ABC Authentication

Summary

There are various kinds of authentication processes in the Internet because every company and organization wants its own authentication mechanism. Though there have been a few general authentications such as Google and FB logins, they are those of private companies belong to a specific nation, and, of course, many nations don't want to use them.

Though there is no easy way for 146+ BRI nations to agree on a specific universal login or authentication mechanism, there also is a universal device to login any web site which requires an authentication. A smartwatch or a smartphone can be a key to use various web services. Because every communication device has a unique identifier, it is an ideal device as the first gateway to login to web services.

All devices are linux machines: smartphones, smart watches, desktops, tablets and so on.
Normally, smart rings, smartwatches and smartphones are private devices. On the other hand, tablets, PCs and TVs are public devices. Private devices are held by personnels, and public ones are provided in public spaces such as stations, libraries, cafes etc.
The computational capacity of personal linux devices are quite limited, just a proxy of a remote linux distro residing in the cloud. The cloud or server cluster of an ABC city has as many linux distros as the number of its citizens.
Every citizen is given a smart ring, a smartwatch or a smartphone which store his/her private key. We call those holding private keys as private or personal devices. Those private devices are used to unlock any public devices such as linux desktops and tablets.
Most computing processes are done in the cloud rather than personal devices.
All the sites and web applications can be logged in by SINGLE login process which is done via a private device

2. ABC Authentication

Different from current computing environments, those of ABC are based on private devices(such as smartwatches), public devices(such as tablets, smartphones and PCs), and server clusters in the cloud.

A citizen may use his/her private devices to directly connect to his/her linux distro in the cloud, or indirectly via public devices to the cloud. Public devices are shared among citizens, and rent to citizens for a period.

ABC Private Devices

After a user unlock his/her private device, he/she can use it to access to all kinds of internet services without additional login.

A citizen may access to the internet via his/her private devices or indirectly via public devices.
Both private and public devices are locked in default. If he/she want to use a public device such as tablets and PCs, he/she first unlock her private device, and then the public device by using his/her unlocked private device. For example, if Alice want to use a PC to access to the Web, she should unlock her private device, and then, the PC using her private device.
The main purpose of public devices is to provide a bigger screen than private devices. Both private and public devices are just dumb terminals with minimal computing powers. Most computing processes are done by their linux distros in the cloud.

So the first step is to login or to boot his/her private device. The default unlocking mechanism of ABC smartwatches and smartphones is using face, fingerprints, iris and password all together

Normal password screen shows up.
After entering the password, the fingerprint, iris, and face are recognized behind the scene.
Physical OPEN, START or CONFIRM button may be a fingerprint scanner.

After unlocking his/her private device, he/she can use any public device as a proxy between her private device and her linux distro in the cloud.

Linux smartwatch - Pine64

iPhone

fingerprint scanner

Pseudo Codes

2. Linux Distro in the Cloud

Citizen and even machines have their linux distros in the cloud, which represent them in the web. For example, Alice has a linux in her smartwatch and another linux distro in the cloud. The linux in her watch is a remote controller of the linux in the cloud. Most computing processes are done by the linux in the cloud rather than that in her smartwatch or another device. Of course, each has a unique IP address.

The Linux in the cloud represents Alice. It pays all bills for her, provides her doctors with pertinent information about her health history, presents identification for her school exams, and more. As if all roads lead to Rome, all of Alice's social activities are done exclusively through Alice's Linux in the cloud. And, like Aladdin's magic lamp, Alice's private devices such as the smartwatch on Alice's wrist is the messenger between her and her Linux in the cloud.

In coding ABC prototype, we use IBM Cloud service to simulate ABC cloud, ordinary PCs as public devices, and smartphones as private devices.

Make an account on IBM cloud and generate a free linux machine.
Set your linux desktop to control the linux distro in IBM cloud. MX linux is recommended for desktop, and debian for cloud.
Set your linux smartphone such as PinePhone to unlock your linux desktop.
Generate your private and public key pair and store them in your linux smartphone.

Sooner or later, Zero trust security model will be applied to communications among those devices.

IBM Cloud

Pseudo Codes

3. ABC Security Token | AST

Some services need additional authentication process when its user want some important actions such as paying or sending a large amount of money.

Security token[Youtube] is based on the use of a device that generates a random number, encrypts it and sends it to a server with user authentication information. The server then sends back an encrypted response that can only be decrypted by the device.

Then, how can the website or app assure that the phone you are using is not stolen one? That is, how can the site know the user connecting it is REALLY you, not a thief?

ABC Security Token(or AST) is our method by making a quiz to which only the REAL owner of the client device can answer. For example, when you use your phone as a key to some site;

You unlocked your smartwatch. So, the fingerprint, iris, face and password are all correct or verified.
Directly froYou connect to a web site or a web application which needs additional authentication.
The site requires you to get verification from the Certificate Authority(CA).
You connect to CA, and the server sends you a quiz or a text, such as 345235.
You reverse the order of the quiz message, 532543, and then change the third digit, 2, to some other digit, like 5. So, the result is 533543.
The quiz is stored in CA.
You are the one who writes the rule or quiz, and who knows how to make the answer.
CA sends you a confirmation letter, which you send to the web site you wanna login.

That's all.

Now you can login any website with your phone and a quiz made by yourself. Of course, the CA shall be operated by the government of the nation you belong to.

But, How can you determine that the site or app you wanna login is NOT a fake or phishing site?

5. Private key, Public Key, and Digital Certificate

The public key cryptography is battle-proven algorithm to protect data.

In ABC, everyone and every site has one digital certificate, which is his/her/its public key combined with the IPv6 address of it. Registration Authority(RA) is to issue and manage the public key of everyone and everything in ABC.

The public key of any entity is the web address of it, IPv6 256 bit address.
The digital certificate of an entity is issued by the government which the entity belongs to. That is, an RA is a government.
Because a government manages IPv6 addresses of all the people and other entities of the nation, there needs no other entity like Certificate Transparency Log, Root CA, Issuing CA, and Certificate Revocation List et al.
During the handshake process, the two parties of a transaction verify the identity of each other via their IPv6 addresses and digital certificates issued by a government or governments.

ABC Authentication

Summary

2. ABC Authentication

ABC Private Devices

2. Linux Distro in the Cloud

3. ABC Security Token | AST

5. Private key, Public Key, and Digital Certificate

3. GitLab