CodeB Identity Broker has taken a significant leap in user authentication by integrating the Camara One Time Password (OTP) SMS API. This integration not only amplifies the security measures but also ensures that the key material generated in the secure key storage by the CodeB Android Apps is intrinsically linked to the possession of an MSISDN.
The One Time Password SMS API excels in performing real-time verifications, ensuring that the user is in possession of the device associated with the given mobile phone number. By sending an OTP through SMS and then validating it, this approach establishes a robust security layer. This not only fortifies the authentication process but also binds the user’s secure keys – used for OpenID Connect (OIDC) authentication, digital signatures, and more – directly to the MSISDN.
The Integration Process:
Dispatching the OTP: Through the endpoint POST /one-time-password-sms/v0/send-code, the API dispatches an SMS embedded with the desired message and an OTP code to the designated phone number.
OTP Validation: The endpoint POST /one-time-password-sms/v0/validate-code is responsible for ascertaining the authenticity of the received code, matching it with the provided authenticationId.
Binding with MSISDN:
A pivotal enhancement due to this integration is the binding of the key material, generated within the secure key storage of CodeB Android Apps, to the possession of an MSISDN. This ensures that the key material is not just secure but is also tied to a unique identifier, adding an extra layer of protection.
The amalgamation of the One Time Password SMS API into the CodeB Identity Broker has ushered in a new era of advanced security. With the key material now bound to the possession of an MSISDN, users of CodeB Android Apps can be assured of a more robust and secure authentication mechanism.