Page 56 - Implementation of Secure Authentication Technologies for Digital Financial Services
P. 56
(continued)
④ Authenticator Returns Data to Client - The authenticator returns the authenticatorData and assertion
signature back to the client.
⑤ Client Creates Final Data, Application sends response to Server - The authenticatorGetCredential call
returns a PublicKeyCredential with the authenticator’s assertion response. It is up to the application to
transmit this data back to the server using any protocol and format of its choice.
⑥ Server Validates and Finalizes Authentication - Upon receiving the result of the authentication request,
the server performs validation of the response such as:
1. Using the public key that was stored during the registration request to validate the signature by the authentica-
tor.
2. Ensuring that the challenge that was signed by the authenticator matches the challenge that was generated by
the server.
3. Checking that the Relying Party ID is the one expected for this service.
54 Implementation of Secure Authentication Technologies for Digital Financial Services