inWebo Offline Authorization

Verifying claims and rights

inWebo 2-factor authentication scenario

When Lisa wants to access or open an object or a shared resource – such as a car she’s just rented online, or the door of an hotel room -, she needs to prove that she has the right to do so. That shared resource might not even know about Lisa or someone having specific rights to it. Therefore, instead of authenticating Lisa as a person having certain rights, we provide the shared resource with the ability to verify claims issued by Lisa, such as her rights to access or open this shared resource in given circumstances.

This verification happens locally. Indeed, in many use cases, this secure and local authorization mechanism is replacing some key or badge that was verified locally. This replacement does therefore not introduce any constraint or limitation – only benefits: no key, no badge, no need for Lisa to stand in line in order to check in or to get a key.

When you want to give rights about a shared resource to Lisa, you will use inWebo API to create a virtual key and a proof of rights. After providing them to Lisa e.g. via your mobile App, she will be able to access or open the shared resource with a local-only authorization dialog: neither the App nor the shared resource need to communicate with your authorization servers or inWebo servers.

Optionally, if you’re using inWebo 2FA to protect the distribution of the virtual key and of the proof of rights, you can protect the use of these elements by having Lisa authenticate – e.g. enter a PIN or use the fingerprint sensor of her smartphone -, still with no communication needed to your authorization servers or inWebo servers.