Solution Overview

Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.

1/31 Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.

Fast IDentity Online(FIDO) 1. Samsung SDS Nexsign

■□□□□□

a PKI-based authentication solution using biometrics and secure storage to enable easy and secure user authentication on smart devices.

Fast IDentity Online(FIDO) Birth of a new authentication service

Password + Digital Certificate

Password + OTP

Password

Password + Digital Certificate + OTP

VS

Security first

Convenience first

Give up purchase/ Authentication failure ratio

Fraud loss 1-Click check

Secure Insecure

Security

Convenience Inconvenient Convenient

01234 5678 9100 0011

Banks Credit Card

Samsung 07/17

Samsung SDS Nexsign

2/31 Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.

Fast IDentity Online(FIDO) 1. Samsung SDS Nexsign

■□□□□□

Password +인증서 +OTP

Password + 인증서

새로운 인증 서비스 탄생

[FIDO] 인증솔루션 스마트 단말의 생체인식(Biometrics) 기능을 온라인 인증에 적용해 간편하고 안전한 사용자 인증을 실현합니다.

[FIDO] 인증솔루션은, Biometrics recognition is easy to use and provides strong security

Innovative method for user authentication based on unique unchangeable biological traits

Greater Convenience

Tighter Security

Face Recognition

Iris Recognition

Voice Recognition

Fingerprint Recognition

3/31 Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.

Samsung SDS Nexsign 2. Key Features

□■□□□□

1 Compatible, secure and safe solution certified by international standards and CC(Common Criteria)

2 Provide the best security environment based on biometrics, PKI and TEE

3 Simple and universal user authentication using multiple biometrics and authentication factors

4 Customized user authentication experience based on UMA using standard API

Key Features

FIDO develop base on strengths and customer’s requirement , Providing easy and secure user authentication, Personalized experience.

Samsung SDS Nexsign Solution

2 TEE: Trusted Execution Environment, an isolated environment that runs in parallel with the mobile OS, providing security for the rich environment. 1 PKI: Public Key Infrastructure, Complex authentication system using public key encryption methods

3 UAF: Universal Authentication Framework, which is an international standard authentication process approved by FIDO 1.0. 4 ASM: Authenticator Specific Module: software interface, which gives a standard way for the authentication device and authentication information

Nexsign Client

Nexsign ASM4

Nexsign Authenticator

UMA SDK / App UMA Platform

Nexsign Server

Nexsign Admin Portal

4/31 Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.

4. Reference □□□■□□

Samsung Pay KPay Samsung’s Intranet

K-Pay App.

Samsung Pay services launched in partnership with Korea’s top public key authentication service provider (Korea Information Certificate Authority) (Beta testing in July 2015, official launch in August 2015)

Partnership with Korea’s top payment gateway provider (KG Group) (March 2015)

Nexsign-based payment Service launched Kpay Application (Offcial launch in October 2015)

Nexsign authentication service applied to the Samsung Group’s Square Portal for unlocking screens or payment transactions (July 2015)

※ PG service provider : a third party processing credit card or mobile payment transactions between a shopper and a merchant

Cross-industry References Samsung SDS is the first company in Korea to commercially launch a Nexsign-based payment service, which is being applied to the Samsung Group’s intranet system since July 2015.

Use Case Appendix

3

Company systems

Online Shopping Mall

Securities Mobile Trading System

Mobile Banking

Call Center

Appendix 15 / 16 Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.

Secure and interoperable FIDO certified authentication solution 1 Highest, multi-factored security level 2

Multifactor Authentication 3 Customized user authentication using standard API 4

Key Features

FIDO Certification Client (Andorid)

FIDO Certification Server

FIDO Certification Client (iOS) CC (Common Criteria) Samsung SDS

FIDO

High

Lo

w

Single-factor Authentication

Multi-factor Authentication

ID/PW

PKI+Biometrics

Security Token

Biometrics ID/PW+Biometrics

ID/PW+Security Token

Security Level

Authentication Method

Generality

Next Certified Fingerprint Traditional Authentication

Fingerprint Face Voice Iris ID/PW PIN

Succeed Succeed

Certified Fingerprint Traditional Authentication

Succeed Fail

FIDO Authentication Factors

Authentication Factors

Secure Storage TEE WBC SE SE

…

…

Finger- print Face Voice Iris PIN

***

Appendix

Copyright ⓒ 2016 Samsung SDS Co., Ltd. All rights reserved. Appendix 12 / 12

※ iris recognition will be introduced later (planned)

OR AND

Service Provider App

App

FIDO Interface

Nexsign Client

Nexsign ASM

Nexsign Authenticator

Standard API

www.samsungsds.com Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.