SlideShare a Scribd company logo
1 of 40
Download to read offline
FIDO  UAF  Tutorial
Mobile Authentication Helps Drive Business
770  million  biometric  
authentication  
applications  will  be  
downloaded  per  
annum  by  2019,  up  
from  just  6  million  this  
year  and  dramatically  
reducing  dependence  
on  alphanumeric  
passwords  in  the  
mobile  phone  market.
-­Juniper  Research,  
20  January  2016
Source:  Criteo,  State  of  Mobile  Commerce  Report  4Q  2015  
How Secure is Authentication?
Cloud Authentication
Password  might  be  
entered  into  untrusted  
App  /  Web-­site  
(“phishing”)
2
Password  could  be  stolen  
from  the  server
1
Too  many  passwords  to  
remember
à re-­use  /  cart
abandonment
3
Inconvenient  to  type  
password  on  phone
4
Password Issues
OTP Issues
OTP  vulnerable  to  real-­
time  MITM  and  MITB  
attacks
1
SMS  security  questionable,  
especially  when  Device  is  the  
phone
2
OTP  HW  tokens  are  
expensive  and  people  
don’t  want  another  device
3
Inconvenient  to  type  OTP  
on  phone
4
Do you want to login?
1
Authentication Needs
Authentication today:
Ask user for a password… (and perhaps a one time password)
Do you want to share your
dental records? 4
Do you want to change
your shipping address? 3
Do you want to delete all of your
emails? 2
Do you want to transfer $100 to Frank?
5
Do you want to transfer $10,000 to
mymerchant.com?
6
Classifying Threats
Remotely	
  attacking	
  central	
  servers	
  
steal	
  data for	
  impersonation
1
Physically	
  attacking	
  user	
  
devices	
  
misuse	
  them for	
  
impersonation
6
Physically	
  attacking	
  user	
  
devices
steal	
  data for	
  impersonation
5
Remotely	
  
attacking	
  lots	
  of	
  
user	
  devices
steal	
  data for	
  
impersonation
Remotely	
  
attacking	
  lots	
  of	
  
user	
  devices
misuse	
  them for	
  
impersonation
Remotely	
  
attacking	
  lots	
  of	
  
user	
  devices
misuse	
  
authenticated	
  
sessions
2 3 4
Scalable	
  attacks
Physical	
  attacks	
  
possible	
  on	
  lost	
  or
stolen	
  devices
( 3%	
  in	
  the	
  US	
  in	
  2013)
Summary
1. Passwords  are  insecure  and  inconvenient  
especially  on  mobile  devices
2. Alternative  authentication   methods  are  silos  and  
hence  don‘t  scale  to  large  scale  user  populations
3. The  required  security  level  of  the  authentication  
depends  on  the  use
4. Risk  engines  need  information  about  the  explicit  
authentication   security  for  good  decision  
How does FIDO work?
Device
How does FIDO work?
Private  key
Public  key
challenge
(signed)  
response
Require  user  gesture
before  private  key  
can  be  used
How does FIDO UAF work?
… …SE
How does FIDO UAF work?
Can  recognize the  user  
(i.e.  user  verification),  but  
doesn’t  know  its  identity  
attributes.
Same  Authenticator  
as  registered  before?
Same  User  as  
enrolled  before?
How does FIDO UAF work?
Identity  binding   to  be  done  
outside  FIDO:  This  this  
“John  Doe  with  customer  
ID  X”.
Can  recognize the  user  
(i.e.  user  verification),  but  
doesn’t  know  its  identity  
attributes.
Same  Authenticator  
as  registered  before?
Same  User  as  
enrolled  before?
How does FIDO UAF work?
… …SE
How  is  the  key  protected  (TPM,  
SE,  TEE,  …)?
Which  user  verification  method  is  
used?
Binding Keys to Apps
Use  google.com  key
Use  paypal.com  key
Use  same  user  gesture
(e.g.  same  finger  or  PIN)
for  unlocking  each  private  key.
FIDO	
  USER	
  DEVICE
FIDO	
  CLIENT
FIDO	
  AUTHENTICATOR
BROWSER	
  /	
  APP
FIDO Building Blocks
ASM
RELYING	
  PARTY
Attestation	
  key
Authentication	
  
keys
FIDO	
  SERVER
METADATA	
   SERVICE
WEB	
  APPLICATION
Update
Cryptographic	
  
authentication	
  key	
  
DB
Authenticator	
  
Metadata
UAF	
  Protocol
TLS	
  Server	
  Key
Registration Overview
FIDO AUTHENTICATOR
FIDO SERVER
FIDO CLIENT
Send  Registration  Request:
-­ Policy
-­ Random  Challenge
Start  
registration
Verify  user
Generate  key  pair
Sign  attestation  object:
• Public  key
• AAID
• Random  Challenge
• Name  of  relying  party
Signed  by  attestation  key
Verify  signature
Check  AAID  against  policy
Store  public  key
AAID  =  Authenticator  Attestation  
ID,  i.e.  model  ID
Perform  legacy  authentication  first,  in  order  to  bind  authenticator  to  an  electronic  identity,
then  perform  FIDO  registration.
FIDO
Authenticator
FIDO
Server
Web  
App
App
Prepare0
UAF Authentication
FIDO
Authenticator
FIDO
Server
Web  
App
App
Prepare
UAF Authentication
0
FIDO
Authenticator
FIDO
Server
Web  
App
App
Prepare
UAF Authentication
0
FIDO
Authenticator
FIDO
Server
Web  
App
App
Prepare
UAF Authentication
Initiate  
Authentication
1
0
FIDO
Authenticator
FIDO
Server
Web  
App
App
Prepare
UAF Authentication
Initiate  
Authentication
1
Auth.  Request
with  Challenge
2
0
FIDO
Server
Web  
App
App
Prepare
UAF Authentication
pat@example.com
Pat  Johnson
Initiate  
Authentication
1
3
Verify  User  &
Sign  Challenge  
(Key  specific  to  RP  
Webapp)
FIDO
Authenticator
Auth.  Request
with  Challenge
2
0
FIDO
Server
Web  
App
App
Prepare
UAF Authentication
Pat  Johnson
650  Castro  Street
Mountain  View,  CA  94041
United  States
Initiate  
Authentication
1
FIDO
Authenticator
3
Verify  User  &
Sign  Challenge  
(Key  specific  to  RP  
Webapp)
Auth.
Response
4
Auth.  Request
with  Challenge
2
0
FIDO
Server
Web  
App
App
Prepare
UAF Authentication
pat@example.com
Pat  Johnson
Payment  complete!
Return  to  the  merchant’s  web  
site  to  continue  shopping
Return  to  the  merchant
Initiate  
Authentication
1
FIDO
Authenticator
3
Verify  User  &
Sign  Challenge  
(Key  specific  to  RP  
Webapp)
Auth.  Request
with  Challenge
2
Auth.  
Response
4
Success
5
0
FIDO
Server
Browser	
  or	
  
Native	
  App
FIDO
Authenticator Initiate	
  Transaction
Authentication	
   Response
+	
  Text	
  Hash,	
  
signed	
  by	
  User’s	
  private	
  key
Validate
Response	
  &	
  
Text	
  Hash	
  using
User’s	
  Public	
  Key
Authentication	
   Request	
  +	
  
Transaction	
  Text 2
4
5
Device Relying	
  Party
1
3
Web	
  
App
Display	
  Text,	
  Verify	
  
User	
  & Unlock	
  Private	
  
Key
(specific	
  to	
  User	
  +	
  RP	
  Webapp)
Transaction Confirmation
Convenience & Security
Convenience
Security
Password
Convenience & Security
Convenience
Security
Password
Password	
  +	
  OTP
Convenience & Security
Convenience
Security
Password
Password	
  +	
  OTP
FIDO
In	
  FIDO:
• Same	
  user	
  verification	
  
method	
  for	
  all	
  servers
In	
  FIDO:	
  	
  Arbitrary	
  user	
  
verification	
  methods	
  are	
  
supported	
  (+	
  they	
  are	
  
interoperable)
Convenience & Security
Convenience
Security
Password
Password	
  +	
  OTP
FIDO
In	
  FIDO:
• Only	
  public	
  keys	
  on	
  server
• Not	
  phishable
In	
  FIDO:	
  	
  Scalable	
  security	
  
depending	
  on	
  Authenticator	
  
implementation
What about rubber fingers?
Protection  methods  in  FIDO
1. Attacker  needs  access  to  the  Authenticator  and  swipe  rubber  
finger  on  it.    This  makes  it  a  non-­scalable  attack.
2. Authenticators  might  implement  presentation  attack  detection  
methods.
Remember:
Creating  hundreds  of  millions  of  rubber  fingers  +  stealing  the  related  
authenticators  is  expensive.    Stealing  hundreds  of  millions  of  
passwords  from  a  server  has  low  cost  per  password.
But I can’t revoke my finger…
• Protection  methods  in  FIDO
You  don’t  need  to  revoke  your  finger,  you  can  simply  
de-­register  the  old  (=attacked)  authenticator.  Then,  
1. Get  a  new  authenticator
2. Enroll  your  finger  (or  iris,  …)  to  it
3. Register  the  new  authenticator  to  the  service
FIDO is used Today
Conclusion
• Different  authentication  use-­cases  lead  to  different  
authentication   requirements
• FIDO  separates  user  verification  from  authentication  
and  hence  supports  all  user  verification  methods
• FIDO  supports  scalable  convenience  &  security
• User  verification  data  is  known  to  Authenticator  only
• FIDO  complements  federation
Todd  Thiemann,  Nok  Nok Labs,  tthiemann@noknok.com
How does FIDO UAF work?
5.  Generate  key  pair  in  
Authenticator  to  protect  
against  phishing
7.  Verify  user  before  
signing  authentication  
response
4.  Provide  cryptographic  
proof  of  authenticator  
model
1.  Use  Metadata  to  
understand  Authenticator    
security  characteristic
2.  Define  policy  of  
acceptable  
Authenticators
6.  Use  site-­specific  
keys  in  order  to  protect  
privacy
3.  Store  public  keys  on  
the  server  
(no  secrets)
8.  Use  channel  binding  to  
protect  against  MITM
Registration Overview (2)
Physical  Identity
Virtual  Identity
FIDO AUTHENTICATOR FIDO SERVER
WEB Application
{  userid=1234,  
jane@mail.com,
known  since  03/05/04,
payment  history=xx,  
…  
}
{  userid=1234,  
pubkey=0x43246,  AAID=x
+pubkey=0xfa4731,  AAID=y
}
Registration
AAID  y
key  for  foo.com:  0xfa4731
Relying  Party  foo.com
Link  new  
Authenticator  to  
existing  userid
“Know  Your  Customer”  rules
Legacy  Authentication
SIM  Card
FIDO  Authenticator
Attestation  Key
Authentication  Key(s)
Using Secure Hardware
PIN  
Verification
PIN  Entry
User
Verification /  
Presence
Trusted  Execution  Environment  (TEE)
FIDO  Authenticator  as  Trusted  Application  (TA)
User  Verification  /  Presence
Attestation  Key
Authentication  Key(s)
Store  at  Enrollment
Compare  at  Authentication
Unlock  after  comparison
Client Side Biometrics
Trusted  Execution  Environment  
(TEE)
Secure  Element
Combining TEE and SE
FIDO  Authenticator  as  Trusted  Application  (TA)
Attestation  Key
Authentication  Key(s)
User  Verification    
/  Presence
Transaction  
Confirmation  
Display
e.g.  GlobalPlatform  
Trusted  UI

More Related Content

What's hot

IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyHaniyama Wataru
 
Web Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationWeb Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationFIDO Alliance
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfKristina Yasuda
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2Rob Dudley
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교
FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교
FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교Lee Ji Eun
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 

What's hot (20)

IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
Web Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to AuthenticationWeb Authn & Security Keys: Unlocking the Key to Authentication
Web Authn & Security Keys: Unlocking the Key to Authentication
 
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdfVerifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
Verifiable Credentials_Kristina_Identiverse2022_vFIN.pdf
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교
FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교
FIDO기반 생체인식 인증기술_SK플래닛@tech세미나판교
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 

Viewers also liked

CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Predicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering CommunitiesPredicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering CommunitiesGregoire Burel
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Cultures in Community Question Answering
Cultures in Community Question AnsweringCultures in Community Question Answering
Cultures in Community Question AnsweringNicolas Kourtellis
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Tutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender SystemsTutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender Systemsneilhurley
 
Google Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableGoogle Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableFIDO Alliance
 
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...Marco Brambilla
 
Neural Network and NLP
Neural Network and NLPNeural Network and NLP
Neural Network and NLPMark Chang
 
Leveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile DevicesLeveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile DevicesNok Nok Labs, Inc
 
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...YONG ZHENG
 
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요![스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!SPACECLOUD
 
FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례Lee Ji Eun
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAASrahmed_sct
 
FIDO - The Value of Membership
FIDO -  The Value of Membership FIDO -  The Value of Membership
FIDO - The Value of Membership FIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
Introduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tasselIntroduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tasselAwais Khan
 

Viewers also liked (20)

CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Predicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering CommunitiesPredicting Answering Behaviour in Online Question Answering Communities
Predicting Answering Behaviour in Online Question Answering Communities
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
FOAF & SIOC applications
FOAF & SIOC applicationsFOAF & SIOC applications
FOAF & SIOC applications
 
Cultures in Community Question Answering
Cultures in Community Question AnsweringCultures in Community Question Answering
Cultures in Community Question Answering
 
Touch id in iphone 5s
Touch id in iphone 5sTouch id in iphone 5s
Touch id in iphone 5s
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
Tutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender SystemsTutorial on Robustness of Recommender Systems
Tutorial on Robustness of Recommender Systems
 
Google Case Study: Becoming Unphishable
Google Case Study: Becoming UnphishableGoogle Case Study: Becoming Unphishable
Google Case Study: Becoming Unphishable
 
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
Answering Search Queries with CrowdSearcher: a crowdsourcing and social netwo...
 
Neural Network and NLP
Neural Network and NLPNeural Network and NLP
Neural Network and NLP
 
Leveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile DevicesLeveraging Fingerprint Verification on Mobile Devices
Leveraging Fingerprint Verification on Mobile Devices
 
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
[UMAP2013]Tutorial on Context-Aware User Modeling for Recommendation by Bamsh...
 
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요![스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
[스페이스클라우드] 간편결제 서비스 도입, 네이버페이로 파티룸 예약해요!
 
FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례FIDO 생체인증 기술 개발 사례
FIDO 생체인증 기술 개발 사례
 
Developing With JAAS
Developing With JAASDeveloping With JAAS
Developing With JAAS
 
FIDO - The Value of Membership
FIDO -  The Value of Membership FIDO -  The Value of Membership
FIDO - The Value of Membership
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
 
Introduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tasselIntroduction to association mapping and tutorial using tassel
Introduction to association mapping and tutorial using tassel
 

Similar to FIDO UAF Specifications: Overview & Tutorial

FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Alliance
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsFIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaicationSean Xiong
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with MicrosoftFIDO Alliance
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 

Similar to FIDO UAF Specifications: Overview & Tutorial (20)

FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications Tutorial
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
Passwordless Mobile Banking.pdf
Passwordless Mobile Banking.pdfPasswordless Mobile Banking.pdf
Passwordless Mobile Banking.pdf
 
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
Data Con LA 2019 - So You got Hacked, how Quickly Can your Company Recover? b...
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Claim based authentaication
Claim based authentaicationClaim based authentaication
Claim based authentaication
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
 
WebAuthn
WebAuthnWebAuthn
WebAuthn
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 

More from FIDO Alliance

OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing  FIDO Device Onboard (FDO)Introducing  FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポートFIDO Alliance
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
 
20200303 ISR プライベートセミナー:パスワードのいらない世界へ
20200303 ISR プライベートセミナー:パスワードのいらない世界へ20200303 ISR プライベートセミナー:パスワードのいらない世界へ
20200303 ISR プライベートセミナー:パスワードのいらない世界へFIDO Alliance
 

More from FIDO Alliance (20)

OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
Introducing FIDO Device Onboard (FDO)
Introducing  FIDO Device Onboard (FDO)Introducing  FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
 
20200303 ISR プライベートセミナー:パスワードのいらない世界へ
20200303 ISR プライベートセミナー:パスワードのいらない世界へ20200303 ISR プライベートセミナー:パスワードのいらない世界へ
20200303 ISR プライベートセミナー:パスワードのいらない世界へ
 

Recently uploaded

Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 

Recently uploaded (20)

Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 

FIDO UAF Specifications: Overview & Tutorial

  • 2. Mobile Authentication Helps Drive Business 770  million  biometric   authentication   applications  will  be   downloaded  per   annum  by  2019,  up   from  just  6  million  this   year  and  dramatically   reducing  dependence   on  alphanumeric   passwords  in  the   mobile  phone  market. -­Juniper  Research,   20  January  2016 Source:  Criteo,  State  of  Mobile  Commerce  Report  4Q  2015  
  • 3. How Secure is Authentication?
  • 5. Password  might  be   entered  into  untrusted   App  /  Web-­site   (“phishing”) 2 Password  could  be  stolen   from  the  server 1 Too  many  passwords  to   remember à re-­use  /  cart abandonment 3 Inconvenient  to  type   password  on  phone 4 Password Issues
  • 6. OTP Issues OTP  vulnerable  to  real-­ time  MITM  and  MITB   attacks 1 SMS  security  questionable,   especially  when  Device  is  the   phone 2 OTP  HW  tokens  are   expensive  and  people   don’t  want  another  device 3 Inconvenient  to  type  OTP   on  phone 4
  • 7. Do you want to login? 1 Authentication Needs Authentication today: Ask user for a password… (and perhaps a one time password) Do you want to share your dental records? 4 Do you want to change your shipping address? 3 Do you want to delete all of your emails? 2 Do you want to transfer $100 to Frank? 5 Do you want to transfer $10,000 to mymerchant.com? 6
  • 8. Classifying Threats Remotely  attacking  central  servers   steal  data for  impersonation 1 Physically  attacking  user   devices   misuse  them for   impersonation 6 Physically  attacking  user   devices steal  data for  impersonation 5 Remotely   attacking  lots  of   user  devices steal  data for   impersonation Remotely   attacking  lots  of   user  devices misuse  them for   impersonation Remotely   attacking  lots  of   user  devices misuse   authenticated   sessions 2 3 4 Scalable  attacks Physical  attacks   possible  on  lost  or stolen  devices ( 3%  in  the  US  in  2013)
  • 9. Summary 1. Passwords  are  insecure  and  inconvenient   especially  on  mobile  devices 2. Alternative  authentication   methods  are  silos  and   hence  don‘t  scale  to  large  scale  user  populations 3. The  required  security  level  of  the  authentication   depends  on  the  use 4. Risk  engines  need  information  about  the  explicit   authentication   security  for  good  decision  
  • 10. How does FIDO work? Device
  • 11. How does FIDO work? Private  key Public  key challenge (signed)   response Require  user  gesture before  private  key   can  be  used
  • 12. How does FIDO UAF work? … …SE
  • 13. How does FIDO UAF work? Can  recognize the  user   (i.e.  user  verification),  but   doesn’t  know  its  identity   attributes. Same  Authenticator   as  registered  before? Same  User  as   enrolled  before?
  • 14. How does FIDO UAF work? Identity  binding   to  be  done   outside  FIDO:  This  this   “John  Doe  with  customer   ID  X”. Can  recognize the  user   (i.e.  user  verification),  but   doesn’t  know  its  identity   attributes. Same  Authenticator   as  registered  before? Same  User  as   enrolled  before?
  • 15. How does FIDO UAF work? … …SE How  is  the  key  protected  (TPM,   SE,  TEE,  …)? Which  user  verification  method  is   used?
  • 16. Binding Keys to Apps Use  google.com  key Use  paypal.com  key Use  same  user  gesture (e.g.  same  finger  or  PIN) for  unlocking  each  private  key.
  • 17. FIDO  USER  DEVICE FIDO  CLIENT FIDO  AUTHENTICATOR BROWSER  /  APP FIDO Building Blocks ASM RELYING  PARTY Attestation  key Authentication   keys FIDO  SERVER METADATA   SERVICE WEB  APPLICATION Update Cryptographic   authentication  key   DB Authenticator   Metadata UAF  Protocol TLS  Server  Key
  • 18. Registration Overview FIDO AUTHENTICATOR FIDO SERVER FIDO CLIENT Send  Registration  Request: -­ Policy -­ Random  Challenge Start   registration Verify  user Generate  key  pair Sign  attestation  object: • Public  key • AAID • Random  Challenge • Name  of  relying  party Signed  by  attestation  key Verify  signature Check  AAID  against  policy Store  public  key AAID  =  Authenticator  Attestation   ID,  i.e.  model  ID Perform  legacy  authentication  first,  in  order  to  bind  authenticator  to  an  electronic  identity, then  perform  FIDO  registration.
  • 23. FIDO Authenticator FIDO Server Web   App App Prepare UAF Authentication Initiate   Authentication 1 Auth.  Request with  Challenge 2 0
  • 24. FIDO Server Web   App App Prepare UAF Authentication pat@example.com Pat  Johnson Initiate   Authentication 1 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) FIDO Authenticator Auth.  Request with  Challenge 2 0
  • 25. FIDO Server Web   App App Prepare UAF Authentication Pat  Johnson 650  Castro  Street Mountain  View,  CA  94041 United  States Initiate   Authentication 1 FIDO Authenticator 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) Auth. Response 4 Auth.  Request with  Challenge 2 0
  • 26. FIDO Server Web   App App Prepare UAF Authentication pat@example.com Pat  Johnson Payment  complete! Return  to  the  merchant’s  web   site  to  continue  shopping Return  to  the  merchant Initiate   Authentication 1 FIDO Authenticator 3 Verify  User  & Sign  Challenge   (Key  specific  to  RP   Webapp) Auth.  Request with  Challenge 2 Auth.   Response 4 Success 5 0
  • 27. FIDO Server Browser  or   Native  App FIDO Authenticator Initiate  Transaction Authentication   Response +  Text  Hash,   signed  by  User’s  private  key Validate Response  &   Text  Hash  using User’s  Public  Key Authentication   Request  +   Transaction  Text 2 4 5 Device Relying  Party 1 3 Web   App Display  Text,  Verify   User  & Unlock  Private   Key (specific  to  User  +  RP  Webapp) Transaction Confirmation
  • 30. Convenience & Security Convenience Security Password Password  +  OTP FIDO In  FIDO: • Same  user  verification   method  for  all  servers In  FIDO:    Arbitrary  user   verification  methods  are   supported  (+  they  are   interoperable)
  • 31. Convenience & Security Convenience Security Password Password  +  OTP FIDO In  FIDO: • Only  public  keys  on  server • Not  phishable In  FIDO:    Scalable  security   depending  on  Authenticator   implementation
  • 32. What about rubber fingers? Protection  methods  in  FIDO 1. Attacker  needs  access  to  the  Authenticator  and  swipe  rubber   finger  on  it.    This  makes  it  a  non-­scalable  attack. 2. Authenticators  might  implement  presentation  attack  detection   methods. Remember: Creating  hundreds  of  millions  of  rubber  fingers  +  stealing  the  related   authenticators  is  expensive.    Stealing  hundreds  of  millions  of   passwords  from  a  server  has  low  cost  per  password.
  • 33. But I can’t revoke my finger… • Protection  methods  in  FIDO You  don’t  need  to  revoke  your  finger,  you  can  simply   de-­register  the  old  (=attacked)  authenticator.  Then,   1. Get  a  new  authenticator 2. Enroll  your  finger  (or  iris,  …)  to  it 3. Register  the  new  authenticator  to  the  service
  • 34. FIDO is used Today
  • 35. Conclusion • Different  authentication  use-­cases  lead  to  different   authentication   requirements • FIDO  separates  user  verification  from  authentication   and  hence  supports  all  user  verification  methods • FIDO  supports  scalable  convenience  &  security • User  verification  data  is  known  to  Authenticator  only • FIDO  complements  federation Todd  Thiemann,  Nok  Nok Labs,  tthiemann@noknok.com
  • 36. How does FIDO UAF work? 5.  Generate  key  pair  in   Authenticator  to  protect   against  phishing 7.  Verify  user  before   signing  authentication   response 4.  Provide  cryptographic   proof  of  authenticator   model 1.  Use  Metadata  to   understand  Authenticator     security  characteristic 2.  Define  policy  of   acceptable   Authenticators 6.  Use  site-­specific   keys  in  order  to  protect   privacy 3.  Store  public  keys  on   the  server   (no  secrets) 8.  Use  channel  binding  to   protect  against  MITM
  • 37. Registration Overview (2) Physical  Identity Virtual  Identity FIDO AUTHENTICATOR FIDO SERVER WEB Application {  userid=1234,   jane@mail.com, known  since  03/05/04, payment  history=xx,   …   } {  userid=1234,   pubkey=0x43246,  AAID=x +pubkey=0xfa4731,  AAID=y } Registration AAID  y key  for  foo.com:  0xfa4731 Relying  Party  foo.com Link  new   Authenticator  to   existing  userid “Know  Your  Customer”  rules Legacy  Authentication
  • 38. SIM  Card FIDO  Authenticator Attestation  Key Authentication  Key(s) Using Secure Hardware PIN   Verification PIN  Entry User Verification /   Presence
  • 39. Trusted  Execution  Environment  (TEE) FIDO  Authenticator  as  Trusted  Application  (TA) User  Verification  /  Presence Attestation  Key Authentication  Key(s) Store  at  Enrollment Compare  at  Authentication Unlock  after  comparison Client Side Biometrics
  • 40. Trusted  Execution  Environment   (TEE) Secure  Element Combining TEE and SE FIDO  Authenticator  as  Trusted  Application  (TA) Attestation  Key Authentication  Key(s) User  Verification     /  Presence Transaction   Confirmation   Display e.g.  GlobalPlatform   Trusted  UI