Confidential 2
= The Trend of Authentication
Confidential
Why We Choose to Work with FIDO?
3
Confidential
FIDO UAF/U2F and FIDO2
4
FIDO2 is the password-less evolution of FIDO U2F!!
Confidential
Authentication Roadmap
5
It all started with the password
Protected passwords with salted hash
One-time passwords emerge
Public-key infrastructure
2FA adoption takes hold
Smartphone era
Mid-90s detour: CAPTCHAs
The 60s
The 70s
The 80s
The 90s
The 2000s
The 2010sPassword-less
Next
https://www.geekwire.com/2018/digital-authentication-human-beings-history-trust/
Confidential
FIDO2 (Passwordless)
6
Confidential
Opportunities for Going Passwordless to Users
7
FIDO’s U2F, UAF, and FIDO2 protocols implement asymmetric challenge-response: Your private keys can exist in a safe location, and only be used to generate a one-time-use response to an authentication challenge.
https://blog.tokenize.com/fido-2-0-what-is-it-and-why-are-we-excited-31a66df6e113?gi=d8157d674aa9
Without passwords
each private key can be as long and random as needed to stay secure (not limited by human memory).
Without passwords
a hacked website only contains a perfectly useless list of public keys. If somebody malicious gets access to your public key, they still cannot use it to log in as you.
Without passwords
even if somebody overhears your challenge-response communication with the website, they can’t sign another challenge without your secure private key.
Without passwords
web authentication can finally be secure
FIDO2 Applications
Confidential
Japan CloudGate UNO
9
Confidential
Taiwan Government
10
• The application of the Taiwan government in FIDO is not only concerned, but also taking action. The combination with natural person credentials has become the focus of the near future.
• For the general public, the use of natural person credentials in the past is often limited by the problem of insufficient card readers. At this stage, on November 16, 2018, the Ministry of the Interior launched a bidding for the establishment and verification of the mobile identity system. The goal is to evaluate the identification mechanism for the introduction of the FIDO standard implementation action, combined with the Ministry of the Interior natural person certificate as the government. The identity of the service is logged in.
• In the future, Taiwan will issue identity cards. Whether it can be adopted as a FIDO-compliant card will be a topic worth discussing.
Confidential
Microsoft Windows 10 2019 Build (1903)
11
demo
FIDO2 Security Key
13
Security KeySmart Badge
Confidential 14
MCU/BLE
NFC/SE
90mAh Li-ion re-chargeable battery
7816
SPI
USB HID
LED1(one color)
LED2 (RGB)
Power button
Egis Fingerprint sensor ET510 (10.4 x 10.4 mm)
Infineon SE SLE78
• Biometric card type• Patent filing• Touch base Fingerprint, allows up to 8x fingerprints, FAR >
1/50,000, FRR < 3%; support fingerID.
• Build-in multiple interface:• USB: HID device in parallel with battery charging (re-chargeable
Li-ion 90mAh battery)• NFC: Boosted NFC secure element (SE), Mifare-compatible
(13.56MHz); JVM COS, adopt applications by Java Applets• BLE: Bt4.2, dual mode (Bluetooth and BLE)
• Built-in 90mAh Li-on battery, allow more than 150 times fingerprint authentications after battery full charge
Hardware Block Diagram
Confidential
Functionalities
15
Step 3Fingerprint matching for authentication
Step 2Register the card to device or Service
Step 1Enroll fingerprint to card
Standalone enrollment, no APP needs
Check below video for the detail:https://youtu.be/BdF_1jbowXw
Windows Hello
Mac OS X login
FIDO U2F
FIDO2
NFC Door locker
Windows Logon
Mac Logon
Login Google, Facebook, Dropbox, Salesforce, Gitlab … as 2nd factor
Passwordless login Microsoft account via security key
https://youtu.be/aSnJ8W_0ya4https://youtu.be/C4e4RG2QAzg
https://youtu.be/MAomJowMuzc
https://youtu.be/3budV7ji250?list=PLY5tyoTE9bzka18g8XYgVmNqaG9lfdbnE
https://youtu.be/fiAaX7PsNvk?list=PLY5tyoTE9bzka18g8XYgVmNqaG9lfdbnE
Open Doorhttps://youtu.be/3budV7ji250?list=PLY5tyoTE9bzka18g8XYgVmNqaG9lfdbnE
OTP2FA via OTP
Confidential
Differentiations: Security Key + Smart Badge
16
Fingerprint verified to enable NFC to open office door
Plug to PC as USB HID key or Pair with PC as BLE Key for device login
Passwordless or 2FA to login Web service
Turn Badge BLE to Beacon mode for location tracking
*ready later
Confidential
Differentiations - “The Touch”
17
Confidential
Differentiations - “The Interface”
18
• FIDO2 (CTAP2) can support USB, NFC and BLE for different devices, so we need multiple keys?
Confidential
Differentiations - Standalone Enrollment
19
…..
Enrollment
Enrollment …
Standalone EnrollmentEnroll your fingerprint to card directly,
no app download/install needs;
Patent filing
vs.
Confidential
Differentiations - Lock the Card
20
• We support “lock” mechanism to avoid trying by wrong person or fake fingerprints continuously• Allow 5 times fingerprint verifications, if it fails 5 times continuously:
• 1st time: lock card for 1 hour• 2nd time or later: lock card for 12 hours• This spec. is adjustable base on Admin tool
Confidential
We Do Customizations to fit your Applications
21
Fingerprint matched to send secure token (FIDO2, U2F, OTP, CDF) as 2FA or Passwordless to login web or PC
Fingerprint badge for NFC Door entry;Using USB to login server for configurations, plus enable Beacon mode for tracking
Fingerprint master card for housekeepers to track who gets into which room and when by FingerID; worry-less if the card is lost.
Shared fingerprint badge for permission to access or operate expensive healthcare equipment by authorized persons only
fingerprint card for University digital classroom to log the attendees and absentees of students
Data Center Healthcare
Hotel
Enterprise
Digital Classroom Police station
Customized design card to login Government PC and Server with encrypted keys, plus read/write abilities to card
Confidential
ATKey Portfolio
22
Type-C
• Matching-on-Windows: Windows Hello or• Matching-on-Server / Matching-on-Host: SDK/Lib
readiness for integration• Windows oriented• Software solution for OTP, FIDO U2F and more …
• Matching-on-Key• USB HID device• FIDO U2F and FIDO2• FIPS 140-2 Level 3 certified (Broadcom)• Options for OTP and other 2nd factor integrations
• Matching-on-Card• USB HID device• BLE Key or Beacon mode• NFC card running on Java Applet• FIDO2 and U2F (Windows, Mac, Android, iOS);
Options for OTP and 2nd factor integrations
• Windows Hello• Fingerprint server
matching• USB Type A & Type C
• Fingerprint enabled Security key
• USB Type A
• Fingerprint enabled security key + Smart Badge for office applications
• BLE, NFC and USB Type A
cost
Security & features
* 2019.08
Confidential
Application: 2nd Factor Authentication (OTP or FIDO)
23
Fingerprint
ATKey
• Integrate ATKey a 2nd factor to login securely.
• We support “fingerprint enabled OTP token” or FIDO
*Deploying with Authentication solution in Korea
Confidential
Application: Fingerprint Sever Matching for Government
24
• Integrate ATKey.Hello as 2nd factor to login with SSO solution• We support “fingerprint server matching” lib (defined with
customer and driver) for integration • ATKey.Hello (USB dongles)• Client lib, server lib & lib USB
*Deploying with SI in Japan
• Fingerprint Authenticators + FIDO
• Blockchain Wallet and Identity
27
AT.Wallet | Multiple Working Models
Fingerprint enabled USB + BLE Hardware Walletwith built-in 90mAh battery + e-ink display + USB Docking
• Support Standalone mode for total asset and QR code for receiving cryptocurrency; Fingerprint verified needs.
• Support BLE mode to communicate with iOS and Android APP base to chains
• Support USB mode through docking (battery charge in parallel) to communicate with PC app or Web browser
• 1st stage: (ECC256K1 curve) support Bitcoin, Bitcoin cash• 2nd stage: Etherum, ERC20• 3rd stage: Litecoin, (ed25519) Ripple
• 1st stage: support Bitcoin, Bitcoin cash & Ethereum, ERC20; BLE ready• 2nd stage: Litecoin, Ripple; USB ready
Confidential
Business Model
28
• Corp/Enterprise/SME• Government/Education• Banking/Finance• Payment• Data Center• Healthcare• More Vertical applications
OEM (re-brand)
Dist./Reseller
System Integrator
2FA/MFA platform
IT/IS & Admin
Customization & Integration