OneSpan Digipass FIDO Touch User manual
Version:1.04
Digipass®FIDO Touch
User Guide
Digipass FIDO Touch user Guide Disclaimer
2
Disclaimer of Warranties and Limitations of Liabilities
Copyright Notices
Copyright © 2019 OneSpan North America Inc. All rights reserved.
Trademarks
OneSpan™, DIGIPASS® and CRONTO® are registered or unregistered trademarks of
OneSpan North America Inc., OneSpan NV and/or OneSpan International GmbH
(collectively “OneSpan”) in the U.S. and other countries.
OneSpan reserves all rights to the trademarks, service marks and logos of OneSpan
and its subsidiaries.
All other trademarks or trade names are the property of their respective owners.
Intellectual Property
OneSpan Software, documents and related materials (“Materials”) contain
proprietary and confidential information. All title, rights and interest in
OneSpan Software and Materials, updates and upgrades thereof, including software
rights, copyrights, patent rights, industrial design rights, trade secret rights,
sui generis database rights, and all other intellectual and industrial property
rights, vest exclusively in OneSpan or its licensors. No OneSpan Software or
Materials may be downloaded, copied, transferred, disclosed, reproduced,
redistributed, or transmitted in any form or by any means, electronic, mechanical
or otherwise, for any commercial or production purpose, except as otherwise marked
or when expressly permitted by OneSpan in writing.
Disclaimer
OneSpan accepts no liability for the accuracy, completeness, or timeliness of
content, or for the reliability of links to and content of external or third-
party websites.
OneSpan shall have no liability under any circumstances for any loss, damage, or
expense incurred by you, your company, or any third party arising from the use
or inability to use OneSpan Software or Materials, or any third-party material
made available or downloadable. OneSpan will not be liable in relation to any
loss/damage caused by modification of these Legal Notices or content.
Reservation
OneSpan reserves the right to modify these Notices and the content at any time.
OneSpan likewise reserves the right to withdraw or revoke consent or otherwise
prohibit use of the OneSpan Software or Materials if such use does not conform
to the terms of any written agreement between OneSpan and you, or other or other
applicable terms that OneSpan publishes from time to time.
Contact us
Visit our website: https://www.onespan.com
Resource center: https://www.onespan.com/resource-center
Technical support and knowledge base: https://www.onespan.com/support
If there is no solution in the knowledge base, contact the company that supplied
you with the OneSpan product.
Date: 2019-09-13
Digipass FIDO Touch user Guide
3
Table of Contents
Introduction .................................................. 7
1.1 Who Should Read This Guide? ....................................... 7
1.2Comments and Feedback ............................................. 7
1.3 Terminology ....................................................... 7
Description and Configuration ................................. 8
2.1 Presentation ...................................................... 8
2.2 System requirements ............................................... 9
2.3 Power on/off ...................................................... 9
2.4 USB connection ................................................... 10
2.5 Digipass FIDO Touch settings ..................................... 10
Settings menu ................................................ 10
Pairing process .............................................. 11
Set the language of your Digipass FIDO Touch ................. 13
Reset Digipass FIDO Touch .................................... 13
Set a PIN .................................................... 14
FIDO2 usage .................................................. 15
3.1 Overview ......................................................... 15
3.2 Introduction of the scenario ..................................... 15
3.3 Registration ..................................................... 15
3.4 Authentication ................................................... 16
3.5 Transactions ..................................................... 16
3.6 Windows 10 & FIDO2 ............................................... 17
Appendix A: FCC statements ................................... 18
Appendix B: Battery recommendation ........................... 19
Digipass FIDO Touch user Guide
4
Illustration Index
Figure 1: Digipass FIDO Touch............................................ 8
Figure 2: Start screen icons............................................. 8
Figure 3: Digipass FIDO Touch splash screen.............................. 9
Figure 4: Start screen when previously paired with your device.......... 10
Figure 5: Settings screen............................................... 11
Figure 6: Bluetooth options screen...................................... 11
Figure 7: Searching for Bluetooth connection............................ 12
Figure 8: PIN for Bluetooth pairing on Windows 10 device................ 12
Figure 9: Select host to be deleted..................................... 13
Figure 10: Settings screen.............................................. 14
Figure 11: Digipass FIDO Touch specifications........................... 18
Digipass FIDO Touch user Guide
6
Procedure Index
Procedure 1: Pairing Digipass FIDO Touch............................. 11
Procedure 2: Removing Bluetooth pairing.............................. 12
Procedure 3: Setting the language.................................... 13
Procedure 4: Resetting Digipass FIDO Touch........................... 13
Procedure 5: Setting the PIN......................................... 14
Procedure 6: Registering Digipass FIDO Touch......................... 15
Procedure 7: Using Digipass FIDO Touch for authentication............ 16
Procedure 8: Using Digipass FIDO Touch for transactions.............. 16
Digipass FIDO Touch user Guide
7
Introduction
FIDO2 is a set of standards that enables easy and secure logins to
websites and applications via biometrics, mobile devices and/or FIDO
Security Keys. FIDO2’s simpler login experiences are backed by strong
cryptographic security that is far superior to passwords, protecting
users from phishing, all forms of password theft and replay attacks1.
Learn more about FIDO2 at https://fidoalliance.org/fido2/.
Digipass FIDO Touch is a FIDO security key that supports the FIDO2
protocol. Digipass FIDO Touch is FIDO2 certified Level1 by the FIDO
Alliance, and Bluetooth certified. Digipass FIDO Touch establishes a
communication with the computer. As a result, Digipass FIDO Touch
delivers the most secure and lightning-fast user connectivity to
protect even the most sensitive mobile or computer transactions.
1.1 Who Should Read This Guide?
This document is intended for users who are installing or configuring
Digipass FIDO Touch in different environments and languages. The
audience must also be familiar with Bluetooth pairing on Android, iOS,
or Windows 10 devices and Windows 10 configuration and settings.
1.2 Comments and Feedback
If you encounter errors while attempting to perform the steps
articulated in this guide, or have suggestions to improve this guide
1.3 Terminology
Table 1 describes the technical terms used in this document. For a list
of general technical terms used throughout all documents, see the FIDO
Authentication Solution Guide.
Table 1: Glossary of technical terms
Term
Description
Digipass FIDO Touch
Authenticator supporting the FIDO2
protocol
Server
FIDO Universal Server
App
Mobile application
1Source of definition: https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Digipass FIDO Touch user Guide
8
Description and Configuration
2.1 Presentation
Figure 1: Digipass FIDO Touch
Figure 2: Start screen icons
NOTE
The Bluetooth icon has three states:
Bluetooth OFF or No device paired
Bluetooth ON and one device paired
Bluetooth connected
Digipass FIDO Touch user Guide
9
2.2 System requirements
Table 2: Digipass FIDO Touch system requirements
Requirement
Digipass FIDO Touch
Operating
Systems/Bluetooth
connection
•Bluetooth 4.0 LE
•iOS7 or Higher
•Android 6.0 or Higher
•Windows 10
Operating System /USB
connection
•Windows 7 ; Windows 10
•MacOS x 10.13 or Higher
Browser
•all browsers supporting the FIDO2
WebAuthn API
Platform
•FIDO CTAP2 API
2.3 Power on/off
To switch on Digipass FIDO Touch, click the Power button. The splash
screen is displayed:
Figure 3: Digipass FIDO Touch splash screen
After a moment, a new screen is displayed. This will be one of the
following two, depending on the Bluetooth pairing status.
1. If you have already paired your Digipass FIDO Touch with a tablet,
phone, or computer, the following screen will be displayed:
Digipass FIDO Touch user Guide
10
Figure 4: Start screen when previously paired with your device
2. If you have never paired your Digipass FIDO Touch and used it in
Bluetooth mode, you are invited to pair your device with Digipass
FIDO Touch.
The screen will inform you that Bluetooth is enabled but there is no
paired device and invite you to add the device in the Bluetooth
menu.
For more information on the pairing process, refer to 2.6 Pairing
Process.
a) Press OK on the touch screen to continue.
To switch off Digipass FIDO Touch, press the Power button.
2.4 USB connection
Included in the product package is a USB cable; plug the Micro USB TYPE
B into the connector of Digipass FIDO Touch and the USB TYPE A to your
computer.
When you plug the USB cable, the USB icon is displayed on the Digipass
FIDO Touch display. After a few seconds Digipass FIDO Touch will enter
into Charge mode. If the battery is empty, the screen displays an empty
battery icon. In that case, you can plug in the cable and perform an
operation after a few seconds.
The battery will take 90 minutes to fully recharge.
2.5 Digipass FIDO Touch settings
Settings menu
The Settingsmenu offers you the following actions/information:
•Add Bluetooth pairing platform,
•Set the language of your Digipass FIDO Touch
•Reset Digipass FIDO Touch
•Software version information
Digipass FIDO Touch user Guide
11
Pairing process
To use your Digipass FIDO Touch on a new platform, you need to turn on
Bluetooth on your platform and follow the platform-specific steps for
pairing a new Bluetooth device.
On Digipass FIDO Touch, follow these steps:
Procedure 1: Pairing Digipass FIDO Touch
1. Switch on your Digipass FIDO Touch.
2. Click on the Settings icon. Digipass FIDO Touch displays the
following screen:
Figure 5: Settings screen
3. Click on the Bluetooth icon. Digipass FIDO Touch now displays this
screen:
Figure 6: Bluetooth options screen
4. Enable Bluetooth by pressing . By default, this option is
enabled.
5. Add a new platform by pressing .
While searching for the Bluetooth connection with your platform,
Digipass FIDO Touch displays the following screen:
Digipass FIDO Touch user Guide
12
Figure 7: Searching for Bluetooth connection
The platform should display a message with a PIN to enter for
pairing. shows an example on a Windows-10 device.
Figure 8: PIN for Bluetooth pairing on Windows 10 device
6. Enter the PIN on Digipass FIDO Touch.
7. If pairing was successful, Digipass FIDO Touch displays a success
message.
NOTE
For Android devices, the pairing process can be done via the system
menu or directly in the App.
For iOS devices, the pairing process must be done with an app. The
system menu does not allow you to pair BLE devices.
To remove the pairing of Digipass FIDO Touch and a device, follow these
steps.
Procedure 2: Removing Bluetooth pairing
1. Press the Remove Bluetooth pairing icon .
2. You can delete the Bluetooth pairing for all hosts or select hosts
individually.
Digipass FIDO Touch user Guide
13
Figure 9: Select host to be deleted
3. Select the host for which you wish to remove the Bluetooth pairing.
Set the language of your Digipass FIDO Touch
You can set the language of your Digipass FIDO Touch. The following
languages are supported:
•English
•French
•Dutch
•Japanese
•Spanish
•German
Procedure 3: Setting the language
1. On the main screen, click the settings icon.
2. In the next screen, click the language selection icon .
3. Select your language.
4. To finish, Digipass FIDO Touch displays a confirmation message.
Confirm this by clicking OK.
Reset Digipass FIDO Touch
To reset Digipass FIDO Touch, follow these steps.
Procedure 4: Resetting Digipass FIDO Touch
1. On the main screen, click on the Settings icon.
Digipass FIDO Touch user Guide
14
2. The following screen is displayed:
Figure 10: Settings screen
3. Click the reset icon .
4. Confirm or cancel the action.
CAUTION
When you reset your device, the PIN will be reset, and all
registrations will be lost.
Set a PIN
FIDO2 supports using a PIN to protect the credentials. As
Digipass FIDO Touch provides a touch screen, the credentials are
protected on the touch screen, not via the client PIN API (i.e. with a
web browser, apps or platform PIN entry).
The credential protection extension is set by default
Procedure 5: Setting the PIN
1. In the main screen, press the Set Pin icon .
2. Enter your PIN.
3. The policy for PIN strength prescribes a length of 6 digits (before
validation).
4. Confirm the PIN entry.
5. When the PIN is set, Digipass FIDO Touch will display the message
PIN configured. Press OK to leave this screen.
NOTE
Digipass FIDO Touch refuses weak PINs. The difference between two
consecutive digits must not be a constant. For example, simple PINs
like 111111, 123456, or 987654 are refused.
Also, the new PIN must be different from the current PIN.
Digipass FIDO Touch user Guide
15
FIDO2 usage
3.1 Overview
Before using your Digipass FIDO Touch, you need to register it.
•FIDO supports the following operations:
Registration
Authentication
Transaction verification
•Windows 10 (version May 2019 update) includes support for password-
less FIDO Authentication via Windows Hello or FIDO Security Key on
Microsoft Edge and the most recent versions of Mozilla Firefox and
Chrome.
3.2 Introduction of the scenario
The general workflow between a platform and Digipass FIDO Touch is:
1. The platform establishes the connection with Digipass FIDO Touch.
2. The platform retrieves information about Digipass FIDO Touch
using a command to determine the capabilities of Digipass FIDO
Touch.
3. The platform sends a command for an operation if Digipass FIDO
Touch supports the operation.
4. Digipass FIDO Touch replies with response data or an error
message.
3.3 Registration
Before using your Digipass FIDO Touch to replace your credentials (user
name and/or password), you must register your Digipass FIDO Touch.
Procedure 6: Registering Digipass FIDO Touch
•Switch on and connect your Digipass FIDO Touch with USB or Bluetooth.
•When the Server sends the request, Digipass FIDO Touch asks you if
you want to register.
•After you press Yes, Digipass FIDO Touch displays the details of the
registration, including the name of the relying party, the account,
the display and user names.
Digipass FIDO Touch user Guide
16
NOTE
In case the Server requests a PIN verification, or Digipass FIDO
Touch is PIN-protected, the PIN verification screen is displayed.
Enter the Digipass FIDO Touch PIN
To delete the credentials, press the FIDO credential icon on the
main menu.
3.4 Authentication
After registering your Digipass FIDO Touch, the device is ready for
authentication and transactions.
Procedure 7: Using Digipass FIDO Touch for authentication
•Switch on and connect your Digipass FIDO Touch with USB or Bluetooth.
•When the Server sends the request, Digipass FIDO Touch asks you if
you want to authenticate.
•After you press Yes, Digipass FIDO Touch displays the details of the
login, including the name of the relying party, selecting the
account, the display and user names.
NOTE
In case Digipass FIDO Touch is PIN-protected, the PIN verification
screen is displayed. Enter the Digipass FIDO Touch PIN
3.5 Transactions
Transactions are initiated in the same way as an authentication, but
Digipass FIDO Touch uses transaction data instead of the authentication
data.
Procedure 8: Using Digipass FIDO Touch for transactions
•Switch on and connect your Digipass FIDO Touch with USB or Bluetooth.
•When the Server sends the request, Digipass FIDO Touch asks you if
you want to carry out a transaction.
•After you press Yes, you can verify the transaction details:
With a mobile app, Digipass FIDO Touch displays the details of the
transaction for you to approve.
With a web browser application, you can display the transaction
details on Digipass FIDO Touch if the browser supports the FIDO2
transaction extension.
NOTE
In case Digipass FIDO Touch is PIN-protected, the PIN verification
screen is displayed. Enter the Digipass FIDO Touch PIN
Digipass FIDO Touch user Guide
17
3.6 Windows 10 & FIDO2
The FIDO2 CTAP specification contains a few optional features and extensions which are crucial to
provide a seamless and secure experience.
lists A the features and extensions from the FIDO2 CTAP protocol supported by Digipass FIDO Touch.
Table 3: FIDO2 CTAP features supported by Digipass FIDO Touch
#
Feature / Extension
trust
Why is this required?
1
Resident key
This feature enables the security key to
be portable, where your credential is
stored on the security key.
3
hmac-secret
This extension ensures you can sign-in to
your device when it's off-line or in
airplane mode.
4
Multiple accounts per
RP
This feature ensures you can use the same
security key across multiple services like
Microsoft Account (MSA) and Azure Active
Directory (AAD).
NOTE
You must setup the PIN before registering your Digipass FIDO Touch
for Windows 10/Hello.
With its user interface, Digipass FIDO Touch manages the PIN
directly.
You can now set up Digipass FIDO Touch as a security key from the cloud
panel with your online account page.
For more information on the Windows 10 FIDO configuration and
credential issuance (HMAC-secret), please refer to the Microsoft
documentation: https://support.microsoft.com/en-
us/help/4463210/windows-10-sign-in-microsoft-account-windows-hello-
security-key.
Digipass FIDO Touch user Guide
18
Appendix A: FCC statements
This device complies with part 15 of the FCC Rules. Operation
is
subject
to the following two conditions:
(1) This device may
not cause harmful interference, and
(2) this device must accept any interference received, including
interference that may
cause undesired operation.
CAUTION
IMPORTANT:No changes shall be made to the equipment without the
manufacturer’s permission as this may void the user’s authority to
operate the equipment.
This device complies with FCC requirements for RF exposure in
accordance with FCC
rule part §2.1093 and KDB 447498 D01 for portable
use conditions.
Figure 11: Digipass FIDO Touch specifications
Digipass FIDO Touch user Guide
19
Appendix B: Battery recommendation
This product contains a battery, and a printed circuit board (pcb) that
may require special handling at end-of-life.
Long term storage for devices with rechargeable batteries should be
limited to 1 year after production date. After each year, the battery
of the unit must be fully recharged before it can be stored for another
year.
CAUTION
Do not penetrate the battery with a nail or other sharp object!
Do not charge the battery at high temperature over 45 degrees
Celsius!
Do not immerse the battery in liquid such as water, beverages, or
other fluids!
Table of contents
Other OneSpan Security System manuals
