fido in action experience sharing - digitimes-首頁 · pdf fileand all it takes is a simple...

FIDO in Action Experience Sharing

Egis Yukey Implementation

As Example

| Egis Technology Inc. CONFIDENTIAL 2

FIDO Server

Payment Server

Enterprise Server

Content Server

Eco System Architecture

FIDO Authenticator &

Client


FIDO and Connected Applications • Egis offers Trusted IOT via FIDO at different area

Sensor

Transport

Discovery Data Transmission Device Management Access Control

Framework

Application

Platform

Smart Home

Education Enterprise Transport Mobility

Healthy Bank Payment

Secure

Less Secure Most Secure More Secure


Possible Trusted Solution • Different level of authenticators ensures different

secure requirements

Software

Protect keys in REE

Crypto in REE

Authenticator in REE

TEE Protect keys in TEE

Crypto in TEE

Authenticator in TEE

Secure display in TEE

SE

Protect keys in SE

HW Crypto in SE

Authenticator in SE

SE + TEE Protect keys in SE

HW Crypto in SE

Authenticators in TEE/SE

Secure display in TEE

FIDO

Smart Home

Education Enterprise Transport Mobility

Healthy & Medical

Bank Payment

Single Sign-On

Federation

Authentication

User Management

Digital Identity

FIDO


“Yukey” FIDO Implementation

5

Cloud

Secure OS

HLOS

UAF Client

Fingerprint Matcher

UAF Authenticator Trusted AP

FIDO-Enabled APP

UAF ASM

FIDO-Enabled Web APP

FIDO Server (UAF/U2F)

Relying party

Touch solution

FIDO Solution

sensor I/O

FIDO-Enabled Browser

U2F Authenticator Trusted AP

U2F AIR Client

Fig. Mobility implement for FIDO UAF/U2F

Fingerprint Service


“Yukey” UAF Solution

• Offering Client & Server SDK, both are FIDO certified at May & July

• The authenticator is fingerprint enabled. (a.k.a. Egis-Touch-Solution)

6

Cloud

TEE

Android

UAF Client

Fingerprint Service

FP Matcher & Template Manager

Trusted AP

UAF Authenticator

Trusted AP

FIDO-Enabled APP

UAF ASM


FIDO UAF Server

Relying party

Touch solution

FIDO UAF SDK

Sensor

I/O Android & iOS certified & supported


“Yukey” UAF Offerings

7

Ker

nel

H

LOS

UAF Client

FIDO-Enabled APP

UAF ASM

Cloud


FIDO UAF Server

Relying party

Touch & Auth solution

FIDO UAF

sensor I/O

FIDO-Enabled Browser

UAF Authenticator

Finger Touch API & Trust

Auth

Security API (Touch ID & KeyChain )

Fingerprint manager API &

Key master

“ Y u k e y ” To u c h S D K

“ Y u k e y ” F i n g e r M

S D K

“ Y u k e y ” T r u s t A u t h

S D K

“ Y u k e y ” S e r v e r


Android, Embedded system

“Yukey” U2F Solution

Relying Party

• Offering software - U2F AIR sdk

• Offering hardware develop kit - Avalon

• Offering dongle product U2F certified -Caliburn

U2F (S)Dev.Kit

Touch solution

Cloud

U2F Server

Chrome Browser

U2F Handler Extension

U2F Client Extension Application Process

U2F Client

Sensor

I/O

TEE or SE


Trusted AP

U2F Authenticator

Trusted AP


Chrome Browser Cloud

“Yukey” U2F Solution (AIR SDK)

U2F Handler Extension

U2F Client Extension U2F Server

U2F AIR SDK

Touch solution

Android

U2F Client APK

Sensor

I/O

TEE


Trusted AP

U2F Authenticator

Trusted AP

AIR Connector

• U2F Server is hosted by Egis based on “github.com/google/u2f-ref-code/u2f-ref-code”

• “U2F Client Ext.” is based on “google/u2f-ref-code/u2f-chrome-extension”

• “U2F Handler Ext” & “AIR Connector” are BT&NFC transport protocol implemented

• “U2F Client APK” is BT&NFC connector for authenticator side

Relying Party

Yukey Dongle As Example


BASE SOLUTION

USB Dongle

12

Only YOU can access your YuKey.

” “ The FIDO USB U2F Security Key by Egis is a specially designed YuKey, relying on high‐security,

public‐key cryptography. Durable and conveniently sized, just insert it into any USB port, and it

works with any website that supports the FIDO U2F protocol, such as Google’s Gmail and

services. And all it takes is a simple touch your fingerprint!

U2F Dongle

It’s the fingerprint scanner that fits your workplace and lifestyle.


Yukey Dongle Service Solution

FIDO

OTP Enterprise-

CSP/ WBF/ AD/ Radius


CUSTOMER EXPERIENCE 1

Payment Service


Clo

ud

Authorization Federation • CA & UAF are operating as personal

authorization service federation

An

dro

id

Payment gateway

Payment Services (Payment API)

Payment App Authorization

Service

Authenticator (FP enabled)

Egis

FIDO Authentication

Service (FIDO API)

FIDO Client

preload CA

E-Commerce

Merchant Client App

Authenticate Service

provider

Certificate Authority service

FIDO RP

Select authorize method

Merchant Web App


CUSTOMER EXPERIENCE 2

Alipay


Cloud

Android application

Security element

Single packaged module (Sensor + SE)

Mobile Payment integrated

Biometric Verifier

Fingerprint manager

Alipay app

Security Path

Fingerprint sensor

Fingerprint matcher

Normal Path

FIDO Authenticator

FIDO UAF Server

FIDO Client/ASM

Alipay server

FIDO UAF Client

• On chip verification • EAL level 4 awarded

fido in action experience sharing - digitimes-首頁 · pdf fileand all it takes is a simple...

Documents