Venus
Lek ؋ $ ƒ $ ₼ $ $ Br BZ$ $ $b KM P лв R$ $ ៛ $ $ $ ¥ $ ₡ kn ₱ Kč kr RD$ $ £ $ € £ $ ¢ £ Q £ $ L $ Ft kr ₹ Rp ﷼ £ ₪ J$ ¥ £ лв ₩ ₩ лв ₭ £ $ ден RM ₨ $ ₮ MT $ ₨ ƒ $ C$ ₦ kr ﷼ ₨ B/. Gs S/. ₱ zł ﷼ lei ₽ £ ﷼ Дин. ₨ $ $ S R ₨ kr CHF $ £ NT$ ฿ TT$ ₺ $ ₴ £ $ $U лв Bs ₫ ﷼ Z$
Trust Nexus
WebAuthn+ JSON DLT ~ The Internet of Value
Home WebAuthn+ Identity Distributed Ledgers Finance Demo IVY Test DEV Contact License
A simple addition to the Web Bluetooth API will completely solve the
authentication problem.  And most users will be able to keep the convenience
of user names and passwords!  Simple passwords will become highly secure.
  
Imagine a world where authentication is convenient, simple and secure.
Imagine a world where Distributed Ledgers are a "cryptographically secure shared source of truth", fraudulent financial transactions are eliminated and the Internet of Value is real.
WebAuthn, a convoluted and complex "standard" being promoted by the FIDO Alliance, is not the path forward.
WebAuthn+, a simple and elegant open-source project from the Trust Nexus, is the right path.
WebAuthn+ is secure.  It is impossible to attack WebAuthn+ through a phishing scam, a MITM attack, by stealing user names and passwords or by any of the new advanced attacks.
WebAuthn+ does not require a physical security key.  WebAuthn+ does not require biometrics.
Just as the Domain Name System made the information Internet possible, WebAuthn+ will make the Internet of Value possible.
The Internet of Value has the potential to ignite a worldwide renaissance by providing, "ubiquitous access to efficient financial systems and the ability to transact with anyone in the world."   ~ W3C - Internet of Value Manifesto ~
The user experience for WebAuthn+ is friendly and elegant.  A user goes to a web application's "Sign On" page:
When the user clicks the WebAuthn+ button the browser communicates securely with the server over HTTPS and with the user's mobile device over a paired Web Bluetooth Low Energy (BLE) connection:
The generated Session UUID, the Credential Type, the User Identifier (email), the Domain Name and the visual Authentication Code are sent to the user's smart phone from the server through an encrypted Firebase channel.  The Domain Name and Session UUID are confirmed over a paired Web Bluetooth Low Energy (BLE) connection between the browser and the user's smart phone.
The user verifies the Authentication Code and then touches Sign On.  The sign on web page will "auto-magically" transform:
A Verification Code, generated in the user's smart phone and sent through an encrypted channel to the web server, will be displayed on both the web page and the user's smart phone (EUB 467):
Establishing a Trusted System ~ The Nirvana of Simple Passwords
Once the user successfully signs on, he/she can designate the system as a "trusted system".  In the future, the user can authenticate with a simple user name and password.
Everyone assumed that user names and passwords had to be eliminated in order to solve the authentication problem.  The paradox of the WebAuthn+ solution is that most users will be able to keep their user names and passwords, and passwords can become even simpler.
See the section on WebAuthn+ for more details.
This is not theoretical; for all processes we have a functioning prototype and everything works:
  • Authentication
  • Distributed Ledger
  • Funds Transfer
Application level (from within the browser code) messaging from the browser to the smart phone over bluetooth is not yet supported by the Web Bluetooth API.  The prototype uses a direct Java Script method call.  The browsers also need to support "Session Specific Pairing"; more info about this can found in the section on WebAuthn+.
Even now, the WebAuthn+ process is more secure and convenient than SMS authentication codes or any other 2FA process.
You can test this for yourself.  Install the TNX WebAuthn+ mobile app and then go to our Test page.
Why will the WebAuthn "standard" being promoted by the world's leading technology companies fail?  It is obvious.
Click here for more details.
How can a user's smart phone provide simple and secure authentication?  It's simple. 
Click here for more details.
The WebAuthn+™ process will also be used to sign transaction blocks within a JSON Distributed Ledger.
Click here for more details.
How can funds transfers be simple, secure and fast (replacing SWIFT, ACH, Venmo, Zelle and all others)? 
Click here for more details.
© Copyright 2019 ~ Trust Nexus, Inc.
All technologies described here in are "Patent Pending".