Page 56 - Implementation of Secure Authentication Technologies for Digital Financial Services
P. 56

(continued)

              ④    Authenticator Returns Data to Client - The authenticator returns the authenticatorData and assertion
                   signature back to the client.

              ⑤    Client Creates Final Data, Application sends response to Server - The authenticatorGetCredential call
                   returns a PublicKeyCredential with the authenticator’s assertion response. It is up to the application to
                   transmit this data back to the server using any protocol and format of its choice.

              ⑥    Server Validates and Finalizes Authentication - Upon receiving the result of the authentication request,
                   the server performs validation of the response such as:
                   1.  Using the public key that was stored during the registration request to validate the signature by the authentica-
                     tor.
                   2. Ensuring that the challenge that was signed by the authenticator matches the challenge that was generated by
                     the server.
                   3. Checking that the Relying Party ID is the one expected for this service.




























































           54    Implementation of Secure Authentication Technologies for Digital Financial Services
   51   52   53   54   55   56   57   58   59   60   61