NFCPassportReader icon indicating copy to clipboard operation
NFCPassportReader copied to clipboard
verified publisher icon AndyQ

Configurable-challenge-for-Active-Authentication

Open Premeide opened this issue 1 year ago • 7 comments

  • Add option for providing custom aaChallenge

Premeide avatar Jul 25 '24 12:07 Premeide

Hi, Could you explain why this is useful and needed?

AndyQ avatar Sep 24 '24 06:09 AndyQ

Hi, Could you explain why this is useful and needed?

As an extra security feature, our backend now provides a unique active authentication challenge for the NFC reader to sign. By using a custom AA challenge, we ensure that the challenge/response was specifically executed in the session and not replayed. The app then sends the NFCPassportModel.activeAuthenticationSignature to the backend, along with the rest of the chip data. This requires the NFCPassportReader to optionally accept a custom aaChallenge.

This challenge/signature verification ensures that the app user has actually scanned the passport to retrieve the data, preventing the use of stored passport data.

Premeide avatar Sep 25 '24 08:09 Premeide