FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDOAlliance
664 views
10 slides
May 31, 2024
Slide 1 of 10
1
2
3
4
5
6
7
8
9
10
About This Presentation
FIDO Alliance Osaka Seminar
Slide Content
© FIDO Alliance 2024‹#› Confidential
FIDO Metadata
and Attestation
Rolf Lindemann (Nok Nok)
FIDO Metadata
and Attestation
Rolf Lindemann (Nok Nok)
2 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Passwordless in native apps
Security keys as 2ndfactor in web apps
Convenient & phishing resistant 2FA
Passwordless in native apps
Security keys as 2ndfactor in web apps
3 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Passwordless in native apps
Security keys as 2ndfactor in web apps
Keys don’t leave
authenticator
Convenient & phishing resistant 2FA
Passwordless in native apps
Security keys as 2ndfactor in web apps
Keys don’t leave
authenticator
4 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Lookup authenticator
characteristics from
Metadata Service by Model
Keys don’t leave
authenticator
Model can be
attested
Security characteristics
•Certification status
•Key protection
•Fresh/cached user verification
•Attestation root certificate
Passwordless in native apps
Security keys as 2ndfactor in web apps
Convenient & phishing resistant 2FA
Lookup authenticator
characteristics from
Metadata Service by Model
Keys don’t leave
authenticator
Model can be
attested
Security characteristics
•Certification status
•Key protection
•Fresh/cached user verification
•Attestation root certificate
Passwordless in native apps
Security keys as 2ndfactor in web apps
5 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Passwordless in native apps & web apps
(using security keys or platform authenticators)
Lookup authenticator
characteristics from
Metadata Service by Model
Keys don’t leave
authenticator
Model can be
attested
Security characteristics
•Certification status
•Key protection
•Fresh/cached user verification
•Attestation root certificate
Convenient & phishing resistant 2FA
Passwordless in native apps & web apps
(using security keys or platform authenticators)
Lookup authenticator
characteristics from
Metadata Service by Model
Keys don’t leave
authenticator
Model can be
attested
Security characteristics
•Certification status
•Key protection
•Fresh/cached user verification
•Attestation root certificate
6 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Passwordless in native apps & web apps
Need non-FIDO
method or
security key to
bootstrap new
device
Lookup authenticator
characteristics from
Metadata Service by Model
Convenient & phishing resistant 2FA
Passwordless in native apps & web apps
Need non-FIDO
method or
security key to
bootstrap new
device
Lookup authenticator
characteristics from
Metadata Service by Model
7 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
FIDO Cross
Device
Authentication
“Phone as Security Key”
Passwordless in native apps & web apps
Lookup authenticator
characteristics from
Metadata Service by Model
Convenient & phishing resistant 2FA
FIDO Cross
Device
Authentication
“Phone as Security Key”
Passwordless in native apps & web apps
Lookup authenticator
characteristics from
Metadata Service by Model
8 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Synced
passkeys
Easy device migration
Passwordless in native apps & web apps
Lost or stolen
Import/Export
Convenient & phishing resistant 2FA
Synced
passkeys
Easy device migration
Passwordless in native apps & web apps
Lost or stolen
Import/Export
9 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Passkeys
Easy device migration
Passwordless in native apps & web apps
Lookup authenticator
characteristics from
Metadata Service by Model
User experience aspects
•Authenticator friendly name
•Icon to show to user
Passkey –typically freely exportable
Convenient & phishing resistant 2FA
Passkeys
Easy device migration
Passwordless in native apps & web apps
Lookup authenticator
characteristics from
Metadata Service by Model
User experience aspects
•Authenticator friendly name
•Icon to show to user
Passkey –typically freely exportable
10 © FIDO Alliance 2021
Convenient & phishing resistant 2FA
Synced
passkeys
Easy device migration
Passwordless in native apps & web apps
Lookup authenticator
characteristics from
Metadata Service by ModelSynced passkey –freely exportable
Providerscoped key –cannot leave provider
Device-bound key –cannot leave device
Key Scope
User experience aspects
•Authenticator friendly name
•Icon to show to user
Security characteristics
•Certification status (+FIPS)
•Key protection
•Fresh/cached user verification
•Attestation root certificate
•Key scope
Lost or stolen
Convenient & phishing resistant 2FA
Synced
passkeys
Easy device migration
Passwordless in native apps & web apps
Lookup authenticator
characteristics from
Metadata Service by ModelSynced passkey –freely exportable
Providerscoped key –cannot leave provider
Device-bound key –cannot leave device
Key Scope
User experience aspects
•Authenticator friendly name
•Icon to show to user
Security characteristics
•Certification status (+FIPS)
•Key protection
•Fresh/cached user verification
•Attestation root certificate
•Key scope
Lost or stolen
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 664
- Slides 10
- Age 570 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
45 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
47 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
43 views
14
Fertility awareness methods for women in the society
Isaiah47
41 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
42 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
41 views