Venus
Lek ؋ $ ƒ $ ₼ $ $ Br BZ$ $ $b KM P лв R$ $ ៛ $ $ $ ¥ $ ₡ kn ₱ Kč kr RD$ $ £ $ € £ $ ¢ £ Q £ $ L $ Ft kr ₹ Rp ﷼ £ ₪ J$ ¥ £ лв ₩ ₩ лв ₭ £ $ ден RM ₨ $ ₮ MT $ ₨ ƒ $ C$ ₦ kr ﷼ ₨ B/. Gs S/. ₱ zł ﷼ lei ₽ £ ﷼ Дин. ₨ $ $ S R ₨ kr CHF $ £ NT$ ฿ TT$ ₺ $ ₴ £ $ $U лв Bs ₫ ﷼ Z$
Trust Nexus
WebAuthn+ JSON DLT ~ The Internet of Value
Home WebAuthn+ Identity Distributed Ledgers Finance Demo IVY Test DEV Contact License
A simple addition to the Web Bluetooth API will completely solve the
authentication problem.  And most users will be able to keep the convenience
of user names and passwords!  Simple passwords will become highly secure.
  
Imagine a world where authentication is convenient, simple and secure.
Imagine a world where Distributed Ledgers are a "cryptographically secure shared source of truth", fraudulent financial transactions are eliminated and the Internet of Value is real.
WebAuthn, a convoluted and complex "standard" being promoted by the FIDO Alliance, is not the path forward.
WebAuthn+, a simple and elegant open-source project from the Trust Nexus, is the right path.
WebAuthn+ is secure.  It is impossible to attack WebAuthn+ through a phishing scam, a MITM attack, by stealing user names and passwords or by any of the new advanced attacks.
WebAuthn+ does not require a physical security key.  WebAuthn+ does not require biometrics.
With WebAuthn+ simple passwords like "123", "asd", or even "pw", become highly secure.
Secure authentication, based on WebAuthn+, will make the Internet of Value possible.
The Internet of Value has the potential to ignite a worldwide renaissance by providing, "ubiquitous access to efficient financial systems and the ability to transact with anyone in the world."   ~ W3C - Internet of Value Manifesto ~
The user experience for WebAuthn+ is friendly and elegant.  A user goes to a web application's "Sign On" page:
When the user clicks the WebAuthn+ button the browser communicates securely with the server over TLS and with the user's mobile device over a paired Web Bluetooth Low Energy (BLE) connection:
The generated Session UUID, the Credential Type, the User Identifier (email), the Domain Name and the visual Authentication Code are sent from the server to the user's browser through encrypted TLS and to the user's smart phone through an encrypted Firebase channel.  The Domain Name and Session UUID are confirmed over a paired Web Bluetooth Low Energy (BLE) connection between the browser and the user's smart phone.
Using Web Bluetooth to confirm the Domain Name solves one of the fundamental problems of secure web authentication:  insure the user is on the right web page; e.g., "www.chase.com" not "www.chaze.com" (this completely stops phishing scams).
The user verifies the Authentication Code and then touches Sign On on his/her smart phone.  The sign on web page "auto-magically" transforms:
A Verification Code, generated in the user's smart phone and sent through an encrypted channel to the web server, is displayed on both the web page and the user's smart phone (EUB 467):
Establishing a Trusted System ~ The Nirvana of Simple Passwords
Once the user successfully signs on, he/she can designate the system as a "trusted system".  In the future, the user can authenticate with a simple user name and password.
Everyone assumed that user names and passwords had to be eliminated in order to solve the authentication problem.  The paradox of the WebAuthn+ solution is that most users will be able to keep their user names and passwords, and passwords can become even simpler.
See the section on WebAuthn+ for more details.
This is not theoretical; for all processes we have a functioning prototype and everything works:
  • Authentication
  • Distributed Ledger
  • Funds Transfer
Application level (from within the browser code) messaging from the browser to the smart phone over Web Bluetooth is not yet supported by the Web Bluetooth API.  The prototype uses a direct Java Script method call.  The browsers also need to support "Session Specific Pairing"; more info about this can found in the section on WebAuthn+.
In order for our authentication technology to be impervious, we will need Internet browsers to implement a simple addition the Web Bluetooth API (hence the focus on Microsoft, Apple and Google).  It may seem like a daunting task to get both Microsoft and Google to abandon their current WebAuthn strategy and modify the architecture of their browsers, but we are certain this can be accomplished.
Details:  The Internet of Value ~ An Open Letter to Microsoft, Apple, Google and the other Members of the FIDO Alliance
Even now, the WebAuthn+ process is more secure and convenient than SMS authentication codes or any other 2FA process.
You can test this for yourself.  Install the TNX WebAuthn+ mobile app and then go to our Test page.
Why will the WebAuthn "standard" being promoted by the world's leading technology companies fail?  It is obvious.
Click here for more details.
How can a user's smart phone provide simple and secure authentication?  It's simple. 
Click here for more details.
The WebAuthn+™ process will also be used to sign transaction blocks within a JSON Distributed Ledger.  These JSON Distributed Ledgers will be the building blocks for the Internet of Value.
Click here for more details.
How can funds transfers be simple, secure and fast (replacing SWIFT, ACH, Venmo, Zelle and all others)? 
Click here for more details.
© Copyright 2020 ~ Trust Nexus, Inc.
All technologies described here in are "Patent Pending".