AAL2VerifySignatureEx

Function prototype

aat_int32 AAL2VerifySignatureEx (
                                 TDigipassBlob*   DPData,
                                 TKernelParms*    CallParms,
                                 aat_ascii*       Signature,
                                 aat_ascii*       SignedDataFields [8][20],
                                 aat_int32        FieldCount,
                                 aat_int32        DeferredSignatureData
                                 aat_ascii*       ConfirmationCode,
                                 aat_ascii*       ConfirmationCodeLength);

Description

This function is an extension of AAL2VerifySignature. The functionality is identical except for the additional feature of integrating the confirmation code.

Signature confirmation code specifics

By facilitating a two-way authentication process, this feature allows a client to back-authenticate the server that validates the signature. The server validates the user's signature and returns a confirmation code with which the user can be sure that the authentication happened on the correct server.

With Digipass 110, AAL2VerifySignatureEs must be used instead of AAL2VerifySignatureEx.

Parameters

Table: Parameters (AAL2VerifySignatureEx)
Type	Name	Use	Description
TDigipassBlob *	DPData	I/O	authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	Signature	I	String of up to 17 numeric characters, left-justified, null-terminated, or right-padded with spaces.
aat_ascii [8][20]	SignedDataFields	I	Array of 8 left-justified, null-terminated, or space-padded strings of max. 20 characters. This parameter holds the 8 possible data fields that are entered into the Digipass authenticator to generate a signature. The Digipass data fields are limited to 16 decimal, hexadecimal, or alphabetic characters.
aat_int32 *	FieldCount	I	Numeric value from 1 to 8 indicating the number of data fields to use from the SignedDataFields array.
aat_int32 *	Deferred signature data	I	Must be 0 if signature is validated in online mode (OnlineSG=1 or 2). If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.) If this parameter is >0, the filled parameter must be the Digipass time, not the host time. If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.
aat_ascii *	Confirmation code	O	String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the confirmation code generated by Authentication Suite Server SDK (recommended buffer size is 18 bytes).
aat_int32 *	Confirmation CodeLength	O	Pointer to a long integer that indicates the length of the generated confirmation code.

Return codes

Table: Return codes (AAL2VerifySignatureEx)
Code	Meaning	Code	Meaning
0	Success	510	Invalid Digipass data pointer
10001	Success with context warning[1]	1103	Unlock Version 2 not supported
10002	Success with user warning[1]	1116	Response check digit not allowed
10003	Success with user & context warning[1]	-103	Data field check digit wrong
10004	Success with platform warning[1]	-105	Challenge minimum length not allowed
10005	Success with platform & context warning[1]	-106	Challenge maximum length not allowed
10006	Success with platform & user warning[1]	-107	Challenge number wrong
10007	Success with platform & user & context warning[1]	-108	Challenge character invalid
1	Signature not verified	-201	Response length out of bounds
132	Unsupported token type	1117	Challenge check digit not allowed
139	Invalid signature pointer	1118	Unsupported BLOB
141	Invalid field count	-101	Data field too short
148	Invalid data field pointer	-202	Response too short
203	Sign error threshold reached	-203	Response too long
204	Duplicate signature found	-102	Data field too long
205	Inactive days reached	-204	Response check digit wrong
206	Chronological signature error	-205	Response character not decimal
207	Deferred signature not allowed with OnLineSG not Null	-206	Response character not hexadecimal
208	Application disabled	-207	Response character set not specified
412	Invalid checksum	-1501	Memory allocation failed
413	Invalid Base64 format