Mobile virtual smart cards are trusted digital identities hosted in a secure mobile app. They are used for out-of-band authentication to digital resources (such as Office 365 or other apps), digital signing, email encryption and visual identification.

With mobile virtual smart cards, you get an intuitive and user-friendly two-factor authentication (2FA) method. They are also an economical choice, since most users already have a smartphone, which means that you do not have to issue and manage hardware tokens, smart cards or smart card readers.

Mobile virtual smart cards are included in Digital ID, with automated lifecycle management and self-service workflows.

How does it work?

Mobile virtual smart cards are based on PKI and enable users to easily authenticate, encrypt or sign using fingerprint or face recognition.

The mobile multi-factor app Smart ID Mobile App for use with mobile virtual smart cards offers fingerprint and face recognition for easy usability. The app is used together with a messaging backend to manage the online authentication and signing services and for sending push notifications. 

Smart ID Mobile App can also be used in offline mode with one-time passwords (OTP). The app is available on iOS and Android.

Virtual smart cards use PKI-based identities in a secure environment on laptops, to let users get rid of passwords and use strong authentication, signing and encryption in a smooth way. They work as physical smart cards, but without the need to issue and manage plastic cards or other hardware tokens. 

With virtual smart cards, you get an intuitive and user-friendly two-factor authentication (2FA) method. They are also an economical choice, since they take advantage of existing technology available on many laptops, which means that you do not have to issue and manage hardware tokens, smart cards or smart card readers. 

Virtual smart cards are included in Digital ID, with automated lifecycle management and self-service workflows.

How does it work?

Virtual smart cards are hosted on your laptop and have the same level of security as a physical smart card. Keys are securely created and stored on the Trusted Platform Module (TPM) chip, which is available on most laptops. 

Smart ID Desktop App lets you provision and manage virtual smart cards, based on Microsoft Virtual Smart Card (VSC) and Universal Windows Platform (UWP) technology. The solution uses native Microsoft mini-driver for communication with the VSC.

The Smart ID Desktop App is used together with a messaging backend to manage the online authentication and signing services. 

By using PKI chip cards with certificates, users can log in to computers without a password, sign documents digitally and access local and cloud resources. 

Smart cards helps users with a high-security, all-in-one solution by combining PKI certificates with RFID technology and visual identity on one card. 

If you order cards as a service from Nexus GO, you get customized and personalized PKI cards, encoded and ready to use, with the right security level for your organization. Then, Nexus provides and maintains the PKI infrastructure.

The PKI certificates on the card chip can be used for two-factor authentication, passwordless login to Windows, digital signing and encryption.

How does it work?

Combine the following components to suit your organizations special requirements:

• Visual identity
  Get your cards customized with a company logo and color scheme and personalized with a photo and personal data.
  
  
• PKI chip
  Use certificates for two-factor authentication, passwordless login to Windows, digital signing and encryption.
  
  
• RFID technology 
  Choose one or combine two of the most common RFID (Radio-frequency identification) technologies on high-quality cards with the original RFID chip.
  
  
• Visual security elements 
  Add security elements to ensure that your photo ID cards are hard to forge. 

The mobile app Smart ID Mobile App supports time-based and event-based one-time passwords (OTP). 

Smart ID Mobile App works in offline mode and offers extra security compared to other mobile apps for two-factor authentication, since the user must authenticate in the app with a PIN code or biometric validation with fingerprint or face recognition, before receiving the OTP. 

About one-time passwords (OTP)

A one-time password (OTP) is a temporary and unique passcode, that is generated by an algorithm to authenticate users to digital resources. There are different types of one-time passwords (OTP), as defined by the Initiative for Open Authentication (OATH):

• Time-based OTP (TOTP): A TOTP is renewed after a fix amount of time, for example 30 seconds. The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique. 
• Event-based OTP (HOTP): An HOTP is valid per authentication. After authentication a new OTP is generated. 

One-time passwords (OTP) in Nexus' Digital access platform

Smart ID Digital access supports OTP-token authentication for the OATH standards for HOTP, TOTP and OCRA as well as self-registration for OATH-compliant mobile applications. 

For information on other supported OATH-based authentication methods in Digital access, see Authentication methods in Digital Access. 

Hardware one-time password (OTP) tokens include various devices, such as key fobs and display cards, and either one-button tokens or tokens with PIN protection. 

About one-time passwords (OTP)

A one-time password (OTP) is a temporary and unique passcode, that is generated by an algorithm to authenticate users to digital resources. There are different types of one-time passwords (OTP), as defined by the Initiative for Open Authentication (OATH):

• Time-based OTP (TOTP): A TOTP is renewed after a fix amount of time, for example 30 seconds. The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique. 
• Event-based OTP (HOTP): An HOTP is valid per authentication. After authentication a new OTP is generated. 

One-time passwords (OTP) in Nexus' Digital access platform

Smart ID Digital access supports OTP-token authentication for the OATH standards for HOTP, TOTP and OCRA as well as self-registration for OATH-compliant mobile applications. 

For information on other supported OATH-based authentication methods in Digital access, see Authentication methods in Digital Access. 

PKI software tokens (or soft tokens) can be used when you need a convenient method that is easy to rollout, but does not necessarily have the highest security level. Typical use cases include authentication at VPN access point and web services or for digital signature of emails and documents. 

Software tokens are often used in combination with other methods. For example, a smart card might be required for Windows logon, but the security level of a software token is enough for VPN access.  

Software tokens are delivered as PKCS#12 files or published in to Windows certificate store. A software token is used together with a password for authentication, signing and encryption.