OCRA AUTHENTICATE
Command Description
This command performs an OCRA Challenge Response or Digital Signature operation.
Access Condition: PIN, see VERIFY PIN
Command Message
The following table lists the coding for the OCRA AUTHENTICATE command message.
|
CLA |
90h indicating command chaining |
|
INS |
87h |
|
P1 |
22h |
|
P2 |
00h |
|
Lc |
Data Field Length |
|
CD0 |
Dynamic Authentication Template tag 7C h |
|
CD1, CDx |
Dynamic Authentication Template Data Objects Length |
|
CDx+1, CDy |
Dynamic Authentication Template Data Objects |
|
Le |
00h |
Data Field Sent in the Command Message
The Data Field contained in the Command Message depends on the configuration of the applet instance. The tags order is mandatory.
|
CD0 |
Dynamic Authentication Template tag 7C h |
|
CD1, CDx |
Dynamic Authentication Template Data Objects Length |
|
CDx+1, CDy |
Dynamic Authentication Template Data Objects |
Coding of the Dynamic Authentication Template tag ‘7C’
| Tag | Name | Description | M/O/C |
|---|---|---|---|
|
‘82’ |
Response |
Sequence of bytes encoding the C/R or Digital Signature response |
M |
|
‘81’ |
Challenge |
Q Value to be used in the authentication protocol, pre-formatted by the client application (if Q is less than 128 bytes, then it should be padded with zeroes to the right) |
M |
|
‘84’ |
PIN/Password |
PIN/Password value pre-hashed by the client application |
O |
|
‘80’ |
Session |
Session value to be used in the authentication protocol, pre-padded by the client application |
O |
|
‘83’ |
Time |
Time value to be used in the authentication protocol, containing the Current Unix Time on 32-bits (that is, the number of seconds elapsed since Unix epoch (January 1st, 1970 at UTC)) |
O |
Response Message
Data Field Returned in the Response Message
The data field in the response message contains the result of the OCRA operation, encapsulated in the Dynamic Authentication Template tag (‘7C’).
For example, for an OCRA result equal to 237653, the response will be:
|
RD0 |
7Ch |
|
RD1 |
05h |
|
RD2 |
82h |
|
RD3 |
03h |
|
RD4 |
23h |
|
RD5 |
76h |
|
RD6 |
53h |
Processing State Returned in the Response Message
| Status | Meaning |
|---|---|
|
9000h |
Successful execution: No more data available |
|
6A80h |
Invalid Data Field (Session Length, P or Challenge length not compliant with the applet instance configuration) |
| 6985 |
LED of the device blinks to indicate that the device is waiting for the end user to press the button to get the OTP Important: A polling request is required to resend the command until the OTP is returned with 9000.
|
