Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Online authentication security in Smart ID Mobile App

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Feb 08, 2024 by Ylva Andersson
1 min read

 

Online authentication

Online Authentication

Security Features

 

  • Smart ID Messaging

    • Messaging server (Hermod) which provides a secure communication channel between the Mobile App/SDK and server-side components for Identity Management, Digital Access, Digital Signing and so on

    • Messaging server actively takes part in an Online PIN process (see section "Distributed security model") invoked in online scenarios where the private key needs to be used in a cryptographic process (Not applicable for offline OTP scenarios)

    • HTTPS communication based on TLS with server side authentication

  • Verification

    • Session verification by verification images being displayed both on server side and in the Smart ID Mobile App

  • Certificate pinning

    • Provides means to control that the Smart ID Mobile SDK can only communicate with a dedicated Messaging server

 

 

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions