< Back to Security information for Smart ID Mobile App
| Excerpt |
|---|
Secure provisioning| Secure Provisioning | Security Features |
|---|
 Image Modified
| - Secure provisioning of certificates and keys
- Invoked from helpdesk/admin
- Device authentication via one-time activation code (OTP) included in URL (QR code or web link)
- Self-service portal using other 2FA method or username & password temporarily
- Display QR code containing one-time activation code in self-service portal
- Enrollment processes for certificate, keys and one-time passwords (OTP)
- Creation of one-time password (OTP) profiles, both time-based (TOTP) and event-based (HOTP), see: https://tools.ietf.org/html/rfc6238 and https://tools.ietf.org/html/rfc4226
- Enrollment of raw keys, which means keys not bundled or associated with any certificate
- Enrollment of X.509 certificates according to a PKCS#10 schema where the private key is generated by Smart ID Mobile App on the mobile device
- Enrollment of X.509 certificates according to a PKCS#12 schema with the private keys already generated and bundled with the certificates.
- Refer to Hermod API examples for further details on enrollment processes
- One-time activation codes (relevant for raw keys and certificate based virtual smart cards)
- Can only be used once, as implied by name, and instantly destructed upon consumption
- Based on double random UUID's
- Configurable expiration time where the request order corresponding to the one-time activation code is destructed upon code expiration
|
|
