Virtual Mobile Authenticator Service

  • Published on Jul 9, 2025
  • 1 minute(s) read
Prev Next

Description

The Virtual Mobile Authenticator Service provides a full-time or temporary password generation solution. It can be used to replace a standard hardware authenticator (full-time primary virtual authenticator) or as a backup solution (primary authenticator with backup virtual authenticator feature) in combination with a password delivery mechanism. The Virtual Mobile Authenticator Service is characterized by the virtual mode of the application BLOB.

The following configurations are possible:

  • The virtual mode is not enabled: The authenticator application BLOB can only be used with the matching Digipass.
  • The virtual mode is set to primary: The authenticator application BLOB is used to emulate Digipass.
  • The virtual mode is set to backup: The authenticator application BLOB can be used to replace Digipass as an interim authenticator with limitations (Backup Virtual Mobile Authenticator is always a time-based Response-Only OTP, without static PIN).
  • The Virtual Mobile Authenticator Service can be used in several ways:
    • The virtual authenticator can be used without expiry at any time.
    • The primary authenticator can be switched off in case it is stolen or lost.
    • The virtual authenticator is used as an interim authenticator which expires after a given period of time or when the primary authenticator is used for the first time.

In addition, to cap costs it is possible to limit the number of OTP messages per user through the Digipass Management Service. This counter will be decreased each time an OTP message is sent.

If you have an existing application, then you can upgrade/enable the existing standard authenticator application BLOBs with the virtual authenticator functionality.

To upgrade the existing BLOB with the virtual authenticator functionality

  1. Import a new virtual authenticator BLOB into the system.

    This new BLOB must contain the same data as the existing BLOB that you want to upgrade. The difference is that the new virtual authenticator BLOB will have a configuration that includes Virtual Token Supported and either Virtual Token Is Primary or Virtual Token Is Backup.

  2. Synchronize both the current standard BLOB and the newly imported virtual authenticator BLOB through the Digipass Management Service, using the functionality DIGIPASS token data synchronization.

    On success, the standard BLOB is synchronized with (i.e. updated to) this new virtual authenticator configuration.

    You can upgrade to either a primary virtual configuration or to a primary with backup virtual configuration.

Functionalities

The Virtual Mobile Authenticator Service provides two functionalities:

  • Password generation
  • Signature generation

Workflow

Figure: Password generation workflow