Onegini makes doing online business easy and secure

Onegini Mobile Security Platform

Fingerprint AuthenticationDone Right

Agenda

Short introduction Onegini

Requirements fingerprint authentication

How Onegini implemented fingerprint

FIDO

16-07-15

> 10 Financial Customers

16-07-15

About us

We seamlessly connect end-users to their online personal service using any device.

Onegini brings together personal services, the best user experience and relevant data.

Banks Insurance Healthcare Telecom

Onegini Mobile Security Platform

Onegini SDK provides all user centric functions: enrollment, identity verification, push authentication, mobile login, payments, integration

Onegini SDK supports any authenticator such as:PIN code, fingerprint, bio and voice

Security features included: payload encryption, jailbreak detection, hardening, anti tampering and much more

Onegini protects your APIs

Onegini continuous authentication prevents abuse

Onegini provides management and control to be compliant

16-07-15

Support multiple vendors Support multiple OS versions Configurable by the enterprise (enable/disable) Auditing: Keep control when fingerprint is used Integrate in the user processes such as:

Enrollment Login 2-factor authentication

Analyze and manage security risk per device (threat analysis) Multiple authenticators such as PIN code or voice

Requirements fingerprint in mobile apps

16-07-15

15-04-2023

And many more to come!

Devices which already support fingerprint

Samsung Galaxy S6 Samsung Galaxy S5 Samsung Galaxy Note 4 HTC One M9+ HTC One Max

Huawei Ascend Mate 7 Oppo N3 Meizu MX4 Pro Elephone P7000 Xolo Q2100 Motorola Atrix

Apple iPhone 5S / 6 / 6 Plus

Depending on the type of mobile app, fingerprint has a security level / assurance (1..5)

Do not build these requirement in the mobile app itself Change / add authenticators per mobile app should be

configured Enable / disable authenticators depending on security

threats

Be in control

16-07-15

Support PIN code & fingerprint

Support only PIN code

User experience is important

Needs to enable / disable fingerprint Fallback (in case fingerprint is not working anymore) People forget PIN code because they use fingerprint Add voice authentication to unlock phone or for fallback

16-07-15

Adding fingerprint needs security mitigations

16-07-15

Confused authorization attack Fingerprint DB Manipulating Collect fingerprints through malware

16-07-15

How Onegini implemented fingerprint authentication

How Onegini implemented fingerprint authentication

16-07-15

PIN always as fallback PIN authentication is detached from fingerprint

authentication Onegini SDK integrates with all the different vendor APIs

Policy management

The server must be in control Multiple influencers:

Jailbreak / debug detection OS version / device type Other context information (e.g. location)

Update the policy at runtime

16-07-15

FIDO Support

Client AND server integration

16-07-15

15-04-2023