Offline activation

The data required by the Digipass SDK to instantiate a Digipass is embedded in the application integrating the SDK, or provided by the end user.

Offline activation (overview)

Offline activation (overview)

The workflow involves the following steps:

  1. The serial number and the Digipass activation code are provided by the user. The static vector is embedded in the application integrating the Digipass SDK.

  2. The offline activation function of the SDK is called with the mandatory serial number, activation code, and static vector.

  3. The dynamic vector is returned by the SDK.

  4. Dynamic and static vectors are stored in the application storage with the Secure Storage SDK.

    For more information, refer to the OneSpan Mobile Security Suite Product Guide, Secure Storage SDK.

    Instead of entering a serial number (e.g. “FDM1280189”), the end user can enter a serial number suffix (e.g. “1280189”). However, this is not recommended, as the serial number prefix will be retrieved from the static vector and this serial number prefix can differ between the hard-coded static vector in the mobile application (e.g. “FDL”) and the Digipass BLOBs used by the server (e.g. “FDM”). In such a case, the Digipass instance will be properly activated, however, the generated Digipass responses (i.e. OTPand signature) will be invalid.

    Routines of the activation service for offline integration:

    • C/C++/Objective C: DPSDK_ActivateOffline
    • Swift: activateOffline
    • Java: activateOffline

    To protect the Digipass authenticator with a user password, the user needs to provide the password with the activation data to the Digipass SDK. For more information, refer to DIGIPASS_Protection.

After the successful activation, the Digipass status in the dynamic vector indicates that the Digipass authenticator is activated and ready to generate responses.

Online activation

The integrating application retrieves the activation data from a provisioning server based on a OneSpan server component, i.e. Authentication Server Framework or OneSpan Authentication Server.

Online activation (overview)

Online activation (overview)

The workflow involves the following steps:

  1. The application starts and requests activation data from a provisioning server based on a OneSpan server solution.

  2. The response to the request must contain the Digipass full activation data.

  3. The online activation function of the Digipass SDK is called with the full activation data.

    Routines of the activation service for online integration:

    • C/C++/Objective C: DPSDK_ActivateOnline
    • Swift: activateOnline
    • Java: activateOnline

  4. The dynamic and static vectors resulting from a successful Digipass activation must be stored by the application in its data storage. To store the vectors, the application can rely on the Secure Storage SDK.

    For more information, refer to the OneSpan Mobile Security Suite Product Guide, Secure Storage SDK.

After successful activation, the Digipass status in the dynamic vector indicates that the Digipass authenticator is ready to generate responses.

To protect the Digipass authenticator with a user password, the user needs to provide the password with the activation data to the Digipass SDK. For more information, refer to Digipass protection.

By calling the online activation function, a nonce can be added to the online activation to prevent activation data replay.

Online activation with nonce (overview)

Online activation with nonce (overview)

In this case, the full activation data returned by the server can only be used by the application that has generated the nonce.