In order to prevent attacks such as phishing, an enterprise needs their users to log in using a World Wide Web Consortium (W3C) Web Authentication (WebAuthn)-based authenticator. Current WebAuthn authenticator devices present a number of problems for an enterprise. For example, outsourcing authentication device distribution logistics to a device vendor brings great operational benefits to an enterprise, however this traditionally requires that a large amount of trust be placed in the vendor. Techniques are presented herein that split an authenticator's secret between the two parties (i.e., an enterprise and a vendor), requiring active collaboration by the parties to issue an authenticator. This prevents both the device vendor alone, and read-only compromises of the enterprise, from issuing unauthorized or duplicated keys, while maintaining the ability to delegate logistics management to the vendor.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.