Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


< Back to Security information for Smart ID Mobile App

Excerpt

Secure provisioning

Secure ProvisioningSecurity Features


Image Modified

  • Secure provisioning of certificates and keys
    • Invoked from helpdesk/admin
      • Device authentication via one-time activation code (OTP) included in URL (QR code or web link)
    • Self-service portal using other 2FA method or username & password temporarily
      • Display QR code containing one-time activation code in self-service portal
  • Enrollment processes for certificate, keys and one-time passwords (OTP)
    • Creation of one-time password (OTP) profiles, both time-based (TOTP) and event-based (HOTP), see: https://tools.ietf.org/html/rfc6238 and https://tools.ietf.org/html/rfc4226
    • Enrollment of raw keys, which means keys not bundled or associated with any certificate
    • Enrollment of X.509 certificates according to a PKCS#10 schema where the private key is generated by Smart ID Mobile App on the mobile device
    • Enrollment of X.509 certificates according to a PKCS#12 schema with the private keys already generated and bundled with the certificates.
    • Refer to Hermod API examples for further details on enrollment processes
  • One-time activation codes (relevant for raw keys and certificate based virtual smart cards)
    • Can only be used once, as implied by name, and instantly destructed upon consumption
    • Based on double random UUID's
    • Configurable expiration time where the request order corresponding to the one-time activation code is destructed upon code expiration