Utilising an Android smartphone as a key store for Web Authentication

posted in #IT Security, Mobile & Cloud on the 30.12.2022

This report shows how an Android smartphone can be used as a secure keystore for Web Authentication on the desktop. For this purpose, a secure channel is established between the smartphone and the computer. An application on the Android smartphone manages the creation and usage of the key material. When registering with a web service, the key material is created inside the secure hardware of the smartphone. As a result, the key material cannot be extracted even on compromised smartphones. The usage of the key material for authentication is confirmed by the user via biometric authentication.


File Description File size
pdf Project Report (DE) Version 1.0 of 30.12.2022 (German only)
915 KB