Login
    Contents x
    Digipass SDK licensing - premium multi-device licensing
    • 22 Oct 2024
    • 3 Minutes to read
    • Dark
      Light
    Contents

    Digipass SDK licensing - premium multi-device licensing

    • Updated on 22 Oct 2024
    • 3 Minutes to read
    • Dark
      Light
    Article summary

    Premium multi-device licensing (overview)

    In the multi-device licensing (MDL) model, OneSpan generates a unique serial number of ten characters. This unique serial number can be associated with several Digipass data on the server side. Each Digipass data is identified by its unique serial number and a sequence number. On the client side, the Digipass license can thus be instantiated several times. This mode fits the deployment of one Digipass authenticator per device of the same user. Each Digipass authenticator of the user shares the same serial number but has a different sequence number.

    Activation process

    Before you can work with the Digipass SDK you need to activate it. To activate it as a multi-device licensing (MDL) model, the activation data, which includes the parameter settings, the serial number, the sequence number, and the Digipass key of a Digipass authenticator, must be provided to the Digipass SDK binary.

    Contrary to the activation of a Digipass authenticator in the single-device licensing (SDL) model, for the MDL model the activation data is provided in two steps to the Digipass SDK: first, the license is activated, then the instance is activated. Each step consists in providing the client side with the Digipass SDK and the server side with an activation message generated by OneSpan Authentication Server Framework. This feature is supported by server solutions using OneSpan Authentication Server Framework as of version 3.13.

    Activation message transfer between Digipass SDK and Authentication Server Framework

    The transfer of the activation message from the server to the device must be operated via a secure channel. We recommend to use the Digipass Software Advanced Provisioning Protocol SDK to establish a secure channel if the message is transferred in a connected mode. For more information, see Digipass Software Advanced Provisioning Protocol SDK.

    If the activation message is transferred in an unconnected mode, we recommend to use different channels to transfer the different activation messages.

    License activation

    The first step to activate a Digipass authenticator in MDL mode is to activate the Digipass license.

    Sequence: Digipass license activation

    1. OneSpan Authentication Server Framework generates Activation Message 1 which is then provided to the Digipass SDK.

      Activation Message 1 contains the following information used by the Digipass SDK:

      • Digipass serial number

      • Digipass key

      • (Optional) Digipass license parameter settings

        If the parameter settings are not provided as part of the activation message they must be provided by the application that integrates the Digipass SDK.

      For more information about generating the activation messages, refer to the OneSpan Authentication Server Framework documentation.

    2. As a result of the license activation, the Digipass SDK generates a device code which contains a device ID. This is a concatenation of information about the device type and device-unique data, provided to the Digipass SDK by the hosting application. Both are signed with the license key.

    3. The device code must be provided to OneSpan Authentication Server Framework on the server side to generate a Digipass instance for the device for which the license has been activated.

    The following device types can be received by OneSpan Authentication Server Framework in the device code.

    Device types received by OneSpan Authentication Server Framework

    Return device type

    Value

    iOS

    3

    Jailbroken iOS

    5

    Android

    7

    Rooted Android

    9

    Windows

    17

    Linux

    19

    Mac

    21

    Instance activation

    The second step to activate a Digipass authenticator in MDL mode is to activate the Digipass instance.

    Sequence: Digipass instance activation

    1. OneSpan Authentication Server Framework generates Activation Message 2 which is then provided to the Digipass SDK.

      Activation Message 2 contains the following information used by the Digipass SDK:

      • Digipass serial number

      • Sequence number

      • Digipass key

    2. As a result of the Digipass instance activation, the Digipass SDK generates a MAC signature with the Digipass instance key.

    3. The MAC signature must be provided to OneSpan Authentication Server Framework on the server side to confirm the correct activation of the Digipass instance.

    Optionally, and depending on the Digipass parameter settings, the activation process may also require a Digipass password. The password is chosen by the user and protects the Digipass authenticator against unauthorized use. It is set during the activation process but may be changed in the course of the Digipass lifecycle (see Delegated protection).

    In the multi-device licensing mode, a Digipass instance cannot be reactivated, OneSpan Authentication Server Framework only generates Activation Message 2 once. If a Digipass instance cannot be used anymore, it must be replaced with a new one. The number of instances per Digipass serial number is limited to 99.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant