Utilising an Android smartphone as a key store for Web Authentication
This report shows how an Android smartphone can be used as a secure keystore for Web Authentication on the desktop. For this purpose, a secure channel is established between the smartphone and the computer. An application on the Android smartphone manages the creation and usage of the key material. When registering with a web service, the key material is created inside the secure hardware of the smartphone. As a result, the key material cannot be extracted even on compromised smartphones. The usage of the key material for authentication is confirmed by the user via biometric authentication.