Hanko 101
2 Min.
Read

Public key cryptography explained - in less than 300 words

Both protocols, FIDO UAF & FIDO U2F, rely on the use of public key cryptography for authentication using hardware devices as so called authenticators on the client side to generate cryptographic key pairs. The private key is stored securely on the user's device and never transmitted over a potentially insecure channel (i.e. the internet), while the public key is supplied and stored by the relying party. Through the use of a challenge-response mechanism, relying parties issue challenges which a client must respond to by signing the challenge using the private key stored at the user's device. To do so, an end-user employs the biometric capabilities of her device (a face scan or a fingerprint) or - where unavailable - a PIN or a passphrase - to locally unlock access to the private key on their authenticator to create the digital signature. Biometric data (or PINs/passphrases) are also never transmitted over an insecure channel making this procedure an inherently stronger and more secure method than using passwords. 

This is also where the term multi-factor comes into play: an authentication factor can be conceived of as a category or type of authentication credential which is used for verifying that an entity is who it claims to be. The three major factors are:

  • Knowledge - something the entity knows; e.g., passwords or challenge-response techniques
  • Ownership - something the entity possesses; e.g., U2F tokens or ID cards
  • Inherence - something the entity is or is capable of; e.g., biometric properties or signatures

The provision of biometric data (something you are) or a PIN (something you know) to unlock the private key on a device (something you have) ensures usage of at least two factors thus lowering the overall chance of an unauthorized entity being able to provide both factors at once.

Set up passwordless authentication for your users as well in no time with Hanko`s developer API. Learn more about our technology or sign-up for free. 


Back to overview
Share Post on

More blog posts like this one

Don't miss out on the latest developments in the authentication space and on Hanko's product.