|Lek ؋ $ ƒ $ ₼ $ $ Br BZ$ $ $b KM P лв R$ $ ៛ $ $ $ ¥ $ ₡ kn ₱ Kč kr RD$ $ £ $ € £ $ ¢ £ Q £ $ L $ Ft kr ₹ Rp ﷼ £ ₪ J$ ¥ £ лв ₩ ₩ лв ₭ £ $ ден RM ₨ $ ₮ MT $ ₨ ƒ $ C$ ₦ kr ﷼ ₨ B/. Gs S/. ₱ zł ﷼ lei ₽ £ ﷼ Дин. ₨ $ $ S R ₨ kr CHF $ £ NT$ ฿ TT$ ₺ $ ₴ £ $ $U лв Bs ₫ ﷼ Z$|
WebAuthn+ JSON DLT ~ The Internet of Value
|WebAuthn+ JSON DLT ~ The Internet of Value|
|This first wave of Blockchain/Distributed Ledger applications will most certainly fail; however...|
|Eventually, Distributed Ledgers (not crypto-currencies), as a cryptographically secure shared source of truth that can be processed by intelligent systems, will provide great benefits to all businesses, from startups to multi-national corporations to impoverished villagers in the third world.|
|The Internet of Value[ref] will become a reality. Some have estimated that the resulting economic efficiencies (by reducing time, costs and risk) will be measured in trillions of dollars.[ref]|
|Secure identity will make the Internet of Value possible.|
|A W3C recommendation was recently published: Web Authentication: An API for accessing Public Key Credentials|
|This recommendation is commonly referred to as WebAuthn; it is exceptionally detailed and complex, perhaps unnecessarily so.|
|The WebAuthn document reads like the blueprint for a massive suspension bridge to be built across a "narrow creek". The problem that needs to be solved for web authentication is actually very simple: insure the user is on the right web page; "www.chase.com" not "www.chaze.com". This could be accomplished by a simple change to the Web Bluetooth API; the complexity of WebAuthn is unnecessary.|
|Even though WebAuthn has support from some of the major corporate players, the recommendation has glaring deficiencies:|
|The WebAuthn promise of "simpler stronger authentication", is a noble goal. How did the implementation get so screwed up?|
|There are some incredibly smart people promoting WebAuthn. When incredibly smart people engage in tribal mentality, bad things usually happen, especially when their tribal leaders have bad motives. It seems that the major proponents of WebAuthn are more concerned with controlling the IAM process, selling security keys, creating complex systems and selling consulting services than with creating a simple and elegant solution to the authentication problem.|
|"Groupthink is a psychological phenomenon that occurs within a group of people in which the desire for harmony or conformity in the group results in an irrational or dysfunctional decision-making outcome. Group members try to minimize conflict and reach a consensus decision without critical evaluation of alternative viewpoints by actively suppressing dissenting viewpoints, and by isolating themselves from outside influences."[ref]|
|"Groupthink requires individuals to avoid raising controversial issues or alternative solutions, and there is loss of individual creativity, uniqueness and independent thinking. The dysfunctional group dynamics of the 'ingroup' produces an 'illusion of invulnerability' (an inflated certainty that the right decision has been made). Thus 'the ingroup' significantly overrates its own abilities in decision-making and significantly underrates the abilities of its opponents (the 'outgroup')."[ref]|
|A revised standard, WebAuthn+, will remedy the deficiencies of the current proposal:|
|Note: If a bad actor can gain access to your computer (through malware or direct physical access), it is game over; you lost. This threat vector is outside the scope of WebAuthn+.|
|The graphic below is from a Google I/O presentation which provides a comprehensive overview of WebAuthn.|
|The graphic below is from the Medium article, Introduction to WebAuthn API by Ackermann Yuriy; this article is a non-trivial introduction even for experienced developers.|
|In WebAuthn+ the authentication process is in complete control of the web application provider (the code is open source and available to all). Credentials are stored on the user's smart phone and within the data structures of the web application provider.|
|Hover over the numbers below in sequence and you will realize how simple and elegant the WebAuthn+ process truly is.|
|Imagine a world where user names and passwords are no longer necessary, and authentication is simple and secure.|
|Imagine a world where Distributed Ledgers are a "cryptographically secure shared source of truth" and the Internet of Value is real.|
|Imagine a world where funds transfers are simple, secure and fast. SWIFT, ACH, Venmo, Zelle and all others will soon be replaced by a system that is open source, secure and enables billions of transactions in parallel worldwide.|
|The Internet of Value will enable, "ubiquitous access to efficient financial systems
and the ability to transact with anyone in the world."
~ W3C - Internet of Value Manifesto ~
|The Internet of Value will be realized with WebAuthn+ and Distributed Ledger Technology (DLT).|
|The authentication process will soon become incredibly simple and secure. A user will go to a web application's "Sign On" page:|
|Through an encrypted Firebase channel the Authentication Code (displayed on the web page: WHSL LRTU FLVM) and the session UUID will be sent from the web server to the user's smart phone:|
|The user will verify the Authentication Code and then touch Sign On. The sign on web page will "auto-magically" transform:|
|A Verification Code, generated in the user's smart phone and sent through an encrypted channel to the web server, will be displayed on both the web page and the user's smart phone (HCB 121):|
|This is not theoretical; for all processes we have a functioning prototype and almost everything works:|
|The messaging from the browser to the smart phone over bluetooth (step 2) is not yet supported by the browsers. Once it is supported in the WebAuthn process, we will be able to utilize that portion for WebAuthn+. It is also possible that the communication from the browser will eventually be supported by the Web Bluetooth API. Even now, the One Touch Sign On™ process is more secure and convenient than SMS authentication codes.|
|You can test this for yourself. Install the TNX One Touch mobile app and then go to our Test page.|
|How can a user's smart phone provide simple and secure authentication? It's simple.
Click here for more details.
|The One Touch Sign On™ process will also be used to sign transaction blocks within a JSON Distributed Ledger.
Click here for more details.
|How can funds transfers be simple, secure and fast (replacing SWIFT, ACH, Venmo, Zelle and all others)?
Click here for more details.