1
T
FINGERPRINT
SEC
U
FA
BIOME
TOKEN
RBA
ACTIVE
FINGERPRINT
SECURE
ELEMENT
NFC
BIOMETRIC
PIN
RBA
SILEFINGERPRINT
ELEME
NFF...
INTRODUCTIONS
2
Sebastien Taveau
Chief Technology Officer
Validity Sensors, Inc
@frogtwitt
Jamie Cowper
Senior Director, B...
THEPOWEROFAUTHENTICATION
①  Bookonline
②  Ridetorentalcenter
③  Waitinline
④  Handovercreditcard+Driver’s
license
⑤  Sign ...
YOURPHONEISYOURPROXY
4
LATESTNUMBERS
5
Source: IDC Worldwide Quarterly Smart Connected Device Tracker, September 11, 2013
SMARTPHONEMARKETSHARE
6
A Shift in Authentication
New Paradigm
Opportunity for Better Authentication is Upon Us
Are you ready?
For	
  Users	
   For	
  Organiza.ons	
  
Painful to Use
	
...
User Auth Online
Do you want to login?
Do you want to transfer $100 to Joe?
Do you want to ship to a new address?
Do you w...
Consumer Focus"
Security Options"


"
Natural ID and User Options
Passwords
Too many to remember, difficult to type,
and not secure
REUSED PHISHED KEYLOGGED
Password and PIN: harsh reality
Source:	
  XQCD	
  
One Time Codes
Improves security but not easy enough
SMS
USABILITY
DEVICE
USABILITY
USER
EXPERIENCE
STILL
PHISHABLE
Covera...
Megatrend
Simpler, Stronger Local Device Auth
PERSONAL DEVICES LOCAL LOCKING NEW WAVE: CONVENIENT SECURITY
Carry Personal ...
Strong Consent"
How does it work? "
How does it work? "
Enrollment and Matching"
Reconstruct Image
01FE B93F 00F1 0A2B 001D
4752 648B 5563 5362 6A79
...
(292 bytes per scan line)...
Where? "
NFC"
STANDARDIZING SECURITY
HOWDOWEKNOWIT’SREALLYYOU?
24
?
EXTENDLOCALAUTHENTICATION
25
Protocol
Local Remote
COMMONAUTHENTICATIONPROTOCOL
26
Users
Cloud
Devices
Federation
27
EXPANSION
(POST FEB)
AuthenticatorsWeb Services Devices Implementers
FOUNDERS
THEFIDOSOLUTION
28
Discovery 
Provisioning 
Authentication
MORESECUREAUTHENTICATION




29
Unique Cryptographic Secrets
Feature Security Benefit
Unique key per user/device/site Segm...
LEVERAGINGHARDWARESECURITY
User Space 
Secure 
Hardware 
MFAC SDK
UX Layer
Input, Display
Crypto Layer
MFAC SDK
UX Layer
I...
DEVICESARERICHINAUTHENTICATION
CAPABILITIES
31
Camera
Fingerprint Sensor
Microphone
Secure Execution
Secure Storage
Locati...
COMPLEMENTARY
DESIGNEDFORMODERNAUTHENTICATION
32
IMPLICIT
AUTHENTICATION
EXPLICIT
AUTHENTICATION
AUTHENTICATION
USERVERIFICATION
33
Launch Press Success
MOBILE PAYMENTS
TRANSACTIONCONFIRMATION 
34
Setup Confirm Sent
35
FIDO
	
  	
  
	
  	
  
	
  	
  
	
  	
  
DOCUMENT TITLE
Upcoming SlideShare
Loading in …5
×

New Trends in Mobile Authentication

1,159 views

Published on

Jamie Cowper, Senior Director, Nok Nok Labs and Sebastien Taveau, Validity Sensors discuss the latest trends in mobile authentication.

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,159
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
76
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • The protocol allows the authentication client to communicate with the server. It has 3 main functions: Discovery – Allows the servers to discovery what capabilities are present on the client device. Enables the use of existing device capabilities for authentication Provisioning -Allows users to self-register using authenticator(s) by the server. Keys are provisioned in this step. Authentication – Provides token-abstracted authentication using a challenge-response model based on OCRA (Oath Challenge-Response Algorithms)FIDO is designed to be extensible - Enables plugging-in of new authenticators, cryptographic, etcFollows a challenge response model based on OCRA It supports both symmetric and asymmetric key encryptionValidates authenticators present in client devices to verify their genuineness
  • MFAC’s design takes advantage of secure hardware when it is available on devicesDepending on device capabilities, more parts of MFAC can be “sunk into” secure hardware When no secure hardware is present, all software executes in userspaceSoftware techniques are used to protect cryptographic material and code Whitebox encryption Code obfuscation Signing of code When cyrptographic chips like TPMs and Secure Elements are present MFAC SDK and the UX Layer execute in userspaceCryptographic operations and key storage use secure hardware When full secure execute enviroments like Trustzone are availableMFAC SDK still executes in userspaceCryptographic operations and key storage use secure hardware UX Layer uses secure keyboards and secure display Fingerprint sensors and also securely hardwired This mode is provides the most security
  • New Trends in Mobile Authentication

    1. 1. 1 T FINGERPRINT SEC U FA BIOME TOKEN RBA ACTIVE FINGERPRINT SECURE ELEMENT NFC BIOMETRIC PIN RBA SILEFINGERPRINT ELEME NFFACE BIOMETRIC TOKENACTIVE SILE ELEMENT USB FACE PIN TOK RBA PASSIVE SILEN FINGERPRINT VOICEUSB BIOMETRIC TPM VOICE NFC FACE TPM FINGERPRINT NFC USB RBA ACTIV TP FINGERPRINT SECURE NFC FACE RBA PASSIVE SILENT TPM FINGERPRINT VOICE ELEMENT ACTIVE BIOMETRIC PIN PASSIVE SILENT TPM FINGERPRINT SECURE ELEMENT NFC PIN TOKEN PASSIVE FINGERPRINT VOICE SECURE E TOKEN R VOICE SECURE NFC TOKEN TPM PIN RBA FINGERPRINT SECURE NFC USB VOICE NFC PASSIVE USB TOKEN PASSIVE TPM SECURE ELE FACE BIOMETRIC ACTIVE SECURE USB ACTIVE TPM VOICE NFC USB FACE PIN RBA ACTIVE TPM SECURE ELEMENT PIN RBA SILENT USB PIN SILENT ELEMENT NFC FINGERPRINT USB TPM VOICE RBA PASSIVE ACTIVE TPM SECURE USB FACE ACTIVE VOICE PIN PASSIVE TPM FINGERPRINT RBA ACTIVE TPM ELEMENT ACTIVE SILENT TPM USB RBA SECURE BIOMETRIC PIN SILENT TPM VOICE USB PIN USB FACE BIOMETRIC NFC TOKEN RBA PIN RBA SILENT FACE RBA PASSIVE ACTIVE SILENT TPM FINGERPRINT RBA ACTIVE TPM TOKEN ACTIVE SILENT VOICE USB FACE PIN RBA ACTIVE SILENT RBA VOICE NFC USB ACTIVE TPM BIOMETRIC TOKENTPM FACE TOKEN PASSIVE PIN TPM TPM FACE TPM FACE PASSIVE SILENT BIOMETRIC SECURE PIN PASSIVE SILENT VOICE USB PIN TOKEN PASSIVE NFC BIOMETRIC RBA SILENT TPM SECURE VOICE USB USB FACE SILENT SECURE PIN SILENT ELEMENT USB FACE VOICE USB SECURE FACE PIN FINGERPRINT SILENT PIN BIOMETRIC TPM USB FACE ELEMENT TPM VOICE SILENT USB RBA SILENT TPM VOICE FACE PASSIVE PIN TOKEN ACTIVE USB PASSIVE USB FACE TPM PASSIVE SECURE USB TPM FACE PIN RBA NFC USB RBA ACTIVE NFC USB PIN NFC SILENT VOICE FACE PIN RBA PASSIVE NFC USB PIN TPM PASSIVE PIN USB TPM NFC USB FACE SILENT FINGERPRINT USB USB USB TPM FACE TPM USB PIN FACE USB FACE USB NFC FACE TPM PIN FACE FACE USB TPM NFC RBA USB PIN PIN TPM USB RBA RBA PIN USB USB USB USB NFC FACE PIN NFC VOICE USB USB USB TPM USB USB TPM FACE NFC RBA USB FACE PIN VOICE USB USB USB RBA TPM NFC USB TPM USB USB USB TPM FACE USB FACE USB TPM USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB USB New Trends in Mobile Authentication
    2. 2. INTRODUCTIONS 2 Sebastien Taveau Chief Technology Officer Validity Sensors, Inc @frogtwitt Jamie Cowper Senior Director, Business Development Nok Nok Labs, Inc @jcowper
    3. 3. THEPOWEROFAUTHENTICATION ①  Bookonline ②  Ridetorentalcenter ③  Waitinline ④  Handovercreditcard+Driver’s license ⑤  Sign forms ⑥  Driveaway ①  Bookonline ②  Walktonearbyparkinglot ③  Unlockcarwithmobileapp/ ZipCard ④  Driveaway 3 Total Time: 15-30 min Total Time: 2 min
    4. 4. YOURPHONEISYOURPROXY 4
    5. 5. LATESTNUMBERS 5 Source: IDC Worldwide Quarterly Smart Connected Device Tracker, September 11, 2013
    6. 6. SMARTPHONEMARKETSHARE 6
    7. 7. A Shift in Authentication
    8. 8. New Paradigm
    9. 9. Opportunity for Better Authentication is Upon Us Are you ready? For  Users   For  Organiza.ons   Painful to Use   •  25  Accounts   •  8  Logins  /  Day   •  6.5  Passwords   Difficult to Secure   •  $5.5M  /  Data  Breach   •  $15M  /  PWD  Reset   •  $60+    /    Token   For  the  Ecosystem   Impossible to Scale   •  Fragmented   •  Inflexible   •  Slow  to  Adopt  
    10. 10. User Auth Online Do you want to login? Do you want to transfer $100 to Joe? Do you want to ship to a new address? Do you want to delete all of your emails? Do you want to share your dental record? Auth today: Ask user for a password (and perhaps a one time code)
    11. 11. Consumer Focus" Security Options" 
 "
    12. 12. Natural ID and User Options
    13. 13. Passwords Too many to remember, difficult to type, and not secure REUSED PHISHED KEYLOGGED
    14. 14. Password and PIN: harsh reality Source:  XQCD  
    15. 15. One Time Codes Improves security but not easy enough SMS USABILITY DEVICE USABILITY USER EXPERIENCE STILL PHISHABLE Coverage | Delay | Cost One per site | Fragile User confusion Known attacks today
    16. 16. Megatrend Simpler, Stronger Local Device Auth PERSONAL DEVICES LOCAL LOCKING NEW WAVE: CONVENIENT SECURITY Carry Personal Data Pins & Patterns today Simpler, Stronger local auth  2F  
    17. 17. Strong Consent"
    18. 18. How does it work? "
    19. 19. How does it work? "
    20. 20. Enrollment and Matching" Reconstruct Image 01FE B93F 00F1 0A2B 001D 4752 648B 5563 5362 6A79 ... (292 bytes per scan line) Host Platform Raw Image Data Fingerprint Template Sensor Extract Minutiae M1={x1,y1,a1,z1) M2={x2,y2,a2,z2} ...
    21. 21. Where? "
    22. 22. NFC"
    23. 23. STANDARDIZING SECURITY
    24. 24. HOWDOWEKNOWIT’SREALLYYOU? 24 ?
    25. 25. EXTENDLOCALAUTHENTICATION 25 Protocol Local Remote
    26. 26. COMMONAUTHENTICATIONPROTOCOL 26 Users Cloud Devices Federation
    27. 27. 27 EXPANSION (POST FEB) AuthenticatorsWeb Services Devices Implementers FOUNDERS
    28. 28. THEFIDOSOLUTION 28 Discovery Provisioning Authentication
    29. 29. MORESECUREAUTHENTICATION 29 Unique Cryptographic Secrets Feature Security Benefit Unique key per user/device/site Segmentation of risk High-entropy asymmetric keys instead of passwords Protection against dictionary, brute force attacks Secrets not exposed to user Protection against phishing, key logging, shoulder surfing User Account Device Site
    30. 30. LEVERAGINGHARDWARESECURITY User Space Secure Hardware MFAC SDK UX Layer Input, Display Crypto Layer MFAC SDK UX Layer Input, Display Crypto Layer MFAC SDK Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
    31. 31. DEVICESARERICHINAUTHENTICATION CAPABILITIES 31 Camera Fingerprint Sensor Microphone Secure Execution Secure Storage Location Motion, Heartbeat, etc. M7 Face Recognition Fingerprint Recognition Voice Recognition
    32. 32. COMPLEMENTARY DESIGNEDFORMODERNAUTHENTICATION 32 IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
    33. 33. AUTHENTICATION USERVERIFICATION 33 Launch Press Success
    34. 34. MOBILE PAYMENTS TRANSACTIONCONFIRMATION 34 Setup Confirm Sent
    35. 35. 35 FIDO                 DOCUMENT TITLE

    ×