This document discusses Samsung's implementation and vision for FIDO authentication on mobile devices. It summarizes Samsung's current mobile security features including hardware root of trust, certifications, and biometric authentication. It then describes Samsung's current FIDO implementations for authentication, including Samsung Pass. Finally, it outlines Samsung's vision for expanding FIDO usage across more devices and industries like connected cars, smart homes, and industry 4.0 in the future through enhanced hardware security and new biometric modalities.

1. 1Copyright ⓒ 2017 Samsung. All rights reserved
FIDO’s present and future
from the mobile perspective
Mobile Security Technologies Group
Samsung Electronics

2. 2Copyright ⓒ 2017 Samsung. All rights reserved
Contents
1. Samsung Mobile Security Overview
2. FIDO implementations
3. Future of the mobile and IoT authentication

3. Copyright ⓒ 2017 Samsung. All rights reserved
Hardware Root of Trust
Trusted Boot (Bootloader)
eSE (CC Certified)
TrustZone (TEE/SEE)
Android Framework
Layered security built on Samsung devices
Kernel
SE for Android (Policy)
Knox Workspace

4. Copyright ⓒ 2017 Samsung. All rights reserved
Certified in security
CC MDFPP-certified
Samsung’s flagship devices are
certified against Common
Criteria Mobile Device
Fundamentals Protection Profile
by US NIAP.
PCI-DSS & HIPAA
compliant
Samsung Pay complies with
PCI-DSS and S Health meets
requirements of HIPAA.
FIPS-compliant
All cryptographic libraries used
by KNOX and cryptographic
operations in CC-mode are FIPS
140-2 compliant.

5. Copyright ⓒ 2017 Samsung. All rights reserved
Regular Security Updates
Fast response
Act fast to critical security
vulnerabilities and provide
better protection to clients
sooner.
Improved trust
Deliver a needed security level
in patch delivery and improve
customer trust in Android
platform and Samsung devices.
Strong partnership
Work closely with carriers and
partners globally to improve the
security of Samsung devices and
protect the privacy of clients.

6. Copyright ⓒ 2017 Samsung. All rights reserved
Biometric security
All biometric functions are
performed in TEE. And
biometric templates are not
accessible outside of the TEE.
Controlled access
Android Biometric APIs
Samsung Pass SDK
FIDO UAF client
Privacy protection
The Biometric template is
encrypted and stored only in a
secure protected by chipset, so
biometric information is protected
at all time.
Mobile Biometric Authentication

7. Copyright ⓒ 2017 Samsung. All rights reserved
FIDO for client-server authentication
Samsung Pass is an ’identity management as-a-service’, enabling secure access through
biometric authentication based on FIDO technology.

8. Copyright ⓒ 2017 Samsung. All rights reserved
FIDO certified Samsung products
Flagship models Mass models Wearable models
Galaxy S6/S6 edge/S6 edge plus Galaxy A series Gear S3
Galaxy S7/S7 edge Galaxy C series Gear Sport
Galaxy S8/S8 plus Galaxy J series
Galaxy Note 5/ 7 FE/8
Company Name Product Certification Ver. Type
Samsung Electronics Secure Identification Framework(SIDF) v1.0 UAF 1.0 Authenticator
Samsung Electronics Secure Identification Framework(SIDF) v1.1 UAF 1.0 Client
Samsung Electronics Secure Identification Framework(SIDF) U2F for eSE U2F 1.0 Authenticator
Samsung SDS Samsung SDS Fast IDentity Online(FIDO) Server v1.1 UAF 1.0 Server

9. Copyright ⓒ 2017 Samsung. All rights reserved
Industry Reference of FIDO technology
Samsung Pass/Pay(in Korea) adopts FIDO technology to
ensure simple and secure biometric authentication.

10. Copyright ⓒ 2017 Samsung. All rights reserved
Expanded usage
Enabling web browser-based
authentication
Supporting a variety of use-case
at home, car, government sector,
etc.
FIDO technology in next generation devices
Enhanced H/W security
Hardware protected security will
improve the baseline of the
protection for sensitive data like
certificates, biometric template,
eIDs.
* Security-enhanced logic in AP, Secure elements,
Secure sensors
Variable sources
Next devices will adapt variable
biometric modalities for user
authentication.
Situation-aware continuous
authentication through learning
will offer enhanced accuracy and
convenience.

11. Copyright ⓒ 2017 Samsung. All rights reserved
FIDO technology in next industry
Connected Car / eID
“Proof of identity” for Car
sharing, Self-driving, …
Working as 2nd factor for
eID/eDL
Industry 4.0
“Human – Machine – ICT”
Industry will be integrated into a
unified ecosystem using service
to service authentication
IoT / Smart Home
Users interacts securely with IoT
devices great potential for
convenience and process
efficiency

12. Copyright ⓒ 2017 Samsung. All rights reserved
Thank you