Functionalities and services

The Authentication Suite Server SDK provides a couple of services that serve different functionalities.

DPX Import service

The DPX Import service groups the functionalities responsible for the import process, which consists in extracting the Digipass data from the DPX file.

Table: DPX Import service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Digipass data import
AAL2DPXInitHSM()
AAL2DPXGetToken()[1][2]
AAL2DPXGetTokenBlobs()[1][2]
AAL2DPXGetTokenBlobsEx()[1][2]
AAL2DPXGetTokenBlobsEx2()[1][2][3]
AAL2DPXClose()[1]
AAL2DPXGetMessageVector()[1]
AAL2DPXGetStaticVector()[1]

Digipass Dynamic Authentication service

The Digipass Dynamic Authentication service provides functionalities for different user authentication processes.

Table: Digipass Dynamic Authentication service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Challenge generation
AAL2GenerateChallenge()[1]
AAL2GenerateChallengeEx()[1]
Password validation
AAL2GenVerifyPasswordCmd()	AAL2ProcVerifyPasswordRpl()
AAL2GenVerifyPasswordCmdEx()	AAL2ProcVerifyPasswordRpl()
Password validation with enhanced security
AAL2GenVerifyPasswordEsCmd()	AAL2ProcVerifyPasswordEsRpl()

Digipass e-Signature Validation service

The Digipass e-Signature Validation service is used to perform signature validation and integrity control, based on the signature code generated by the user's authenticator, and on custom data fields.

Table: Digipass e-Signature Validation service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Signature validation
AAL2GenVerifySignatureCmd()	AAL2ProcVerifySignatureRpl()
AAL2GenVerifySignatureCmdEx()	AAL2ProcVerifySignatureRpl()
Signature validation with enhanced security
AAL2GenVerifySignatureEsCmd()	AAL2ProcVerifySignatureEsRpl()
Message signature validation
AAL2GenVerifyMessageSignatureCmd()	AAL2ProcVerifyMessageSignatureRpl()

Virtual Mobile Authenticator service

The Virtual Mobile Authenticator service provides a password generation solution to permanently replace a standard hardware authenticator or as a backup solution in combination with a password delivery mechanism.

Table: Virtual Mobile Authenticator service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Password generation
AAL2GenGenPasswordCmd()	AAL2ProcGenPasswordRpl()
Signature generation
AAL2GenGenSignatureCmd()	AAL2ProcGenSignatureRpl()

Digipass Management service

The Digipass Management service provides facilities for the authenticator management for help desk and administration purposes.

Table: Digipass Management service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Digipass unlocking
AAL2GenUnlockCmd()	AAL2ProcUnlockRpl()
AAL2GenUnlockCmdEx()	AAL2ProcUnlockRpl()
AAL2GenUnlockAuthCodeCmd()	AAL2ProcUnlockAuthCodeRpl()
AAL2GenUnlockAuthCodeCmdEx()	AAL2ProcUnlockAuthCodeRpl()
AAL2GenAuthorizeUnlockCmd()	AAL2ProcAuthorizeUnlockRpl()
AAL2GenAuthorizeUnlockCmdEx()	AAL2ProcAuthorizeUnlockRpl()
Digipass information management
AAL2ResetTokenInfo()[1]
AAL2GetTokenInfo()[1]
AAL2GetTokenInfoEx()[1]
Digipass static PIN management
AAL2GenResetStaticPasswordCmd()	AAL2ProcResetStaticPasswordRpl()
AAL2GenResetStaticPasswordCmdEx()	AAL2ProcResetStaticPasswordRpl()
AAL2GenChangeStaticPasswordCmd()	AAL2ProcChangeStaticPasswordRpl()
AAL2GenChangeStaticPasswordCmdEx()	AAL2ProcChangeStaticPasswordRpl()
Digipass token data synchronization
AAL2SyncTokenBlob()[1]
Digipass token and host data synchronization
AAL2GenSyncTokenAndHostCmd()	AALProc2SyncTokenAndHostRpl()
AAL2GenSyncTokenAndHostCmdEx()	AALProc2SyncTokenAndHostRpl()
Digipass protection key management
AAL2MigrateBlob()[1]
Digipass HSM protection key management
AAL2GenMigrateBlobCmd()	AAL2ProcMigrateBlobRpl()
AAL2GenMigrateBlobCmdEx()	AAL2ProcMigrateBlobRpl()
Digipass properties management
AAL2GetTokenProperty()[1]
AAL2SetTokenProperty()[1]

Question/Answer service

The Question/Answer service offers the possibility to authenticate users through their answers to a list of questions.

Table: Question/Answer service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Question/answer authentication method
AAL2QAGenQAHashData()[1]
AAL2QAGenDecryptQABlobCmd()	AAL2QAProcDecryptQABlobRpl()
AAL2GenQAKey()[1]
AAL2QAGenQABlob [1]

Software Digipass Activation service

The Software Digipass Activation service allows the standard activation of compliant authenticators in offline or online mode. When the software authenticator is activated, settings and secrets are written into the authenticator.

Table: Software Digipass Activation service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Software Digipass activation data generation (with random key generation)
AAL2GenGenActivationDataRndKeyCmd()	AAL2ProcGenActivationDataRndKeyRpl()

Software Digipass Derivation service

The Software Digipass Derivation service allows to derive the Digipass data of a software authenticator based on Digipass SDK 4.0 or later (software authenticator activated with the standard one-step activation).

Table: Software Digipass Derivation service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Software Digipass data derivation
AAL2GenDeriveTokenBlobsCmd()	AAL2ProcDeriveTokenBlobsRpl()

Digipass Multi-Device Activation service

The Digipass Multi-Device Activation service groups functionalities for multi-device activation (two-step activation) of compliant authenticators (software or hardware).

Table: Digipass Multi-Device Activation service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Payload key BLOB generation
AAL2GenGenPayloadKeyBlobCmd()	AAL2ProcGenPayloadKeyBlobRpl()
Activation Message 1 generation
AAL2GenMessageActivation1()[1]
Device code validation
AAL2GenVerifyDeviceCodeCmd()	AAL2ProcVerifyDeviceCodeRpl()
Activation Message 2 & Digipass instance generation
AAL2GenGenMessageActivation2Cmd()	AAL2ProcGenMessageActivation2Rpl()

Digipass Secure Channel service

The Digipass Secure Channel service groups functionalities for operations based on the secure channel protocol for compliant authenticators (software or hardware), including the generation of secure channel request messages and deactivation messages, and processing of response messages and information messages.

Table: Digipass Secure Channel service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Request message generation
AAL2GenGenMessageRequestCmd()	AAL2ProcGenMessageRequestRpl()
Response message processing
AAL2GenProcMessageResponseCmd()	AAL2ProcProcMessageResponseRpl()
Information message processing
AAL2GenProcMessageInformationCmd()	AAL2ProcProcMessageInformationRpl()
Message properties retrieval
AAL2GetMessageProperties()[1]
Deactivation message generation
AAL2GenGenMessageDeactivationCmd()	AAL2ProcGenMessageDeactivationRpl()

Payload Key BLOB Management service

The Payload Key BLOB Management service provides facilities for the payload key BLOB management for help desk and administration purposes.

Table: Payload Key BLOB Management service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Payload key BLOB HSM protection key management
AAL2GenMigratePKBlobCmd()	AAL2ProcMigratePKBlobRpl()
AAL2GenMigratePKBlobCmdEx()	AAL2ProcMigratePKBlobRpl()

Version Information service

Table: Version Information service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Library version information
AAL2GetLibraryVersion()[1]
HSM module version information
AAL2GenGetHSMModuleVersionCmd()	AAL2ProcGetHSMModuleVersionRpl()

Error Management service

Table: Error Management service – Functionalities and routines
Pre-HSM routine	Post-HSM routine
Error handling
AAL2DPXGetErrorMsg()[1]
AAL2GetErrorMsg()[1]

HSM not used. For more information, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
After calling this function, the Digipass HSM Protection Key Management functionality has to be used to migrate HSM encryption of Digipass data BLOBs. For more information, refer to the Authentication Suite Server SDK for HSM Product Guide.
After calling this function, the Payload Key BLOB HSM Protection Key Management functionality has to be used to migrate HSM encryption of the payload key BLOB. For more information, refer to the Authentication Suite Server SDK Product Guide.