Decyclomedia Foundation:Decyclomedia Incubator/Google Translated/SQRL

SQL (also known as “squirrel”) or Secure, First, Trusted Link (formerly QR ID Secure Link) is a well-known standard for website security and integrity. Application uses sql// link or QR code. There you enter the security code using your username and password. Please note that this option is not available for aggressive attacks or comments from children. This certification brings the candidate's workload closer to devices and services. In November 2013, Steve Gibson of Gibson Research introduced SQL as an easy way to change business processes.

History
Steve Gibson created the SQL acronym and security enthusiasts shared the framework in an article published in October. Security is now 2. This is covered in detail in this podcast. , 2013. Two days after this podcast, the W3C said they needed a service standard.

Google Cloud Platform developers Ian Maddox and Kyle Mostseth discuss SQL in their Modern Password Management for System Developers article.

Parsing SQL documents is an interesting way to look at intentional user interaction and encryption. SQL supports encryption in a new way. "

Benefits
The identity algorithm is a solution to the hashing problem. It optimizes protocols such as OAuth and OpenID without the need to commit transactions, and does not provide any security secrets, such as usernames and passwords, to the server.

In addition, it provides a standard free password management system to simplify the existing login process. Ideally, these standards are open, so no single company can benefit from owning this technology. According to Gibson's website, this powerful technology should be in the public domain for security and encryption purposes, not intentionally withheld for commercial or other purposes.

Phishing protections
SQRL has its own information and anti-fraud policies, but most of them are verification, not anti-fraud, although it has anti-fraud features.

Example use case
The process of using the web requires two important factors: the usage, that is, the part of the service used on the web such as the QR code or the unique design URL based on the specifications of the website. protocol, and a browser plugin or mobile application, read these rules to be able to secure authentication.

SQL User uses only the secret password and the password of the user who creates it - with the selection of the password to register the website and add it to the site : for example, example.com, or for example. edu/chessclub - Public/private key pair for (sub-)site. It signs exchange tokens with a private key and provides a public key to the website, which can verify the encrypted data.

You cannot disclose any "hidden information" about the site to allow against other sites' accounts. A successful attacker would be restricted to identifying names used on a single site, the only thing available to him—the public key. Even if he unlocks the master key with the password, he never leaves the SQL client; The SKRL process does not provide individual sites with information that can be used at other sites.

SQRL implementations
Many proofs of concepts have been implemented for various platforms, including servers (PHP, Drupal and C# .NET) and clients (Android, C# .NET, Java and Python). Final checkpoints and various logging facilities are also available.

Legal aspects
Steve Gibson says SQRL is "open and free as it should be" and the solution is "patent free". After focusing on the SQRL QR code-based authentication mechanism, blogger Michael Beiter declared that the proposed protocol is pre-licensed and therefore not available for unauthorized use, do not use. The patents in question (expired in 2030) were filed by the patent offices of GMV Soluciones Globales Internet SA (Madrid-based technology and aerospace company GMV Innovating Solutions) between 2008 and 2012. USA, EU, Spain and Portugal.

Gibson: "What these people do as described in this patent is very different from how SQL works, so there is no conflict between SQL and their patents. Let's see." 2D checks will "look the same" ... and there are all these solutions. But the details matter. And the way SQL works varies greatly in detail.”