AffirmID, an Introduction

AffirmID offers a comprehensive approach to reliable authentication. It consists of the Authenticator application, a cloud platform service, and connecting protocols that work in concert to provide simple, secure, and reliable remote user authentication that can be relied upon to block and prevent unauthorized access.

Firsthand demonstration of AffirmID

The individual components include:

  • AffirmID Auth, an authenticator app for use on Android and iPhone devices.
  • AffirmIdP, a cloud-based identity provider service.
  • PushCBA, a secure authentication protocol

Operationally an authentication ceremony involves:

  • A relying party initiates an authentication session by submitting a request to an AffirmIdP that identifies the registered user who needs to be authenticated over secure networks.
  • AffirmIdP creates and sends two messages to the user’s mobile device: one is an out-of-band session identifier token and the other is an authentication notification message.
  • The user’s cell phone device AffirmID Auth app receives these messages, confirms their accuracy, and then displays authentication options.
  • The user clicks on an on-screen option that acknowledges the request resulting in sending a response back to AffirmIdP for processing.
  • AffirmIdP verifies the response returning its findings to the relying party.

Although there are a number of steps in the process, without taking into account user reaction time, the complete authentication happens in less than a second.

Experience is perhaps the best teacher when it comes to this superior method of authentication. We have a demonstration application called “AffirmIDDemo” for that purpose. It is currently accessible through the Google Play store and can be used with Android tablets. Both Windows tablets and laptops as well as Apple iOS tablets will soon have access to it.

What you need:

  • AffirmID Auth installed on your cell phone and registered with AffirmIdP identity provider service.
  • AffirmIDDemo installed and ready for use on a tablet or laptop.

What you will do:

  • On your cell phone go to AffirmID Auth and enter your BioPIN if necessary to ensure the authenticator is ready, Yellow app icon.
  • On your device with AffirmIDDemo, enter in the username field your registration email address.
  • Tap the Authenticate button.
  • On your cell phone observe appearance of the PushCBA authenticators Accept and Decline buttons. Tap either choice to complete the authentication process.
  • Observe completion status appears on the demo app display.

The reader is guided through the entire PushCBA authentication process in this demo, despite its briefness. Typically, the organization’s access management system or web-centric authentication solutions handle the process. The Help Desk or departments can use this demonstration app as a training resource.


How do you do that?

This will be a discussion from a 30,000-foot point of view on how AffirmID operates. We begin by examining the motivation behind it. We then move on to discuss how AffirmID responds to that.

Let’s first think about what prevents reliable, secure authentication. Why is it so challenging to accomplish? It’s an important one because the answer determines what needs to be done by an authentication solution in order to achieve the desired outcomes of simple, safe, and secure authentication.

One word best describes the problem: phishing. Attacks like phishing are a sign of other, more dangerous types of attacks. The phishing attack gives hackers the access they need, for instance, to launch a ransomware attack. The front door’s keys are what the phishing attack seeks to acquire. These keys, which are frequently a user’s login information, enable hackers to pretend to be a reliable party during a subsequent authentication process. Thus, it becomes clear why authentication is so important; in addition to confirming user identity and rights, it also has the responsibility of identifying and preventing unauthorized access. It may seem easy, but it’s not.

Read on to learn how AffirmID neutralizes the phishing attack.

The scene is set, and AffirmID’s goals are known. Now, we examine each crucial aspect of authentication in light of the outcomes of any kind of phishing attack.

To stop a fraudster from using similar device technology to trick the authentication process, it’s crucial to establish an affinity with the user’s authenticator device. To ensure that this requirement is satisfied, AffirmID uses FIDO2 for both attestation and assertion.

To prevent use by a imposter, it is essential to make sure the authenticator device is only used by the intended user. Relying on credentials of any kind, biometric or otherwise, for this purpose is not advisable. Addressing this need, AffirmID relies on its no credentials needed system of real-time biometric user identity recognition.

It’s crucial to keep things simple for the user. Push protocol is used by AffirmID because it does away with the password and simplifies authentication for the user to a single screen tap. Simple, safe, and secure authentication.

It is absolutely necessary to protect the Push protocol from phishing attacks, and adding PKI certificate-based authentication is the best way to do this. The PushCBA protocol from AffirmID achieves this by incorporating FIDO2 support into its one-of-a-kind push protocol implementation.

A “demonstration of intent,” or “tap the button,” facility is typically all that is required to ensure human participation in the authentication ceremony. By incorporating the needs of user identity recognition with users tapping the push notification “Accept” button, AffirmID builds on this adding meaning to the intent.

Remote authentication requires messaging over open networks, as well as the responsibility to keep that messaging secret from prying eyes. All messaging is encrypted by AffirmID using symmetrical one-time pad keys, making sure that no message can ever be illicitly decrypted.

Since hackers have the ability to intervene and the potential to undermine messaging security, intervention prevention of message exchanges is necessary. This goal is achieved thanks to AffirmID’s use of out-of-band signaling and avoidance of third-party middleware proxies.




Copyright © ProteqsIT LLC, all rights reserved.