Cookbook Strong Authentication & OpenID Using Axsionics & Clavid 01-3-2009 Sylvain Maret / Security Architect /Geneva http://sylvain-maret.blogspot.com/

Introduction This cookbook shows you how to use an Axsionics – Internet Passport - for Strong authentication with OpenID We will use Clavid as a OpenID provider (IDP) A Swiss Compagny http://www.clavid.com/

This cookbook shows you how to use an Axsionics – Internet Passport - for Strong authentication with OpenID

We will use Clavid as a OpenID provider (IDP)

A Swiss Compagny

http://www.clavid.com/

About Axsionics Zero Foot Print Biometry Device providing strong authentication and transaction security 3 factors authentication For more information: http://www.yubico.com For more information: http://www.yubico.com

Zero Foot Print Biometry Device providing strong authentication and transaction security

3 factors authentication

For more information: http://www.yubico.com

For more information: http://www.yubico.com

About Clavid A Swiss company providing identity OpenID & SAML support Swiss Post Digital Certificate All SSL Client Digital Certificate X509 Yubikey: and easy USB Token No driver and very cheap Axsionics SMS Out of Band Authentication And Username & Password (no Strong Authentication……) And Soon more ! OTP Token ? OCSP ? Thawte Personal user Certificates ? Web of trust I Hope 

A Swiss company providing identity

OpenID & SAML support

Swiss Post Digital Certificate

All SSL Client Digital Certificate X509

Yubikey: and easy USB Token

No driver and very cheap

Axsionics

SMS Out of Band Authentication

And Username & Password (no Strong Authentication……)

And Soon more !

OTP Token ?

OCSP ?

Thawte Personal user Certificates ? Web of trust

I Hope 

Let’s define the scenario Use a Strong Authentication My finger and a device Axsionics Use OpenID Clavid.ch http://www.clavid.ch/ Use Plaxo to test this example with OpenID

Use a Strong Authentication

My finger and a device Axsionics

Use OpenID

Clavid.ch

http://www.clavid.ch/

Use Plaxo to test this example with OpenID

Connect to Plaxo and choose OpenID

Enter your OpenID User ID from your Clavid.ch Identity Provider

You are redirected to Clavid.ch: Your secure Identity Provider

Now your IDP asks you to proof your identity displaying a challenge The “Flicker code”

Use now your fingerprint to claim how you are and read the challenge !

Proof your digital identity using a biometric reader. So easy !

You have now a unique Code.(One Time Password)

Enter now your unique code and submit it to your IDP

Ok, now you are redirected to Plaxo: That it

Some Key Points ! No need to install software – Zero Foot Print Very high level of security Strong non repudiation using Biometry Resist to Men in the Browser Attack

No need to install software – Zero Foot Print

Very high level of security

Strong non repudiation using Biometry

Resist to Men in the Browser Attack

"Le conseil et l'expertise pour le choix et la mise en oeuvre des technologies innovantes dans la sécurité des systèmes d'information et de l'identité numérique"

More info about Digital Identity Security: Sorry most of the time in french  http://sylvain-maret.blogspot.com/