The Authentication Suite Server SDK provides a couple of services that serve different functionalities.
DPX Import service
The DPX Import service groups the functionalities responsible for the import process, which consists in extracting the Digipass data from the DPX file.
| Pre-HSM routine | Post-HSM routine | |
|---|---|---|
| Digipass data import | ||
| AAL2DPXInitHSM() | ||
| AAL2DPXGetToken()[1][2] | ||
| AAL2DPXGetTokenBlobs()[1][2] | ||
| AAL2DPXGetTokenBlobsEx()[1][2] | ||
| AAL2DPXGetTokenBlobsEx2()[1][2][3] | ||
| AAL2DPXClose()[1] | ||
| AAL2DPXGetMessageVector()[1] | ||
| AAL2DPXGetStaticVector()[1] | ||
Digipass Dynamic Authentication service
The Digipass Dynamic Authentication service provides functionalities for different user authentication processes.
| Pre-HSM routine | Post-HSM routine |
|---|---|
| Challenge generation | |
| AAL2GenerateChallenge()[1] | |
| AAL2GenerateChallengeEx()[1] | |
| Password validation | |
| AAL2GenVerifyPasswordCmd() | AAL2ProcVerifyPasswordRpl() |
| AAL2GenVerifyPasswordCmdEx() | AAL2ProcVerifyPasswordRpl() |
| Password validation with enhanced security | |
| AAL2GenVerifyPasswordEsCmd() | AAL2ProcVerifyPasswordEsRpl() |
Digipass e-Signature Validation service
The Digipass e-Signature Validation service is used to perform signature validation and integrity control, based on the signature code generated by the user's authenticator, and on custom data fields.
| Pre-HSM routine | Post-HSM routine |
|---|---|
| Signature validation | |
| AAL2GenVerifySignatureCmd() | AAL2ProcVerifySignatureRpl() |
| AAL2GenVerifySignatureCmdEx() | AAL2ProcVerifySignatureRpl() |
| Signature validation with enhanced security | |
| AAL2GenVerifySignatureEsCmd() | AAL2ProcVerifySignatureEsRpl() |
Message signature validation Applicable to hardware or software authenticators compliant with the multi-device two-step activation (in the context of the multi-device licensing model), and to hardware authenticators based on the single-device licensing model and able to perform operations based on the Secure Channel protocol. | |
| AAL2GenVerifyMessageSignatureCmd() | AAL2ProcVerifyMessageSignatureRpl() |
Virtual Mobile Authenticator service
The Virtual Mobile Authenticator service provides a password generation solution to permanently replace a standard hardware authenticator or as a backup solution in combination with a password delivery mechanism.
| Pre-HSM routine | Post-HSM routine |
|---|---|
| Password generation | |
| AAL2GenGenPasswordCmd() | AAL2ProcGenPasswordRpl() |
| Signature generation | |
| AAL2GenGenSignatureCmd() | AAL2ProcGenSignatureRpl() |
Digipass Management service
The Digipass Management service provides facilities for the authenticator management for help desk and administration purposes.
Question/Answer service
The Question/Answer service offers the possibility to authenticate users through their answers to a list of questions.
| Pre-HSM routine | Post-HSM routine |
|---|---|
| Question/answer authentication method | |
| AAL2QAGenQAHashData()[1] | |
| AAL2QAGenDecryptQABlobCmd() | AAL2QAProcDecryptQABlobRpl() |
| AAL2GenQAKey()[1] | |
| AAL2QAGenQABlob[1] | |
Software Digipass Activation service
The Software Digipass Activation service allows the standard activation of compliant authenticators in offline or online mode. When the software authenticator is activated, settings and secrets are written into the authenticator.
| Pre-HSM routine | Post-HSM routine |
|---|---|
Software Digipass activation data generation (with random key generation) Only applicable to software Digipass authenticators compliant with the standard one-step activation (in the context of single-device licensing). | |
| AAL2GenGenActivationDataRndKeyCmd() | AAL2ProcGenActivationDataRndKeyRpl() |
Software Digipass Derivation service
The Software Digipass Derivation service allows to derive the Digipass data of a software authenticator based on Digipass SDK 4.0 or later (software authenticator activated with the standard one-step activation).
| Pre-HSM routine | Post-HSM routine |
|---|---|
Software Digipass data derivation Only applicable to software Digipass authenticators compliant with the standard one-step activation (in the context of single-device licensing). | |
| AAL2GenDeriveTokenBlobsCmd() | AAL2ProcDeriveTokenBlobsRpl() |
Digipass Multi-Device Activation service
The Digipass Multi-Device Activation service groups functionalities for multi-device activation (two-step activation) of compliant authenticators (software or hardware).
| Pre-HSM routine | Post-HSM routine |
|---|---|
Payload key BLOB generation Only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). In addition, payload key BLOBs must be generated only if the Secure Channel feature has been ordered (configured by OneSpan at the time of order). No payload key BLOB must be generated if the Secure Channel feature has not been ordered. | |
| AAL2GenGenPayloadKeyBlobCmd() | AAL2ProcGenPayloadKeyBlobRpl() |
| Activation Message 1 generation | |
| AAL2GenMessageActivation1()[1] | |
Device code validation Only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). | |
| AAL2GenVerifyDeviceCodeCmd() | AAL2ProcVerifyDeviceCodeRpl() |
Activation Message 2 & Digipass instance generation Only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). | |
| AAL2GenGenMessageActivation2Cmd() | AAL2ProcGenMessageActivation2Rpl() |
Digipass Secure Channel service
The Digipass Secure Channel service groups functionalities for operations based on the secure channel protocol for compliant authenticators (software or hardware), including the generation of secure channel request messages and deactivation messages, and processing of response messages and information messages.
| Pre-HSM routine | Post-HSM routine |
|---|---|
Request message generation Applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing) and if the Secure Channel feature has been ordered (configured by OneSpan at the time of order), and to hardware Digipass authenticators based on the single-device licensing model and able to perform operations based on the Secure Channel protocol. | |
| AAL2GenGenMessageRequestCmd() | AAL2ProcGenMessageRequestRpl() |
Response message processing Applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing) and if the Secure Channel feature has been ordered (configured by OneSpan at the time of order), and to hardware Digipass authenticators based on the single-device licensing model and able to perform operations based on the Secure Channel protocol. | |
| AAL2GenProcMessageResponseCmd() | AAL2ProcProcMessageResponseRpl() |
Information message processing Applicable to software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing) and if the Secure Channel feature has been ordered (configured by OneSpan at the time of order) | |
| AAL2GenProcMessageInformationCmd() | AAL2ProcProcMessageInformationRpl() |
| Message properties retrieval | |
| AAL2GetMessageProperties()[1] | |
Deactivation message generation Only applicable to hardware or software Digipass authenticators compliant with the multi-device two-step activation (in the context of multi-device licensing). In addition, the deactivation message generation is only applicable if the Secure Channel feature has been ordered (configured by OneSpan at the time of order). | |
| AAL2GenGenMessageDeactivationCmd() | AAL2ProcGenMessageDeactivationRpl() |
Payload Key BLOB Management service
The Payload Key BLOB Management service provides facilities for the payload key BLOB management for help desk and administration purposes.
| Pre-HSM routine | Post-HSM routine |
|---|---|
Payload key BLOB HSM protection key management Only applicable to hardware or software authenticators able to perform operations based on the Secure Channel protocol. | |
| AAL2GenMigratePKBlobCmd() | AAL2ProcMigratePKBlobRpl() |
| AAL2GenMigratePKBlobCmdEx() | AAL2ProcMigratePKBlobRpl() |
Version Information service
| Pre-HSM routine | Post-HSM routine |
|---|---|
| Library version information | |
| AAL2GetLibraryVersion()[1] | |
| HSM module version information | |
| AAL2GenGetHSMModuleVersionCmd() | AAL2ProcGetHSMModuleVersionRpl() |
Error Management service
| Pre-HSM routine | Post-HSM routine |
|---|---|
| Error handling | |
| AAL2DPXGetErrorMsg()[1] | |
| AAL2GetErrorMsg()[1] | |
HSM not used. For more information, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
After calling this function, the Digipass HSM Protection Key Management functionality has to be used to migrate HSM encryption of Digipass data BLOBs. For more information, refer to the Authentication Suite Server SDK for HSM Product Guide.
After calling this function, the Payload Key BLOB HSM Protection Key Management functionality has to be used to migrate HSM encryption of the payload key BLOB. For more information, refer to the Authentication Suite Server SDK Product Guide.