wwpass multi-factor authentication - how it works
DESCRIPTION
WWPass provides a multi-factor authentication solution that dramatically improves authentication security while completely eliminating the need for usernames and passwords. Using patented technologies, user credentials are invisible to hackers and the credential data is encrypted, fragmented, and dispersed for retrieval only with the consent of the user.TRANSCRIPT
WWPass Multi-Factor AuthenticationHow It Works
Joe McDonald July 2014Product Marketing [email protected]
User Visits WebsiteClicks On ‘Login with WWPass’
1. User initiates log on using WWPass
I Want To Logon
Service ProviderWebsite
PassKeyUser
PassKeyUser
Service ProviderWebsite
SSL certificate
1. User initiates log on using WWPass2. Site requests authentication with WWPass
PassKeyUser
Service ProviderWebsite
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued
Authenticated
Here’s your s
ession ticke
t:
Ticket: @
spfe:4567
PassKeyUser
Service ProviderWebsite
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user
Website is valid. Here’s your session ticket:Ticket: srh123@spfe:4567
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey
PassKeyUser
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey6. User is prompted for consent to authenticate
PassKeyUser
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey6. User is prompted for consent to authenticate7. User is prompted to enter access code
PassKeyUser
********
PassKeyUser
Service ProviderWebsite
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey6. User is prompted for consent to authenticate7. User is prompted to enter access code8. The user authenticates with WWPass
PUID + access code
Authenticated
Here’s your secrets
PassKeyUser
Service ProviderWebsite
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey6. User is prompted for consent to authenticate7. User is prompted to enter access code8. The user authenticates with WWPass9. User requests session key
What is the session key
PUID+SessionTicket
Session key
PassKeyUser
Service ProviderWebsite
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey6. User is prompted for consent to authenticate7. User is prompted to enter access code8. The user authenticates with WWPass9. User requests sessions key10. User shares session key (for this session only)
Here’s the session key for our data
PassKeyUser
Service ProviderWebsite
1. User initiates log on using WWPass2. Site requests authentication with WWPass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey6. User is prompted for consent to authenticate7. User is prompted to enter access code8. The user authenticates with WWPass9. User requests session key10. User shares session key (for this session only)11. Site requests credential data from WWPass
Get data usin
g sessi
on key
PassKeyUser
Service ProviderWebsite
1. User initiates log on using WWpass2. Site requests authentication with WWpass3. Site is authenticated and a unique one-time session ticket is issued4. Ticket with service provider ID (SPID) is sent to the user5. User is prompted to present the PassKey6. User is prompted for consent to authenticate7. User is prompted to enter access code8. The user authenticates with WWPass9. User requests session key10. User shares session key (for this session only)11. Site requests credential data from WWPass12. WWPass provides encrypted credential data to application
Here’s the encry
pted data
F7A5B3
User Is Securely Authenticated Access Is Granted