Single- vs. multi-device licensing

  • Published on Mar 19, 2026
  • 6 minute(s) read
Prev Next

Single-device licensing is a licensing model which applies to standard Digipass devices (Digipass hardware pre-provisioned in factory, as for example Digipass GO 3, Digipass 270, Digipass 275, Digipass 300, software Digipass using standard one-step activation). For more information about the software Digipass standard activation process, see Software Digipass Activation service.

Multi-device licensing is a different licensing model which applies to a particular category of Digipass devices (hardware Digipass 760 and software Digipass supporting the multi-device activation in two steps). For more information about the multi-device activation process, see Digipass Multi-Device Activation service.

Single-device licensing

Single-device licensing is a licensing model which also applies to connected Digipass hardware devices able to perform operations based on the Secure Channel protocol (Digipass GO 215, some Digipass 875 smart card readers).

With the single-device licensing model, each Digipass serial number corresponds to a unique Digipass authenticator instance.

With the single-device licensing model and the one-to-one relationship between a user account and a Digipass serial number license, a user account can be bound to a single Digipass authenticator.

For Digipass devices compliant with the single-device licensing model, the corresponding DPX files contain a batch of the Digipass authenticators with a different serial number for each authenticator.

Every Digipass authenticator can have from one to eight authenticator applications (authentication, e-signature, or unlock application), represented on the server side by an authenticator application BLOB for each application of each authenticator.

In case of connected Digipass hardware devices able to perform operations based on the Secure Channel protocol, every Digipass authenticator will have also a Secure Channel payload key represented on the server side by a payload key BLOB for each authenticator.

Figure: Conceptual data model with single-device licensing model shows a conceptual data model suitable for a single-device licensing model.

Figure: Conceptual data model with single-device licensing model

Extraction of the Digipass authenticators from the DPX file

In case of DPX files for Digipass devices based on the single-device licensing model, the following data will be extracted during the import process for each Digipass serial number in the DPX file:

  • The Digipass type (informational type name given to the authenticator, e.g. DPGO3, DP300 etc.)

  • Up to eight authenticator application names (application names given to the applications)

  • Up to eight authenticator application authentication modes (RO, CR, SG, MM, or UL)

  • Up to eight authenticator application BLOBs

  • (OPTIONAL) A payload key BLOB (only if connected Digipass hardware devices able to perform operations based on the Secure Channel protocol)

In case of software Digipass authenticators based on the single-device licensing model, additional data is present and must first be extracted from the DPX file during the import process: the static vector.

This static vector is a data string common for the Digipass serial number in the DPX file. It contains parameter settings that will be used to generate activation data necessary for the standard one-step activation process of a software Digipass authenticator.

In case of DPX files for Digipass based on the single-device licensing model and able to perform operations based on the Secure Channel protocol, additional data is present and must be also extracted first the DPX file during the import process – the message vector.

This message vector is a data string common for the Digipass serial number in the DPX file. It contains configuration settings that will be used by Authentication Suite Server SDK to generate Secure Channel request messages.

Multi-device licensing

With the multi-device licensing model, each Digipass serial number corresponds to a unique Digipass license. The representation of a Digipass license for a serial number on the server side is a master activation application BLOB.

The master activation application is a particular authenticator application acting as a Digipass license.

One Digipass license allows to instantiate several Digipass authenticator instances bound to the same Digipass serial number license. The number of instances that can be activated for each Digipass license is limited to a predefined threshold configured by OneSpan at the time of order (from 1 to 99).

With the multi-device licensing model and the one-to-one relationship between a user account and a Digipass serial number license, a user account can optionally be bound to several Digipass authenticator instances.

For Digipass devices compliant with the multi-device licensing model, the corresponding DPX files contain Digipass master activation applications (one for each serial number) that act as the Digipass licenses.

Each Digipass license has one Digipass master activation application represented on the server side by a Digipass master activation application BLOB for each serial number license.

The generation of the Digipass authenticator instance(s) for a particular license will be performed by Authentication Suite Server SDK during a multi-device activation process.

Each Digipass authenticator instance can have from 1 to 8 authenticator applications (authentication, e-signature or unlock application), configured by OneSpan at the time of order and represented on the server side by a Digipass Instance Application BLOB for each application of each instance.

Figure: Conceptual data model with multi-device licensing model shows a conceptual data model suitable for a multi-device licensing model.

Figure: Conceptual data model with multi-device licensing model

Extraction of the Digipass authenticators from the DPX file

In case of DPX files for Digipass devices based on the multi-device licensing model, the following data will be extracted during the import process for each Digipass serial number in the DPX file:

  • The Digipass master activation type (informational type name given to the license authentiator)

  • One Digipass master activation application name (application names given to the license activation application)

  • One Digipass master activation application authentication mode (always MA)

  • One Digipassmaster activation application BLOB (acting as the license)

  • The activation vector (a data string containing licnese-specific encrypted activation data necessary for the activation process)

  • The sequence number threshold (a number from 1 to 99 indicating the number of instances which can be activated with the license; configured by OneSpan at the time of order)

In case of DPX files for Digipass authenticators (hardware or software) based on the multi-device licensing model, additional data is present and must first be extracted from the DPX file during the import process:

  • The static vector (data string containing parameter settings common for all the licenses in the DPX file necessary for the activation process)

  • The message vector (data string containing configuration settings for the messages that will be generated by Authentication Suite Server SDK for the activation process and the optional Secure Channel process)

Generation of the Secure Channel payload key for a Digipass license

The Secure Channel feature, optionally applicable after the activation of a Digipass instance, allows protecting the messages exchanged between the server and the client (applicable only Digipass devices able to perform operations based on the Secure Channel protocol).

The Secure Channel will be usable only if the Secure Channel feature has been ordered (configured by OneSpan at the time of order).

If the Secure Channel feature has been ordered, during the activation process it requires mandatory provisioning of a payload key represented on the server side by a payload key BLOB.

In this case, first a payload key BLOB will have to be generated once for each Digipass serial number license. The different Digipass instances activated from one Digipass serial number license must use the same payload key BLOB to be provisioned with the same payload key.

The generation of the payload key BLOB for a particular license in the context of the multi-device licensing will be performed by Authentication Suite Server SDK.

For more information about the provisioning of the secure channel payload key during the multi-device activation process, see Digipass Multi-Device Activation service.

For more information about secure channel, see Digipass Secure Channel service.

Generation of the Digipass instances from a Digipass license

Each imported license allows to instantiate several Digipass authenticator instances bound to the same Digipass serial number license (from 1 to 99; configured by OneSpan at the time of order).

The generation of the Digipass authenticator instance(s) for a particular license in the context of the multi-device licensing will be performed by Authentication Suite Server SDK during the multi-device activation process.

The following data will be extracted for each new instance generated for a specific Digipass serial number:

  • The Digipass instance sequence number (number from 1 to 99 indicating the sequence number of the instance generated)

  • The Digipass instance type (informational type name given to the instance)

  • Up to eight Digipass instance application names (application names given to the instance applications, ending with two decimal digits equals to the sequence number, e.g. APPL1 03)

  • Up to eight Digipass instance application authentication modes (RO, CR, SG, MM, or UL)

  • Up to eight Digipass instance application BLOBs