Scroll back

YubiKey Authentication

The YubiKey was integrated into the Agile Authentication Provider (ALAP). A server based verification component was developed and a corresponding authentication plugin for the EGIZ Authenticator was developed.

The YubiKey is hardware security token. The integration was done using the YubiKey NEO, which supports NFC communication. The Authentication consists of two phases, the rollout phase, which is executed once, and the authentication phase, which is executed for every authentication. During the rollout phase the server generates a secret key, and deploys it to a YubiKey NEO, after the rollout phase only the YubiKey and the server component have knowledge about the secret key. During the authentication phase the server generates a random nonce this is transfered to the EGIZ Authenticator. The EGIZ Authenticator sends a request to the YubiKey to create a HMAC of the nonce with the secret key. The resulted HMAC is again transfered back to the authentication server and verified. The correct HMAC proofs the posession the YubiKey.

A demonstration video is available:
Scroll forward