Manualshelf

Datasheet

ManualsBrandsMAXIM INTEGRATED ManualsIntegrated Circuits (ICs)4 kBit 256 x 16
11121314151617181920
AN156
12 of 23
Container-Level Validation of the Certificate Signature Figure 22
2.5 Updating the User’s Certificate
Updating the user’s certificate is only necessary when using dynamic data. If, for example, the data stored
in the certificate were simply an identification number, there wouldn’t be any need for an update.
Authenticating the user token would ensure that it wasn’t copied from one token to another and validating
the certificate would ensure that it wasn’t tampered with. When using dynamic data, as in the example of
the account balance, it will be necessary to update the certificate information, restore the initial signature,
clear out the CRC16, and resign the data. The breakdown of these steps (with the exception of the
updated data) is identical to those presented in section 2.1. The SHATransaction class provides a method
for updating (and resigning, if necessary) the transaction data.
Debiting and Updating the User’s Certificate Figure 23
/* save the data signature */
byte[] dataSignature = new byte[20];
System.arraycopy(acctData, 2, dataSignature, 0, 20);
/* clear out the old signature and CRC 16 */
copr.getInitialSignature(acctData, 2);
acctData[30] = 0x00;
acctData[31] = 0x00;
/* assign the wcc to coprocessor’s “signing” scratchpad (DS1961S wcc=0xFFFFFFFF) */
scratchpad[8] = (wcc&0x0ff);
scratchpad[9] = ((wcc>>=8)&0x0ff);
scratchpad[10] = ((wcc>>=8)&0x0ff);
scratchpad[11] = ((wcc>>=8)&0x0ff);
/* setup the rest of the “signing” scratchpad */
scratchpad[12] = (byte)user.getAccountPageNumber();
user.getAddress(scratchpad, 13, 7);
copr.getSigningChallenge(scratchpad, 20);
/* write the user’s account page to the coprocessor */
coprDevice.writeDataPage(signPageNumber, rawData);
/* write the signing scratchpad */
coprDevice.writeScratchpad(signPageNumber, 0, scratchpad, 0, 32);
/* create the signature */
coprDevice.SHAFunction(OneWireContainer18.SIGN_DATA_PAGE, signPageNumber);
/* match the signature generated by the coprocessor with the user token’s MAC */
if( coprDevice.matchScratchpad(dataSignature, 0) )
System.out.println(“Certificate verification Successful!”);
/* Update user token, with a signed certificate */
SHADebit debit = new SHADebit(copr, 1000, 50);
debit.executeTransaction(user18);