SlideShare una empresa de Scribd logo

FIDO Authentication Technical Overview

FIDO Alliance
FIDO Alliance

A detailed look at FIDO Authentication, how FIDO works, FIDO & federation, attestation and meta data, and more.

Internet
1 de 33
Descargar para leer sin conexión
1 FIDO AUTHENTICATION TECHNICAL OVERVIEW All Rights Reserved | FIDO Alliance | Copyright 2018
All Rights Reserved | FIDO Alliance | Copyright 20182 HOW SECURE IS AUTHENTICATION?
All Rights Reserved | FIDO Alliance | Copyright 20183 CLOUD AUTHENTICATION DeviceSomething Authentication Risk Analytics Internet
All Rights Reserved | FIDO Alliance | Copyright 20184 PASSWORD ISSUES DeviceSomething Authentication Internet Password could be stolen from the server 1Password might be entered into untrusted App / Web- site (“phishing”) 2 Too many passwords to remember (>re-use / cart Abandonment) 3 Inconvenient to type password on phone 4
All Rights Reserved | FIDO Alliance | Copyright 20175 OTP ISSUES DeviceSomething Authentication Internet OTP vulnerable to real- time MITM and MITB attacks 1 SMS security questionable, especially when Device is the phone 2 OTP HW tokens are expensive and people don’t want another device 3 Inconvenient to type OTP into phone 4
All Rights Reserved | FIDO Alliance | Copyright 20186 HOW SECURE IS AUTHENTICATION?
All Rights Reserved | FIDO Alliance | Copyright 20187 HOW SECURE IS AUTHENTICATION? Attacks require physical action → not scalable Things are never 100% secure, so focus on adequate security. Focus on the scalable attacks first. Scalable Attacks
All Rights Reserved | FIDO Alliance | Copyright 20188 HOW DOES FIDO WORK?
All Rights Reserved | FIDO Alliance | Copyright 20189 HOW DOES FIDO WORK? DeviceUser verification FIDO Authentication Authenticator
All Rights Reserved | FIDO Alliance | Copyright 201810 FIDO AUTHENTICATORS We see “Bound” Authenticators, i.e. authenticators that are an integral part of a smartphone or laptop. We see “Roaming” Authenticators, i.e. authenticators that can be connected to different smartphones or laptops using CTAP. In both categories you find support for different modalities Verify User Verify User Presence
All Rights Reserved | FIDO Alliance | Copyright 201811 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Require user gesture before private key can be used Challenge (Signed) Response Private key dedicated to one app Public key
All Rights Reserved | FIDO Alliance | Copyright 201812 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes.
All Rights Reserved | FIDO Alliance | Copyright 201813 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes. Identity binding to be done outside FIDO: This this “John Doe with customer ID X”.
FIDO & Federation FIDO USER DEVICE FIDO CLIENT IdP FIDO SERVER FIDO AUTHENTICATOR FEDERATION SERVERBROWSER / APP FIDO Protocol Service Provider Federation Id DB Knows details about the Authentication strength Knows details about the Identity and its verification strength. First Mile Second Mile 14
All Rights Reserved | FIDO Alliance | Copyright 201815 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE
All Rights Reserved | FIDO Alliance | Copyright 201816 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE How is the key protected (TPM, SE, TEE, …)? Which user verification method is used?
All Rights Reserved | FIDO Alliance | Copyright 201817 ATTESTATION + METADATA Private attestation key Signed Attestation Object Metadata Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org FIDO Registration Verify using trust anchor included in Metadata Relying parties can store this for auditing purposes
All Rights Reserved | FIDO Alliance | Copyright 201818 BINDING KEYS TO RELYING PARTIES Use A-corp.com key Use B-corp.com key A calc A docs B One Account – All Applications As Mobile App & Web App A calc A docs B Platform determines the “caller” and passes it to the Authenticator for selecting the correct key. FIDO Client determines the “caller” (AppID/RP ID) and passes it to the Authenticator for selecting the correct key. b-corp a-corp
All Rights Reserved | FIDO Alliance | Copyright 201819 FIDO AUTHENTICATORS FIDO has an Authenticator Certification program. Different certification levels address the needs to protect against scalable and physical attacks. See https://fidoalliance.org/certification/authenticator-certification-levels/
User Environment All Rights Reserved | FIDO Alliance | Copyright 201820 HOW DOES FIDO WORK? Authenticator User gesture before private key can be used (Touch, PIN entry, Biometric) PSD2: (no equivalent) FIDO: Challenge PSD2: Authentication Code FIDO: (Signed) Response PSD2: Personalized Security Credential FIDO: Private key PSD2: (no equivalent) FIDO: Public key PSD2: PSU FIDO: User PSD2: ASPSP FIDO: Relying Party Local user verification step On-line authentication step
All Rights Reserved | FIDO Alliance | Copyright 201821 FIDO AUTHENTICATOR CONCEPT FIDO Authenticator User Verification / Presence Attestation Key Authentication Key(s) Injected at manufacturing, doesn’t change Generated at runtime (on Registration) Optional Components Transaction Confirmation Display
All Rights Reserved | FIDO Alliance | Copyright 201822 FIDO BUILDING BLOCKS (External) Authenticator USER DEVICE FIDO Client (Bound) Authenticator ASM RP App FIDO Authentication RP App Server FIDO Server Metadata
All Rights Reserved | FIDO Alliance | Copyright 201823 FIDO USE CASES Passwordless Experience Authenticated Online 3 Biometric User Verification* 21 ? Authentication Challenge Authenticated Online 3 Second Factor Challenge Insert Dongle* / Press Button Second Factor Experience *There are other types of authenticators (e.g. PIN) 21
All Rights Reserved | FIDO Alliance | Copyright 201824 FIDO BUILDING BLOCKS (Roaming) Authenticator User Device Browser (Bound) Authenticator Platform RP App FIDO Authentication RP App Server FIDO Server Metadata Web Authentication JS API CTA P
All Rights Reserved | FIDO Alliance | Copyright 201825 WEB AUTHENTICATION Supported In: JavaScript API that enables FIDO Authentication directly in web browsers
All Rights Reserved | FIDO Alliance | Copyright 201826 FIDO AUTHENTICATION: SECURITY & CONVENIENCE
All Rights Reserved | FIDO Alliance | Copyright 201827 CONVENIENCE & SECURITY Security Convenience Password
All Rights Reserved | FIDO Alliance | Copyright 201828 CONVENIENCE & SECURITY Security Convenience Password + OTP Password
All Rights Reserved | FIDO Alliance | Copyright 201829 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO • Same user verification method for all servers In FIDO: Arbitrary user verification methods are supported (+ they are interoperable)
All Rights Reserved | FIDO Alliance | Copyright 201830 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO: Scalable security depending on Authenticator implementation In FIDO: • Only public keys on server • Not phishable
All Rights Reserved | FIDO Alliance | Copyright 201831 CONCLUSION • Different authentication use-cases lead to different authentication requirements • FIDO separates user verification from authentication and hence supports all user verification methods • FIDO supports scalable convenience & security • User verification data is known to Authenticator only • FIDO complements federation
All Rights Reserved | FIDO Alliance | Copyright 201832 FIDO REGISTRATION accountInfo, challenge, [cOpts] rpId, ai, hash(clientData), cryptoP, [exts] verify user generate: key kpub key kpriv credential c c,kpub,clientData,ac,cdh,rpId,cntr,AAGUID[,exts], signature(tbs) c,kpub,clientData,ac,tbs, s store: key kpub c s Authenticator select Authenticator according to cOpts; determine rpId, get tlsData; clientData := {challenge, origin, rpId, hAlg, tlsData} cOpts: crypto params, credential black list, extensions cdh ai tbs ac: attestation certificate chain
All Rights Reserved | FIDO Alliance | Copyright 201833 FIDO AUTHENTICATION Authenticator Relying Party rpId, [c,] hash(clientData) select Authenticator according to policy; check rpId, get tlsData (i.e. channel id, etc.); lookup key handle h; clientData := {challenge, rpId, tlsData} clientData,cntr,[exts],signature(cdh,cntr,exts) clientData, cntr, exts, s lookup kpub from DB check: exts + signature using key kpub s cdh challenge, [aOpts] verify user find key kpriv cntr++; process exts

Recomendados

Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesFIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO MasterclassFIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 

Recomendados

Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesFIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO MasterclassFIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationFIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO Alliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPRFIDO Alliance
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationFIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & MicrosoftFIDO Alliance
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and MicrosoftFIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Alliance
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてFIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDOFIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBMFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 

Más contenido relacionado

La actualidad más candente

Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationFIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO Alliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPRFIDO Alliance
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationFIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Alliance
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてFIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBMFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 

La actualidad más candente (20)

Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPR
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice Authentication
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBM
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 

Similar a FIDO Authentication Technical Overview

Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsFIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationFIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Alliance
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowellFIDO Alliance
 
Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar FIDO Alliance
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of ThingsFIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO AllianceFIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 

Similar a FIDO Authentication Technical Overview (20)

Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
 
Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications Tutorial
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 

Más de FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 

Más de FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 

Último

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptxAsmae Rabhi
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 

Último (20)

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 

FIDO Authentication Technical Overview

  • 1. 1 FIDO AUTHENTICATION TECHNICAL OVERVIEW All Rights Reserved | FIDO Alliance | Copyright 2018
  • 2. All Rights Reserved | FIDO Alliance | Copyright 20182 HOW SECURE IS AUTHENTICATION?
  • 3. All Rights Reserved | FIDO Alliance | Copyright 20183 CLOUD AUTHENTICATION DeviceSomething Authentication Risk Analytics Internet
  • 4. All Rights Reserved | FIDO Alliance | Copyright 20184 PASSWORD ISSUES DeviceSomething Authentication Internet Password could be stolen from the server 1Password might be entered into untrusted App / Web- site (“phishing”) 2 Too many passwords to remember (>re-use / cart Abandonment) 3 Inconvenient to type password on phone 4
  • 5. All Rights Reserved | FIDO Alliance | Copyright 20175 OTP ISSUES DeviceSomething Authentication Internet OTP vulnerable to real- time MITM and MITB attacks 1 SMS security questionable, especially when Device is the phone 2 OTP HW tokens are expensive and people don’t want another device 3 Inconvenient to type OTP into phone 4
  • 6. All Rights Reserved | FIDO Alliance | Copyright 20186 HOW SECURE IS AUTHENTICATION?
  • 7. All Rights Reserved | FIDO Alliance | Copyright 20187 HOW SECURE IS AUTHENTICATION? Attacks require physical action → not scalable Things are never 100% secure, so focus on adequate security. Focus on the scalable attacks first. Scalable Attacks
  • 8. All Rights Reserved | FIDO Alliance | Copyright 20188 HOW DOES FIDO WORK?
  • 9. All Rights Reserved | FIDO Alliance | Copyright 20189 HOW DOES FIDO WORK? DeviceUser verification FIDO Authentication Authenticator
  • 10. All Rights Reserved | FIDO Alliance | Copyright 201810 FIDO AUTHENTICATORS We see “Bound” Authenticators, i.e. authenticators that are an integral part of a smartphone or laptop. We see “Roaming” Authenticators, i.e. authenticators that can be connected to different smartphones or laptops using CTAP. In both categories you find support for different modalities Verify User Verify User Presence
  • 11. All Rights Reserved | FIDO Alliance | Copyright 201811 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Require user gesture before private key can be used Challenge (Signed) Response Private key dedicated to one app Public key
  • 12. All Rights Reserved | FIDO Alliance | Copyright 201812 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes.
  • 13. All Rights Reserved | FIDO Alliance | Copyright 201813 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes. Identity binding to be done outside FIDO: This this “John Doe with customer ID X”.
  • 14. FIDO & Federation FIDO USER DEVICE FIDO CLIENT IdP FIDO SERVER FIDO AUTHENTICATOR FEDERATION SERVERBROWSER / APP FIDO Protocol Service Provider Federation Id DB Knows details about the Authentication strength Knows details about the Identity and its verification strength. First Mile Second Mile 14
  • 15. All Rights Reserved | FIDO Alliance | Copyright 201815 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE
  • 16. All Rights Reserved | FIDO Alliance | Copyright 201816 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE How is the key protected (TPM, SE, TEE, …)? Which user verification method is used?
  • 17. All Rights Reserved | FIDO Alliance | Copyright 201817 ATTESTATION + METADATA Private attestation key Signed Attestation Object Metadata Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org FIDO Registration Verify using trust anchor included in Metadata Relying parties can store this for auditing purposes
  • 18. All Rights Reserved | FIDO Alliance | Copyright 201818 BINDING KEYS TO RELYING PARTIES Use A-corp.com key Use B-corp.com key A calc A docs B One Account – All Applications As Mobile App & Web App A calc A docs B Platform determines the “caller” and passes it to the Authenticator for selecting the correct key. FIDO Client determines the “caller” (AppID/RP ID) and passes it to the Authenticator for selecting the correct key. b-corp a-corp
  • 19. All Rights Reserved | FIDO Alliance | Copyright 201819 FIDO AUTHENTICATORS FIDO has an Authenticator Certification program. Different certification levels address the needs to protect against scalable and physical attacks. See https://fidoalliance.org/certification/authenticator-certification-levels/
  • 20. User Environment All Rights Reserved | FIDO Alliance | Copyright 201820 HOW DOES FIDO WORK? Authenticator User gesture before private key can be used (Touch, PIN entry, Biometric) PSD2: (no equivalent) FIDO: Challenge PSD2: Authentication Code FIDO: (Signed) Response PSD2: Personalized Security Credential FIDO: Private key PSD2: (no equivalent) FIDO: Public key PSD2: PSU FIDO: User PSD2: ASPSP FIDO: Relying Party Local user verification step On-line authentication step
  • 21. All Rights Reserved | FIDO Alliance | Copyright 201821 FIDO AUTHENTICATOR CONCEPT FIDO Authenticator User Verification / Presence Attestation Key Authentication Key(s) Injected at manufacturing, doesn’t change Generated at runtime (on Registration) Optional Components Transaction Confirmation Display
  • 22. All Rights Reserved | FIDO Alliance | Copyright 201822 FIDO BUILDING BLOCKS (External) Authenticator USER DEVICE FIDO Client (Bound) Authenticator ASM RP App FIDO Authentication RP App Server FIDO Server Metadata
  • 23. All Rights Reserved | FIDO Alliance | Copyright 201823 FIDO USE CASES Passwordless Experience Authenticated Online 3 Biometric User Verification* 21 ? Authentication Challenge Authenticated Online 3 Second Factor Challenge Insert Dongle* / Press Button Second Factor Experience *There are other types of authenticators (e.g. PIN) 21
  • 24. All Rights Reserved | FIDO Alliance | Copyright 201824 FIDO BUILDING BLOCKS (Roaming) Authenticator User Device Browser (Bound) Authenticator Platform RP App FIDO Authentication RP App Server FIDO Server Metadata Web Authentication JS API CTA P
  • 25. All Rights Reserved | FIDO Alliance | Copyright 201825 WEB AUTHENTICATION Supported In: JavaScript API that enables FIDO Authentication directly in web browsers
  • 26. All Rights Reserved | FIDO Alliance | Copyright 201826 FIDO AUTHENTICATION: SECURITY & CONVENIENCE
  • 27. All Rights Reserved | FIDO Alliance | Copyright 201827 CONVENIENCE & SECURITY Security Convenience Password
  • 28. All Rights Reserved | FIDO Alliance | Copyright 201828 CONVENIENCE & SECURITY Security Convenience Password + OTP Password
  • 29. All Rights Reserved | FIDO Alliance | Copyright 201829 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO • Same user verification method for all servers In FIDO: Arbitrary user verification methods are supported (+ they are interoperable)
  • 30. All Rights Reserved | FIDO Alliance | Copyright 201830 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO: Scalable security depending on Authenticator implementation In FIDO: • Only public keys on server • Not phishable
  • 31. All Rights Reserved | FIDO Alliance | Copyright 201831 CONCLUSION • Different authentication use-cases lead to different authentication requirements • FIDO separates user verification from authentication and hence supports all user verification methods • FIDO supports scalable convenience & security • User verification data is known to Authenticator only • FIDO complements federation
  • 32. All Rights Reserved | FIDO Alliance | Copyright 201832 FIDO REGISTRATION accountInfo, challenge, [cOpts] rpId, ai, hash(clientData), cryptoP, [exts] verify user generate: key kpub key kpriv credential c c,kpub,clientData,ac,cdh,rpId,cntr,AAGUID[,exts], signature(tbs) c,kpub,clientData,ac,tbs, s store: key kpub c s Authenticator select Authenticator according to cOpts; determine rpId, get tlsData; clientData := {challenge, origin, rpId, hAlg, tlsData} cOpts: crypto params, credential black list, extensions cdh ai tbs ac: attestation certificate chain
  • 33. All Rights Reserved | FIDO Alliance | Copyright 201833 FIDO AUTHENTICATION Authenticator Relying Party rpId, [c,] hash(clientData) select Authenticator according to policy; check rpId, get tlsData (i.e. channel id, etc.); lookup key handle h; clientData := {challenge, rpId, tlsData} clientData,cntr,[exts],signature(cdh,cntr,exts) clientData, cntr, exts, s lookup kpub from DB check: exts + signature using key kpub s cdh challenge, [aOpts] verify user find key kpriv cntr++; process exts