User Database Management Service Calls
Next: Secret Key Cryptography
Up: Supporting Cryptographic Databases
Previous: Supporting Cryptographic Databases
VERIFYUSER
Parameter Descriptions:
- UID:
- Specifies the address that points to the character string
containing the user's identity.
- LEN:
- Specifies the length of UAUTHENT in bytes.
- UAUTHENT:
- Specifies the address that point to the string of
bytes containing the user's authenticator.
- RESULT:
- Specifies the address that points to the data storage
that will receive the result of the call, which is either 0
or 1.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service call.
This service call verifies the authenticator (UAUTHENT) of
length LEN supplied by the UID against the user's authenticator
stored in the UDATABASE. A user's identity should be verified
before any cryptographic request can be made. The RESULT and STATUS
are returned to the host.
*CREATEUSER
Parameter Descriptions:
- UID:
- Specifies the address that points to the character string
containing the user's identity.
- UTYPE:
- Specifies the user type, for example, ``c'' for
COs, ``u'' for users.
- LEN:
- Specifies the length of UAUTHENT in bytes.
- UAUTHENT:
- Specifies the address that points to the string of
bytes containing the user's authenticator.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service call.
This service call creates an account for a CO
or a user according to the user type indicated
(UTYPE). The new account is under the identification of UID. The
CO's or the user's authentication information based on
UAUTHENT of length LEN is stored in the UDATABASE. It is
recommended that SETUSERCOMMAND be called immediately after an
account is created. The service call returns the resulting STATUS
to the host.
CHANGEAUTHENT
Parameter Descriptions:
- OLDLEN:
- Specifies the length of OLDAUTHENT in bytes.
- OLDAUTHENT:
- Specifies the address that points to the string of
bytes containing the user's old authenticator.
- NEWLEN:
- Specifies the length of NEWAUTHENT in bytes.
- NEWAUTHENT:
- Specifies the address that points to the string of
bytes containing the user's new authenticator.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service
call.
This service call lets a user change his/her authenticator. If
the authenticator (OLDAUTHENT) of length OLDLEN supplied by the
user is verified, the user's current authenticator is replaced
by NEWAUTHENT of length NEWLEN and the resulting STATUS is
returned to the host.
*SETUSERCOMMAND
Parameter Descriptions:
- UID:
- Specifies the address that points to the character string
containing the user's identity.
- AV:
- Specifies the address that points to the string of bytes
containing the authorization vector. An authorization vector
defines the service calls that a user can access. Each
bit within the byte in the authorization vector corresponds to a
service call. A one in the bit enables the corresponding
service call whereas a zero disables it. For example, the
correspondence between the service calls and their bit positions
for the first byte of AV looks as follows:
It is assumed that a list of the service calls is
available to the CO.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service call.
This service call lets the CO set specific service calls that
a user (UID) can access. The authorization vector (AV) for user
UID is stored in the UDATABASE, and the resulting STATUS is
returned to the host.
SHOWUSERCOMMAND
Parameter Descriptions:
- UID:
- Specifies the address that points to the character string
containing the user's identity if the service call is
executed by a CO; null otherwise.
- AVLEN:
- Specifies the total number of cryptographic service
calls defined. Since each service call is represented by
one bit in AV as described in SETUSERCOMMAND, this
parameter indicates how many bits of AV to read which are
meaningful.
- AV:
- Specifies the address that points to the string of bytes
containing the authorization vector associated with the user.
``One'' bits indicate enabled service calls whereas ``zero''
bits indicate disabled service calls.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service call.
This service call uses AVLEN to determine how many bits of the
authorization vector (AV) of UID is to be read, and returns the
AV and resulting STATUS to the host.
*DELETEUSER
Parameter Descriptions:
- UID:
- Specifies the address that points to the character string
containing the name of the user whose record is to be
removed from UDATABASE.
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service call.
This service call allows a CO to remove user UID's entry from
the UDATABASE. Every field in the database pertaining to the
user is deleted and the storage is freed up. It should be
noted that DELETEKEY may need to be called before DELETEUSER so
that the user's keys are removed from SKEYDB before the user's
account is closed. The resulting STATUS is returned to the host.
LOGOUT
Parameter Descriptions:
- STATUS:
- Specifies the address that points to the data storage
that will receive the result of processing the service call.
This service call allows the user currently logged on to the
CM to log out of the CM and returns the STATUS to the host.
Next: Secret Key Cryptography
Up: Supporting Cryptographic Databases
Previous: Supporting Cryptographic Databases
John Barkley
Fri Oct 7 16:17:21 EDT 1994