Invalid signature pointer	-107	Challenge number wrong
141	Invalid field count	-108	Challenge character invalid
148	Invalid data field pointer	-153	Server public key too long
203	Sign error threshold reached	-201	Response length out of bounds
204	Duplicate signature found	-202	Response too short
205	Inactive days reached	-203	Response too long
206	Chronological signature error	-204	Response check digit wrong
207	Deferred signature not allowed with OnLineSG not Null	-205	Response character not decimal
208	Application disabled	-206	Response character not hexadecimal
412	Invalid checksum	-207	Response character set not specified
413	Invalid Base64 format	-1501	Memory allocation failed

Specific score-based authentication code (see Score-based DIGIPASS)

Supported data fields charset

The following table lists the supported characters for the data fields of AAL2VerifySignatureEs with associated hexadecimal values in ASCII and EBCDIC.