FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
With both FIDO authentication and blockchain based on the cornerstones of strong cryptography, the two are a natural fit to help propel secure, user-centric applications.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
With both FIDO authentication and blockchain based on the cornerstones of strong cryptography, the two are a natural fit to help propel secure, user-centric applications.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
An overview of the Alliance, the problem we are addressing the password problem, how FIDO is addressing it, the new ecosystem we are creating and the road ahead.
FIDO® for Government & Enterprise - PresentationFIDO Alliance
With FIDO 1.0 standards published in December, 2015, mainstream product adoption and service deployment has begun with more announcement planned for the RSA Security Conference 2015. This webinar will feature FIDO highlights from the conference and a discussion of how governments and enterprises are engaging with FIDO Alliance and the new wave of innovative authentication solutions FIDO standards enable, with a special focus on how the US Government is positioning FIDO within the context of NSTIC (National Strategy for Trusted Identities in Cyberspace).
A detailed look at the "Your Security, More Simple" d ACCOUNT initiative at NTT DOCOMO, including design principles, solution architecture, security architecture, FIDO standards and deployment of FIDO Authentication. Presented by Koichi Moriyama, Senior Director, Product Department, NTT DOCOMO, Inc.
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
Answering all of your questions about FIDO Certification, including: what is FIDO certification?, types of certification, meta data service, security certification and the value of deploying certified solutions.
The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication.
Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more.
In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.
Detailed information about membership levels, participation opportunities and the positive ROI that your company can find by helping drive FIDO’s efforts to create a thriving ecosystem for modern authentication.
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
Overview of FIDO Security Requirements and Certifications by Laurence Lundblade, Docomo Innovations
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
An overview of the Alliance, the problem we are addressing the password problem, how FIDO is addressing it, the new ecosystem we are creating and the road ahead.
FIDO® for Government & Enterprise - PresentationFIDO Alliance
With FIDO 1.0 standards published in December, 2015, mainstream product adoption and service deployment has begun with more announcement planned for the RSA Security Conference 2015. This webinar will feature FIDO highlights from the conference and a discussion of how governments and enterprises are engaging with FIDO Alliance and the new wave of innovative authentication solutions FIDO standards enable, with a special focus on how the US Government is positioning FIDO within the context of NSTIC (National Strategy for Trusted Identities in Cyberspace).
A detailed look at the "Your Security, More Simple" d ACCOUNT initiative at NTT DOCOMO, including design principles, solution architecture, security architecture, FIDO standards and deployment of FIDO Authentication. Presented by Koichi Moriyama, Senior Director, Product Department, NTT DOCOMO, Inc.
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
Answering all of your questions about FIDO Certification, including: what is FIDO certification?, types of certification, meta data service, security certification and the value of deploying certified solutions.
The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication.
Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more.
In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.
Detailed information about membership levels, participation opportunities and the positive ROI that your company can find by helping drive FIDO’s efforts to create a thriving ecosystem for modern authentication.
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
Overview of FIDO Security Requirements and Certifications by Laurence Lundblade, Docomo Innovations
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
The rapid expansion of the Internet of Things has fostered convenience and connectedness for consumers. It has also opened the door for creative hackers. Recently, hackers used hundreds of thousands of common internet-connected devices in consumers’ homes, without the owners’ knowledge, to launch a DDoS attack that temporarily brought down crucial parts of the internet’s infrastructure.
Attacks in the past have shown that passwords in IoT devices provide insufficient security. Additionally, IoT devices are too constrained for implementing biometric functions.
The question then becomes how to authenticate to such devices and can the industry adopt a standardized approach despite a highly fragmented IoT landscape. This presentation by Rolf Lindemann of Nok Nok Labs, explores how FIDO Authentication can provide convenient and strong authentication in an array of IoT use cases.
Introduction to FIDO Biometric AuthenticationFIDO Alliance
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
Gaming systems and the gaming industry have evolved since the days of the first computer games. Connectivity and interactivity has changed everything, blending best practices of PC, mobile and social games into a $100B market that is rife with opportunity — and threats. No longer is gaming just a matter of getting a high score or of beating your friend sitting next to you on the couch; multiplayer, networked games replete with virtual (or real) currency dramatically have changed the value line and threat matrices in the gaming industry.
Secure identity credentials and related attributes are essential to maintaining the integrity of the gaming ecosystem. This webinar will explore ways that the gaming market can address the imperative to provide users with stronger authentication within an improved user experience, and will detail some approaches therein.
Join this webinar to learn:
The basics of FIDO Authentication
How game developers and service providers can reduce risk while improving user experience
The risks of weak authentication facing the gaming industry
Unique perspective from two leading solution providers on the approaches to stronger, simpler authentication for gaming
Featured Speakers
Dave Signh, Platform Security Division, Product Manager, Intel
Shawn Lin, Product Support Application Engineer, Synaptics
Andrew Shikiar, Senior Director of Marketing, FIDO Alliance
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
IDC estimates that there will be 41.6 billion connected IoT devices by 2025, opening up opportunities for increased efficiencies and innovation across industries. Yet, lack of IoT security standards and typical processes such as shipping with default password credentials and manual onboarding leave devices, and the networks they operate on, open to large-scale attack.
Last summer, the FIDO Alliance announced a new standards initiative to tackle these security issues in IoT. The Alliance’s IoT Technical Working Group aims to provide a comprehensive authentication framework for IoT devices in keeping with the fundamental mission of the Alliance – passwordless authentication. These webinar slides provide an update on this new work area, including:
--How FIDO Authentication and existing specifications fit into the IoT ecosystem today
--The charter and goals of the IoT TWG, including development of specifications for IoT device attestation/authentication profiles to enable interoperability between service providers and IoT devices; automated onboarding, and binding of applications and/or users to IoT devices; and IoT device authentication and provisioning via smart routers and IoT hubs
--The progress of the working group to date, including the use case and target architectures the IoT TWG is looking at as a foundation for its specifications and certification program
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
1. All Rights Reserved | FIDO Alliance | Copyright 2018
An Universal MFA Fido
Device for PC use
Stephen Oh
eWBM
1
2. All Rights Reserved | FIDO Alliance | Copyright 2018222222
eWBM is a Fabless Semiconductor company.
We are “Fabulous Fabless”
Founded on Oct. 15th, 2009
CEO : Stephen Oh / Ph.D.
Business area : Security IoT MCU (Microprocessor)
Our Version
• Create New Market using Disruptive Technology
3. All Rights Reserved | FIDO Alliance | Copyright 2018333333
Fido is The Best application for eWBM
“ What’s special about eWBM’s authenticator? ”
Answer : (1) Security by design (2) Bottom-up Design using a single Chip (3) Strong Int’l Partnerships
Service Layer
HAL Layer
FIDO
SECUREDB
I/OINTERFACECRYPTOHWACCELERATOR
PHY
CRYPTOFW
UAF
FP
U2F
MANAGER
AES
SHA
ECC
RSATRNG
ENCRYPTION
COMMAND DISPATCH
Application
Layer
AES/SHA TRNGRSA/ECC UART BSPISPI GPIO …
DECRYPTION
FIDO2
Security MCU
(MS500) of eWBM
Fido Protocol :
eWBM
Cyberbridge
Fingerprint Recognition:
Precise Biometric
Crypto
Embedded HW engine
4. All Rights Reserved | FIDO Alliance | Copyright 2018444444
FIDO(Fast IDentity Online)
CURRENT BIOMETRIC SYSTEM
⚫ VulnerabilityfromBiometricdata
transmission
⚫ HackingVulnerabilityofBiometricdata on
theServer side
PROBLEM OF ID/PW SYSTEM
⚫ MultipleID / PASSWORD pairsto
remember
⚫ PASSWORDrequirementgetting
complicatedand hard to managedue to
frequentupdates
⚫ Easyto be hacked-- Securitynightmare!
FIDO
⚫ No 3rd Party in the Protocol
⚫ No PASSWORD on the server side
⚫ No Private key on the server side
⚫ No Biometric data transmission
⚫ Easy to use but very secure
⚫ Biometric Data is safely stored in device
⚫ Biometric Recognition done in secure region
⚫ No Personal information transmission out from device
⚫ Cryptography based protocol
What eWBM’s
Security MCU
offers
5. All Rights Reserved | FIDO Alliance | Copyright 2018555555
Inside eWBM’s MFA Fido Authenticator
USB Chip MS500
SPI
SPI
USBTypeA
1. All Crypto functions
2. Fido Protocol
3. Fingerprint Recognition Algorithm
4. Fingerprint template stored encrypted
5. All Crypto keys stored encrypted
6. Each device has unique key set
7. Secure Booting
Next Gen MCU will include
USB interface
6. All Rights Reserved | FIDO Alliance | Copyright 2018666666
FIDO(Fast IDentity Online)
• Lower cost for the
Enterprise
• Simpler Use for
Consumer
• Stronger Security for
Online ServicesStronger
Security
Lower
Cost
Simpler
Use
“Benefits of eWBM”s
FIDO Solution”
Securebooting
Securestorage
Simple
and LowCost
JustScanyour
Fingerprint
7. All Rights Reserved | FIDO Alliance | Copyright 2018777777
Why eWBM’s MFA Fido Device?
True MFA (Multi-factor Authentication) in One Device
Biometric MFA is safer than PIN based MFA
→ “Something you are” vs “Something you know”
Cases for using previous generation computers without Biometric sensor
→ External MFA Device
Cases for using Company and/or Government provided Computers
→ Use Fido MFA device without providing your Biometric data
Cases for using Internet Café PC’s (PC room in Korea)
→ Overcome the vulnerability of shared computers
8. All Rights Reserved | FIDO Alliance | Copyright 2018888888
eWBM’s MFA Fido Device feature
Covers all Types of Fido protocols
• U2F / UAF / FIDO2
Extra Level of Security
• Secure Storage
⇒ Fingerprint data never leaves the device
⇒ FIDO Authenticator Security Parameters securely stored
• Secure Boot
⇒ FW securely stored with encryption and integrity check
True Multi-factor Authenticator with One Device
• Authenticator – something you have
• User verification – Biometrics (something you are)
Multiple OS Support
• Windows, MacOS, Linux
Platform
WebAuthn
CTAP1 CTAP2
U2F
Authen
FIDO2
Authen
9. All Rights Reserved | FIDO Alliance | Copyright 2018999999
eWBM’s MFA Fido Authenticator
eFA450 (engineering sample)
10. All Rights Reserved | FIDO Alliance | Copyright 2018101010101010
eWBM’s MFA Fido Authenticator
eFA500
11. All Rights Reserved | FIDO Alliance | Copyright 2018111111111111
eWBM’s MFA Fido Authenticators
USBforPC
Protection Sleeve
SnoopingResistance
Fingerprintsensor
Ruggeddesignforfinger
pressingapplication
Securechip(MS500)
forMaximumsecurity
(both fingerprintrecognitionand
Fido protocolhappeninsidethe
chip)
Allbiometricdata storedinside
thechipencrypted
– no onecanaccessthestored
information
USBforPC
국산센서
12. All Rights Reserved | FIDO Alliance | Copyright 2018121212121212
eWBM’s MFA Fido Authenticator
https://www.youtube.com/watch?v=QpP6bdnzvPQ
13. All Rights Reserved | FIDO Alliance | Copyright 2018131313131313
eWBM MFA Fido Authenticator Status
U2F Inter Op Test
• Both eFA450/500 certification (Jul 25, 2018)
Fido2 Certification
• Passed Self conformance test
• Inter Op Test (Aug 20, 2018)
Fido Security Certification
• Ready for Fido Security L2 (2018 3Q)
EMC Certification (Jul ~ Aug, 2018)
→ KC (Korea), CE (EU), FCC (US)
MP
Jul ~ Aug
2018
14.
15.
16. All Rights Reserved | FIDO Alliance | Copyright 2018
Consumers
• Web Surfing, Shopping
⇒ online user authentication
• Gaming
⇒ In-Game item purchase
• PC Banking and Trading
• PersonalAccess Control
⇒ door lock, locker, accessories
• Blockchain
⇒ Cold Wallet
161616161616
MFA Device Applications (1)
Public worker application
• Secure Government workers
⇒ User Verification
⇒ SecuringApproval processor
• Public Service security
⇒ Online authentication
⇒ Petition document control
Education/Training
• User Verification for online lecture
• UserAuthentication for transactions
17. All Rights Reserved | FIDO Alliance | Copyright 2018171717171717
MFA Device Applications (2)
Corporate Applications
• Access Control
⇒ Documents access control based on
position/function
• ElectronicApproval
⇒ No Substitute approval possible
• Entrance control
⇒ Current Biometric systems are hackable
⇒ Multiple location office
• Privacy protection
Service sector
• Verification of Customer visiting
Service Person
⇒ Even in non-secure situation
• Access Control
⇒ FunctionalityAwareAccess Control
IT
• Server and IT system manager
authentication
⇒ Much safer than login/password pair
• Equipment user authentication
⇒ Much safer than login/password pair
18. All Rights Reserved | FIDO Alliance | Copyright 2018181818181818
FKWG에서의 eWBM 역할 및 향후 기대
1. FKWG
→ 타 Regional working group과는 달리 새로운 표준 Fido 전체에 확산 가능
• 반도체 개발 업체인 eWBM이 FKWG의 멤버인 이유
• IoT (사물인터넷)에 Fido 적용한 새로운 표준 개발
• 디바이스 회사로서 역할을 감당할 예정
2. FKWG의 혜택
• FKWG를 통해 Fido 관련 대부분의 업체와 교류 가능
• 대부분의 멤버들은 SI 업체 이거나 서비스 업체로 구성
• 대부분 eWBM의 잠재적 고객사
3. 향후 기대
→ 멤버사간 단순한 비즈니스 관계보다는 전략적 제휴를 통한 해외 시장 진출
19. All Rights Reserved | FIDO Alliance | Copyright 2018191919191919
Summary
Fido MFA device based on eWBM’s security MCU
→ optimized for best performance and price
Device will be available this (2018) summer!
eWBM’s device is one of the first true MFA Fido devices in industry
→ external authentication device with Fingerprint Recognition
This device is for you when you CANNOT provide full Fido experience to your
customer only with Smartphone
We are still a semiconductor company
→ Fido Solution (Development Platform) and Fido Module are available