Nonce lifespan in BLE requests

We have a solution where the Android application fetches prepared commands (backend holds all the necessary information to be able to create these) for Unlock as an example. Unlock requires a ChallengeRequest where a nonce is used to prevent replay but does it have an expiration time or is it just One-Time? Meaning if my application has a valid Unlock command “stored” can I use it at any given time later on but only once?

Hi @Andreas_Rohl ,
a Nuki device (like a Smart Lock 2.0) is only caching a limited number of challenges, therefore it may happen that “older” challenges are overwritten in case many challenges are requested.
Additionally a challenge can only be used once, as it expires if it has been used.

Thank you for your response to my question. So there is no TTL within the Challenge itself it is more that it may not exist anymore. So in theory, if I write one single challenge (and no one else ofc) and leave it untouched for a long period of time I could just pick up where I left?