To organize a hands-on demo of AffirmID, including its AffirmIdP cloud identity provider service using FIDO Direct to connect with AffirmID Auth authenticator cell phone app, contact ProteqsIT via the phone number or email address listed above.
- Push – A mobile notification protocol adapted for authenticator use and best known for its simple one-tap authentication approval interface.
- CBA – Certificate-Based Authentication, which means a public key encrypted authentication challenge is signed by a device using its private key counterpart thereby establishing a trusting bond between client and user device. Its use is a statement of possession, not one of identity.
- FIDO – Fast Identity Online, a standard for authenticators published by the FIDO Alliance. FIDO2 is the second generation of a standard that defines an implementation of CBA.
- FIDO Direct– a novel adaptation of the Push like authentication but with enhanced security and benefits of FIDO2.
- One-Time-Pad (OTPad) – a type of cryptography in which a randomly generated 128-bit AES key is used only once before being discarded.
- AES – Advanced Encryption Standard as defined by the US government, also known as a symmetric block cipher and thought to be practically impossible to decipher.
- One-Time-Password (OTP) – a 6-to-8-character code generated by a standard algorithm using a random secret.
- 2FA – two factor authentication, in which one authenticator factor is supplemented by another, most commonly a password supplemented by an OTP code.
- MFA – multi-factor authentication, which typically refers to two or more user authentication factors of the following types: something you know, something you have, and something you are.
- MiTM – Man-in-the-middle is a type of cyberattack in which the exchange of user authentication messaging is intercepted and exploited maliciously by the attacker.
- MiTB – man-in-the-browser is similar to MiTM, except that the browser is infected with malicious functions that intercept and manipulate user authentication messaging as it flows via the browser between the authenticator device and the relying party.
- RC2 – AffirmID has finished development, testing, and certification and is ready for client usage as of Release Candidate 2.
What is AffirmID?
Proof of concept components include:
- AffirmIdP – an Identity Provider interacts with AffirmID Auth app providing account registration and maintenance, and authentication services to authenticator app using FIDO Direct protocol.
- AffirmID Auth – A FIDO2 app providing authentication service facilities and account registration and maintenance one user identity is recognized by its semi-automatic biometric identity verifier. It interacts with an identity provider by use of FIDO Direct protocol.
- FIDO Direct– a unique and very secure protocol facilitating FIDO2 registration and attestation, and FIDO2 authentication and asertion of device and app identity.
What do you mean by trustworthy authentication?
What is an 'AffirmIdP' identity provider?
AffirmIdP API at a glance:
- Pre-configured or ad-hoc created user accounts are populated during AffirmID Auth registration with user identity verification, email account identifier, verified of course, and FIDO2 account attestation.
- Offered are multiple APIs for account management and maintenance and authentication.
- The authenticate API is passed an account identifier, normally a verified email address, to authenticate the person owing or assigned to the selected account.
- With that the API performs a complete and very secure authentication ceremony in which the account user identity is verified and their intent to authenticate captured from a single screen tap on their cell phone
- The ceremony completes with receipt of FIDO2 assertion of both app and device identity.
- Results are returned in response to the API request. It may suggest a positive response, a timeout, a negative response (user declined the offer), or a warning of potential tampering.
What is the 'AffirmID Authenticator' app?
What is 'FIDO Direct'?
FIDO2 is an excellent contributor to resolving authentication ceremony difficulties because it reduces the number of false positives. Unfortunately, adopters are forced to rely on proxy components in the message chain between the FIDO2 authenticator and the relying party user account, over which they have no control. Each of these proxy points provides an attack vector that malicious actors can exploit.
Mobile Push authentication has gained popularity due to its usability and inexpensive cost of implementation. It is free and simple to use. It is also fraught with dangers.
FIDO Direct aims to combine the robustness of FIDO2 core with the user experience of Push while avoiding the risks of both. Its protocol is meant to provide a direct streaming connection between the user account maintained by the relying party and a mobile phone authenticator app.
The AffirmIdP – FIDO Direct – AffirmID Auth combination offers simplicity of use, no high risk proxies, and no cell phone configuration requirements that some users detest.
Is AffirmID a 'Zero-Trust Authentication' provider?
There are multiple steps in the authentication ceremony, the following listing those of the AffirmID solution:
- Trust but verify identity of the user being authenticated;
- Trust but verify the challenge message received;
- Trust but verify the user’s authenticator;
- Trust but verify the challenge message response; and
- Trust but verify the relying party making the request.
Does AffirmID block phishing attacks?
88888There are multiple steps in the authentication ceremony, the following listing those of the AffirmID solution:
Trust but verify identity of the user being authenticated;
Trust but verify the challenge message received;
Trust but verify the user’s authenticator;
Trust but verify the challenge message response; and
Trust but verify the relying party making the request.
Is AffirmID available for evaluation?
What are configurations, availability, and pricing?
Is AffirmID covered by patents?
Trustworthiness can only exist with end to end trust.
- As an executive of an organization concerned with cyber security, do you trust your current altercation methods?
- As an individual, are you sure the person you are Signal’ing is who you think they are?
Stay tuned, there are several features now in flight to help secure the individuals personal data and accounts.