Embed Notice
HTML Code
Corresponding Notice
- Embed this notice@methyltheobromine @duponin here's a scenario: you have a home network and a smartphone. you open an account at a bank and you want to do online banking. you need that to be secure so you need a key relationship between your personal device and your bank. imagine an app on your phone that keeps keys for domain names. it has a private key on it in the secure element that represents only you. you carry your phone into the physical bank. they motion at a square. You tap your phone on the square and it brings up the app and asks you if you want to add the bank's name. you say yes. It asks if you want to associate your ID with it. you say yes. Your phone gets the bank key and gives the bank your public key via NFC. it sets up a client certificate between the two keys so that each one can absolutely identify the other.
You walk back to your home. You get on your desktop PC and type in the online banking site. It asks you to tap to log in. You tap your phone to your PC. without giving up your key it does the certificate negotiation, and both sides make sure they recognize each other. it generates an ephemeral key and authenticates you to the bank. you now can do online banking without any centralized authority.
obviously you can lose your phone or whatever. there are various ways around this, like you could go back to the bank with your government id and set it up again. or you could have your phone be able to tap six other people's phones and it breaks up your key and if you lost it you can reassemble it by going back to those six friends/family.