Gates predicted the death of passwords in the RSA conference in 2003, so why are we in the era of passwords even after more than a decade. How can FIDO help us go to password-less using Public Key Cryptography standards. How are FIDO and Aadhar inherently different even though both are based on Public Key Cryptography.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
FIDO UAF and PKI in Asia - Case Study and Recommendations by Karen Chang and Wei-Chung Hwang, APKIC
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
Presented at FIDO Authentication Seminar – Tokyo
By: Alain Martin, VP, Strategic Partnerships, Gemalto; Secretary, FIDO Alliance Board of Directors; Co-Chair, FIDO Europe Working Group
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.
Detailed information about membership levels, participation opportunities and the positive ROI that your company can find by helping drive FIDO’s efforts to create a thriving ecosystem for modern authentication.
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance
Millions of customers trust Intuit with their most sensitive financial information. With that in mind, Intuit recently rolled out FIDO Authentication on its mobile apps to provide additional layers of security while simultaneously making the user experience more convenient. In this webinar, Marcio Mello, director & head of Product Management – Intuit Identity & Profile Platform, presents Intuit’s approach to enable FIDO Authentication, including:
Intuit’s priorities in choosing a mobile strong authentication solution
--The steps Intuit took to evaluate strong authentication solutions that met its security and usability requirements
--Intuit’s evaluation of FIDO authentication vendors and solution chosen
--The steps Intuit took to roll out FIDO Authentication, challenges faced and how they were overcome
--Intuits login time and security results after deploying FIDO
--Intuit’s advice for other service providers deploying FIDO
Speakers:
Marcio Mello, Director & Head of Product Management – Intuit Identity & Profile Platform
Andrew Shikiar, Executive Director & CMO, FIDO Alliance
Deployment Case Study: Login.gov & FIDO2FIDO Alliance
In September 2018, login.gov began supporting FIDO2 as an option for multi-factor authentication. The security experts at login.gov were seeking to reduce the volume of users opting for SMS for multi-factor authentication by offering a more secure option. The security team used an iterative approach to deploy FIDO2 authentication and are continuously making improvements based on user feedback and platform needs. This webinar will tell the story of the login.gov implementation of FIDO2 and discuss their roadmap for future improvements.
Featured Speakers:
Steve Urciuoli, Consultant, Senior Cloud Architect, GSA
Jonathan Hooper, Innovation Specialist/Software Developer, 18F
Mike Magrath, Director, Global Regulations & Standards, OneSpan & Chair of FIDO Government Deployment Working Group
FIDO Authentication and GSMA Mobile ConnectFIDO Alliance
A detailed look at GSMA's Mobile Connect Program and how they are testing the addition of FIDO's biometric authentication to further strengthen the offering.
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
FIDO UAF and PKI in Asia - Case Study and Recommendations by Karen Chang and Wei-Chung Hwang, APKIC
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
Presented at FIDO Authentication Seminar – Tokyo
By: Alain Martin, VP, Strategic Partnerships, Gemalto; Secretary, FIDO Alliance Board of Directors; Co-Chair, FIDO Europe Working Group
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.
Detailed information about membership levels, participation opportunities and the positive ROI that your company can find by helping drive FIDO’s efforts to create a thriving ecosystem for modern authentication.
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance
Millions of customers trust Intuit with their most sensitive financial information. With that in mind, Intuit recently rolled out FIDO Authentication on its mobile apps to provide additional layers of security while simultaneously making the user experience more convenient. In this webinar, Marcio Mello, director & head of Product Management – Intuit Identity & Profile Platform, presents Intuit’s approach to enable FIDO Authentication, including:
Intuit’s priorities in choosing a mobile strong authentication solution
--The steps Intuit took to evaluate strong authentication solutions that met its security and usability requirements
--Intuit’s evaluation of FIDO authentication vendors and solution chosen
--The steps Intuit took to roll out FIDO Authentication, challenges faced and how they were overcome
--Intuits login time and security results after deploying FIDO
--Intuit’s advice for other service providers deploying FIDO
Speakers:
Marcio Mello, Director & Head of Product Management – Intuit Identity & Profile Platform
Andrew Shikiar, Executive Director & CMO, FIDO Alliance
Deployment Case Study: Login.gov & FIDO2FIDO Alliance
In September 2018, login.gov began supporting FIDO2 as an option for multi-factor authentication. The security experts at login.gov were seeking to reduce the volume of users opting for SMS for multi-factor authentication by offering a more secure option. The security team used an iterative approach to deploy FIDO2 authentication and are continuously making improvements based on user feedback and platform needs. This webinar will tell the story of the login.gov implementation of FIDO2 and discuss their roadmap for future improvements.
Featured Speakers:
Steve Urciuoli, Consultant, Senior Cloud Architect, GSA
Jonathan Hooper, Innovation Specialist/Software Developer, 18F
Mike Magrath, Director, Global Regulations & Standards, OneSpan & Chair of FIDO Government Deployment Working Group
FIDO Authentication and GSMA Mobile ConnectFIDO Alliance
A detailed look at GSMA's Mobile Connect Program and how they are testing the addition of FIDO's biometric authentication to further strengthen the offering.
Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
Identifies security authentication issues and explains how FIDO works to resolve these issues. Gives an overview of how FIDO separates user verification from authentication, supports scalable convenience & security and complements federation.
Introduces FIDO Authentication: the problem, the solution, the Alliance and the market. Presented by Brett McDowell, Executive Director of the FIDO Alliance.
Gaming systems and the gaming industry have evolved since the days of the first computer games. Connectivity and interactivity has changed everything, blending best practices of PC, mobile and social games into a $100B market that is rife with opportunity — and threats. No longer is gaming just a matter of getting a high score or of beating your friend sitting next to you on the couch; multiplayer, networked games replete with virtual (or real) currency dramatically have changed the value line and threat matrices in the gaming industry.
Secure identity credentials and related attributes are essential to maintaining the integrity of the gaming ecosystem. This webinar will explore ways that the gaming market can address the imperative to provide users with stronger authentication within an improved user experience, and will detail some approaches therein.
Join this webinar to learn:
The basics of FIDO Authentication
How game developers and service providers can reduce risk while improving user experience
The risks of weak authentication facing the gaming industry
Unique perspective from two leading solution providers on the approaches to stronger, simpler authentication for gaming
Featured Speakers
Dave Signh, Platform Security Division, Product Manager, Intel
Shawn Lin, Product Support Application Engineer, Synaptics
Andrew Shikiar, Senior Director of Marketing, FIDO Alliance
As your organization builds multi-tier architecture consisting of several applications and technologies, higher vulnerabilities or availability issues between tiers are bound to surface. Failures in downstream system can start a dominoes effect to bring the entire application down and un-estimated load can make revival very challenging.
How do you ensure that failure at a tier remain isolated and doesn’t cascade?
What does it take to build a fault tolerant, self healing system that fails fast or degrades gracefully?
Basically, how will you make your system resilient and when will you call ‘Its done’?
An overview of the Alliance, the problem we are addressing the password problem, how FIDO is addressing it, the new ecosystem we are creating and the road ahead.
In just over one year, the FIDO Certified Program has tested and certified more than 200 implementations of the FIDO specifications. There is strong interest and momentum in the market for FIDO Certified products — including FIDO’s new BLE certification, which for the first time brings FIDO technology to wearables and other emerging form factors.
These slides include information about:
- An overview of the program, including updates on newly available certification methodologies,
- Some of the latest and greatest FIDO Certified solutions on the marketplace, and gain an understanding of how products get started through the FIDO Certification process, and also will understand the benefits of deploying FIDO Certified authentication solutions.
Similar to Beware of Passwords - FIDO helps to go passwordless (20)
LUXURY TRAVEL THE ULTIMATE TOKYO EXPERIENCE FROM SINGAPORE.pdfDiper Tour
Get off on the most luxurious Tokyo itinerary from Singapore. Experience Tokyo’s sophisticated modernism and rich tradition with first-class travel, sumptuous lodging, fine food, and special tours. Savor the finest that this energetic city has to offer for an experience that will never be forgotten.
Discover Palmer, Puerto Rico, through an immersive cultural tour that unveils its rich history and vibrant traditions. Experience lively festivals, savor authentic cuisine, and explore local markets. Visit historical landmarks, museums, and stunning colonial architecture. Engage with friendly locals, enjoy live music, and hike scenic nature trails, all while participating in cultural workshops and discovering unique artisan crafts.
4 DAYS MASAI MARA WILDEBEEST MIGRATION SAFARI TOUR PACKAGE KENYABush Troop Safari
Join our 4-day Masai Mara Wildebeest Migration Safari in Kenya. Witness the incredible wildebeest migration, enjoy exciting game drives, and stay in comfortable lodges. Get up close and personal with one of nature's most amazing exhibits! Book Your Safari Today at - https://bushtroop-safaris.com/
London Country Tours, the foremost travel partner offers customized Stonehenge tours from London coming with private tour guides and direct access to the inner circles. Visit: https://www.londoncountrytours.co.uk/tour/tours-to-stonehenge-oxford/
Exploring Montreal's Artistic Heritage Top Art Galleries and Museums to VisitSpade & Palacio Tours
Montreal boasts a vibrant artistic heritage, showcased in its top art galleries and museums. From the expansive collections at the Montreal Museum of Fine Arts to the cutting-edge exhibits at the Musée d'art contemporain, discover the city's rich cultural landscape. Experience dynamic street art, indigenous works, and contemporary pieces, reflecting Montreal's diverse and innovative art scene.
MC INTERNATIONALS | TRAVEL COMPANY IN JHANGAshBhatt4
Experience the world with MC Internationals travel and tourism. From foreign getways to cultural concentration, we tailor unforgettable journeys for every traveler. Let us turn your dream into reality and create lasting memories. Explore with us today. #TRAVEL,COMPANY #BEST,TRAVEL,COMPANY #VISIT,VISA #EMPLOYMENT,VISA #STUDY,VISA #HAJJ,AND,UMRAH
BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. BTW UK Visa Application Process, Uk Visa complete guide, Uk Visa fees, requirements and application process. Know all about uk visa and best way to apply for the uk visa. Get to know about the requirements that allows you for the faster visa appliaction. Get information in this PDF and simplyfy your visa process.
How To Talk To a Live Person at American Airlinesflyn goo
This page by FlynGoo can become your ultimate guide to connecting with a live person at American Airlines. Have you ever felt lost in the automated maze of customer service menus? FlynGoo is here to rescue you from endless phone trees and automated responses. With just a click or a call to a specific number, we ensure you get the human touch you deserve. No more frustration, no more waiting on hold - we simplify the process, making your travel experience smoother and more enjoyable.
The Power of a Glamping Go-To-Market Accelerator Plan.pptxRezStream
Unlock the secrets to success with our comprehensive 8-Step Glamping Accelerator Go-To-Market Plan! Watch our FREE webinar, where you'll receive expert guidance and invaluable insights on every aspect of launching and growing your glamping business.
Discover the wonders of the Wenatchee River with a variety of river tours in Monitor, WA. Whether you're seeking thrilling whitewater rafting, peaceful kayaking, family-friendly float trips, or scenic sunset cruises, there's something for everyone. Enjoy fishing, wildlife spotting, bird watching, and more in this beautiful natural setting, perfect for outdoor enthusiasts and families alike.
How To Change Name On Volaris Ticket.pdfnamechange763
How to change name on Volaris ticket? This is one of the most common questions asked by travelers flying with Volaris Airlines. The mentioned details can help you with your name rectification on the airline ticket. If you are still facing difficulties call the consolidation desk at +1-800-865-1848.
Antarctica- Icy wilderness of extremes and wondertahreemzahra82
In this presentation, we delve into the captivating realm of Antarctica, Earth's southernmost continent. This icy wilderness stands as a testament to extremes, with record-breaking cold temperatures and vast expanses of pristine ice. Antarctica's landscape is dominated by towering glaciers, colossal icebergs, and expansive ice shelves. Yet, amidst this frozen expanse, a rich tapestry of unique wildlife thrives, including penguins, seals, and seabirds, all finely attuned to survive in this harsh environment. Beyond its natural wonders, Antarctica also serves as a vital hub for scientific exploration, providing invaluable insights into climate change and the Earth's history
The Cherry Blossom season in Hunza begins in the second week of March and lasts until the end of April, varying with altitude. During this enchanting period, tourists from around the world flock to Hunza Valley to witness its transformation into a vibrant tapestry of white, pink, and green. The valley comes alive with cherry blossoms, creating a picturesque and mesmerizing landscape that captivates visitors.
About the Company:
The Cherry Blossom season in Hunza starts in the second week of March and extends until the end of April, depending on the altitude. During this enchanting period, tourists from around the globe travel to Hunza Valley to witness its transformation into a vibrant tapestry of white, pink, and green. The valley comes alive with cherry blossoms, creating a picturesque and mesmerizing landscape that captivates all who visit. For the best experience, join Hunza Adventure Tours, the top tour company in Pakistan, and immerse yourself in this breathtaking seasonal spectacle.
Its running cost is among the diverse vital aspects you must consider before buying an electric scooter. Calculate the cost of getting e-scooter charge for your regular usage to calculate its economic efficiency, similar to people who investigate the mileage of petrol or diesel-driven scooters.
During the coldest months, Italy transforms into a winter wonderland, providing visitors with a very unique experience. From the Settimana Bianca ski event to the lively Carnevale celebrations, Italy's winter festivities provide something for everyone. Enjoy hot cocoa, eat hearty comfort foods, and buy during winter deals. Explore the country's rich cultural past by participating in Settimana Bianca, and Carnevale, sipping hot chocolate, shopping during winter deals, and indulging in winter comfort foods. Visit our website https://timeforsicily.com/ for more information.
2. PAGE 2 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Password
3. PAGE 3 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Password Challenge
Yet Another password
Complex
Rotate your passwords
Reuse
Write it down
Vulnerable
4. PAGE 4 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Password Maturity
5. PAGE 5 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Passwordless
6. PAGE 6 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Authentication
What I
KNOW
What I
HAVE
What I
AM
Username
Password
Sign In
Enter OTP
Submit
7. PAGE 7 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
What I Am
• Universal
• Unique
• Permanent
• Record once and match
later
Physical
Biometrics
Behavioral
Biometrics
8. PAGE 8 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Biometric Challenges
• Specialized device/hardware
• Reliability can change over time
• Match is not an exact match
• Can’t be stored as hash values
• Can’t be changed if forged or stolen
9. PAGE 9 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
FIDO
10. PAGE 10 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
What is FIDO
• Fast IDentity Online
• Industry consortium formed in July 2012
• Two protocol specs
• Universal Authentication Framework - UAF
• Universal Second Factor - U2F
• Based on public key cryptography
11. PAGE 11 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF
12. PAGE 12 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF – Universal Authentication Framework
• Passwordless
• Any Device, Any Application, Any
Authenticator
• No secrets on Server
• Biometric data never leaves the device
13. PAGE 13 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF – User Device
FIDO Authenticators
Browser/Mobile App
…
FIDO UAF Client
Authenticator Abstraction
…
14. PAGE 14 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF – User Device
FIDO Authenticators
Browser/Mobile App
…
FIDO UAF Client
Authenticator Abstraction
…
FIDO Authenticator
Attestation Key Authentication
Keys
Private Keys
15. PAGE 15 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF – Relying Party
Web Server
FIDO Server
FIDO Metadata Service
Public Keys
• Attestation Keys
• Authentication Keys
16. PAGE 16 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF – Architecture
Web Server
FIDO Server
FIDO Metadata Service
FIDO Authenticators
Browser/ App
FIDO UAF Client
Authenticator Abstraction
UAF Protocol
1. Registration
2. Authentication
3. Tx Confirmation
4. Deregisteration
User Device Relying Party
17. PAGE 17 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF – Registration
Web
Server
FIDO Server
FIDO Metadata
Service
FIDO
Authenticator
User
Agent
FIDO UAF
Client
User Device Relying Party
A B C
1. Initiate Registration
2. Registration Request +
Policy
3.Verify User
Create Private Key Per User andApp
4. Registration Response +
Attestation +
User’s Public Key
5.Validate response and
attestation, Store User’s
Public Key
18. PAGE 18 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF – Authentication
Web
Server
FIDO Server
FIDO Metadata
Service
FIDO
Authenticator
User
Agent
FIDO UAF
Client
User Device Relying Party
A B C
1. Initiate Authentication
2. Authentication Request +
Challenge + Policy
3.Verify User and unlock Private Key
4. Authentication Response
signed by User’s private Key
5.Validate response
using user’s Public Key
19. PAGE 19 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
FIDO helps with biometric challenges
• Specialized device/hardware - Standardization
• Reliability can change over time – Multi Modal
• Match is not an exact match – Per Authenticator & Risk Based
• Can’t be stored as hash values – Store on client
• Can’t be changed if forged or stolen – Deregister
20. PAGE 20 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Adopting Organizations
21. PAGE 21 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
ASA
Server
Aadhaar
Biometric
Capture
Device
Or
Application
1. Provide biometrics
2. Create Pid XML block, D
3. Generate Session Key,SK
4. Base64 (Encrypt(D, SK))
5. Encrypt (SK, UPbK) : RSA
AUA
Server
6. HMAC : Base64 of
Encrypt( SHA-256 (D), SK)
UIDAI
Server
8. Add License Key
7.
9. Sign using
Private Key
10.
11.Verify signature
12. Decrypt SK
13.Validate Pid
14.Y/N
22. PAGE 22 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
FIDO vs Aadhaar
Biometrics on Client Biometrics on Server
FIDO Aadhaar
Biometrics never leave client Biometrics travel over network
No Symmetric Key Crypto AES to encrypt data
Public key not by CA Public Key Cert by CA
24. PAGE 24 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
Appendix
25. PAGE 25 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF - Registration
Taken From - https://www.ietf.org/proceedings/92/slides/slides-92-tokbind-3.pdf
26. PAGE 26 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
UAF - Authentication
Taken From - https://www.ietf.org/proceedings/92/slides/slides-92-tokbind-3.pdf
27. PAGE 27 | GRACE HOPPER CELEBRATION INDIA 17
Presented by AnitaB.org and Association for Computing Machinery India (ACM) India
#GHCI17
References
• https://fidoalliance.org/specs/
• https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-
uaf-protocol-v1.1-id-20170202.html
• https://www.ietf.org/proceedings/92/slides/slides-92-
tokbind-3.pdf
• https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-
security-ref-v1.0-ps-20141208.html
• http://zeropasswords.com/pdfs/WHATisWRONG_FIDO.pdf
• https://authportal.uidai.gov.in/static/aadhaar_authenticatio
n_api_1_6.pdf
Editor's Notes
If not password, then what?
Challenges in going passwordless?
Universal – Everyone has it
Unique - There are about 30 minutiae in a fingerprint scan obtained by a live fingerprint reader. The US Federal Bureau of Investigation
(FBI) has evidenced that no two individuals can have more than 8 common minutiae.
Permanent – There could be minor changes over time but its largely permanent
Record once and match later - the recorded value to match later for authentication
FIDO authenticators perform the actual biometric authentication
Private attestation key
Corresponding public key is shared with FIDO Server OOB
First time use - register the biometric with the authenticator
Attestation Key – AAID (Authenticator Attestation ID)
Autehntication Key – KeyID
AAID and KeyID Tuple uniquely identifies an authenticator's registration for a relying party
User provides the biometrics to the authenticator
Compared locally with the registered data
Biometric verified => unlock authentication private key
Authn response sent to FIDO server signed by private authentication key, attested withattestation key
FIDO Server verifies the authentication message using User’s Public key
FIDO Server verifies the authenticator attestation assertions using authenticator’s attestation public certificate.