Introduction to FIDO2 (Korean Language)FIDO Alliance
Introduction to FIDO2 by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Korea Working Group Technical Seminar on July 16th, 2018
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience. From FIDO Alliance Seminar in Tokyo, Japan, November, 2015.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Introduction to FIDO2 (Korean Language)FIDO Alliance
Introduction to FIDO2 by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Korea Working Group Technical Seminar on July 16th, 2018
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience. From FIDO Alliance Seminar in Tokyo, Japan, November, 2015.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)Lal Chandran
This is a paper presentation on EUDI wallets with OpenID for verifiable credentials (OID4VCI and OID4VP) published at https://igrant.io/papers/EUDI-Wallets-with-OID4VCI_OID4VP_v1.0.pdf. or https://docs.igrant.io/concepts/openID4vc/.
The paper extensively explores OpenID protocols harnessing the power of Verifiable Credentials, shedding light on the intricacies of these cutting-edge technologies. We delve into the realm of OpenID for Verifiable Credentials, delving into protocols such as Self-Issued OpenID Provider V2 (SIOPv2), Verifiable Credential Issuance (OID4VCI), and OpenID for Verifiable Presentations (OID4VP). These protocols are pivotal in bolstering privacy and strengthening digital identity in the modern age.
Throughout the paper, we showcase the transformative potential of these protocols, emphasising their crucial contributions to the ever-evolving landscape of digital wallets. Real-world scenarios are presented to illustrate the critical values of OID4VCI and OID4VP vividly. These scenarios serve as compelling examples of how these technologies can shape the future of digital identity, enhancing security and privacy while ensuring the seamless flow of information.
The paper spotlights the innovative European Union Digital Identity (EUDI) Wallets, a beacon of pioneering digital identity solutions. By bridging the gap between legacy eIDAS systems and SAML, EUDI Wallets pave the way for a secure and user-friendly digital identity ecosystem.
Key aspects covered in this paper include the authentication workflow, security measures like signatures and encryption, and the seamless passage of parameters within the EUDI Wallets ecosystem. By presenting these insights, we aim to highlight the substantial progress in digital identity and the role of OpenID protocols leveraging Verifiable Credentials in this ongoing revolution.
In summary, this paper serves as a comprehensive guide to understanding the significance of OpenID protocols in Verifiable Credentials. It explores their practical applications and transformative potential in shaping the future of digital identity. The research underscores the critical roles of OID4VCI and OID4VP in enhancing privacy and security while emphasising their vital contributions to the digital wallet landscape, specifically focusing on the innovative EUDI Wallets within the European Union.
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication.
Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more.
In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
A behind the scenes look at how Google deployed FIDO Authentication for employees and customers in their efforts towards simpler, stronger authentication.
With both FIDO authentication and blockchain based on the cornerstones of strong cryptography, the two are a natural fit to help propel secure, user-centric applications.
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
EUDI wallets with OpenID for verifiable credentials (OID4VCI/OID4VP)Lal Chandran
This is a paper presentation on EUDI wallets with OpenID for verifiable credentials (OID4VCI and OID4VP) published at https://igrant.io/papers/EUDI-Wallets-with-OID4VCI_OID4VP_v1.0.pdf. or https://docs.igrant.io/concepts/openID4vc/.
The paper extensively explores OpenID protocols harnessing the power of Verifiable Credentials, shedding light on the intricacies of these cutting-edge technologies. We delve into the realm of OpenID for Verifiable Credentials, delving into protocols such as Self-Issued OpenID Provider V2 (SIOPv2), Verifiable Credential Issuance (OID4VCI), and OpenID for Verifiable Presentations (OID4VP). These protocols are pivotal in bolstering privacy and strengthening digital identity in the modern age.
Throughout the paper, we showcase the transformative potential of these protocols, emphasising their crucial contributions to the ever-evolving landscape of digital wallets. Real-world scenarios are presented to illustrate the critical values of OID4VCI and OID4VP vividly. These scenarios serve as compelling examples of how these technologies can shape the future of digital identity, enhancing security and privacy while ensuring the seamless flow of information.
The paper spotlights the innovative European Union Digital Identity (EUDI) Wallets, a beacon of pioneering digital identity solutions. By bridging the gap between legacy eIDAS systems and SAML, EUDI Wallets pave the way for a secure and user-friendly digital identity ecosystem.
Key aspects covered in this paper include the authentication workflow, security measures like signatures and encryption, and the seamless passage of parameters within the EUDI Wallets ecosystem. By presenting these insights, we aim to highlight the substantial progress in digital identity and the role of OpenID protocols leveraging Verifiable Credentials in this ongoing revolution.
In summary, this paper serves as a comprehensive guide to understanding the significance of OpenID protocols in Verifiable Credentials. It explores their practical applications and transformative potential in shaping the future of digital identity. The research underscores the critical roles of OID4VCI and OID4VP in enhancing privacy and security while emphasising their vital contributions to the digital wallet landscape, specifically focusing on the innovative EUDI Wallets within the European Union.
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication.
Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more.
In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
A behind the scenes look at how Google deployed FIDO Authentication for employees and customers in their efforts towards simpler, stronger authentication.
With both FIDO authentication and blockchain based on the cornerstones of strong cryptography, the two are a natural fit to help propel secure, user-centric applications.
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
스마트 프로덕트: 제조사를 위한 IoT 연결성 극대화 비즈니스 모델 및 사례 소개 – 정재연 AWS 인프라스트럭처 아키텍트, 장재영 경동나...Amazon Web Services Korea
AWS는 제조사의 커넥티드 디바이스를 보다 안정적이고 안전하게 운영할 수 있는 다양한 AWS IoT 서비스를 제공하고 있습니다. 본 강연에서는 스마트 프로덕트에 AWS IoT를 도입한 국내 제조사 사례를 소개하고, 귀사의 비지니스에 IoT 기술을 어떻게 적용할 수 있는지 소개해드립니다.
조직내 권한 계정에 대한 탐색-온보딩-접근제어-감사-기록
접근제어 및 인증 관리
-통합 인증
(Single Sign-On)
- 비밀번호 사용 없는
MFA적용
- 엔드포인트 접속
-Identity 보안
권한 제어
- 자격증명 정보 관리
-공용 계정 및 접속 계정에
대한 세션 관리
- 적절한 권한으로 적절한 시간에 사용 제어
자격관리(Entitlements)
- 프로비저지닝/디프로비저닝 관리
- 사용 권한에 대한 모니터링 및
관리
K-Defense R8(vKeypad)는 가상 보안키패드로서, 키보드를 사용하지 않고 입력단 정보를 보호는 기능을 제공 합니다. 가상 보안키패드와 키보드보안 솔루션을 병행 운영하여 이용자 환경과 선택에 따라 사용 할 수 있으며, 이는 보다 높은 안정성과 보안성을 제공 됩니다.
키보드 입력 값에 대한 탈취는 정통적이고 지속적으로 발생되는 해킹 기법 중에 하나 하며, 점점 지능화 고도화 되고 있습니다. 그에 대응하여 키보드보안솔루션 영역이 확대되었고, 그 연장선에서 종단간암복화(End-To-End) 기능은 키보드 입력부터 암호화하여 WAS 서버에서 복호화를 수행하는데 패스워드 형태 값은 기밀성, 텍스트 행태 값은 무결성을 보장하게 하여 메모리 참조 및 변조 취약점에 대응하는 보안성 높은 구조를 제공 합니다.
ActiveX 형태에서 제공 되던 인터페이스 함수를 똑 같이 non-ActiveX에서도 지원하여 실 작업자 분들에게 편의성과 호환성을 제공하고 사후 관리에서도 도움 됩니다.
4. All Rights Reserved | FIDO Alliance | Copyright 2018444444
1.FIDO2 ?
● FIDO2는 글로벌 바이오 인증 기술 및 표준 단체인 FIDO Alliance 에서 제정한 바이오 인증
기술
● 종전의 FIDO 1.0 은 Android 와 iOS 와 같은 스마트폰 OS 를 기준으로 지문 센서 등 바이오
정보 인식 모듈을 이용하여 Local 인증 후 PKI (PublicKey Infrastructure) 기반의 인증을 수행
● FIDO2는 인터넷 웹 표준 제정 기구인 W3C에서 정의한 웹 인증사양 (WebAuthn)과 Client-To-
Authenticator Protocol (CTAP) 기술이 적용된 OS 혹은 웹 브라우저에서 PKI 기반의 바이오
인증을 수행
PC 에서 No-Plugin 기반의 바이오 인증 기술을 이용한 No-Password 인증 시대 개막
5. All Rights Reserved | FIDO Alliance | Copyright 2018555555
2.FIDO2 Architecture
User Device
Relying Party Application
Browser
Platform
Authenticator (Bound) Authenticator (External)
Relying Party
Application Server
Javascript 기반 Web Authentication
FIDO2 Authentication
CTAP
FIDO Server
6. All Rights Reserved | FIDO Alliance | Copyright 2018666666
3.CrossCertFIDO2
● FIDO 1.x 와 FIDO2 를 동시에 지원하는 J2EE 기반의 FIDO 서버
● FIDO 1.x은 누적 2억건 이상의 트랜잭션을 처리하여 안정성이 검증됨
● Service 방식은 자사 Secure Datacenter 를 통해 24X365 무중단 서비스로 운영
(Solution Type도 제공)
J2EE
FIDO 1.x
Processor
PACKED
Processor
U2F
Processor
TPM
Processor
Android (Sec)
Processor
K-FIDO
Processor
CrosscertFIDO Server
JS API
7. All Rights Reserved | FIDO Alliance | Copyright 20187
2.응용 사례 :
클라우드 간편인증
CloudSign
8. All Rights Reserved | FIDO Alliance | Copyright 2018888888
1.국내 전자서명의 이슈
설치 프로그램 전자서명 Type 브라우저 전자서명 Type
www.aaa.com www.bbb.com
스마트폰 전자서명 APP
9. All Rights Reserved | FIDO Alliance | Copyright 2018999999
2.차세대 전자서명 Trend
편리성
안전성
비용
언제 어디서나
안전하고 저렴한
클라우드 기반의 인증 서비스
10. All Rights Reserved | FIDO Alliance | Copyright 2018101010101010
3.해외 클라우드 전자서명 Start
● Adobe사 클라우드 기반 디지털 서명 발표 (2017.2)
● GlobalSign Digital Signing Service 발표 (2017. 6)
11. All Rights Reserved | FIDO Alliance | Copyright 2018111111111111
4.한국전자인증 클라우드 전자서명 서비스
구분 기존 전자서명 서비스 클라우드사인
편리성
프로그램 설치 무설치
비밀번호 입력 FIDO (지문) 인증
저장매체 이동 클라우드 이용
안전성 인증서 유출
HSM 보관
(Hardware Security Module)
비용 고비용 무료(개인 1개 인증서)
12. All Rights Reserved | FIDO Alliance | Copyright 2018121212121212
5.클라우드사인 이용 절차
전자서명 요청
전자서명 완료
PC 스마트폰
13. All Rights Reserved | FIDO Alliance | Copyright 2018131313131313
6.FIDO2 기반의 클라우드사인
스마트폰 APP도 필요 없는 진정한 의미의 No-Plugin 인증서 서비스 제공
HSM
FIDO Server
PC (웹브라우저)
스마트폰
① FIDO2 Authentication
Biometric
17. All Rights Reserved | FIDO Alliance | Copyright 2018171717171717
1.전자서명 시장 향후 전망
❖ 전자서명 제도 개편 추진, 다양한 신기술 전자서명 및 No Plugin 서명수단 확산
❖ 과학기술정보통신부 “신기술 전자서명인증 기술세미나” 8월 개최 예정
✓ 클라우드 전자서명, 바이오 전자서명, 브라우저 전자서명
✓ 블록체인 연동 전자서명, 앱 기반 통합인증, 웹 표준 무설치 전자서명
❖ Global Trend
✓ Google RootCA 인수 : SSL Market, IoT Market, 자율주행
✓ UN RootCA 구축 진행 : 인증서+지문카드로 물리적통제, 논리적통제
✓ IoT Certificate : By 2020, over 25 billion things will be connected to the Internet
OCF, OIC, One M2M : PKI + 생체인증 => OCF IoT Root CA 구축 진행중
AWS IoT Service : Device Certificate 발급 및 등록
✓ 자율주행 : VPKI(Vehicular PKI) 또는 V2X PKI (Vehicle to X PKI). 차량인증기관
18. All Rights Reserved | FIDO Alliance | Copyright 2018181818181818
2. 협업과 KWG
Key Value 내용
Global
Practice
- Symantec 글로벌 인증센터 직접운영 Global Practice 경험
- Global Security Policy, Validation, Management
Secure
Data Center
운영
- 금융/공공/기업 분야 실시간 공인인증 서비스의 안정적 운영
- 2억건의 FIDO 처리 (최근 ‘리브똑똑’의 음성인증 서비스)
PKI,
FIDO,
Device 인증,
클라우드 인증
원천기술 보유
- 국정원 암호필 알고리즘, ECC 경량 알고리즘 보유
- 보안토큰, IC카드, USIM, 지문카드 관련 저장 기술 확보
- HSM 키 생성, 키 관리와 전자서명 기술
- ATM, Cable modem, Set-top Box 인증서 5천만개 이상 발급
- 인증기관 최초 FIDO UAF 1.0 전체 항목 인증 획득
4차 산업혁명
혁신 기술 선도
- AIBrain 설립(2012년) – Datamation 20대 AI회사로 선정
- 과학기술정통부 IITP 정보보안 블록체인 사업자 선정
- 서울대와 블록체인기반 BitCoupon Service
한국전자인증 핵심역량
❖ Open Innovation 협업
✓ 다양한 인증수단과 어떻게 경쟁?
✓ 기술을 어디에 서비스?
✓ 안전성, 보안성 해결은?
❖ FIDO KWG 활동
✓ Development and Marketing 분과
공동 리더
✓ 온-오프라인 행사 기획 및 운영
✓ FIDO 잠재 회원 발굴 및 교육
✓ 타 국가 지역 워킹 그룹과 협업하여
기술개발 / 기술영업 파트너십 기회
모색
✓ 12월 FIDO 세미나 기획/운영
✓ FIDO 한글 웹사이트 론칭
19. All Rights Reserved | FIDO Alliance | Copyright 2018191919191919
담당영업 : 이형준 부장 (hjlee@crosscert.com)