Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1

< Back to Security information for Smart ID Mobile App

Secure provisioning

Secure ProvisioningSecurity Features


  • Secure provisioning of certificates and keys
    • Invoked from helpdesk/admin
      • Device authentication via one-time activation code (OTP) included in URL (QR code or web link)
    • Self-service portal using other 2FA method or username & password temporarily
      • Display QR code containing one-time activation code in self-service portal
  • Enrollment processes for certificate, keys and one-time passwords (OTP)
    • Creation of one-time password (OTP) profiles, both time-based (TOTP) and event-based (HOTP), see: https://tools.ietf.org/html/rfc6238 and https://tools.ietf.org/html/rfc4226
    • Enrollment of raw keys, which means keys not bundled or associated with any certificate
    • Enrollment of X.509 certificates according to a PKCS#10 schema where the private key is generated by Smart ID Mobile App on the mobile device
    • Enrollment of X.509 certificates according to a PKCS#12 schema with the private keys already generated and bundled with the certificates.
    • Refer to Hermod API examples for further details on enrollment processes
  • One-time activation codes (relevant for raw keys and certificate based virtual smart cards)
    • Can only be used once, as implied by name, and instantly destructed upon consumption
    • Based on double random UUID's
    • Configurable expiration time where the request order corresponding to the one-time activation code is destructed upon code expiration


  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions