Datasheet
AN156
5 of 23
If the SHA coprocessor will be used to authenticate DS1961S/DS2432 iButtons or to produce the copy-
scratchpad authorization, the master authentication secret will have to be padded to accommodate the
DS1961S’s smaller scratchpad. A utility function is provided which will pad the secret appropriately.
Then the “DS1961S compatibility flag” in the coprocessor file should be set to a non-zero value.
Padding the Authentication Secret Figure 5
2.2 Initializing the User Token
Initializing the user token consists of two steps. First, install the master authentication secret and bind it to
the iButton to produce the unique secret for the token. Second, write the certificate file to the iButton. It is
actually a little more complicated than it may initially sound. The DS1963S has eight secrets that
correspond to the 16 pages of memory (where each secret is shared by two pages). The certificate file
must be written to a page which has a write cycle counter, which limits it to the last eight pages of the
device’s memory banks. Also, the certificate file must be written to one of the pages whose corresponding
secret is the secret where the master authentication secret was installed. But, the 1-Wire file API doesn’t
allow the specification of a page number for the file to be stored on. The best that can be done is to give
the file one of the reserved extensions that ensures special treatment. Extensions 101 and 102, for
example, are reserved for files that must be written on pages with write cycle counters if the device has
them (see AN114). One solution for this is to use the 1-Wire file API to create an empty stub file to write
the certificate. This creates the proper directory entries for the certificate so it can be located dynamically.
Then, the page number from the directory entry specifies the page where the master authentication secret
should be installed and bound to the user token. When the certificate is actually written to the device, it is
done with a direct page write, rather than using the file API. This will allow for much faster updates (very
important in a responsive debit application) when actually debiting the token.
Using the SHAiButtonUser18 class, the installation of the secret as well as the creation of an empty
account file can be done automatically with a constructor call. The actual contents of the file still need to
be written after this step (i.e. the signed certificate must still be written to the device).
Initializing User Tokens with SHAiButtonUser Figure 6
Figure 7 illustrates how the master authentication secret is installed on the user token, as well as the
actual binding of the master authentication secret to produce a secret that is unique to the user token.
inputAuthSecret = SHAiButtonCopr.reformatFor1961S(inputAuthSecret);
/* For DS1963S user tokens */
OneWireContainer18 owc18 = // see overview in JavaDocs for finding devices.
SHAiButtonUser18 user18 = new SHAiButtonUser18(copr, owc18, true, inputAuthSecret);