ePass1000 C/C++ API Reference Manual Version 2.0 |
The epas_Verify function verifies User and Security Officer.
EPAS_STATUS EPAS_API epas_Verify( EPAS_HANDLE hContextHandle, // [in] unsigned long ulFlags, // [in] unsigned char* pucData, // [in] unsigned long ulSize // [in] );
epas_CreateContext, epas_OpenDevice
Flag | Meaning |
---|---|
EPAS_VERIFY_USER_PIN | Verify the USER PIN. If authenticated, the device switch into User State. |
EPAS_VERIFY_SO_PIN | Verify the SO PIN. If authenticated, the device switch into SO State. |
EPAS_VERIFY_NO_HASH | Disables MD5 hashing of the SO PIN before sent it to the device. This flag can only be used with the EPAS_VERIFY_SO_PIN flag. |
EPAS_VERIFY_HASH_UPIN | If this flag is set, the User PIN is hashed before been sent to the device. This flag can only be used with the EPAS_VERIFY_USER_PIN flag. |
For User PIN verification, the PIN should be 4 bytes long. For SO PIN verification, the PIN should be 8 bytes long if EPAS_VERIFY_NO_HASH is specified. Otherwise, the SO PIN can be any length.
For user authentication, this function expects the User PIN. If the User PIN value is correct, it switch Security State of the device into User State; otherwise it will decrement the User PIN retry counter. When the counter reaches zero, the User PIN verification fails with the error code FT_PIN_EXPIRED. On successful User PIN verifications, the retry counter is reset to the maximum User PIN retry value.
For Security Officer authentication, this function expects the SO PIN. If the SO PIN is correct, it switch Security State of the device into SO State. By default this function uses MD5 hash on the input data to generate the internal SO PIN. The feature can be disabled by using the EPAS_VERIFY_NO_HASH flag. Note that SO PIN authentication implies User PIN authentication.
To reset the security state of the device, use the epas_ResetSecurityState function. The security state is only reset when epas_ResetSecurityState invoked or when the device is powered down. (e.g., unplugged).
If the function succeeds, FT_SUCCESS returned.
If a invalid PIN is specified, FT_ACCESS_DENIED returned.
When no more USER PIN retries are allowed, FT_PIN_EXPIRED returned.
For a list of all return codes, see Status Return Values.