We have introduced a simple but powerful FIDO2 authentication flow for securing access to workstations. Users can log in via FIDO2 and unlock their workstations using any of their linked personas in the BlockID mobile app.

Simplified FIDO2

Registration

Attestation is the act of registering the Authenticator. 1Kosmos now supports the BlockID Mobile App as a FIDO2 authenticator. Users who register in the BlockID Mobile App are automatically registered for FIDO-based authentication. This is true for all personas linked by the user in the BlockID Mobile App!

Authentication

  1. The BlockID Credential Provider requests the FIDO server to generate a FIDO challenge to the user. 
  2. The challenge is sent to the BlockID App via push notification. 
  3. The user must approve the request in the Authenticator after a biometric authentication challenge.
  4. The Authenticator signs the challenge and sends the response back to the Credential Provider on the workstation. 
  5. The Credential Provider validates the signed challenge with the FIDO server. 
  6. Once successfully validated, the BlockID Credential Provider passes the user’s certificate credentials to the OS- and the user is logged in!