JAR. Replacing Passwords
The server generates a unique authentication request and cryptographically signs it. This request is sent to the browser or app. The computer or mobile device then transfers the request to the JAR-hardware, which will validate the digital signature of the service provider. If the signature is valid, the user is asked to allow the authentication by pressing his finger on the device and thereby unlocking the private key. When the user has granted his permission and provided a valid fingerprint, the JAR-hardware will cryptographically sign the unique authentication request. The signature and the original request will be sent back to the server, which is then able to decide, whether the response is a combination of a valid authentication request and a valid signature or not, because only the unlocked private key on the JAR-hardware can produce this signature. For that reason, each user has to provide his public key during the sign up process for a service. That key allows the service provider to validate, that the authentication is authentic and access can be granted to that device or browser.
Now on Kickstarter: https://www.kickstarter.com/projects/itisonyou/forget-passwords-use-jar
0 comments
[ 3.3 ms ] story [ 4.6 ms ] threadNo comments yet.