IBM 2 Computer Hardware User Manual

Open as PDF

of 508

CCA Release 2.54

Role Structure

This section describes the data structures used with roles.

Basic Structure of a Role

The following figure describes how the Role data is structured. This is the format

used when role data is transferred to or from the Coprocessor, using verbs

CSUAACI or CSUAACM.

Bytes Field

┌───────┐

2 │ │ Role structure version (X'1', X'')

├───────┤

2 │ │ Role structure length (bytes)

├───────┴─────────────────────────────────── ─ ────────────┐

2 │ │ Comment

├───────┬─────────────────────────────────── ─ ────────────┘

2 │ │ Checksum

├───────┤

2 │ │ Reserved

├───────┴───────────────────────┐

8 │ │ Role ID

├───────┬───────────────────────┘

2 │ │ Required Authentication Strength

├───────┤

2 │ │ Lower time limit

├───────┤

2 │ │ Upper time limit

├───┬───┘

1 │ │ Valid DOW

├───┤

1 │ │ Reserved

├───┴─────────────────────────────────────── ─ ────────────┐

variable │ │ Permitted Operations

└─────────────────────────────────────────── ─ ────────────┘

Figure B-31. Role Layout

The checksum is defined as the exclusive-OR (XOR) of each byte in the role

structure. The high-order byte of the checksum field is set to zero (X'00'), and the

exclusive-OR result is put in the low-order byte.

Note: The checksum value is not used in the current role structure. It may be

verified by the Cryptographic Coprocessor with a future version of the role

structure.

The Permitted Operations are defined by the Access-Control-Point list, described in

“Access-Control-Point List” on page B-30 below.

The lower time limit and upper time limit fields are two-byte structures with each

byte containing a binary value. The first byte contains the hour (0-23) and the

second byte contains the minute (0-59). For example, 8:45 AM is represented by

X'08' in the first byte, and X'2D' in the second.

If the lower time limit and upper time limit are identical, the role is valid for use at

any time of the day.

The valid days-of-the-week are represented in a single byte with each bit

representing a single day. Set the appropriate bit to one to validate a specific day.

The first, or Most Significant Bit (MSB) represents Sunday, the second bit

represents Monday, and so on. The last or Least Significant Bit (LSB) is reserved

and must be set to zero.

Appendix B. Data Structures B-29

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM 2 Computer Hardware User Manual