PowerAuth 2.0 Specification

Petr Dvorak edited this page May 9, 2018 · 5 revisions

layout: page title: PowerAuth 2.0 Specification

PowerAuth 2.0 is a protocol for a key exchange and for subsequent request signing designed specifically for the purposes of applications with high security demands, such as banking applications or identity management applications. It defines all items that are required for a complete security solution: a used cryptography, a security scheme and standard RESTful API end-points.

A typical use-case for PowerAuth 2.0 protocol would be assuring the security of a mobile banking application. User usually downloads a "blank" (non-personalized) mobile banking app from the mobile application market. Then, user activates (personalizes, using a key-exchange algorithm) the mobile banking using some application that is assumed secure, for example via the internet banking or via the branch kiosk system. Finally, user can use activated mobile banking application to create signed requests - to log in to mobile banking, send a payment, certify contracts, etc.

The protocol also supports end-to-end encryption and secure storage. Unlike the authentication, these features are currently experimental and require better validation by the cryptography experts and market.

Following chapters describe the cryptography that is used in PowerAuth 2.0.

These additional chapters provide additional insight in the practical protocol implementation.

For any questions related to the protocol, please write to hello@powerauth.com.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.