29
EXTERNAL USE IHAR BAYARENKA BD DIRECTOR RUSSIA / CIS 19 MAY 2016 SECURE IDENTIFICATION 2016 RIGA, LATVIA NEXT SECURE IDENTITIES: SECURE UHF TAGS FIDO U2F TOKENS
| Date post: | 08-Apr-2017 |
| Category: |
Technology |
| Upload: | ihar-bayarenka |
| View: | 296 times |
| Download: | 3 times |
EXTERNAL USE
IHAR BAYARENKABD DIRECTOR
RUSSIA / CIS19 MAY 2016
SECURE IDENTIFICATION 2016
RIGA, LATVIA
NEXT SECURE IDENTITIES:
SECURE UHF TAGS
FIDO U2F TOKENS
EXTERNAL USE1
Agenda
• Introducing NXP
• Mainstream Secure Identity applications
• Emerging applications
− Automotive Vehicle Identification
− FIDO online authentication
EXTERNAL USE2
INTRODUCING NXP
>$10B IN ANNUAL
REVENUE
11,000+ENGINEERS
~45,000EMPLOYEES
9,000+PATENT
FAMILIES
35+COUNTRIES
4th LargestSEMICONDUCTOR
COMPANY
GLOBALLY1
Note:
1. All financial figures are based on trailing twelve month reported information; R&D expense are non-GAAP
SECURE IDENTIFICATION
AUTOMOTIVERF POWER
TRANSISTORS
MARKET LEADER IN...
SMALL SIGNAL
DISCRETES
BROAD-BASED MCUs1COMMUNICATIONS
PROCESSORS
EXTERNAL USE3
HOW YOU ENCOUNTER NXP IN YOUR DAILY LIFE
Payment cards
Mobile phones
Public transport tickets
Access cards
Electronic ID documents
Membership & loyalty cards
Car entertainment
EXTERNAL USE4
SECURE ID – MARKET VIEW – TRENDS MARKET GROWTH IS MAINLY DRIVEN BY NATIONAL ID
SECURITY
LEADING TRENDS
• Digitization of documents and online services
• Convergence of applications
• Derived IDs on mobile phones0
100
200
300
400
500
600
700
800
900
2013 2014 2015 2016 2017 2018 2019 2020
SMART CARD SHIPMENTS BY APPLICATION WORLDWIDE
Passport National ID Healthcare Other
!
FRAUD ONLINE SERVICES
KEY DRIVERS
Source: ABI Research, Q1 2016
EXTERNAL USE5
MARKET POSITION
49,0%
31,8%
11,2%
6,2%1,7%
Secure IC Vendor Market Share FY 2014*
#1 provider of e-Government secure IC
solutions
83% (120+ out of 145+) countries that
introduced eGovernment solutions use NXP
250+ out of 400+ projects worldwide are
based on NXP´s Secure ICs
*Source: ABI 2015
EXTERNAL USE6
AUTOMATIC
VEHICLE
IDENTIFICATION (AVI)
EXTERNAL USE7
Evolution of tolling systems
Once upon a time, there was “stop, pay, then go”…
EXTERNAL USE8
…then came optical systems (image recognition)…
EXTERNAL USE9
…then came active RFID systems…
EXTERNAL USE10
…then came passive RFID…
EXTERNAL USE11
…and today we have secure passive RFID!
not to scale
For maximum protection and best read reliability, use of license plates in combination with
windshield stickers is recommended.
EXTERNAL USE12
Secure passive RFID enables effective road tolling…
EXTERNAL USE13
Secure passive RFID takes you well beyond tolling…
EXTERNAL USE14
Secure passive RFID takes you well beyond tolling…
EXTERNAL USE15
Secure passive RFID takes you well beyond tolling…
EXTERNAL USE16
Secure passive RFID takes you well beyond tolling…
EXTERNAL USE17
It turns your vehicle into ID document, payment or loyalty card
eID
EXTERNAL USE18
NXP solutions for AVI applications
Passive UHF tag IC
with cryptographic authentication
world-leading
long range
contactless performance
cutting-edge
security implementation
for tag authentication
All based on international standards
* GS1 (EPCglobal™ Inc.) UHF RFID Generation-2 Version 2.0
** ISO/IEC 29167-10 for proof of origin based on AES (Advanced Encryption Standard)
EXTERNAL USE19
FIDO U2F TOKENS
FOR ONLINE
AUTHENTICATION
EXTERNAL USE20
Issues with online authentication
• Passwords
− bad passwords, key logging, guessing, phishing
• SW based solutions
− Cookie, certificates, OTP applications
• HW based solutions
One-Time-Password Smart Card / PKI USB Key
• Security (MITM)
• User experience
• Phishable
• Interoperability
• Middleware
• PIN required
• No privacy
EXTERNAL USE21
Mission of the FIDO Alliance is to change the nature of online authentication by developing technical specifications that define an open, scalable, interoperable
set of mechanisms that reduce the reliance on passwords to authenticate users, support adaption, standardize specifications.
INTERNET SERVICES SOFTWARE & STACKSCOMPONENT & DEVICE VENDORS
About the FIDO Alliance
EXTERNAL USE22
FIDO Value Proposition
Easy to deploy:
BYOD self registration model (no issuance), no PKI, no middleware
required
Interoperability:
Open specification(client and server)
Security:
Public key cryptography, no phishing,
no MITM, vendor verification,
tamper resistant by SE
Privacy:
Site specific keys
No unique ID per device
MITM: Man-in-the-middle/browserBYOD: Bring your own device SE: Secure Element PKI: Public Key Infrastructure
EXTERNAL USE23
UAF
U2F
FIDO is promoting two authentication protocols
EXTERNAL USE24
UAF U2F
Both specs have seen large scale adoption
EXTERNAL USE25
Government participation in FIDO Alliance
Increasing government participation in FIDO Alliance
Since adoption/deployment of full PKI solution is slow,
new topics like FIDO or derived identity are getting
traction
• Use cases
− Elster USB key
− FIDO enabled PIV card
• Recent news (April 2016)
GOV.UK Verify service becomes the first government
service in the world to support a FIDO U2F authenticator
based on open standards
EXTERNAL USE26
USBIn combination with USB
• 2-chip solution allows flexible MCU selection
• MCU allows flexible driver support (HID, CCID,…) and
write protection to prevent USB firmware attacks
• MCU may support wide range of peripherals (storage,
display, battery, PIN pad,…)
Secure Element Solutions for FIDO U2FMaximum security and flexibility for any interface combination
In combination with NFC
• SE fully integrated with ISO14443
interface
In combination with BLE
• Many SE interfaces available (UART,
I2C, SPI) Secure
Element
EXTERNAL USE27
USB Ref DesignIC solutions
NXP solutions for FIDO U2F tokens
Single IF or DIF SEs
Multiple Interfaces• Smart card ISO7816, 14443
• Wired I2C and/or SPI
Java OS + FIDO U2F
applet
USB Controller with
multiple GPIOs• LCD, LED
• PIN-pad, Button
• Flash storage
Single IF or DIF SEs
Multiple Interfaces• USB only
• USB+NFC
• BLE only
• BLE+NFC
Ready for mass
production
Gerber files + BOM
FIDO Approved
