The Digipass Software Advanced Provisioning Protocol (DSAPP) is used to securely transfer the server-side generated Digipass software activation data to the Digipass software client.
The DSAPP SDK, i.e. the implementation of the protocol, consists of a server component and a client component: the server component encrypts the activation data before transferring it to the client application. The client component decrypts the activation data.
DSAPP relies on the encryption of the activation data with a 256-bit AES session key negotiated between the DSAPP SDK client component and the DSAPP SDK server component. This session key negotiation uses the Secure Remote Password (SRP) protocol. With this protocol, the secret shared between the server and the client – the user password – is not transmitted through the network.
The user password must be generated by using the DSAPP SDK server component and bound to a unique identifier, i.e. the user identity. The user password must be securely transmitted to the user via a separate channel outside the network. The user will then enter their user password in the mobile client application.
Overview of user password transmission with DSAPP
By using the shared user password and exchanging the dynamically generated public keys, the client and the server negotiate a session key that is used to encrypt the activation data.
Overview of activation data transfer protection with DSAPP
The DSAPP SDK supports the following platforms:
- DSAPP Client SDK C++ edition:
- iOS 13 or later
- Swift 5.0 or later
- Xcode 14 or later
- DSAPP Client SDK Android edition:
- minimum Android 6 (API level23)
- target Android 13 (API level 33)
- DSAPP Server SDK Java edition: Java-enabled platforms (JDK 6 and later)
- DSAPP Server SDK .NET edition: .NET 6 and later
- DSAPP Server SDK C edition: Linux 64-bit and Windows 64-bit
As of OneSpan Mobile Security Suite 4.20.0, the integration of the DSAPP SDK has changed for Android and iOS. For instructions on how to integrate the SDK, see Integrating a DSAPP Client.