AN156
10 of 23
Answering a Random Challenge with a DS1963S User Token Figure 18
After retrieving the MAC (Message Authentication Code) from the user token, it is now the job of the
coprocessor to verify it. To verify the response, the user token’s unique secret is recreated in the
workspace secret of the coprocessor and the raw account data is signed with this workspace secret.
Validating the Authentication Response Figure 19
/* Write the challenge to the scratchpad of the user token */
owc18.writeScratchpad(acctPage, 0, scratchpad, 0, 32);
/* reads 42 bytes = 32 bytes of page data
* + 4 bytes page counter
* + 4 bytes secret counter
* + 2 bytes CRC */
owc18.readAuthenticatedPage(acctPage, rawData, 0);
/* get the value of the write cycle counter*/
int wcc = (rawData[35]&0x0ff);
wcc = (wcc << 8) | (rawData[34]&0x0ff);
wcc = (wcc << 8) | (rawData[33]&0x0ff);
wcc = (wcc << 8) | (rawData[32]&0x0ff);
/* Read Scratchpad for resutling SHA computation and copy it into a buffer*/
owc18.readScratchpad(scratchpad, 0);
System.arraycopy(scratchpad, 8, responseMac, 0, 20);
/* Bind DS1963S user token’s unique secret to coprocessor */
byte[] fullBindCode = new byte[15];
/* Get the 7-byte binding code
copr.getBindCode(fullBindCode,0);
System.arrayCopy(fullBindCode, 4, fullBindCode, 12, 3);
/* get the page number of the account file and 7 bytes of the ROM ID */
fullBindCode[4] = (byte)acctPage;
System.arraycopy(owc18.getAddress(), 0, fullBindCode, 5, 7);
/* recreate user token’s unique secret in wspc */
coprDevice.bindSecretToiButton(authPageNumber,
bindData, fullBindCode, wspcPageNumber);
/* the scratchpad of the coprocessor also needs the user’s ROM ID and page number, */
* In addition to the challenge bytes used and the write-cycle counter. */
System.arraycopy(fullBindCode, 4, scratchpad, 12, 8);
System.arraycopy(challenge, 0, scratchpad, 20, 3);
scratchpad[8] = (wcc&0x0ff);
scratchpad[9] = ((wcc>>=8)&0x0ff);
scratchpad[10] = ((wcc>>=8)&0x0ff);
scratchpad[11] = ((wcc>>=8)&0x0ff);
/* write to the coprocessor and validate */
coprDevice.writeDataPage(wspcPageNumber, rawData);
coprDevice.writeScratchpad(wspcPageNumber, 0, scratchpad, 0, 32);
coprDevice.SHAFunction(OneWireContainer18.VALIDATE_DATA_PAGE, wspcPageNumber);
/* match the signature generated by the coprocessor with the user token’s MAC */
if( coprDevice.matchScratchpad(responseMAC, 0) )
System.out.println(“DS1963S Authentication Successful!”);