Manualshelf

Datasheet

ManualsBrandsMAXIM INTEGRATED ManualsIntegrated Circuits (ICs)4 kBit 256 x 16
12345678910
AN156
6 of 23
Container-Level Installation of Authentication Secret in User Token Figure 7
The final step when initializing a user token is to actually write the account certificate to the data page
where the file was stored. The certificate has an option about whether or not it is signed. The main
situation where there is no need for concern about an unsigned certificate is when using a
DS1961S/DS2432, which requires knowledge of the secret to write to it.
Installing a Signed Certificate with SHADebit Figure 8
Whether signed or unsigned, the format of the certificate remains the same. If left unsigned however, the
20 bytes reserved for the MAC can be used for any system specific data. Figure 9 illustrates how to
manually format a certificate file as specified in AN151.
Creating a New Certificate Figure 9
If the certificate data needs to be signed, the coprocessor device is used to sign the account data. For the
DS1963S user token, it is necessary to get the value of the write cycle counter before writing the
/* Create the empty file on the user token */
OWFile owf = new OWFile(owc18, “DLSM.102”);
owf.format();
owf.createNewFile();
/* Get the page number the account file will be stored on */
int acctPage = owf.getPageList()[0];
owf.close();
/* Install the master authentication secret, same as on the coprocessor */
owc18.installMasterSecret(acctPage, inputAuthSecret, acctPage&7);
/* Create full binding code for DS1963S, for format see AN157 */
byte[] fullBindCode = new byte[15];
copr.getBindCode(fullBindCode, 0);
System.arraycopy(fullBindCode, 4, fullBindCode, 12, 3);
fullBindCode[4] = (byte)this.accountPageNumber;
System.arraycopy(owc18.getAddress(), 0, fullBindCode, 5, 7);
/* bind the master secret to this token to create it’s unique secret */
owc18.bindSecretToiButton(acctPa
ge, copr.getBindData(), fullBindCode, acctPage&7);
/* eCertificate, see format in AN151 */
byte[] acctData = new byte[32];
acctData[0] = 29; // file length
acctData[1] = 0x01; // data type code or algorithm (0x01 dynamic eCash)
copr.getInitialSignature(acctData, 2); // Initial Signature
acctData[22] = 0x8B; acctData[23] = 0x48; // Conversion factor (ISO4217)
acctData[24] = 0xE8; acctData[25] = 0x03; acctData[26] = 0; // Account Balance ($10)
acctData[27] = 0; acctData[28] = 0; // TransactionID
acctData[29] = 0x00; // file continuation pointer
acctData[30] = 0x00; accountData[31] = 0x00; // ~CRC16
/* create the signed data file, sign it, and write it to the user token */
SHADebit debit = new SHADebit(copr, 1000/*initial amount*/, 50/*debit amount*/);
Debit.setupTransactionData(user18); // can be user18 or user33