WWPass Multi-Factor AuthenticationHow It Works

Joe McDonald July 2014Product Marketing Managerjoe.mcdonald@wwpass.com

User Visits WebsiteClicks On ‘Login with WWPass’

1. User Initiates Log On Using WWPass

I Want To Logon

WWPass Technology – How It WorksService Provider

WebsitePassKey

User

PassKeyUser

Service ProviderWebsite

x.509 Certificate

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass

PassKeyUser

Service ProviderWebsite

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued

Authenticated

Here’s your s

ession ticke

t:

Ticket: @

spfe:4567

PassKeyUser

Service ProviderWebsite

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User

Website is valid. Here’s your session ticket:Ticket: srh123@spfe:4567

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey

PassKeyUser

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey6. User is Prompted for Consent to Authenticate

PassKeyUser

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey6. User is Prompted for Consent to Authenticate7. User is Prompted to Enter Access Code

PassKeyUser

********

PassKeyUser

Service ProviderWebsite

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey6. User is Prompted for Consent to Authenticate7. User is Prompted to Enter Access Code8. The User Authenticates with WWPass

PUID+AccessCode

Authenticated

Here’s Your Secrets

PassKeyUser

Service ProviderWebsite

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey6. User is Prompted for Consent to Authenticate7. User is Prompted to Enter Access Code8. The User Authenticates with WWPass9. User Requests Location of Encrypted Data

Where Is The Data For

PUID+SessionTicket

Encrypted Data Location

PassKeyUser

Service ProviderWebsite

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey6. User is Prompted for Consent to Authenticate7. User is Prompted to Enter Access Code8. The User Authenticates with WWPass9. User Requests Location of Encrypted Credential Data10. User Shares Location of Credential Data and Keys (for this Session Only)

Here’s The Secret Locations For Our DataYou Have My Permission To Read It

PassKeyUser

Service ProviderWebsite

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey6. User is Prompted for Consent to Authenticate7. User is Prompted to Enter Access Code8. The User Authenticates with WWPass9. User Requests Location of Encrypted Credential Data10. User Shares Location of Credential Data and Keys (for this Session Only)11. Site Requests Credential Data from WWPass

Get Data From Secre

t

Locations

Encrypted, Fragmented, and Dispersed Data Retrieved

C 7

A

9

6

3

F

1

E5

2

B

WWPass Technology – How It Works

PassKeyUser

Service ProviderWebsite

WWPass Technology – How It Works

1. User Initiates Log On Using WWPass2. Site Requests Authentication with WWPass3. Site is Authenticated and a Unique One-time Session Ticket is Issued4. Ticket with Service Provider ID (SPID) is Sent to the User5. User is Prompted to Present the PassKey6. User is Prompted for Consent to Authenticate7. User is Prompted to Enter Access Code8. The User Authenticates with WWPass9. User Requests Location of Encrypted Credential Data10. User Shares Location of Credential Data and Keys (for this Session Only)11. Site Requests Credential Data from WWPass12. WWPass Provides Credential Data to Application

Here’s The Encry

pted Data

F7A5B3

User Is Securely Authenticated Access Is Granted