Select release
PowerAuth Specification

Overview

Activation

Activation Principles

Activation via Activation Code

Activation via Recovery Code

Activation via Custom Credentials

Key Derivation

Checking Activation Status

Signatures

Signatures

MAC Token Based Authentication

Encryption

End-To-End Encryption

Other Chapters

Basic Definitions

Activation Code Format

Additional Activation OTP

Implementation Details

List of Used Keys

Tutorials

Authentication in Mobile Banking Apps (SCA)

Verifying PowerAuth Signatures On The Server

API Reference

PowerAuth Standard RESTful API

Deployment

Architecture Overview

Deployment Checklist

Applications

PowerAuth Server

Enrollment Server

PowerAuth Admin

PowerAuth Push Server

PowerAuth CMD Tool

PowerAuth Mobile SDK

PowerAuth RESTful API SDK

PowerAuth Web Flow

Development

Development

Reporting Issues

Releases

List of Releases

PowerAuth

Edit on Github Send Feedback develop

PowerAuth is a protocol for a key exchange and for subsequent request signing designed specifically for the purposes of applications with high security demands, such as banking applications or mobile identity applications. It defines all items that are required for a complete security solution: a used cryptography, associated processes, and standard RESTful API end-points.

A typical use-case for PowerAuth protocol would be assuring the security of mobile banking application. Users usually download a “blank” (non-personalized) mobile banking app from the mobile application markets, such as Google Play or App Store. Then, they activate (personalize, register, …) the mobile banking app using credentials that are assumed sufficient for this purpose, for example via the QR code displayed in the internet banking, the branch kiosk system, ATM, or hardware authenticator. Only after this process is completed, users can use activated mobile banking app to create signed requests - to log in to mobile banking, send payments, certify contracts, etc.

The PowerAuth protocol also defines additional features, such as end-to-end encryption or secure storage through the secure vault. Unlike the authentication, these features do not constitute the protocol primary use-case and they mostly play a supportive role.

For any questions related to the protocol, please write to [email protected]. If you believe you have identified a security vulnerability with PowerAuth, you should report it as soon as possible via email to [email protected]. Please do not post it to a public issue tracker.

Last updated on Aug 21, 2023 (16:39) Edit on Github Send Feedback
On this page:
Search

develop

PowerAuth Java Crypto