DIGIPASS for Mobile

DIGIPASS® for Mobile

Security meets convenience: Enhanced mobile application security paired with a frictionless user experience

DIGIPASS® for Mobile - iPhone

Banks, financial institutions and enterprises offering online and mobile applications face multiple challenges. Online and mobile applications are highly susceptible to cyber attacks and fraud, which, over recent years, have become increasingly sophisticated. At the same time, user adoption of mobile applications depends on an intuitive and seamless experience for users.

DIGIPASS for Mobile balances the need for stronger mobile application security with demands for user convenience by delivering comprehensive, built-in security for your mobile applications, combined with a frictionless, “hands-free” authentication and e-signing experience for your mobile users. 

Enhanced Application Security

For any mobile application, creating a secure environment for the user authentication process is critical. That’s why DIGIPASS for Mobile goes beyond authentication to ensure that any application running on a mobile platform is self-protected in all the aspects of application runtime:

  • Jailbreak & Root Detection: Ensures the security of mobile platforms by detecting if rooting or jailbreak evidence is present, so you can take proper action.
  • Application Hardening: Supports best in class hardening techniques including memory zeroing, reverse engineering protection, secure storage, and white box cryptography.
  • Device Binding: Securely links an authorized user to his authorized device(s), which can prevent cloning or repurposing of cryptographic keys.
  • Secure Channel Communications: Ensures the integrity of digital transactions by providing an encrypted, independent and cross-platform secure channel between the server and the client device.
  • Enhanced Risk Analysis: Offers unique risk scoring capabilities that are embedded into the authentication and signing processes based on user, platform and context elements.

Transparent User Experience

When it comes to user adoption of your mobile application, user experience can often be a determining factor in its success or failure. DIGIPASS for Mobile offers convenient, user-friendly Two-factor authentication and e-signing options that take security “friction” out of the equation:

  • QR Code Scanning: Users simply capture the QR code with a mobile device, enter a PIN code and can instantly log on to an application or validate a transaction. Visit the CrontoSign solution page to learn more about QR-code based visual transaction signing.
  • Transparent OTP: Offers “hands free” authentication and signing when a user is conducting an online session, and is flexible enough to provide transparent OTP or generate an e-signature that is automatically directed to the relevant server.
  • Multi-Device Support: Ensures that a user can securely leverage any pre-registered device for application authentication and transaction signing, regardless of platform.
  • Inter-Application Security: Between applications, DIGIPASS for Mobile will perform needed security checks, generate the OTP, and pass it directly to the applicable server.

Streamlined Integration, Provisioning and Deployment

Application development and deployment can be an arduous process, which is why we designed DIGIPASS for Mobile to be flexible and friendly for developers throughout the process.

  • Customization: Fully customizable GUI, a complete set of branding and publishing tools, localization capabilities, flexible menu and form design options, and granular security and policy tools.
  • Provisioning: Enables flexible provisioning by offering a set of provisioning protocols using asymmetric keys as well as alternative options. Complete VASCO-operated provisioning services are available via DIGIPASS as a Service.
  • Deployment: Off-line or online deployment options as well as deployment through QR codes.
  • Implementation: Offers a complete suite of implementation options, including full-service support for parameter selection, testing, design, customization, multi-device provisioning, App store publishing, and training.
  • Support: Supports almost any mobile device platform, including iPhone, Android, Blackberry and Windows, as well as eight different crypto-applications, allowing an extended use in different settings such as IVR, online connections, signatures, offline transactions, etc.

Demo: DIGIPASS for Mobile with Touch ID

Technical Specifications

response Only

Time only, event only or Time + event-based
AES/Triple DES Encryption Algorithm
response : 6 to 16 decimal/hexadecimal
Check digit
256 seconds Time Step

Host Confirmation Code

AES/Triple DES
Length from 4 to 10 Decimal/Hexadecimal
(1 to 10 in Challenge/Response mode)


Time only, event only or Time + event-based
AES/Triple DES Encryption Algorithm
Challenge length from 4 to 16 decimal
response length from 6 to 16 decimal/ hexadecimal
Check digit
256 seconds Time Step


Time only, event only or Time + event-based
AES/Triple DES Encryption Algorithm
Length from 4 to 16 decimal/hexadecimal
Up to 8 customizable data fields
Data field length from 4 to 16 digits
256 seconds Time Step

PIN management

PPIN length options: no PIN or 4 to 250 digits
Max number of wrong entries from 1 to 9
On wrong PIN: invalid password generation or reset
PIN check options : Checksum/Hashcode/None
PIN change option
PIN derivation iteration from 0 to 15 000

Standard algorithms



Case Study:


Share | |