35. rpId, challengerpId, clientData
credId, Public key credId, Public key
AttestationAttestation
Registration
clientData
Check rpId
Generate Key-pair for
rpId
RP
Hash of ClientData
{ type: “webauthn.get”
origin: “example.com”,
challenge: “xxxxxxxxx”,
tokenBinding: { status: …} }
36. rpId, challengerpId, clientData
credId, Public key credId, Public key
AttestationAttestation
Registration
clientData
Check rpId
Generate Key-pair for
rpId
User Info,User Info RP
37. rpId, challengerpId, clientData
credId, Public key credId, Public key
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
AttestationAttestation
Registration
clientData
Check rpId
Generate Key-pair for
rpId
User Info,User Info
CTAP
RP
38. rpId, challengerpId, clientData
credId, Public key credId, Public key
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
AttestationAttestation
Registration
clientData
Check rpId
Generate Key-pair for
rpId
User Info,User Info
CTAP
RP
39. rpId, challengerpId, clientData
credId, Public key credId, Public key
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
AttestationAttestation
Registration
clientData
Check rpId
Generate Key-pair for
rpId
User Info,User Info
******
PIN
CTAP
RP
40. rpId, challengerpId, clientData
credId, Public key credId, Public key
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
AttestationAttestation
Registration
clientData
Check rpId
Generate Key-pair for
rpId
User Info,User Info
rpId
User Info
credId
******
PIN
CTAP ******
PIN
Store Credential of
www.example.com ?
RP
rpId credId user Info
rp1 cred1 hani
41. rpId, challengerpId, clientData
credId, Public key credId, Public key
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
AttestationAttestation
Registration
clientData
Check rpId
Generate Key-pair for
rpId
User Info,User Info
rpId
User Info
credId
******
PIN
CTAP ******
PIN
Store Credential of
www.example.com ?
RP
rpId credId user Info
rp1 cred1 hani
43. credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
rpId
RP
rpId, challenge, credId
PIN Support
rpId, clientData credId
Optional
rpId credId user Info
rp1 cred1 hani
44. rpId, clientData
credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
rpId
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
RP
rpId, challenge
rpId credId user Info
rp1 cred1 hani
45. rpId, challengerpId, clientData
credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
rpId
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
RP
CTAP
rpId credId user Info
rp1 cred1 hani
46. rpId, challengerpId, clientData
credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
rpId
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
RP
CTAP
rpId credId user Info
rp1 cred1 hani
47. rpId, challengerpId, clientData
credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
rpId
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
RP
CTAP
User Info
rpId credId user Info
rp1 cred1 hani
48. rpId, challengerpId, clientData
credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
User Info
User Info
login
rpId
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
RP
rpId credId user Info
rp1 cred1 hani
49. rpId, challengerpId, clientData
credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
user.id
userHandleUser Info
User Info
login
rpId
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
RP
rpId credId user Info
rp1 cred1 hani
50. rpId, challengerpId, clientData
credId, sign credId, clientData
Authentication
credId
sign
Kpriv
User Info
credId
******
PIN
user.id
userHandleUser Info
User Info
login
rpId
authenticatorSelection: {
userVerification: “required“,
requireResidentKey: true,
authenticatorAttachment: “cross-platform”
}
RP
userHandle
Kpub
rpId credId user Info
rp1 cred1 hani