Terms, Definitions, and Abbreviations used in OneSpan Mobile Security Suite

  • 3DES
    Symmetric key-block cipher. Uses the Data Encryption Standard (DES) cipher three times to encrypt its data.
  • Activation code (AC)
    The Digipass secret key in a decimal or hexadecimal character string format, encrypted with the customer master key in the static vector. It is one of the following: 20 decimal digits for a single-length secret key; the second part of the key is derived from the first part. 40 decimal digits for a double-length secret key. 16 hexadecimal characters for a single-length secret key; the second part of the key is derived from the first part. 32 hexadecimal characters for a double-length secret key. To prevent it from alteration the activation code ends with a checksum on one digit.
  • Activation password
    Secret data string of up to 64 alphanumeric characters shared between the customer (server) and the user prior to registration; used to protect the transfer of sensitive data during the Digipass activation process. Sometimes also referred to as customer historical secret.
  • adb
    Android Debug Bridge
  • Advanced Encryption Standard
    Symmetric key encryption algorithm. A block cipher with a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
  • AES
    See Advanced Encryption Standard
  • Alea
    Also Nonce
  • Authorization code
    Data used by the user to identify to a server to receive the Digipass activation data.
  • Basic service set identifiers
    Unique identifier of a basic service set; 48-bit label that conforms to MAC-48 conventions.
  • Biometric Sensor SDK
    Provides facilities to use fingerprint recognition to increase user convenience during the identification process while retaining a secure solution. It also provides methods to test whether fingerprint recognition is supported by the platform and has been enabled by the user before actually verifying fingerprints.
  • BSSID
    Basic service set identifiers
  • CDDC SDK
    Provides facilities to aggregate information from various mobile sources for risk evaluation of mobile transactions by OneSpan Risk Analytics.
  • CHS
    Customer historical secret; also Activation password.
  • Counter mode
    Operation mode of block ciphers. CTR uses the AES block cipher to create a stream cipher. Data is encrypted and decrypted by XORing with the key stream produced by AES encrypting sequential counter block values.
  • CRC
    Cyclic redundancy check.
  • Cronto
    Specific colorful cryptogram, similar to a QR code; used for visual transaction signing.
  • CTR
    Counter mode
  • Customer
    OneSpan customer who licenses OneSpan Mobile Security Suite and distributes it to the user.
  • Customer historical secret
    Also Activation password
  • Customer master key
    32-hexadecimal-character string. This string is unique for each customer and is generated (random/fixed) during production by OneSpan logistics. The master key is also known as “serial code”. It is a Triple DES key embedded in the static vector. See also Static vector.
  • Cyclic redundancy check
    Data verification method to detect errors and accidental changes to raw data.
  • Derivation code
    Optional code used to carry platform-specific data from client to server in the standard licensing model; part of the Digipass binding feature.It contains a Digipass response based on one of the Digipass cryptographic application key and bits extracted from the fingerprint of the platform where Digipass is running.
  • Device Binding SDK
    Facilitates Digipass application development; it provides a function to generate a unique identifier for a given mobile device, the device fingerprint. The SDK can be used on a variety of devices and various supported platforms.
  • Device code
    Mandatory code used to carry platform-specific data from client to server in the premium licensing model.It contains a Digipass response based on one of the Digipass cryptographic application key and bits extracted from the fingerprint of the platform where Digipass is running.
  • Device fingerprint
    A unique identifier; it is a hexadecimal string of 64 characters. It is a securely computed SHA-256 hash of the device-specific data and hardcoded salts.
  • Digipass activation
    The process in which the Digipass serial number, parameter set, secret, and initial seed value for future OTP or e-signature generation are provided. Activation is successful when the first Digipass response is validated on the server. Once the client activation is completed, the Digipass instance is ready to generate Digipass responses. See also Digipass instance.
  • Digipass instance
    The association of a unique Digipass key, serial number, sequence number, a static vector, and a Digipass secret.
  • Digipass instance key
    Also Digipass key
  • Digipass key
    128-bit secret key used by the Digipass algorithm to generate one-time passwords or e-signatures. The key is provided to the Digipass instance through the activation code. See also Activation code, Digipass instance.
  • Digipass license
    Also Digipass serial number.
  • Digipass password
    The Digipass password protects the Digipass key against unauthorized use. The password is used to encrypt the key in the dynamic vector. The password is also known as user password, static password, or PIN. See also Dynamic vector.
  • Digipass SDK
    Contains functions to activate the Digipass license, generate one-time passwords and e-signatures, establish a secure channel between Digipass and a server, and enable user-password management.
  • Digipass serial number
    The unique identifier of a Digipass license. It consists of a 3-alphanumeric-character prefix set in the static vector, and a 7-digit suffix. The suffix can be provided in the XFAD or by the user during Digipass activation. See also XFAD, Digipass serial number prefix, Digipass serial number suffix.
  • Digipass serial number prefix
    Consists of the first three characters of the Digipass serial number. The serial number prefix is unique per customer.
  • Digipass serial number suffix
    Consists of the last seven decimal digits of the Digipass serial number. The serial number suffix is unique per user.
  • Digipass Software Advanced Provisioning Protocol SDK
    Implements the DSAPP protocol to securely transfer the server-side generated Digipass software activation data to the Digipass software client. The SDK encrypts the activation data before transferring it to the client application and decrypts it again.
  • DTF
    Data field
  • DV
    Dynamic vector
  • Dynamic vector
    Digipass-specific binary data. It is created after successful activation. It is updated by the OneSpan Digipass SDK at runtime.It contains the following: Digipass status Serial number suffix PIN information Encrypted Digipass secret Status of the cryptographic Digipass applications Last-time-used value of the cryptographic Digipass applications Last-event-used value of the cryptographic Digipass applications
  • Electronic serial number
    Number to uniquely identify mobile devices.
  • Encrypted event reactivation counter
    Event reactivation counter encrypted with the activation password or a session key. See also activation password.
  • Encrypted full activation data
    Full activation data encrypted with the activation password or a session key. See also activation password, full activation data.
  • End user
    See User
  • ESN
    Electronic serial number
  • Event reactivation counter (ERC)
    This is the value to initialize the event-based Digipass counter. It should be provided to the OneSpan Digipass SDK during the re-activation process to synchronize the event counter between the Digipass data on the server-side and the Digipass instance on the client side. See also Digipass instance, Digipass SDK.
  • FAD
    Full activation data
  • FIDO Authentication Solution
    Leverages FIDO protocols and allows you to integrate mobile device biometric security capabilities into your application to enable strong authentication with primary and second factor authentication using biometrics and hardware authenticators.
  • Full activation data
    Serves to finalize the activation. The full activation data includes the parameter settings for the OneSpan Digipass SDK activation, the Digipass key, and and the Digipass serial number. It is the concatenation of the static vector, the activation code, and the serial number suffix. If the activation code is encrypted by an activation password and/or a nonce, it becomes encrypted full activation data (XFAD). See also activation code, Digipass SDK, encrypted full activation data, nonce, serial number suffix.
  • Image Generator SDK
    Provides a native component for a mobile application to integrate QR code and Cronto image capture.
  • Image Scanner SDK
    Facilitates the Digipass application development by providing you with the image scanning functionality to capture QR codes and Cronto images.
  • IMEI
    International Mobile Equipment Identity
  • International Mobile Equipment Identity
    International Mobile Equipment Identity; unique number to identify valid devices. Used by GSM networks.
  • Jailbreak cloaking
    Method to hide the root status of an iOS device and to conceal that the mobile device is compromised.
  • KCV
    Key checksum value
  • Key checksum value
    Checksum of the key value; used to compare keys without knowing their actual values.
  • MAC
    Message authentication code.
  • Man-in-the-middle-attack
    An attack where the communication of two parties is intercepted by an attacker.
  • MEID
    Mobile Equipment Identifier
  • MITMA
    Man-in-the-middle-attack.
  • Mobile Application Shielding
    Security technology that integrates directly into applications to provide proactive security against a wide range of attacks (tampering, debugging, code injection, code modification, data theft from the app). It performs different security checks and protects applications against attacks during runtime.
  • Mobile Equipment Identifier
    Globally unique number to facilitate universal mobile equipment identifidcation.
  • Near-field communication (NFC)
    Set of communication protocols between two devices over a short distance.
  • Non-volatile storage
    Also Permanent storage
  • Nonce
    A 64–hexadecimal-character random number generated by the OneSpan Digipass SDK host platform. It is part of the one-time-activation process and ensures that no other SDK-integrated instance can register with the same data.
  • Notification identifier
    Unique hexadecimal string with a maximum length of 2064 characters. The Notification SDK assigns this identifier to the client application - it is unique to the client device, regardless of the platform. It must be sent to the back end for later use.
  • Notification SDK
    Provides facilities to send push notifications to mobile applications via Apple, Google, and Microsoft cloud notification services, and provides an abstraction layer for the interactions between client and server.
  • OATH
    Open reference architecture for strong authentication.
  • OCRA
    OATH Challenge-Response Algorithm, a multi-factor authentication algorithm for Challenge/Response authentication.
  • One-time password
    A password that is valid for only one authentication process. OTPs can be used only once, and each authentication process requires a new OTP.
  • OneSpan Authentication Server
    A centralized authentication solution that offers strong authentication and validation of transaction signatures. It verifies authentication requests from individuals trying to access the corporate network or business applications.
  • OneSpan Authentication Server Framework
    API-based authentication platform that serves as back-end for Digipass strong authentication and e-signatures.
  • Orchestration SDK
    Enables mobile developers to integrate the main features of OneSpan Mobile Security Suite in their mobile application; the SDK provides facilities to orchestrate the mobile application and authenticate users after risk evaluation on the server-side.
  • OTP
    One-time password.
  • Permanent storage
    Storage that can retrieve persistent information which was previously stored in the app keychain using the Secure Storage SDK (Write Storage API). Can retrieve stored information even after having been power cycled. Also non-volatile storage.
  • Platform fingerprint
    Data specific to the platform hosting the OneSpan Digipass SDK.
  • Post-activation
    Optional process after the client activation.
  • Push notification
    Push notifications are clickable pop-up messages that are displayed outside an app. They are pushed from the server the app uses to the user's device.
  • PWD
    User password
  • QR code
    Two-dimensional bar code composed of black modules that are arranged in a square grid on a white background.
  • Registration
    The process of generating Digipass activation data on the server-side.
  • RHC
    Return host code
  • Risk Analytics
    Fraud detection and management system. It identifies risk at critical steps, predicts risk levels, and takes action when suspicious activites are identified. It is a product for monitoring online banking applications and payment processing which helps to protect against online banking fraud.
  • Root cloaking
    Method to hide the root status of an Android device and to conceal that the mobile device is compromised.
  • Root Detection SDK
    Detects if an application is running on a rooted/jailbroken device based on residual traces of the rooting method.
  • SCC
    Signature confirmation code
  • Secure Channel
    Ensures the confidentiality, integrity, and non-repudiation of data exchanged between a client and a server. The data are encrypted and signed with a key changed during the activation process. The protected data are embedded in a Secure Channel message for the transport process.
  • Secure Messaging SDK
    Used to format the transaction message body before encryption by OneSpan Authentication Server or OneSpan Authentication Server Framework (server SDK), and parse the transaction message body before decryption by the Digipass SDK (client SDK).
  • Secure Remote Password protocol
    Augmented protocol to exchange keys securely and password-authenticated.
  • Secure Storage SDK
    Provides a generic API to securely store data on a mobile device and masking the way the information is stored on the platform.
  • Sequence number
    This is the unique identifier of a Digipass instance from a Digipass license. It consists of two numeric characters from 01 to 99.
  • Serial number
    Also Digipass serial number
  • Server activation
    The validation of the first Digipass response generated after client activation. The server activation is part of the post-activation process.
  • Service set identifier
    Identifier or network name for a group of wirless network devices.
  • SM3
    Cryptographic hash algorithm. Used in the Chinese National Standard.
  • SRP
    Secure Remote Password protocol
  • SSID
    Service set identifier
  • Static vector
    The Digipass parameter set, i.e. customer-specific binary configuration data. It contains the Digipass serial number prefix, the customer master key and the parameter settings of the cryptographic application(s). It can be provided independently in clear text format, or as part of the FAD. See also Customer master key; FAD.
  • Time step
    Time interval when the time seed is constant.
  • Token seed
    Also Digipass key
  • TOTP
    Time-based one-time password.
  • User
    The end user of a Digipass instance (for instance a bank’s customer).
  • Volatile storage
    Storage that is non-persistent and keeps stored information as long as the app lifecycle is not fully terminated. Requires power to maintain the stored information.
  • White-Box Cryptography SDK
    With the White-Box Cryptography SDK, secret cryptographic keys are kept hidden in the source code even during runtime. The SDK enables developers to convert key values with the White-Box Table Generator into obfuscated source code which can be integrated into their application, instead of adding hardcoded key values in the source code.
  • XERC
    Encrypted event reactivation counter
  • XFAD
    Encrypted full activation data