[lima]

The challenge-response protocol is using assymetric cryptography and is tied to the SSL session ID.

More explanations on why: https://security.stackexchange.com/questions/71316/how-secur...

And how: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendmen...