Samah Shakir Ali

Home

About

Work History

Projects

Stack

Contact

Back to Projects

Back to Projects

Back to Projects

Fido Authentication

Fido Authentication

Fido Authentication

6 weeks

Authentication

6 weeks

Authentication

6 weeks

Authentication

Contributed to FIDO-based authentication system using ASP.NET. Designed secure authentication flows and user interfaces. Ensured seamless integration of FIDO authentication into existing systems.

How Authentication Works with FIDO


With FIDO, the user’s device must prove possession of the private key by signing a challenge for sign-in to be completed. This can only occur once the user verifies the sign-in locally on their device, via quick and easy entry of a biometric, local PIN or touch of a FIDO security key. Sign-in is completed via a challenge-response from the user device and the online service; the service does not see or ever store the private key. 

FIDO is designed from the ground up to protect user privacy and prevent phishing. Every passkey is unique and bound to the online service domain. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.


Enrolling a Passkey with an Online Service 

  • User is prompted to create a passkey 

  • User verifies the passkey creation via local authentication method such as biometrics, local PIN or touching their FIDO security key 

  • User’s device creates a new public/private key pair (passkey) unique for the local device, online service and user’s account.

  • Public key is sent to the online service and associated with the user’s account. Any information about the local authentication method (such as biometric measurements or templates) never leave the local device.

Using a Passkey for Subsequent Sign-in 

  • User is prompted to sign in with a passkey

  • User verifies the sign in with passkey via local authentication method such as biometrics, local PIN or touching their FIDO security key 

  • Device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge. 

  • Client device sends the signed challenge back to the service, which verifies it with the stored public key and signs-in the user

Contributed to FIDO-based authentication system using ASP.NET. Designed secure authentication flows and user interfaces. Ensured seamless integration of FIDO authentication into existing systems.

How Authentication Works with FIDO


With FIDO, the user’s device must prove possession of the private key by signing a challenge for sign-in to be completed. This can only occur once the user verifies the sign-in locally on their device, via quick and easy entry of a biometric, local PIN or touch of a FIDO security key. Sign-in is completed via a challenge-response from the user device and the online service; the service does not see or ever store the private key. 

FIDO is designed from the ground up to protect user privacy and prevent phishing. Every passkey is unique and bound to the online service domain. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.


Enrolling a Passkey with an Online Service 

  • User is prompted to create a passkey 

  • User verifies the passkey creation via local authentication method such as biometrics, local PIN or touching their FIDO security key 

  • User’s device creates a new public/private key pair (passkey) unique for the local device, online service and user’s account.

  • Public key is sent to the online service and associated with the user’s account. Any information about the local authentication method (such as biometric measurements or templates) never leave the local device.

Using a Passkey for Subsequent Sign-in 

  • User is prompted to sign in with a passkey

  • User verifies the sign in with passkey via local authentication method such as biometrics, local PIN or touching their FIDO security key 

  • Device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge. 

  • Client device sends the signed challenge back to the service, which verifies it with the stored public key and signs-in the user

Contributed to FIDO-based authentication system using ASP.NET. Designed secure authentication flows and user interfaces. Ensured seamless integration of FIDO authentication into existing systems.

How Authentication Works with FIDO


With FIDO, the user’s device must prove possession of the private key by signing a challenge for sign-in to be completed. This can only occur once the user verifies the sign-in locally on their device, via quick and easy entry of a biometric, local PIN or touch of a FIDO security key. Sign-in is completed via a challenge-response from the user device and the online service; the service does not see or ever store the private key. 

FIDO is designed from the ground up to protect user privacy and prevent phishing. Every passkey is unique and bound to the online service domain. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.


Enrolling a Passkey with an Online Service 

  • User is prompted to create a passkey 

  • User verifies the passkey creation via local authentication method such as biometrics, local PIN or touching their FIDO security key 

  • User’s device creates a new public/private key pair (passkey) unique for the local device, online service and user’s account.

  • Public key is sent to the online service and associated with the user’s account. Any information about the local authentication method (such as biometric measurements or templates) never leave the local device.

Using a Passkey for Subsequent Sign-in 

  • User is prompted to sign in with a passkey

  • User verifies the sign in with passkey via local authentication method such as biometrics, local PIN or touching their FIDO security key 

  • Device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge. 

  • Client device sends the signed challenge back to the service, which verifies it with the stored public key and signs-in the user

Back to Projects

Github

Github

More about Me

More about Me

Other Projects

Account Management System

ERP Sovereign

.Net Authentication

Enhancing Security with Machine Credentials Authentication in .NET

View All Projects

View All Projects

Let's Connect!

Let's Connect!

Let's Connect!

Made by

Samah Shakir Ali

© Copyright 2024. All rights Reserved.

Made by

Samah Shakir Ali

© Copyright 2024. All rights Reserved.