| I’m standing in a line on my iPhone, waiting to get into a basketball game. So apologies for being sloppy. Ok, so you’re talking about technologies that already exist and practically everyone has them. First, you don’t need a new HTTP protocol, you’d use regular HTTPS with certificate authentication. The glove you speak of is a biometric device with a Secure Enclave (SE) (eg Apple Watch) or secure access to a device with an SE. This SE stores the private key of a key pair in a manner inaccessible without biometrics. This is also how PassKeys work. A key challenge here is that everyone has a variety of devices from a variety of OEMs that are all simultaneously talking to multiple services synchronously. More often than not, a web request actually isn’t initiated by a human. So, you’ll need to get everyone to agree on a standard. You’ll need to address the privacy concerns of privacy-minded people, because if you can attest that a person is actually there, doing something that is going to set off warning bells for private people. It’s also going to set off dinner bells for advertisers and governments. Again sorry, I’m on mobile and in a line. These exact scenarios (and their drawbacks) are routinely discussed in technical and privacy circles. Read up on technologies like PKI, certificate-based Auth, PassKeys, Secure Enclave, and biometric devices. The Apple Platform Security Guide is a good first step on what a commercial product is already doing. |