PowerAuth
PowerAuth is a protocol for a key exchange and for subsequent request signing designed specifically for the purposes of applications with high security demands, such as banking applications or identity management applications. It defines all items that are required for a complete security solution: a used cryptography, a security scheme and standard RESTful API end-points.
A typical use-case for PowerAuth protocol would be assuring the security of a mobile banking application. User usually downloads a “blank” (non-personalized) mobile banking app from the mobile application market. Then, user activates (personalizes, using a key-exchange algorithm) the mobile banking using some application that is assumed secure, for example via the internet banking or via the branch kiosk system. Finally, user can use activated mobile banking application to create signed requests - to log in to mobile banking, send a payment, certify contracts, etc.
PowerAuth Specification
- Basic Definitions
- Activation
- Key Derivation
- Checking Activation Status
- Computing and Validating Signatures
- MAC Token Based Authentication
- End-To-End Encryption
- Activation Recovery
- Additional Activation OTP
- Standard RESTful API
- Implementation Details
- List of Used Keys
Deployment
Applications
- PowerAuth Server
- PowerAuth Admin
- PowerAuth Push Server
- PowerAuth Command-Line Tool
- PowerAuth Mobile SDK for iOS and Android
- Integration Libraries for RESTful APIs
Releases
Development
In order to start developing PowerAuth, read our Developer documentation.