SlideShare a Scribd company logo

FIDO Authentication Technical Overview

FIDO Alliance
FIDO Alliance

A detailed look at FIDO Authentication, how FIDO works, FIDO & federation, attestation and meta data, and more.

Internet
1 of 33
Download to read offline
1 FIDO AUTHENTICATION TECHNICAL OVERVIEW All Rights Reserved | FIDO Alliance | Copyright 2018
All Rights Reserved | FIDO Alliance | Copyright 20182 HOW SECURE IS AUTHENTICATION?
All Rights Reserved | FIDO Alliance | Copyright 20183 CLOUD AUTHENTICATION DeviceSomething Authentication Risk Analytics Internet
All Rights Reserved | FIDO Alliance | Copyright 20184 PASSWORD ISSUES DeviceSomething Authentication Internet Password could be stolen from the server 1Password might be entered into untrusted App / Web- site (“phishing”) 2 Too many passwords to remember (>re-use / cart Abandonment) 3 Inconvenient to type password on phone 4
All Rights Reserved | FIDO Alliance | Copyright 20175 OTP ISSUES DeviceSomething Authentication Internet OTP vulnerable to real- time MITM and MITB attacks 1 SMS security questionable, especially when Device is the phone 2 OTP HW tokens are expensive and people don’t want another device 3 Inconvenient to type OTP into phone 4
All Rights Reserved | FIDO Alliance | Copyright 20186 HOW SECURE IS AUTHENTICATION?
All Rights Reserved | FIDO Alliance | Copyright 20187 HOW SECURE IS AUTHENTICATION? Attacks require physical action → not scalable Things are never 100% secure, so focus on adequate security. Focus on the scalable attacks first. Scalable Attacks
All Rights Reserved | FIDO Alliance | Copyright 20188 HOW DOES FIDO WORK?
All Rights Reserved | FIDO Alliance | Copyright 20189 HOW DOES FIDO WORK? DeviceUser verification FIDO Authentication Authenticator
All Rights Reserved | FIDO Alliance | Copyright 201810 FIDO AUTHENTICATORS We see “Bound” Authenticators, i.e. authenticators that are an integral part of a smartphone or laptop. We see “Roaming” Authenticators, i.e. authenticators that can be connected to different smartphones or laptops using CTAP. In both categories you find support for different modalities Verify User Verify User Presence
All Rights Reserved | FIDO Alliance | Copyright 201811 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Require user gesture before private key can be used Challenge (Signed) Response Private key dedicated to one app Public key
All Rights Reserved | FIDO Alliance | Copyright 201812 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes.
All Rights Reserved | FIDO Alliance | Copyright 201813 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes. Identity binding to be done outside FIDO: This this “John Doe with customer ID X”.
FIDO & Federation FIDO USER DEVICE FIDO CLIENT IdP FIDO SERVER FIDO AUTHENTICATOR FEDERATION SERVERBROWSER / APP FIDO Protocol Service Provider Federation Id DB Knows details about the Authentication strength Knows details about the Identity and its verification strength. First Mile Second Mile 14
All Rights Reserved | FIDO Alliance | Copyright 201815 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE
All Rights Reserved | FIDO Alliance | Copyright 201816 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE How is the key protected (TPM, SE, TEE, …)? Which user verification method is used?
All Rights Reserved | FIDO Alliance | Copyright 201817 ATTESTATION + METADATA Private attestation key Signed Attestation Object Metadata Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org FIDO Registration Verify using trust anchor included in Metadata Relying parties can store this for auditing purposes
All Rights Reserved | FIDO Alliance | Copyright 201818 BINDING KEYS TO RELYING PARTIES Use A-corp.com key Use B-corp.com key A calc A docs B One Account – All Applications As Mobile App & Web App A calc A docs B Platform determines the “caller” and passes it to the Authenticator for selecting the correct key. FIDO Client determines the “caller” (AppID/RP ID) and passes it to the Authenticator for selecting the correct key. b-corp a-corp
All Rights Reserved | FIDO Alliance | Copyright 201819 FIDO AUTHENTICATORS FIDO has an Authenticator Certification program. Different certification levels address the needs to protect against scalable and physical attacks. See https://fidoalliance.org/certification/authenticator-certification-levels/
User Environment All Rights Reserved | FIDO Alliance | Copyright 201820 HOW DOES FIDO WORK? Authenticator User gesture before private key can be used (Touch, PIN entry, Biometric) PSD2: (no equivalent) FIDO: Challenge PSD2: Authentication Code FIDO: (Signed) Response PSD2: Personalized Security Credential FIDO: Private key PSD2: (no equivalent) FIDO: Public key PSD2: PSU FIDO: User PSD2: ASPSP FIDO: Relying Party Local user verification step On-line authentication step
All Rights Reserved | FIDO Alliance | Copyright 201821 FIDO AUTHENTICATOR CONCEPT FIDO Authenticator User Verification / Presence Attestation Key Authentication Key(s) Injected at manufacturing, doesn’t change Generated at runtime (on Registration) Optional Components Transaction Confirmation Display
All Rights Reserved | FIDO Alliance | Copyright 201822 FIDO BUILDING BLOCKS (External) Authenticator USER DEVICE FIDO Client (Bound) Authenticator ASM RP App FIDO Authentication RP App Server FIDO Server Metadata
All Rights Reserved | FIDO Alliance | Copyright 201823 FIDO USE CASES Passwordless Experience Authenticated Online 3 Biometric User Verification* 21 ? Authentication Challenge Authenticated Online 3 Second Factor Challenge Insert Dongle* / Press Button Second Factor Experience *There are other types of authenticators (e.g. PIN) 21
All Rights Reserved | FIDO Alliance | Copyright 201824 FIDO BUILDING BLOCKS (Roaming) Authenticator User Device Browser (Bound) Authenticator Platform RP App FIDO Authentication RP App Server FIDO Server Metadata Web Authentication JS API CTA P
All Rights Reserved | FIDO Alliance | Copyright 201825 WEB AUTHENTICATION Supported In: JavaScript API that enables FIDO Authentication directly in web browsers
All Rights Reserved | FIDO Alliance | Copyright 201826 FIDO AUTHENTICATION: SECURITY & CONVENIENCE
All Rights Reserved | FIDO Alliance | Copyright 201827 CONVENIENCE & SECURITY Security Convenience Password
All Rights Reserved | FIDO Alliance | Copyright 201828 CONVENIENCE & SECURITY Security Convenience Password + OTP Password
All Rights Reserved | FIDO Alliance | Copyright 201829 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO • Same user verification method for all servers In FIDO: Arbitrary user verification methods are supported (+ they are interoperable)
All Rights Reserved | FIDO Alliance | Copyright 201830 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO: Scalable security depending on Authenticator implementation In FIDO: • Only public keys on server • Not phishable
All Rights Reserved | FIDO Alliance | Copyright 201831 CONCLUSION • Different authentication use-cases lead to different authentication requirements • FIDO separates user verification from authentication and hence supports all user verification methods • FIDO supports scalable convenience & security • User verification data is known to Authenticator only • FIDO complements federation
All Rights Reserved | FIDO Alliance | Copyright 201832 FIDO REGISTRATION accountInfo, challenge, [cOpts] rpId, ai, hash(clientData), cryptoP, [exts] verify user generate: key kpub key kpriv credential c c,kpub,clientData,ac,cdh,rpId,cntr,AAGUID[,exts], signature(tbs) c,kpub,clientData,ac,tbs, s store: key kpub c s Authenticator select Authenticator according to cOpts; determine rpId, get tlsData; clientData := {challenge, origin, rpId, hAlg, tlsData} cOpts: crypto params, credential black list, extensions cdh ai tbs ac: attestation certificate chain
All Rights Reserved | FIDO Alliance | Copyright 201833 FIDO AUTHENTICATION Authenticator Relying Party rpId, [c,] hash(clientData) select Authenticator according to policy; check rpId, get tlsData (i.e. channel id, etc.); lookup key handle h; clientData := {challenge, rpId, tlsData} clientData,cntr,[exts],signature(cdh,cntr,exts) clientData, cntr, exts, s lookup kpub from DB check: exts + signature using key kpub s cdh challenge, [aOpts] verify user find key kpriv cntr++; process exts

Recommended

Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
FIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
FIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO Alliance
 

Recommended

Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
FIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
FIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO UAF and PKI in Asia - Case Study and Recommendations
FIDO Alliance
 
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...
FIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
FIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPR
FIDO Alliance
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice Authentication
FIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
FIDO Alliance
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
FIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
FIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
FIDO Alliance
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
FIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
FIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification
FIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
FIDO Alliance
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBM
FIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
FIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
FIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 

More Related Content

What's hot

Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
FIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPR
FIDO Alliance
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice Authentication
FIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
FIDO Alliance
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
FIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
FIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
FIDO Alliance
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
FIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
FIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification
FIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
FIDO Alliance
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBM
FIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
FIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
FIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
FIDO Alliance
 

What's hot (20)

Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
FIDO Support for the GDPR
FIDO Support for the GDPRFIDO Support for the GDPR
FIDO Support for the GDPR
 
Shopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice AuthenticationShopping Service Based on FIDO Voice Authentication
Shopping Service Based on FIDO Voice Authentication
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification FIDO Certified Program: The Value of Certification
FIDO Certified Program: The Value of Certification
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
Implementation Case Study by eWBM
Implementation Case Study by eWBMImplementation Case Study by eWBM
Implementation Case Study by eWBM
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 

Similar to FIDO Authentication Technical Overview

Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
FIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
FIDO Alliance
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
FIDO Alliance
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
FIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
FIDO Alliance
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
FIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
FIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
FIDO Alliance
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Alliance
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
FIDO Alliance
 
Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar
FIDO Alliance
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications Tutorial
FIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
FIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CloudIDSummit
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
FIDO Alliance
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
FIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
FIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
FIDO Alliance
 

Similar to FIDO Authentication Technical Overview (20)

Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
 
Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar Javelin Research's State of Strong Authentication 2019 Report Webinar
Javelin Research's State of Strong Authentication 2019 Report Webinar
 
FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications Tutorial
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 

More from FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
FIDO Alliance
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
FIDO Alliance
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
FIDO Alliance
 

More from FIDO Alliance (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 

Recently uploaded

Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 

Recently uploaded (20)

Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 

FIDO Authentication Technical Overview

  • 1. 1 FIDO AUTHENTICATION TECHNICAL OVERVIEW All Rights Reserved | FIDO Alliance | Copyright 2018
  • 2. All Rights Reserved | FIDO Alliance | Copyright 20182 HOW SECURE IS AUTHENTICATION?
  • 3. All Rights Reserved | FIDO Alliance | Copyright 20183 CLOUD AUTHENTICATION DeviceSomething Authentication Risk Analytics Internet
  • 4. All Rights Reserved | FIDO Alliance | Copyright 20184 PASSWORD ISSUES DeviceSomething Authentication Internet Password could be stolen from the server 1Password might be entered into untrusted App / Web- site (“phishing”) 2 Too many passwords to remember (>re-use / cart Abandonment) 3 Inconvenient to type password on phone 4
  • 5. All Rights Reserved | FIDO Alliance | Copyright 20175 OTP ISSUES DeviceSomething Authentication Internet OTP vulnerable to real- time MITM and MITB attacks 1 SMS security questionable, especially when Device is the phone 2 OTP HW tokens are expensive and people don’t want another device 3 Inconvenient to type OTP into phone 4
  • 6. All Rights Reserved | FIDO Alliance | Copyright 20186 HOW SECURE IS AUTHENTICATION?
  • 7. All Rights Reserved | FIDO Alliance | Copyright 20187 HOW SECURE IS AUTHENTICATION? Attacks require physical action → not scalable Things are never 100% secure, so focus on adequate security. Focus on the scalable attacks first. Scalable Attacks
  • 8. All Rights Reserved | FIDO Alliance | Copyright 20188 HOW DOES FIDO WORK?
  • 9. All Rights Reserved | FIDO Alliance | Copyright 20189 HOW DOES FIDO WORK? DeviceUser verification FIDO Authentication Authenticator
  • 10. All Rights Reserved | FIDO Alliance | Copyright 201810 FIDO AUTHENTICATORS We see “Bound” Authenticators, i.e. authenticators that are an integral part of a smartphone or laptop. We see “Roaming” Authenticators, i.e. authenticators that can be connected to different smartphones or laptops using CTAP. In both categories you find support for different modalities Verify User Verify User Presence
  • 11. All Rights Reserved | FIDO Alliance | Copyright 201811 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Require user gesture before private key can be used Challenge (Signed) Response Private key dedicated to one app Public key
  • 12. All Rights Reserved | FIDO Alliance | Copyright 201812 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes.
  • 13. All Rights Reserved | FIDO Alliance | Copyright 201813 HOW DOES FIDO WORK? AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Can recognize the user (i.e. user verification), but doesn’t know its identity attributes. Identity binding to be done outside FIDO: This this “John Doe with customer ID X”.
  • 14. FIDO & Federation FIDO USER DEVICE FIDO CLIENT IdP FIDO SERVER FIDO AUTHENTICATOR FEDERATION SERVERBROWSER / APP FIDO Protocol Service Provider Federation Id DB Knows details about the Authentication strength Knows details about the Identity and its verification strength. First Mile Second Mile 14
  • 15. All Rights Reserved | FIDO Alliance | Copyright 201815 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE
  • 16. All Rights Reserved | FIDO Alliance | Copyright 201816 FIDO ECOSYSTEM AuthenticatorUser verification FIDO Authentication … …SE How is the key protected (TPM, SE, TEE, …)? Which user verification method is used?
  • 17. All Rights Reserved | FIDO Alliance | Copyright 201817 ATTESTATION + METADATA Private attestation key Signed Attestation Object Metadata Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org FIDO Registration Verify using trust anchor included in Metadata Relying parties can store this for auditing purposes
  • 18. All Rights Reserved | FIDO Alliance | Copyright 201818 BINDING KEYS TO RELYING PARTIES Use A-corp.com key Use B-corp.com key A calc A docs B One Account – All Applications As Mobile App & Web App A calc A docs B Platform determines the “caller” and passes it to the Authenticator for selecting the correct key. FIDO Client determines the “caller” (AppID/RP ID) and passes it to the Authenticator for selecting the correct key. b-corp a-corp
  • 19. All Rights Reserved | FIDO Alliance | Copyright 201819 FIDO AUTHENTICATORS FIDO has an Authenticator Certification program. Different certification levels address the needs to protect against scalable and physical attacks. See https://fidoalliance.org/certification/authenticator-certification-levels/
  • 20. User Environment All Rights Reserved | FIDO Alliance | Copyright 201820 HOW DOES FIDO WORK? Authenticator User gesture before private key can be used (Touch, PIN entry, Biometric) PSD2: (no equivalent) FIDO: Challenge PSD2: Authentication Code FIDO: (Signed) Response PSD2: Personalized Security Credential FIDO: Private key PSD2: (no equivalent) FIDO: Public key PSD2: PSU FIDO: User PSD2: ASPSP FIDO: Relying Party Local user verification step On-line authentication step
  • 21. All Rights Reserved | FIDO Alliance | Copyright 201821 FIDO AUTHENTICATOR CONCEPT FIDO Authenticator User Verification / Presence Attestation Key Authentication Key(s) Injected at manufacturing, doesn’t change Generated at runtime (on Registration) Optional Components Transaction Confirmation Display
  • 22. All Rights Reserved | FIDO Alliance | Copyright 201822 FIDO BUILDING BLOCKS (External) Authenticator USER DEVICE FIDO Client (Bound) Authenticator ASM RP App FIDO Authentication RP App Server FIDO Server Metadata
  • 23. All Rights Reserved | FIDO Alliance | Copyright 201823 FIDO USE CASES Passwordless Experience Authenticated Online 3 Biometric User Verification* 21 ? Authentication Challenge Authenticated Online 3 Second Factor Challenge Insert Dongle* / Press Button Second Factor Experience *There are other types of authenticators (e.g. PIN) 21
  • 24. All Rights Reserved | FIDO Alliance | Copyright 201824 FIDO BUILDING BLOCKS (Roaming) Authenticator User Device Browser (Bound) Authenticator Platform RP App FIDO Authentication RP App Server FIDO Server Metadata Web Authentication JS API CTA P
  • 25. All Rights Reserved | FIDO Alliance | Copyright 201825 WEB AUTHENTICATION Supported In: JavaScript API that enables FIDO Authentication directly in web browsers
  • 26. All Rights Reserved | FIDO Alliance | Copyright 201826 FIDO AUTHENTICATION: SECURITY & CONVENIENCE
  • 27. All Rights Reserved | FIDO Alliance | Copyright 201827 CONVENIENCE & SECURITY Security Convenience Password
  • 28. All Rights Reserved | FIDO Alliance | Copyright 201828 CONVENIENCE & SECURITY Security Convenience Password + OTP Password
  • 29. All Rights Reserved | FIDO Alliance | Copyright 201829 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO • Same user verification method for all servers In FIDO: Arbitrary user verification methods are supported (+ they are interoperable)
  • 30. All Rights Reserved | FIDO Alliance | Copyright 201830 CONVENIENCE & SECURITY Security Convenience Password + OTP Password FIDO In FIDO: Scalable security depending on Authenticator implementation In FIDO: • Only public keys on server • Not phishable
  • 31. All Rights Reserved | FIDO Alliance | Copyright 201831 CONCLUSION • Different authentication use-cases lead to different authentication requirements • FIDO separates user verification from authentication and hence supports all user verification methods • FIDO supports scalable convenience & security • User verification data is known to Authenticator only • FIDO complements federation
  • 32. All Rights Reserved | FIDO Alliance | Copyright 201832 FIDO REGISTRATION accountInfo, challenge, [cOpts] rpId, ai, hash(clientData), cryptoP, [exts] verify user generate: key kpub key kpriv credential c c,kpub,clientData,ac,cdh,rpId,cntr,AAGUID[,exts], signature(tbs) c,kpub,clientData,ac,tbs, s store: key kpub c s Authenticator select Authenticator according to cOpts; determine rpId, get tlsData; clientData := {challenge, origin, rpId, hAlg, tlsData} cOpts: crypto params, credential black list, extensions cdh ai tbs ac: attestation certificate chain
  • 33. All Rights Reserved | FIDO Alliance | Copyright 201833 FIDO AUTHENTICATION Authenticator Relying Party rpId, [c,] hash(clientData) select Authenticator according to policy; check rpId, get tlsData (i.e. channel id, etc.); lookup key handle h; clientData := {challenge, rpId, tlsData} clientData,cntr,[exts],signature(cdh,cntr,exts) clientData, cntr, exts, s lookup kpub from DB check: exts + signature using key kpub s cdh challenge, [aOpts] verify user find key kpriv cntr++; process exts