Content

Scroll back

ALAP Factor Smartphone

The target of this project was to use a smartwatch as an additional factor within the ALAP infrastructure.
A server based verification component was developed and a corresponding authentication plugin for the EGIZ Authenticator was developed.

The Authentication consists of two phases, the rollout phase, which is executed once, and the authentication phase, which is executed for every authentication.
During the rollout phase the server generates a secret key, and deploys it to the smartphone where it is stored to be used by the EGIZ Authenticator. In addition the initialization off the smartwatch is triggered. So the smartwatch creates a secret, that is stored on the watch, and combines it with a PIN that has to be entered by the user on the smartwatch.
This combined secret is sent back to the server, but is not stored on the watch.
After this rollout phase the Server knows the phones secret and the combined smartwatch secret, but not the PIN or the smartwach secret itself.

During the authentication phase the server generates a random nonce this is transfered to the EGIZ Authenticator who has to calculate an HMAC over it and forwards this a the challenge to the watch. The smartwatch creates an HMAC of the challenge with the secret key combined with a PIN that has again to be entered by the user. The resulted HMAC is  transfered back to the authentication server and verified. The correct HMAC proofs the possession of the smartphone, the smartwatch and the knowledge of the secret PIN.



Scroll forward