Session ID: HKG18-320
Session Name: HKG18-320 - The Practical Application of IFAA Standard
Speaker: Not Available
Track: Ecosystem Day
★ Session Summary ★
Nowadays people connect into Internet by multiple kinds of devices. To identify and authenticate users correctly and easily is the fundamental capability of Internet service provider. Password is no longer the must-have way. Biometric authentications like fingerprint are much easier and enough secure. IFAA (Internet Finance Authentication Alliance ) is an alliance funded by Alibaba, Ant Financial, CAICT, Huawei, SAMSUNG, and ZTE. Now it has more than 150 members including ARM, Qualcomm, MTK, Vivo, Oppo, Spreadtrum, Xiaomi and so on. The IFAA standard based fingerprint authentication has been widely supported in all kinds of devices sold in China market. Take Alipay as an example, more than 170M users are using fingerprint to pay their orders, almost 35% of Alipay trades are now supported by IFAA standard.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-320/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-320.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-320.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Ecosystem Day
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
2. The challenge and
opportunity for Internet
Authentication
Challenge of
biometric authentication
IFAA
Introduction
The open and
empower of IFAA
1 2 3 4 5
The status
and future of IFAA
3. message
security
question
password
What is your
parent name ?Methodology
bank card
verification
• password leak
• account
enumeration
attack
• unreachable
• trojan horse
• high-cost
• information
leak
• information
leak
Potential
Risks
The challenges to traditional
authentication
4. Biometric authentication is the status-of-
art
vsvs
What you know What you have Who are you
easy to forget,
account enum attack,
trojan horse,
high-frequent interrupt
not easy to take by hands low-frequent interrupt
5. Security Analysis for Biometric
Authentication Stack
Feature
Abstraction
Senor
Template
generatio
n
verify
Original
template
Enrolment
readread
Trojan horse
hijack
Trojan
horse hijack
Trojan horse
hijack
Server
Result
Sign the
verification
result and
other related
template
leak
Trojan horse
hijack
App
Original biometric
information should never
leave user’s device
( Privacy Protection and Law )
The storage and
matching of biometric
data are facing threats. Biometric input
(e.x fingerprint)
7. IFAA (Internet Finance Authentication Alliance)
• June 2015 , Ant
Financial 、 Alibaba 、 Huawei 、 SAMSUNG 、 ZTE 、 CAICT
together announce IFAA.
• Uniform the whole industry chain steps to develop new and
easy-to-use authentication solutions.
• Now, have 160 members (until 2018.2). Cover most of the
OEMs in China:
Huawei 、 Oppo 、 Vivo 、 Xiaomi 、 SAMSUNG 、 Meizu 、 Z
TE 、 Lenovo 、 Gionee 、 Smarita etc. ; Chip vendors
include Qualcomm 、 MTK 、 Intel 、 Spreadtrum 、 ARM
etc. , and sensor vendors 、 secure OS vendors 、 standard
organizations 、 test and certificate organizations.
STEP
1
Std org Test lab
Security
OEM Chip
vendors
App
Mission : provide secure and easy-to-
use identity authentication service that can
be accessed everywhere in Internet
8. The status of IFAA protocol application
36230+
Device models
190M+
Fingerprint payment
register user
( Alipay )
35%+
The fingerprint
payment rate
( Alipay )
700M+
IFAA-enabled
Android devices
Brands
OEM
9. A brief introduction to IFAA Architecture
ClientClient
ApplicationApplication
IFAA Client APIIFAA Client API
TEETEE
IFAA
Auth
entic
ator
IFAA
Auth
entic
ator
Devic
e ID
Devic
e ID
Biometric
matcher
Biometric
matcher
Biometric
information
Biometric
information
S
E
S
E
CloudCloud
IFAA Root CAIFAA Root CA
IFAA ServerIFAA Server
Authenti
cation
Center
Authenti
cation
Center
Device
Verification
Center
Device
Verification
Center
Biz ServerBiz ServerTLSTLS
IFAFIFAF
CACA
• Two-side secure
channel based on
TEE/SE capabilities.
• Preinstalled crypto
keys in TEE before the
devices delivered to
users.
• Easy to adapt multiple
biometric
authentications.
10. Now, IFAA is open to all applications
• High device coverage: 36 OEM brands.
• High security protocol: two-side
secure channel based on TEE
• High stability: used in Alipay payment
scenario for almost 3 years
IFAA
11. The applications supported by IFAA
Shanghai CA
Third-party paytment
Bank
CA
E-commerce
Suning Commerce
Suning Finance
Pudong development bank
12. The status and future of IFAA
• Fingerprint Authentication
• TEE-based Device Security
• Support most of the fingerprint
devices in China market
• Set up sample apps
• Smart phone, watch and Bracelet
• Multiple Biometric
• TEE 、 SE 、 MCU
• Support global devices
• Empower all kinds of apps
• IoT
Current IFAA The Future of IFAA
13. Thank You
#HKG18
HKG18 keynotes and videos on: connect.linaro.org
For further information: www.linaro.org
Contact by
xinzhi.xz@antfin.com
+86 18501648085