AN156
23 of 23
Validating the Certificate Signature Figure 44
3.5 Updating the User’s Certificate
Updating the user’s certificate is only necessary when using dynamic data. If, for example, the data stored
in the certificate were simply an identification number, there wouldn’t be any need for an update.
Authenticating the user token would ensure that it wasn’t copied from one token to another and validating
the certificate would ensure that it wasn’t tampered with. When using dynamic data, as in the example of
the account balance, it will be necessary to update the certificate information, restore the initial signature,
clear out the CRC16, and resign the data. The breakdown of these steps (with the exception of the
updated data) is identical to those presented in section 2.1. Figure 45 shows the function for updating (and
re-signing if necessary) the transaction data.
Debiting and Updating the User’s Certificate Figure 45
int signAddr = copr.signPageNumber<<5; // physical address of signing page
int wcc = user.writeCycleCounter;
uchar scratchpad[32];
/* save the data signature */
uchar dataSignature[20];
memcpy(dataSignature, user.accountFile.file.signature, 20);
/* clear out the old signature and CRC 16 */
memcpy(user.accountFile.file.signature, copr.initSignature, 20);
user.accountFile.file.crc16[0] = 0x00;
user.accountFile.file.crc16[1] = 0x00;
/* assign the wcc to coprocessor’s “signing” scratchpad (DS1961S wcc=0xFFFFFFFF) */
scratchpad[8] = (wcc&0x0ff);
scratchpad[9] = ((wcc>>=8)&0x0ff);
scratchpad[10] = ((wcc>>=8)&0x0ff);
scratchpad[11] = ((wcc>>=8)&0x0ff);
/* setup the rest of the “signing” scratchpad */
scratchpad[12] = user.accountPageNum;
memcpy(&scratchpad[13], user.devAN, 7);
memcpy(&scratchpad[20], copr.signChlg, 3);
owSerialNum(copr.portnum, copr.devAN, FALSE);
/* write the user’s account page to the coprocessor */
WriteDataPageSHA18(copr.portnum, copr.signPageNumber, user.accountFile.raw, FALSE);
/* write the signing scratchpad */
WriteScratchpadSHA18(copr.portnum, signAddr, scratchpad, 0, 0, TRUE);
/* create the signature */
SHAFunction18(copr.portnum, SHA_SIGN_DATA_PAGE, signAddr, TRUE);
/* match the signature generated by the coprocessor with the user token’s MAC */
if(MatchScratchpadSHA18(copr.portnum, dataSignature, TRUE) )
printf(“Certificate verification Successful!”);
/* Update user token after subtracting 50 cents, with a signed certificate.
* verify that the user token was updated with another read authenticated page. */
ExecuteTransaction(copr, user, 50, TRUE);