SlideShare ist ein Scribd-Unternehmen logo

FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Alliance -Tokyo Seminar -Gomi

FIDO Alliance
FIDO Alliance

FIDO Authentication: Its Evolution and Opportunities in Business presented by Dr. Hidehito Gomi

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 FIDO AUTHENTICATION: ITS EVOLUTION AND OPPORTUNITIES IN YOUR BUSINESS Hidehito Gomi Senior Chief Researcher, Yahoo! JAPAN Research
2Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Ø Recap: FIDO Authentication Model Ø Web Authentication & CTAP Ø Solutions using FIDO Authentication Ø Summary
3Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Recap: FIDO Authentication Model
Trend of Authentication Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 4 Accurate and realtime user context can be captured so that the nature of authentication is changing. High-reliability sensors and secure storages enable the following types of authentications: • Local authn: user verification is operated at his own device with which he can interact easily. • Continuous authn: user behavior continues to be monitored for authentication. • Implicit authn: user is authenticated without explicit gesture or ceremony. • Context-aware authn: data on context to which user belongs is used for user authentication. User User context Secure storage Geolocation Orientation Temperature Sound Acceleration Steps Walking distance Etc. Data on user context
Authentication Models: local vs. remote Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 5 ID・PWD OKPWD input Identification Authentication Traditional authn model (e.g. password) for web applications Verification Verification results OK FIDO Authentication separation FIDO Server FIDO authn model FIDO Client Verification Identification Authenticator User Credential
Concept: Pluggable Authentication (Recap) Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 6 FIDO ServerFIDO ClientFIDO Authenticator Fingerprint Iris Face USB Key Smart Card New Method Plugged authenticators provide you with scalability for authentication. Updated specs UAF & U2F 1.1 have been released. FIDO standard messages Service 3 Service 1 Service 2 Service N
7Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Web Authentication & CTAP *CTAP (Client To Authenticator Protocol)
Scoped Credential in Web Authentication Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 8 Relying Party (RP)User Authenticator Public key “Cryptographic” credential for web applications (Static) link Private key (Credential) particular for authenticator and RP (Static) linkLink (to be verified) particular for user ID cf. Anthony Nadalin’s slides for more detail. Trust chain Another user Another RP
Web Authentication API Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 9 Relying Party (RP) User Authenticator Browser • makeCredential() • getAssertion() Server sideUser side User devices Abstract API for browser accessing credential using Javascript Web Authn API Credential
Authenticator Registration Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 10 Relying Party (RP) User Authenticator Browser Private key for Authentication 3. Creation of private/public keys * A pair of keys for attestation are omitted in this picture. Public key for Authentication 6. Registering public key for FIDO authentication ID 1. makeCredential() request Web Authn API 5. Response with signed data about credential4. Producing the following data: Credential info. Attestation Public key Signature 2. User verification
Web Authentication using Authenticator Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 11 Relying Party (RP) Authenticator Browser Private key 1. getAssertion() request 3. Producing the following data: Credential Info. Assertion Signature 4. Response with signed data about assertion Public key 5. Verifying signature * A pair of keys for attestation are omitted in this picture. ID Web Authn API 2. Verification of user using a particular method User 6. Discovering user ID
Mobile Phone as Authenticator Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 12 FIDO ServerWeb Authn API Fingerprint Iris Face USB Key “Mobile phone authenticator” advances the scalability for authentication more. Smart Card Authenticators Service 3 Service 1 Service 2 Service N Mobile Phone Smart watch
Authenticator Variation Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 13 Authenticator Embedded authenticator External authenticator Wireless communication type Removable type Client Web Authn API CTAP (Client To Authenticator Protocol) User device Authenticator Web Authn API Client
14Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Solutions using FIDO Authentication
Authentication: Foundation of trusted applications Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 15 User Single sign-on Server Traditional identity and access management system Authentication Verifying user privileges (Access control) ID Access response(OK/NG) Access request Personal attributes sharing Personal service provisioning User activities after authentication Server Authentication is the first step that is required to do various online activities.
• User verification that the user is who he/she claims to be • User presence nearby authenticator • User confirmation of (consent to) his/her identity/transaction/context Semantics for Assertion Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 16 User User context Credential Authenticator Relying Party (RP) Signed challenge (Assertion) challenge Proofing FIDO authentication is a mechanism for proofing user’s identity and context.
Authenticator Adoption Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 17 Authenticator implementing existing/legacy/new authentication methods/devices • Biometrics • Behavioral characteristics • Wearable devices cf. Jae Jung Kim’s slides for more detail. Authenticator implementing certificate-based authentication (KICA’s case study) Relying Party (RP) Certificate Authority (CA) PKI Module Authenticator certificate Fingerprint sensor Iris sensor Certificate verification (Online certificate status protocol, OCSP) FIDO Authentication (without any modification) Certificate Issuance (Legacy protocol) Biometric API Encrypted private key
FIDO Authentication and Federation Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 18 User FIDO Authentication FIDO Server RP/IdP (Identity Provider) Assertion issueing Identity service Federated RP Federation FIDO Client Authenticator Authentication Assertion Simpler and Stronger Authentication More seamless and secure service Authn Context Authn Context Authn context transits from authenticator to federated RP. cf. https://fidoalliance.org/assets/images/general/FIDOTokyoSeminar101014_gomi.pdf
Proof Information Transition Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 19 Federated RPRP/IdP User proof generated by authenticator can be used to provide user with trusted applications at Internet scale User User context Credential Authenticator Identity Context Transaction Proof Proof Proof Proof
Transaction Confirmation Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 20 Bank for transfer: AAA Bank Recipient Account #: 1234567 Amount: 10000 yen Bank for transfer: XXX Bank Recipient Account #: 7654321 Amount: 1000000 yen Protecting against MITM (Man-in-the-Middle) attacks by detecting falsified transaction data (already in UAF spec and deployed by several banks) RP (Bank)Malware User User device Authenticator Falsified transaction data Original transaction data Client Transaction data presented is signed using private key Signature of original transaction data RP can prevent illegal money transfer by verifying the signature of transaction data even if it is falsified. signature
Identity Proofing Offline Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 21 User IDE-tickets E-Ticket Server FIDO Server Authn Log Realtime biometric FIDO authentication enables “identity proofing” when accessing physical service. User (online) FIDO Authentication online (visit Yahoo Japan’s demo booth) Entrance gate at event Presenting identity proof With e-ticket offline Proof verification Protecting from impersonationMalicious user (offline) User (offline) Same person? (to be verified) E-ticket use case 身分証明書 氏名: 山田 太郎 住所: 東京都港区赤坂9-7-1 年齢: 30歳 性別: 男 証明書発行元: ヤフー株式会社 証明書配布先: ABCサービス株式会社 証明書発行時刻: 2013年8月10日13時 証明書有効期限: 2014年8月10日13時まで 証明書識別番号: s8e3d5y9z0g3 本人画像 (2013年1月10日撮影) 身分証明書 氏名:山田太郎 住所:東京都港区赤坂9-7-1 年齢:30歳 性別:男 証明書発行元:ヤフー株式会社 証明書配布先:ABCサービス株式会社 証明書発行時刻:2013年8月10日13時 証明書有効期限:2014年8月10日13時まで 証明書識別番号:s8e3d5y9z0g3 本人画像(2013年1月10日撮影)
User Verification Caching Spec (New) Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 22 Developing a new spec to fulfill use cases provided by EMVCo. Supporting CDCVM, enabling consumers to conveniently use on-device authenticators. User FIDO authentication (online) Server Private key User Device Authenticator App1App2 X User verification (App1) Do not ask user for verification to authorize payment for app2 if the user completed verification within last 5 minutes. Policy example User verification process can be simplified for offline by authenticator referring to previous verification results depending on user’s policy. *CDCVM: Consumer Device Cardholder Verification Method User verification (App2)
• FIDO authentication model • Local authentication using pluggable authenticators • Consistent in specifications • Web authentication & CTAP • Scoped cryptographic credential • Abstract API for various types of authenticators via browsers • Solutions using FIDO authentication • Authenticator adoption • Enhancement of identity federated systems • Identity/context proofing offline as well as online Summary Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 23 FIDO authentication is encouraged to be adopted for developing secure and trust systems both online and offline.
All Rights Reserved. FIDO Alliance. Copyright 2016. 24
Please Silence All Electronic Devices All Rights Reserved. FIDO Alliance. Copyright 2016.

Empfohlen

KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...FIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsFIDO Alliance
 

Empfohlen

KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Worldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleWorldpay – FIDO-enabled Point of Sale
Worldpay – FIDO-enabled Point of SaleFIDO Alliance
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...FIDO Alliance
 
Expected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsExpected Use Cases of FIDO Authentication for Social Applications
Expected Use Cases of FIDO Authentication for Social ApplicationsFIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleFIDO Alliance
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile ConnectFIDO Alliance
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationFIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
Fido China Working Group (FCWG)
Fido China Working Group (FCWG)Fido China Working Group (FCWG)
Fido China Working Group (FCWG)FIDO Alliance
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets IdentificationFIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership FIDO Alliance
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO MasterclassFIDO Alliance
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Alliance
 
Kookmin Bank FIDO Case Study
Kookmin Bank FIDO Case StudyKookmin Bank FIDO Case Study
Kookmin Bank FIDO Case StudyFIDO Alliance
 
Revolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectRevolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectKeet Sugathadasa
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
FIDO Authentication Account Recovery Framework at Yahoo Japan
FIDO Authentication Account Recovery Framework at Yahoo JapanFIDO Authentication Account Recovery Framework at Yahoo Japan
FIDO Authentication Account Recovery Framework at Yahoo JapanFIDO Alliance
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsFIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleFIDO Alliance
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile ConnectFIDO Alliance
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationFIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
Fido China Working Group (FCWG)
Fido China Working Group (FCWG)Fido China Working Group (FCWG)
Fido China Working Group (FCWG)FIDO Alliance
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets IdentificationFIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership FIDO Alliance
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Alliance
 
Kookmin Bank FIDO Case Study
Kookmin Bank FIDO Case StudyKookmin Bank FIDO Case Study
Kookmin Bank FIDO Case StudyFIDO Alliance
 
Revolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectRevolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectKeet Sugathadasa
 

Was ist angesagt? (20)

Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
Strong Customer Authentication & Biometrics
Strong Customer Authentication & BiometricsStrong Customer Authentication & Biometrics
Strong Customer Authentication & Biometrics
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More Simple
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO and Mobile Connect
FIDO and Mobile ConnectFIDO and Mobile Connect
FIDO and Mobile Connect
 
Protecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO AuthenticationProtecting IDAAS with FIDO Authentication
Protecting IDAAS with FIDO Authentication
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
Fido China Working Group (FCWG)
Fido China Working Group (FCWG)Fido China Working Group (FCWG)
Fido China Working Group (FCWG)
 
FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification FIDO, PKI & beyond: Where Authentication Meets Identification
FIDO, PKI & beyond: Where Authentication Meets Identification
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
FIDO - The Value of Membership
FIDO - The Value of Membership FIDO - The Value of Membership
FIDO - The Value of Membership
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
FIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor PaymentsFIDO Authentication for Multifactor Payments
FIDO Authentication for Multifactor Payments
 
Kookmin Bank FIDO Case Study
Kookmin Bank FIDO Case StudyKookmin Bank FIDO Case Study
Kookmin Bank FIDO Case Study
 
Revolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connectRevolutionizing digital authentication with gsma mobile connect
Revolutionizing digital authentication with gsma mobile connect
 

Ähnlich wie FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Alliance -Tokyo Seminar -Gomi

Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
FIDO Authentication Account Recovery Framework at Yahoo Japan
FIDO Authentication Account Recovery Framework at Yahoo JapanFIDO Authentication Account Recovery Framework at Yahoo Japan
FIDO Authentication Account Recovery Framework at Yahoo JapanFIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Alliance
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO AuthenticationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsTom Freestone
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018Quentin Castel
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
Wavestone forgerock banking demo
Wavestone forgerock banking demoWavestone forgerock banking demo
Wavestone forgerock banking demoBertrand Carlier
 

Ähnlich wie FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Alliance -Tokyo Seminar -Gomi (20)

Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
FIDO Authentication Account Recovery Framework at Yahoo Japan
FIDO Authentication Account Recovery Framework at Yahoo JapanFIDO Authentication Account Recovery Framework at Yahoo Japan
FIDO Authentication Account Recovery Framework at Yahoo Japan
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications Tutorial
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation Apps
 
ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018ForgeRock Open banking - Meetup 28/06/2018
ForgeRock Open banking - Meetup 28/06/2018
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
 
Wavestone forgerock banking demo
Wavestone forgerock banking demoWavestone forgerock banking demo
Wavestone forgerock banking demo
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 

Mehr von FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 

Mehr von FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 

Kürzlich hochgeladen

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Kürzlich hochgeladen (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Alliance -Tokyo Seminar -Gomi

  • 1. Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 FIDO AUTHENTICATION: ITS EVOLUTION AND OPPORTUNITIES IN YOUR BUSINESS Hidehito Gomi Senior Chief Researcher, Yahoo! JAPAN Research
  • 2. 2Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Ø Recap: FIDO Authentication Model Ø Web Authentication & CTAP Ø Solutions using FIDO Authentication Ø Summary
  • 3. 3Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Recap: FIDO Authentication Model
  • 4. Trend of Authentication Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 4 Accurate and realtime user context can be captured so that the nature of authentication is changing. High-reliability sensors and secure storages enable the following types of authentications: • Local authn: user verification is operated at his own device with which he can interact easily. • Continuous authn: user behavior continues to be monitored for authentication. • Implicit authn: user is authenticated without explicit gesture or ceremony. • Context-aware authn: data on context to which user belongs is used for user authentication. User User context Secure storage Geolocation Orientation Temperature Sound Acceleration Steps Walking distance Etc. Data on user context
  • 5. Authentication Models: local vs. remote Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 5 ID・PWD OKPWD input Identification Authentication Traditional authn model (e.g. password) for web applications Verification Verification results OK FIDO Authentication separation FIDO Server FIDO authn model FIDO Client Verification Identification Authenticator User Credential
  • 6. Concept: Pluggable Authentication (Recap) Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 6 FIDO ServerFIDO ClientFIDO Authenticator Fingerprint Iris Face USB Key Smart Card New Method Plugged authenticators provide you with scalability for authentication. Updated specs UAF & U2F 1.1 have been released. FIDO standard messages Service 3 Service 1 Service 2 Service N
  • 7. 7Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Web Authentication & CTAP *CTAP (Client To Authenticator Protocol)
  • 8. Scoped Credential in Web Authentication Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 8 Relying Party (RP)User Authenticator Public key “Cryptographic” credential for web applications (Static) link Private key (Credential) particular for authenticator and RP (Static) linkLink (to be verified) particular for user ID cf. Anthony Nadalin’s slides for more detail. Trust chain Another user Another RP
  • 9. Web Authentication API Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 9 Relying Party (RP) User Authenticator Browser • makeCredential() • getAssertion() Server sideUser side User devices Abstract API for browser accessing credential using Javascript Web Authn API Credential
  • 10. Authenticator Registration Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 10 Relying Party (RP) User Authenticator Browser Private key for Authentication 3. Creation of private/public keys * A pair of keys for attestation are omitted in this picture. Public key for Authentication 6. Registering public key for FIDO authentication ID 1. makeCredential() request Web Authn API 5. Response with signed data about credential4. Producing the following data: Credential info. Attestation Public key Signature 2. User verification
  • 11. Web Authentication using Authenticator Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 11 Relying Party (RP) Authenticator Browser Private key 1. getAssertion() request 3. Producing the following data: Credential Info. Assertion Signature 4. Response with signed data about assertion Public key 5. Verifying signature * A pair of keys for attestation are omitted in this picture. ID Web Authn API 2. Verification of user using a particular method User 6. Discovering user ID
  • 12. Mobile Phone as Authenticator Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 12 FIDO ServerWeb Authn API Fingerprint Iris Face USB Key “Mobile phone authenticator” advances the scalability for authentication more. Smart Card Authenticators Service 3 Service 1 Service 2 Service N Mobile Phone Smart watch
  • 13. Authenticator Variation Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 13 Authenticator Embedded authenticator External authenticator Wireless communication type Removable type Client Web Authn API CTAP (Client To Authenticator Protocol) User device Authenticator Web Authn API Client
  • 14. 14Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 Solutions using FIDO Authentication
  • 15. Authentication: Foundation of trusted applications Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 15 User Single sign-on Server Traditional identity and access management system Authentication Verifying user privileges (Access control) ID Access response(OK/NG) Access request Personal attributes sharing Personal service provisioning User activities after authentication Server Authentication is the first step that is required to do various online activities.
  • 16. • User verification that the user is who he/she claims to be • User presence nearby authenticator • User confirmation of (consent to) his/her identity/transaction/context Semantics for Assertion Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 16 User User context Credential Authenticator Relying Party (RP) Signed challenge (Assertion) challenge Proofing FIDO authentication is a mechanism for proofing user’s identity and context.
  • 17. Authenticator Adoption Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 17 Authenticator implementing existing/legacy/new authentication methods/devices • Biometrics • Behavioral characteristics • Wearable devices cf. Jae Jung Kim’s slides for more detail. Authenticator implementing certificate-based authentication (KICA’s case study) Relying Party (RP) Certificate Authority (CA) PKI Module Authenticator certificate Fingerprint sensor Iris sensor Certificate verification (Online certificate status protocol, OCSP) FIDO Authentication (without any modification) Certificate Issuance (Legacy protocol) Biometric API Encrypted private key
  • 18. FIDO Authentication and Federation Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 18 User FIDO Authentication FIDO Server RP/IdP (Identity Provider) Assertion issueing Identity service Federated RP Federation FIDO Client Authenticator Authentication Assertion Simpler and Stronger Authentication More seamless and secure service Authn Context Authn Context Authn context transits from authenticator to federated RP. cf. https://fidoalliance.org/assets/images/general/FIDOTokyoSeminar101014_gomi.pdf
  • 19. Proof Information Transition Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 19 Federated RPRP/IdP User proof generated by authenticator can be used to provide user with trusted applications at Internet scale User User context Credential Authenticator Identity Context Transaction Proof Proof Proof Proof
  • 20. Transaction Confirmation Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 20 Bank for transfer: AAA Bank Recipient Account #: 1234567 Amount: 10000 yen Bank for transfer: XXX Bank Recipient Account #: 7654321 Amount: 1000000 yen Protecting against MITM (Man-in-the-Middle) attacks by detecting falsified transaction data (already in UAF spec and deployed by several banks) RP (Bank)Malware User User device Authenticator Falsified transaction data Original transaction data Client Transaction data presented is signed using private key Signature of original transaction data RP can prevent illegal money transfer by verifying the signature of transaction data even if it is falsified. signature
  • 21. Identity Proofing Offline Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 21 User IDE-tickets E-Ticket Server FIDO Server Authn Log Realtime biometric FIDO authentication enables “identity proofing” when accessing physical service. User (online) FIDO Authentication online (visit Yahoo Japan’s demo booth) Entrance gate at event Presenting identity proof With e-ticket offline Proof verification Protecting from impersonationMalicious user (offline) User (offline) Same person? (to be verified) E-ticket use case 身分証明書 氏名: 山田 太郎 住所: 東京都港区赤坂9-7-1 年齢: 30歳 性別: 男 証明書発行元: ヤフー株式会社 証明書配布先: ABCサービス株式会社 証明書発行時刻: 2013年8月10日13時 証明書有効期限: 2014年8月10日13時まで 証明書識別番号: s8e3d5y9z0g3 本人画像 (2013年1月10日撮影) 身分証明書 氏名:山田太郎 住所:東京都港区赤坂9-7-1 年齢:30歳 性別:男 証明書発行元:ヤフー株式会社 証明書配布先:ABCサービス株式会社 証明書発行時刻:2013年8月10日13時 証明書有効期限:2014年8月10日13時まで 証明書識別番号:s8e3d5y9z0g3 本人画像(2013年1月10日撮影)
  • 22. User Verification Caching Spec (New) Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 22 Developing a new spec to fulfill use cases provided by EMVCo. Supporting CDCVM, enabling consumers to conveniently use on-device authenticators. User FIDO authentication (online) Server Private key User Device Authenticator App1App2 X User verification (App1) Do not ask user for verification to authorize payment for app2 if the user completed verification within last 5 minutes. Policy example User verification process can be simplified for offline by authenticator referring to previous verification results depending on user’s policy. *CDCVM: Consumer Device Cardholder Verification Method User verification (App2)
  • 23. • FIDO authentication model • Local authentication using pluggable authenticators • Consistent in specifications • Web authentication & CTAP • Scoped cryptographic credential • Abstract API for various types of authenticators via browsers • Solutions using FIDO authentication • Authenticator adoption • Enhancement of identity federated systems • Identity/context proofing offline as well as online Summary Copyright (C) 2016 Yahoo Japan Corporation. All Rights Reserved.FIDO Seminar in Tokyo #3 12/08/2016 23 FIDO authentication is encouraged to be adopted for developing secure and trust systems both online and offline.
  • 24. All Rights Reserved. FIDO Alliance. Copyright 2016. 24
  • 25. Please Silence All Electronic Devices All Rights Reserved. FIDO Alliance. Copyright 2016.