Software Digipass Derivation Service

Description

The Software Digipass Derivation Service allows deriving the Digipass data of a software Digipass based on Digipass SDK 4.0 or later (software Digipass activated with the standard one-step activation).

If supported by the software authenticator, this feature is used to bind a software Digipass with its hosting device. In this case, during the activation process, when the software authenticator is configured to derive its data, it can provide a derivation code based on a diversifier, an OTP, and an optional challenge.

The diversifier is based on a device’s fingerprint and is unique for each hosting device.

Depending on the activation mode, the derivation code will be pushed to the server (online mode) or provided by the end user (offline mode).

Once the Digipass data of all applications of the software authenticator are derived on the server side, OTPs and/or signatures generated by Digipass can be validated.

When reactivating Digipass on another device, the Digipass data must be derived again on the server side with the new derivation code. The Digipass authenticator on the old device will not work anymore.

Software Digipass Derivation Service is an extension of the Software Digipass Activation Service for software Digipass based on Digipass SDK 4.0 or later (software Digipass activated with the standard one-step activation).

The software Digipass data derivation will be allowed only for software authenticator applications supporting this feature.

Functionalities

The Software Digipass Derivation Service relies on the software Digipass data derivation functionality. This derivation is based on a unique diversifier. Diversifier integrity is ensured by the dynamic password authentication functionality.