The Problem:Use the platform TMP of my Windows Laptop/PC (no external device or USB token) as U2F in a web application to check if it is a known device.
My intended solution:
- I need to store/create something (Cetificate, Private/Public Key or Virtual SmartCard) in the TPM that is known by the web application.
- If possible an external application stores/creates this something in the TPM on the device (no Registration process with the web application)
- The web application then silently checks if the device has that something without user interaction when the user tries to login
Where I'm stuck:
- I read here that
WebAuthnmight be able to use the TPM without user interaction, but I did not understand how- "...in the case where there is no user verification at all, the TPM would be used as a U2F style second factor authenticator."
- Can I only use the authenticators provided by the OS (Windows) or can I create a custom one that does not need a user interaction but still uses the TPM of the device?
Questions:
- Is my intended solution even possible?
- Is
WebAuthnthe right way to go or do I need to use something else?