DS1963S-F5+ Datasheet DS1963S-F5+ | P10-P12

AN156

10 of 23

Answering a Random Challenge with a DS1963S User Token Figure 18

After retrieving the MAC (Message Authentication Code) from the user token, it is now the job of the

coprocessor to verify it. To verify the response, the user token’s unique secret is recreated in the

workspace secret of the coprocessor and the raw account data is signed with this workspace secret.

Validating the Authentication Response Figure 19

/* Write the challenge to the scratchpad of the user token */

owc18.writeScratchpad(acctPage, 0, scratchpad, 0, 32);

/* reads 42 bytes = 32 bytes of page data

* + 4 bytes page counter

* + 4 bytes secret counter

* + 2 bytes CRC */

owc18.readAuthenticatedPage(acctPage, rawData, 0);

/* get the value of the write cycle counter*/

int wcc = (rawData[35]&0x0ff);

wcc = (wcc << 8) | (rawData[34]&0x0ff);

wcc = (wcc << 8) | (rawData[33]&0x0ff);

wcc = (wcc << 8) | (rawData[32]&0x0ff);

/* Read Scratchpad for resutling SHA computation and copy it into a buffer*/

owc18.readScratchpad(scratchpad, 0);

System.arraycopy(scratchpad, 8, responseMac, 0, 20);

/* Bind DS1963S user token’s unique secret to coprocessor */

byte[] fullBindCode = new byte[15];

/* Get the 7-byte binding code

copr.getBindCode(fullBindCode,0);

System.arrayCopy(fullBindCode, 4, fullBindCode, 12, 3);

/* get the page number of the account file and 7 bytes of the ROM ID */

fullBindCode[4] = (byte)acctPage;

System.arraycopy(owc18.getAddress(), 0, fullBindCode, 5, 7);

/* recreate user token’s unique secret in wspc */

coprDevice.bindSecretToiButton(authPageNumber,

bindData, fullBindCode, wspcPageNumber);

/* the scratchpad of the coprocessor also needs the user’s ROM ID and page number, */

* In addition to the challenge bytes used and the write-cycle counter. */

System.arraycopy(fullBindCode, 4, scratchpad, 12, 8);

System.arraycopy(challenge, 0, scratchpad, 20, 3);

scratchpad[8] = (wcc&0x0ff);

scratchpad[9] = ((wcc>>=8)&0x0ff);

scratchpad[10] = ((wcc>>=8)&0x0ff);

scratchpad[11] = ((wcc>>=8)&0x0ff);

/* write to the coprocessor and validate */

coprDevice.writeDataPage(wspcPageNumber, rawData);

coprDevice.writeScratchpad(wspcPageNumber, 0, scratchpad, 0, 32);

coprDevice.SHAFunction(OneWireContainer18.VALIDATE_DATA_PAGE, wspcPageNumber);

/* match the signature generated by the coprocessor with the user token’s MAC */

if( coprDevice.matchScratchpad(responseMAC, 0) )

System.out.println(“DS1963S Authentication Successful!”);

AN156

11 of 23

2.4 Validating the User’s Certificate

Validating a certificate from a user token looks a lot like the earlier section on initializing the data. The

steps for signing the data are very similar, but the coprocessor-generated signature is merely matched

against the existing signature, rather than being read into the certificate. Also, since the entire certificate

is merely stored on a file in any user token, the process for validating the certificate is identical across all

tokens. When using an unsigned certificate, this step may only consist of checking the user’s account

balance to make sure it makes sense in the system (i.e. it isn’t negative or it isn’t a trillion dollars).

Validating Transaction Data with SHADebit Figure 20

For signed transaction data, the signature of the certificate must be verified with the coprocessor. As a

nice initial check, the validity of the account balance information can be verified first. This can provide a

quick check to avoid verifying the signature of the account information if it’s unnecessary.

Validating the Account Balance Information Figure 21

The verification of the signature looks very similar to how the signature was created in the first place. The

CRC16 is cleared out (set to zero) and the data signature, after being saved in a buffer, is cleared out and

replaced with the system’s initial signature. Since the new signature will not be written back to the part

and the current signature is being verified against the current value of the write cycle counter, the write

cycle counter is not incremented this time for producing the data signature. The entire process is shown in

Figure 22.

Note that, rather than reading the signature back and matching the signature bytes in software, the

coprocessor’s Match Scratchpad command is used. Since this command only transmits 20 bytes of MAC

information to the coprocessor, rather than reading 32 bytes of scratchpad information from the

coprocessor, this technique is slightly faster. When building a fast, responsive debit application, all non-

essential reads/writes will have to be optimized in this manner. In addition, making sure that the correct

MAC isn’t transmitted from the coprocessor gives an invalid user token zero opportunity to grab the right

MAC. These will leave the application less open to holes where the user can take advantage of system

“retries.” For example, if the system was designed to retry the user challenge operation if interrupted, but

eventually repeated a 3-byte random challenge, the user could have stored the appropriate signature.

byte[] acctData = // . . . already known from verifying the user

int wcc = // . . . already known from verifying the user

/* verify the user’s account balance is ‘legal’ */

int balance = (acctData[26]&0x0ff);

balance = (balance << 8) | (acctData [25]&0x0ff);

balance = (balance << 8) | (acctData [24]&0x0ff);

/* MAX_BALANCE, MIN_BALANCE, and DEBIT_AMOUNT are constant integers */

if( balance>MAX_BALANCE )

System.out.println(“Too Much Money!”);

else if( (balance-DEBIT_AMOUNT)<MIN_BALANCE )

System.out.println(“Not enough money to perform transaction!”);

/* Verify user tokens data, including verifying the data signature */

SHADebit debit = new SHADebit(copr, 1000, 50);

debit.verifyTransactionData(user18);

AN156

12 of 23

Container-Level Validation of the Certificate Signature Figure 22

2.5 Updating the User’s Certificate

Updating the user’s certificate is only necessary when using dynamic data. If, for example, the data stored

in the certificate were simply an identification number, there wouldn’t be any need for an update.

Authenticating the user token would ensure that it wasn’t copied from one token to another and validating

the certificate would ensure that it wasn’t tampered with. When using dynamic data, as in the example of

the account balance, it will be necessary to update the certificate information, restore the initial signature,

clear out the CRC16, and resign the data. The breakdown of these steps (with the exception of the

updated data) is identical to those presented in section 2.1. The SHATransaction class provides a method

for updating (and resigning, if necessary) the transaction data.

Debiting and Updating the User’s Certificate Figure 23

/* save the data signature */

byte[] dataSignature = new byte[20];

System.arraycopy(acctData, 2, dataSignature, 0, 20);

/* clear out the old signature and CRC 16 */

copr.getInitialSignature(acctData, 2);

acctData[30] = 0x00;

acctData[31] = 0x00;

/* assign the wcc to coprocessor’s “signing” scratchpad (DS1961S wcc=0xFFFFFFFF) */

scratchpad[8] = (wcc&0x0ff);

scratchpad[9] = ((wcc>>=8)&0x0ff);

scratchpad[10] = ((wcc>>=8)&0x0ff);

scratchpad[11] = ((wcc>>=8)&0x0ff);

/* setup the rest of the “signing” scratchpad */

scratchpad[12] = (byte)user.getAccountPageNumber();

user.getAddress(scratchpad, 13, 7);

copr.getSigningChallenge(scratchpad, 20);

/* write the user’s account page to the coprocessor */

coprDevice.writeDataPage(signPageNumber, rawData);

/* write the signing scratchpad */

coprDevice.writeScratchpad(signPageNumber, 0, scratchpad, 0, 32);

/* create the signature */

coprDevice.SHAFunction(OneWireContainer18.SIGN_DATA_PAGE, signPageNumber);

/* match the signature generated by the coprocessor with the user token’s MAC */

if( coprDevice.matchScratchpad(dataSignature, 0) )

System.out.println(“Certificate verification Successful!”);

/* Update user token, with a signed certificate */

SHADebit debit = new SHADebit(copr, 1000, 50);

debit.executeTransaction(user18);

P1-P3 P4-P6 P7-P9 P10-P12 P13-P15 P16-P18 P19-P21 P22-P23

DS1963S-F5+

Mfr. #:

Buy DS1963S-F5+

Manufacturer:

Maxim Integrated

Description:

iButtons & Accessories SHA iButton

Lifecycle:

New from this manufacturer.

Delivery:

DHL FedEx Ups TNT EMS

Payment:

T/T Paypal Visa MoneyGram Western Union

Products related to this Datasheet

DS1963S-F5+