HKG18-320 - The Practical Application of IFAA Standard
Session ID: HKG18-320 Session Name: HKG18-320 - The Practical Application of IFAA Standard Speaker: Not Available Track: Ecosystem Day ★ Session Summary ★ Nowadays people connect into Internet by multiple kinds of devices. To identify and authenticate users correctly and easily is the fundamental capability of Internet service provider. Password is no longer the must-have way. Biometric authentications like fingerprint are much easier and enough secure. IFAA (Internet Finance Authentication Alliance ) is an alliance funded by Alibaba, Ant Financial, CAICT, Huawei, SAMSUNG, and ZTE. Now it has more than 150 members including ARM, Qualcomm, MTK, Vivo, Oppo, Spreadtrum, Xiaomi and so on. The IFAA standard based fingerprint authentication has been widely supported in all kinds of devices sold in China market. Take Alipay as an example, more than 170M users are using fingerprint to pay their orders, almost 35% of Alipay trades are now supported by IFAA standard. --------------------------------------------------- ★ Resources ★ Event Page: http://connect.linaro.org/resource/hkg18/hkg18-320/ Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-320.pdf Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-320.mp4 --------------------------------------------------- ★ Event Details ★ Linaro Connect Hong Kong 2018 (HKG18) 19-23 March 2018 Regal Airport Hotel Hong Kong --------------------------------------------------- Keyword: Ecosystem Day 'http://www.linaro.org' 'http://connect.linaro.org' --------------------------------------------------- Follow us on Social Media https://www.facebook.com/LinaroOrg https://www.youtube.com/user/linaroorg?sub_confirmation=1 https://www.linkedin.com/company/1026961
Recommended
Recommended
More Related Content
More from Linaro
More from Linaro (20)
Recently uploaded
Recently uploaded (20)
HKG18-320 - The Practical Application of IFAA Standard
- 1. The Practical Application of IFAA Standard Ant Financial Technical Manager Alan Zhi Xin
- 2. The challenge and opportunity for Internet Authentication Challenge of biometric authentication IFAA Introduction The open and empower of IFAA 1 2 3 4 5 The status and future of IFAA
- 3. message security question password What is your parent name ?Methodology bank card verification • password leak • account enumeration attack • unreachable • trojan horse • high-cost • information leak • information leak Potential Risks The challenges to traditional authentication
- 4. Biometric authentication is the status-of- art vsvs What you know What you have Who are you easy to forget, account enum attack, trojan horse, high-frequent interrupt not easy to take by hands low-frequent interrupt
- 5. Security Analysis for Biometric Authentication Stack Feature Abstraction Senor Template generatio n verify Original template Enrolment readread Trojan horse hijack Trojan horse hijack Trojan horse hijack Server Result Sign the verification result and other related template leak Trojan horse hijack App Original biometric information should never leave user’s device ( Privacy Protection and Law ) The storage and matching of biometric data are facing threats. Biometric input (e.x fingerprint)
- 6. TEE-based Device Security Capability • Secure Isolation • Secure Storage • Secure Boot • Secure Crypto • Secure Location • Secure Camera • …… https://developer.arm.com/technologies/trustzone
- 7. IFAA (Internet Finance Authentication Alliance) • June 2015 , Ant Financial 、 Alibaba 、 Huawei 、 SAMSUNG 、 ZTE 、 CAICT together announce IFAA. • Uniform the whole industry chain steps to develop new and easy-to-use authentication solutions. • Now, have 160 members (until 2018.2). Cover most of the OEMs in China: Huawei 、 Oppo 、 Vivo 、 Xiaomi 、 SAMSUNG 、 Meizu 、 Z TE 、 Lenovo 、 Gionee 、 Smarita etc. ; Chip vendors include Qualcomm 、 MTK 、 Intel 、 Spreadtrum 、 ARM etc. , and sensor vendors 、 secure OS vendors 、 standard organizations 、 test and certificate organizations. STEP 1 Std org Test lab Security OEM Chip vendors App Mission : provide secure and easy-to- use identity authentication service that can be accessed everywhere in Internet
- 8. The status of IFAA protocol application 36230+ Device models 190M+ Fingerprint payment register user ( Alipay ) 35%+ The fingerprint payment rate ( Alipay ) 700M+ IFAA-enabled Android devices Brands OEM
- 9. A brief introduction to IFAA Architecture ClientClient ApplicationApplication IFAA Client APIIFAA Client API TEETEE IFAA Auth entic ator IFAA Auth entic ator Devic e ID Devic e ID Biometric matcher Biometric matcher Biometric information Biometric information S E S E CloudCloud IFAA Root CAIFAA Root CA IFAA ServerIFAA Server Authenti cation Center Authenti cation Center Device Verification Center Device Verification Center Biz ServerBiz ServerTLSTLS IFAFIFAF CACA • Two-side secure channel based on TEE/SE capabilities. • Preinstalled crypto keys in TEE before the devices delivered to users. • Easy to adapt multiple biometric authentications.
- 10. Now, IFAA is open to all applications • High device coverage: 36 OEM brands. • High security protocol: two-side secure channel based on TEE • High stability: used in Alipay payment scenario for almost 3 years IFAA
- 11. The applications supported by IFAA Shanghai CA Third-party paytment Bank CA E-commerce Suning Commerce Suning Finance Pudong development bank
- 12. The status and future of IFAA • Fingerprint Authentication • TEE-based Device Security • Support most of the fingerprint devices in China market • Set up sample apps • Smart phone, watch and Bracelet • Multiple Biometric • TEE 、 SE 、 MCU • Support global devices • Empower all kinds of apps • IoT Current IFAA The Future of IFAA
- 13. Thank You #HKG18 HKG18 keynotes and videos on: connect.linaro.org For further information: www.linaro.org Contact by xinzhi.xz@antfin.com +86 18501648085