Integration Guide

The Digipass SDK contains functions to activate the Digipass license, generate one-time passwords and e-signatures (with and without protection from man-in-the-middle attacks), establish a Secure Channel between the Digipass authenticator and a serv...

License activation The integrating application retrieves Activation Message 1 from Authentication Server Framework. License activation (overview) The workflow involves the following steps: The application starts and retrieves Activation M...

Offline activation The data required by the Digipass SDK to instantiate a Digipass is embedded in the application integrating the SDK, or provided by the end user. Offline activation (overview) The workflow involves the following steps: ...

Digipass binding with online activation (overview) In Digipass binding with online activation (overview) the derivation code is transmitted online to the server. With offline activation, the derivation code may be displayed to the end user, ...

Response-Only OTPs OTP generation in Response-Only mode (overview) The workflow involves the following steps: The application integrating the SDK retrieves the Digipass static and dynamic vectors from its data storage. The application c...

Signature generation (overview) The workflow involves the following steps: The user provides the signing data to the application integrating the Digipass SDK. The application integrating the SDK retrieves the Digipass static and dynamic ...

Secure Channel ensures the confidentiality, integrity, and non-repudiation of data exchanged between a client and a server. The data are encrypted and signed with a key changed during the activation process. The protected data are embedded in a Secu...

Computing and storing the server/client time drift (overview) Computing the time drift involves the following steps: The server time is requested. The server returns the time reference in seconds since epoch. The application receives ...

The Digipass dynamic vector contains Digipass secrets that must be protected against attackers. The Digipass SDK provides two methods to protect the sensitive Digipass data: Delegated protection with an external dynamic vector-encrypting key ...

The Triple Data Encryption Standard (3DES) key used to protect the Digipass secret in the dynamic vector is provided by the application that integrates the Digipass SDK. The management of this key is delegated to you during the integration of the Di...

For easier Digipass management, the Digipass properties are described in Digipass properties and Application properties .

With Digipass password protection, the usage of the application is protected via a password. This is required for every OTP and signature generation, and for changing the password. The user chooses the password in the course of the activation proces...

Android iOS Android This procedure allows you to integrate and use the Digipass SDK in your Android project. The Digipass SDK provides APIs with both ByteArrays and CharSequence for the passwords. OneSpan recommends using the APIs with ...