Login
    Contenu x
    Token binding
    • 16 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Token binding

    • Mis à jour le 16 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    FIDO2 uses the Token Binding feature as an additional means of security. It is a TLS extension that helps to prevent MITM (man-in-the-middle) attacks. The extension has to be negotiated during the TLS handshake: it has to be requested by the client during the ClientHello step of the TLS ceremony. The OneSpan FIDO2 SDK is capable of verifying token binding, but the binding needs to be delivered from the TLS channel. The sec-token-binding header has to be delivered with the request, parsed at the service layer, and then passed to the SDK. For more information, refer to:

    • The com.onespan.tid.fido.fido2.common.TokenBindingHandlerImpl class in the sample web application.
    • The entire com.onespan.fido.fido2.clientdata.tokenbinding package in the FIDO2 SDK.
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle