Strong Authentication

By turning each of the user devices into their own certificate authorities, each application will get its own certificate and hence there will be no way to correlate those credentials.

A typical registration flow using FIDO protocol:

Registration Flow
  1. User chooses an available FIDO authenticator according to your acceptance criteria.

  2. The user unlocks the authenticator with biometrics device or external second-factor device (example: fingerprint, face recognition).

  3. Public and private key pairs are created for the local device, the user account, and mobile/online services.

  4. The public key is sent to the server. The private key is stored locally in the cryptographic secure key store. Registration is then complete.