Introduction to Proof of Key

Introduction

The Proof of Key authorization allows the user to access restricted content by easily signing a message, called a challenge, and sending this signed challenge to the backend. The challenge can be shown in any form, be it an automatic process, scanning a QR code and more. The following diagram explains the process of the Proof of Key process with a QR code example.

Proof of Key process

The following steps are needed to complete a Proof of Key process:

  1. The client sends a request for a challenge. This contains the information, what asset does the user need to own.
  2. The Ambitorio server generates and sends a challenge back.
  3. The client signs the challenge by using the Ethereum private key from the address.
  4. Challenge and signed challenge are sent back to the Ambitorio server.
  5. The Ambitorio server checks the signature of the signed message.

Asset management

What is an asset?

To secure the protected content, an asset has to be specified which the address has to own. This means that you first need a new asset that corresponds to the content you want to secure. This can only be created via CoreLedger TEOS.

Every asset that has been created is owned by the creator of the asset. They have the option to create new tokens that is then checked for the Proof of Key process. These assets also contain an unique ID which is then used to create a challenge of.

Token ownership

For step 3, the client needs an address that owns the balance of the requested asset. This means that after creation of the asset and the tokens, the owner must send a token to the address, essentially the user, that should have access to it. The server only checks for the balance of the tokens for the specified asset. The user does not have to do any further Blockchain actions after receiving the token.

← Getting Started
About challenges →