FIDO in Action Experience Sharing - DIGITIMES-首頁 · PDF fileAnd all it takes is a simple...
Transcript of FIDO in Action Experience Sharing - DIGITIMES-首頁 · PDF fileAnd all it takes is a simple...
FIDO in Action Experience Sharing
Egis Yukey Implementation
As Example
| Egis Technology Inc. CONFIDENTIAL 2
FIDO Server
Payment Server
Enterprise Server
Content Server
Eco System Architecture
FIDO Authenticator &
Client
| Egis Technology Inc. CONFIDENTIAL 3
FIDO and Connected Applications • Egis offers Trusted IOT via FIDO at different area
Sensor
Transport
Discovery Data Transmission Device Management Access Control
Framework
Application
Platform
Smart Home
Education Enterprise Transport Mobility
Healthy Bank Payment
Secure
Less Secure Most Secure More Secure
| Egis Technology Inc. CONFIDENTIAL 4
Possible Trusted Solution • Different level of authenticators ensures different
secure requirements
Software
Protect keys in REE
Crypto in REE
Authenticator in REE
TEE Protect keys in TEE
Crypto in TEE
Authenticator in TEE
Secure display in TEE
SE
Protect keys in SE
HW Crypto in SE
Authenticator in SE
SE + TEE Protect keys in SE
HW Crypto in SE
Authenticators in TEE/SE
Secure display in TEE
FIDO
Smart Home
Education Enterprise Transport Mobility
Healthy & Medical
Bank Payment
Single Sign-On
Federation
Authentication
User Management
Digital Identity
FIDO
| Egis Technology Inc. CONFIDENTIAL 5
“Yukey” FIDO Implementation
5
Cloud
Secure OS
HLOS
UAF Client
Fingerprint Matcher
UAF Authenticator Trusted AP
FIDO-Enabled APP
UAF ASM
FIDO-Enabled Web APP
FIDO Server (UAF/U2F)
Relying party
Touch solution
FIDO Solution
sensor I/O
FIDO-Enabled Browser
U2F Authenticator Trusted AP
U2F AIR Client
Fig. Mobility implement for FIDO UAF/U2F
Fingerprint Service
| Egis Technology Inc. CONFIDENTIAL 6
“Yukey” UAF Solution
• Offering Client & Server SDK, both are FIDO certified at May & July
• The authenticator is fingerprint enabled. (a.k.a. Egis-Touch-Solution)
6
Cloud
TEE
Android
UAF Client
Fingerprint Service
FP Matcher & Template Manager
Trusted AP
UAF Authenticator
Trusted AP
FIDO-Enabled APP
UAF ASM
FIDO-Enabled Web APP
FIDO UAF Server
Relying party
Touch solution
FIDO UAF SDK
Sensor
I/O Android & iOS certified & supported
| Egis Technology Inc. CONFIDENTIAL 7
“Yukey” UAF Offerings
7
Ker
nel
H
LOS
UAF Client
FIDO-Enabled APP
UAF ASM
Cloud
FIDO-Enabled Web APP
FIDO UAF Server
Relying party
Touch & Auth solution
FIDO UAF
sensor I/O
FIDO-Enabled Browser
UAF Authenticator
Finger Touch API & Trust
Auth
Security API (Touch ID & KeyChain )
Fingerprint manager API &
Key master
“ Y u k e y ” To u c h S D K
“ Y u k e y ” F i n g e r M
S D K
“ Y u k e y ” T r u s t A u t h
S D K
“ Y u k e y ” S e r v e r
| Egis Technology Inc. CONFIDENTIAL 8
Android, Embedded system
“Yukey” U2F Solution
Relying Party
• Offering software - U2F AIR sdk
• Offering hardware develop kit - Avalon
• Offering dongle product U2F certified -Caliburn
U2F (S)Dev.Kit
Touch solution
Cloud
U2F Server
Chrome Browser
U2F Handler Extension
U2F Client Extension Application Process
U2F Client
Sensor
I/O
TEE or SE
FP Matcher & Template Manager
Trusted AP
U2F Authenticator
Trusted AP
| Egis Technology Inc. CONFIDENTIAL 9
Chrome Browser Cloud
“Yukey” U2F Solution (AIR SDK)
U2F Handler Extension
U2F Client Extension U2F Server
U2F AIR SDK
Touch solution
Android
U2F Client APK
Sensor
I/O
TEE
FP Matcher & Template Manager
Trusted AP
U2F Authenticator
Trusted AP
AIR Connector
• U2F Server is hosted by Egis based on “github.com/google/u2f-ref-code/u2f-ref-code”
• “U2F Client Ext.” is based on “google/u2f-ref-code/u2f-chrome-extension”
• “U2F Handler Ext” & “AIR Connector” are BT&NFC transport protocol implemented
• “U2F Client APK” is BT&NFC connector for authenticator side
Relying Party
Yukey Dongle As Example
| Egis Technology Inc. CONFIDENTIAL 11
BASE SOLUTION
USB Dongle
12
Only YOU can access your YuKey.
” “ The FIDO USB U2F Security Key by Egis is a specially designed YuKey, relying on high‐security,
public‐key cryptography. Durable and conveniently sized, just insert it into any USB port, and it
works with any website that supports the FIDO U2F protocol, such as Google’s Gmail and
services. And all it takes is a simple touch your fingerprint!
U2F Dongle
It’s the fingerprint scanner that fits your workplace and lifestyle.
| Egis Technology Inc. CONFIDENTIAL 13
Yukey Dongle Service Solution
FIDO
OTP Enterprise-
CSP/ WBF/ AD/ Radius
| Egis Technology Inc. CONFIDENTIAL 14
CUSTOMER EXPERIENCE 1
Payment Service
| Egis Technology Inc. CONFIDENTIAL 15
Clo
ud
Authorization Federation • CA & UAF are operating as personal
authorization service federation
An
dro
id
Payment gateway
Payment Services (Payment API)
Payment App Authorization
Service
Authenticator (FP enabled)
Egis
FIDO Authentication
Service (FIDO API)
FIDO Client
preload CA
E-Commerce
Merchant Client App
Authenticate Service
provider
Certificate Authority service
FIDO RP
Select authorize method
Merchant Web App
| Egis Technology Inc. CONFIDENTIAL 16
CUSTOMER EXPERIENCE 2
Alipay
| Egis Technology Inc. CONFIDENTIAL 17
Cloud
Android application
Security element
Single packaged module (Sensor + SE)
Mobile Payment integrated
Biometric Verifier
Fingerprint manager
Alipay app
Security Path
Fingerprint sensor
Fingerprint matcher
Normal Path
FIDO Authenticator
FIDO UAF Server
FIDO Client/ASM
Alipay server
FIDO UAF Client
• On chip verification • EAL level 4 awarded