MFA for Custom Requests
HyperID offers Service Providers the ability to add an extra layer of security to their services by allowing them to request approvals for their real-world business logic.
One of the basic features is the ability to request 2FA at any step of the service workflow. HyperID allows SMS or email verification, but recommends to use a more secure method such as using HyperID MFA application, which provides Time-based One-Time Passwords (TOTP) and biometric checks.
A more secure option for Service Providers is to request custom confirmation from their users using HyperID. Service Providers can choose from various templates and provide information to the user about what they are confirming. Additionally, a control code can be used to enhance security during the confirmation process. The user must provide the correct control code received from the Service Provider before they can confirm their action.
The user will receive a notification inside the HyperID Authenticator app. The notification will include details of what they are confirming and any verification code that may be required. The user must first prove their identity using biometric authentication before confirming.
Custom request and message sign examples
There are two types of certificates in HyperID, and accordingly, two ways to add them to MFA:
- User's traditional X.509 certificates, which can be imported into the HyperID console or created directly in the HyperID Authenticator application
- User's on-chain wallet private key may be also used as a certificate. Users can import it from the wallet using a seed phrase, backup file, or QR code in a predefined format. The HyperID Authenticator keeps the private key encrypted using a secure key management, based on distributed shared secret (Multi Party Computations) and gathers the key only with user approval to sign the transaction.
These certificates can be used within a service's business logic to sign documents, transactions, or any other type of data, thereby ensuring the integrity and authenticity of the information being transmitted.
Signing data with user's private key flow