Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Secure provisioning in Smart ID Mobile App

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Feb 08, 2024 by Ylva Andersson
1 min read

 

Secure provisioning

Secure Provisioning

Security Features

 

  • Secure provisioning of certificates and keys

    • Invoked from helpdesk/admin

      • Device authentication via one-time activation code (OTP) included in URL (QR code or web link)

    • Self-service portal using other 2FA method or username & password temporarily

      • Display QR code containing one-time activation code in self-service portal

  • Enrollment processes for certificate, keys and one-time passwords (OTP)

    • Creation of one-time password (OTP) profiles, both time-based (TOTP) and event-based (HOTP), see: https://tools.ietf.org/html/rfc6238 and https://tools.ietf.org/html/rfc4226

    • Enrollment of raw keys, which means keys not bundled or associated with any certificate

    • Enrollment of X.509 certificates according to a PKCS#10 schema where the private key is generated by Smart ID Mobile App on the mobile device

    • Enrollment of X.509 certificates according to a PKCS#12 schema with the private keys already generated and bundled with the certificates.

    • Refer to Hermod API examples for further details on enrollment processes

  • One-time activation codes (relevant for raw keys and certificate based virtual smart cards)

    • Can only be used once, as implied by name, and instantly destructed upon consumption

    • Based on double random UUID's

    • Configurable expiration time where the request order corresponding to the one-time activation code is destructed upon code expiration

 

 

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions