This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.
This document discusses using FIDO authentication in mobile networks. It addresses why multi-factor authentication is important for security and usability. It develops a digital identity ecosystem centered around mobility, leveraging mobile network operator assets. It proposes implementing FIDO authentication to support use cases across various industries, making authentication more universal across devices. FIDO provides a complimentary, standards-based secure authentication solution for mobile network operators.
Global Regulatory Landscape for Strong Authentication
The document discusses how governments are increasingly prioritizing strong authentication and looking to standards like FIDO to provide more secure, usable and privacy-preserving authentication. It notes that the UK and US governments have highlighted FIDO and endorsed its ability to deliver improved security without passwords. The document also discusses how authentication is an area of regulatory focus due to compliance needs around privacy, security and access across domains like digital government, healthcare, payments and financial services. It argues that FIDO specifications address regulatory needs by providing nimble, configurable and cost-effective strong authentication.
1) LINE is replacing existing biometric authentication with FIDO2 authentication in their mobile payment app LINE Pay to enhance security following payment fraud incidents.
2) They plan to expand FIDO integration to more LINE platforms and countries starting with the iOS version of LINE Pay in Japan.
3) LINE has developed their own FIDO authenticator called LINE iOS FIDO2 Combo which leverages the iPhone's Touch ID/Face ID and provides attestation through a trusted security module and whitebox abstraction layer.
Overview of FIDO Security Requirements and Certifications
1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators.
2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices.
3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.
This document discusses the adoption of FIDO UAF for two-factor authentication in Hong Kong. It notes that Hong Kong has strict cybersecurity regulations requiring two-factor authentication for high-risk transactions. FIDO UAF is presented as an ideal solution, as it allows for on-device biometric matching that preserves privacy while providing strong device binding through public key cryptography. The document outlines how FIDO UAF has been adopted by over a dozen major financial and government institutions in Hong Kong, protecting over 2.5 million user accounts. It discusses some lessons learned regarding limited device support and how to address offline authentication and scalability challenges. Finally, it presents Hong Kong's upcoming electronic identity system as an opportunity to further
Presented at FIDO Authentication Seminar – Tokyo
By: Alain Martin, VP, Strategic Partnerships, Gemalto; Secretary, FIDO Alliance Board of Directors; Co-Chair, FIDO Europe Working Group
Webinar: Considerations for Deploying FIDO in the Enterprise
Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.
The document provides an overview and introduction to the Authenticate 2021 conference. It discusses the growing need for strong user authentication given increased cyberattacks. It summarizes the FIDO Alliance's work in developing open authentication standards like WebAuthn and U2F to enable simpler and more secure authentication using public key cryptography and moving away from password-based systems. The document outlines the growing adoption of FIDO standards by companies and devices. It previews sessions and speakers at the conference and next steps for the FIDO Alliance to further authentication security and adoption.
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
The document discusses the problems with passwords and introduces FIDO as a solution. It notes that consumers have many online accounts but reuse few passwords, while businesses lose over $1 billion to credential theft annually. FIDO uses public key cryptography and requires a second factor, like a fingerprint, to log in securely. It has seen growing adoption with hundreds of implementations and support from governments and companies around the world working to replace passwords with stronger FIDO authentication.
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
The document discusses the problems with password-based authentication and introduces FIDO authentication as a solution. It summarizes that FIDO authentication uses public key cryptography to allow users to authenticate with a single gesture on their device, without needing shared secrets or passwords. FIDO authentication is being adopted by major companies and specifications are standardized, with over 500 authenticators certified for compatibility and security. The presentation promotes FIDO as the future of secure, usable authentication.
Deploying FIDO Authentication - Business ConsiderationsFIDO Alliance
The document discusses modern authentication and Nok Nok Labs' role in pioneering this area. It notes that Nok Nok Labs invented modern authentication, founded and led the FIDO Alliance, and has deployed authentication solutions for major markets. The document promotes the benefits of leveraging modern authentication, such as improved customer experience, higher retention and satisfaction, and reduced fraud and costs. It argues that authentication, security, and privacy will be vital for society with the rise of cloud services, IoT, and other technologies.
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
The General Data Protection Regulation (GDPR) come into effect earlier this year, ushering in the most significant change to European data protection laws in twenty years. The regulation impacts not only impact firms resident in the European Union (EU), but around the world, as any organization doing business with EU citizens must comply with the regulation.
FIDO Alliance standards were created from the outset with a “privacy by design” approach and are a strong fit for GDPR compliance. Crucially, FIDO delivers authentication with no third-party involvement or tracking between accounts and services. And when it comes to biometrics, FIDO standards prevent this information from being stored and matched in servers – it never leaves the user’s device – and FIDO(R) Certified devices do not allow for any biometric data to be captured.
This presentation includes:
- Key GDPR considerations when deploying strong authentication
- Where FIDO Authentication relates to GDPR articles on data protection, consent of data subject and data subject rights
- How FIDO can help your organization meet GDPR requirements
FIDO Authentication in a Mobile NetworkFIDO Alliance
This document discusses using FIDO authentication in mobile networks. It addresses why multi-factor authentication is important for security and usability. It develops a digital identity ecosystem centered around mobility, leveraging mobile network operator assets. It proposes implementing FIDO authentication to support use cases across various industries, making authentication more universal across devices. FIDO provides a complimentary, standards-based secure authentication solution for mobile network operators.
Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
The document discusses how governments are increasingly prioritizing strong authentication and looking to standards like FIDO to provide more secure, usable and privacy-preserving authentication. It notes that the UK and US governments have highlighted FIDO and endorsed its ability to deliver improved security without passwords. The document also discusses how authentication is an area of regulatory focus due to compliance needs around privacy, security and access across domains like digital government, healthcare, payments and financial services. It argues that FIDO specifications address regulatory needs by providing nimble, configurable and cost-effective strong authentication.
A First Step to a World without PasswordsFIDO Alliance
1) LINE is replacing existing biometric authentication with FIDO2 authentication in their mobile payment app LINE Pay to enhance security following payment fraud incidents.
2) They plan to expand FIDO integration to more LINE platforms and countries starting with the iOS version of LINE Pay in Japan.
3) LINE has developed their own FIDO authenticator called LINE iOS FIDO2 Combo which leverages the iPhone's Touch ID/Face ID and provides attestation through a trusted security module and whitebox abstraction layer.
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators.
2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices.
3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.
This document discusses the adoption of FIDO UAF for two-factor authentication in Hong Kong. It notes that Hong Kong has strict cybersecurity regulations requiring two-factor authentication for high-risk transactions. FIDO UAF is presented as an ideal solution, as it allows for on-device biometric matching that preserves privacy while providing strong device binding through public key cryptography. The document outlines how FIDO UAF has been adopted by over a dozen major financial and government institutions in Hong Kong, protecting over 2.5 million user accounts. It discusses some lessons learned regarding limited device support and how to address offline authentication and scalability challenges. Finally, it presents Hong Kong's upcoming electronic identity system as an opportunity to further
Presented at FIDO Authentication Seminar – Tokyo
By: Alain Martin, VP, Strategic Partnerships, Gemalto; Secretary, FIDO Alliance Board of Directors; Co-Chair, FIDO Europe Working Group
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.
The document provides an overview and introduction to the Authenticate 2021 conference. It discusses the growing need for strong user authentication given increased cyberattacks. It summarizes the FIDO Alliance's work in developing open authentication standards like WebAuthn and U2F to enable simpler and more secure authentication using public key cryptography and moving away from password-based systems. The document outlines the growing adoption of FIDO standards by companies and devices. It previews sessions and speakers at the conference and next steps for the FIDO Alliance to further authentication security and adoption.
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
FIDO And the Future of User AuthenticationFIDO Alliance
The document discusses the problems with passwords and introduces FIDO as a solution. It notes that consumers have many online accounts but reuse few passwords, while businesses lose over $1 billion to credential theft annually. FIDO uses public key cryptography and requires a second factor, like a fingerprint, to log in securely. It has seen growing adoption with hundreds of implementations and support from governments and companies around the world working to replace passwords with stronger FIDO authentication.
Introduction to FIDO Biometric AuthenticationFIDO Alliance
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
FIDO and the Future of User AuthenticationFIDO Alliance
The document discusses the problems with password-based authentication and introduces FIDO authentication as a solution. It summarizes that FIDO authentication uses public key cryptography to allow users to authenticate with a single gesture on their device, without needing shared secrets or passwords. FIDO authentication is being adopted by major companies and specifications are standardized, with over 500 authenticators certified for compatibility and security. The presentation promotes FIDO as the future of secure, usable authentication.
FIDO Authentication Account Recovery Framework at Yahoo JapanFIDO Alliance
This document discusses an account recovery framework for FIDO deployments. It proposes a generic account recovery model that covers a wide variety of recovery methods and addresses requirements for service providers. The framework defines recovery claims as abstractions of any types of data used for account recovery. It also describes recovery claim management involving credentials, attributes, and assertions bound to user accounts. Finally, the document outlines several example account recovery methods that could be implemented using this framework, including methods using multiple authenticators, collaborative recovery tokens, or a trusted person's authenticator.
- The document summarizes a presentation given by Brett McDowell, Executive Director of the FIDO Alliance, about updates to the FIDO Alliance and passwordless authentication standards.
- It highlights growing issues with passwords like high costs of password resets for organizations and high rates of password-related data breaches and phishing attacks.
- The FIDO Alliance is working to solve the password problem through open authentication standards based on public key cryptography that eliminate the reliance on shared secrets and enable strong, phishing-resistant multi-factor authentication with a single gesture.
- New developments include FIDO specifications becoming ITU and W3C standards, a growing number of FIDO2 certified products
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
This document summarizes the FIDO Alliance's vision and status. It discusses how authentication has become a major problem and how over 250 organizations are working together through the FIDO Alliance to solve this problem by developing open standards for simpler and stronger authentication using public key cryptography. The FIDO Alliance aims to deliver security, privacy, interoperability and usability through specifications such as FIDO UAF, FIDO U2F and the upcoming FIDO2/WebAuthn specifications. The Alliance has seen strong growth in functional certifications and aims to also offer security and biometric certifications to validate authenticator safety and accurate user identification.
Detailed information about membership levels, participation opportunities and the positive ROI that your company can find by helping drive FIDO’s efforts to create a thriving ecosystem for modern authentication.
FIDO as Regtech - Addressing Government RequirementsFIDO Alliance
This document discusses how authentication technology and government policies need to evolve together. It argues that FIDO authentication addresses regulatory needs in a secure, usable way. The document notes that governments are recognizing that two-factor authentication can now happen within a single device and that they should promote the "right" authentication standards like FIDO that are secure by default. Major reports recommend FIDO to overcome identity challenges in a way that empowers consumers.
Introduces why FIDO membership is beneficial to you - better security, reduced cost, simpler and safer for users. Presented by Brett McDowell, Executive Director of FIDO Alliance
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
Introduces FIDO Authentication: the problem, the solution, the Alliance and the market. Presented by Brett McDowell, Executive Director of the FIDO Alliance.
Deployment Case Study: Login.gov & FIDO2FIDO Alliance
In September 2018, login.gov began supporting FIDO2 as an option for multi-factor authentication. The security experts at login.gov were seeking to reduce the volume of users opting for SMS for multi-factor authentication by offering a more secure option. The security team used an iterative approach to deploy FIDO2 authentication and are continuously making improvements based on user feedback and platform needs. This webinar will tell the story of the login.gov implementation of FIDO2 and discuss their roadmap for future improvements.
Featured Speakers:
Steve Urciuoli, Consultant, Senior Cloud Architect, GSA
Jonathan Hooper, Innovation Specialist/Software Developer, 18F
Mike Magrath, Director, Global Regulations & Standards, OneSpan & Chair of FIDO Government Deployment Working Group
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew ShikiarFIDO Alliance
The document summarizes a presentation by Andrew Shikiar on solving password problems. It discusses the FIDO Alliance's work in establishing open authentication standards using public key cryptography and single gestures as an alternative to passwords. It provides an overview of key developments in 2019, including growing platform support for FIDO2, expanded addressable user base, global market validation, and membership growth. It outlines new work areas like device and user verification to strengthen identity assurance and plans for future developer focus and the first FIDO conference.
Andrew Shikiar, Executive Director & CMO of the FIDO Alliance outlines what FIDO has achieved in the last 7 years, how the market is adopting FIDO, and new expanded work areas focusing on identity verification and binding and the Internet of Things.
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
The document discusses the FIDO Alliance's vision and progress in developing open authentication standards to replace passwords. It summarizes that the FIDO Alliance aims to define interoperable authentication mechanisms that do not rely on passwords. It has gained over 250 members and its standards have been adopted by major companies and are supported on many devices. It outlines continued development of FIDO specifications and growth in certified products and deployments. The Alliance sees 2017 as a milestone year as it works on additional standards efforts and certification programs.
The document discusses FIDO developments in China. It summarizes that the FIDO China Working Group (FCWG) aims to lead collaboration within and outside of China, collect local regulatory requirements, promote FIDO solution deployment, and facilitate the evolution of FIDO technology. It then provides details on FIDO membership and labs in China, overall user coverage and deployment models, and FIDO-enabled OEMs. It discusses some challenges around competing authentication standards and opportunities in regulation and various industries. Finally, it outlines FCWG's focus on localizing FIDO to meet regulations, expanding deployment fields, collectively cooperating across the ecosystem.
Similar to FIDO UAF and PKI in Asia: A Case Study and Recommendations (20)
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk.
What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year?
Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year.
This webinar will review:
- Key changes to privacy regulations in 2024
- Key themes in privacy and data governance in 2024
- How to maximize your privacy program in the second half of 2024
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
FIDO UAF and PKI in Asia: A Case Study and Recommendations
1. All Rights Reserved | FIDO Alliance | Copyright 20181
FIDO UAF AND PKI IN ASIA –
A CASE STUDY AND
RECOMMENDATIONS
JOINT WHITE PAPER OF FIDO ALLIANCE AND ASIA PKI
CONSORTIUM (APKIC)
KAREN CHANG – EGIS TECHNOLOGY
OCTOBER 8, 2018
SINGAPORE
2. All Rights Reserved | FIDO Alliance | Copyright 20182
FIDO WEBSITE (APRIL 2018)
3. All Rights Reserved | FIDO Alliance | Copyright 20183
BACKGROUND OF APKIC (1)
• Asia PKI Forum was founded in 2001,
and transform to Asia PKI Consortium
in 2007, with leading organizations
from Asia area supported by
government and industrial sectors
• Objectives:
▸ Promote the applications of PKI in e-commerce, e-
government, e-financial, etc.
▸ Advance the interoperability among PKIs in countries in
the Asia region
▸ Collaboration with global community to deliver a
comprehensive framework of e-authentication
4. All Rights Reserved | FIDO Alliance | Copyright 20184
BACKGROUND OF APKIC (2)
Policy and Technology Promotion and Awareness
Asia PKI Interoperability Guideline
CA Responsibilities and Liability
Legal Issues on New Security
Technologies
Mutual Recognition of National PKIs
(Greater China, ASEAN)
Cross Border Applications(Trade,
Financial)
Asia PKI Case Study
Asia PKI Company List and Total
Solutions
Asia PKI Best Practice Award
Asia PKI Innovation Award
PKI Market Survey
International Collaboration(PAA,
AFACT, APSCA, FIDO, etc.)
5. All Rights Reserved | FIDO Alliance | Copyright 20185
CURRENT DEVELOPMENT IN ASIA (1)
• Di gi ta l Si gna ture Regula ti o n, N a ti o na l PKI, Publi c / L i cens ed CA
Country/
Region
National/Regional
PKI
Digital Signature
Legislation
Financial Regulation on PKI eID and Other PKI Applications
China ✓ (Some regions) ✓ (ESL, 2005) Mandatory for financial transaction
above certain amount
eID (Optional, with PKI), e-Government,
e-Commerce, etc.
Hong Kong ✓ (HKPost[13]) ✓ (ETO[19], 2000) Optional eID (Mandatory, with PKI option),
e-Government, e-Commerce, etc.
India ✓ (CCA[14]) ✓ (ITA-CCA, 2000) Mandatory for high risk bank
transactions
eID[26] (Mandatory, signed by PKI),
e-Government, e-Commerce, etc.
Japan ✓ (JPKI[15]) ✓ (ESaCBA, 2000) Optional eID (Optional, with PKI option),
e-Government, e-Commerce, etc.
Korea ✓ (NPKI, GPKI) ✓ (ESA, 1999) Optional (Mandatory~2014) eID (Optional without PKI),
e-Government, e-Commerce
Macao ✓ (eSignTrust[16]) ✓ (EDSL, 2005) Optional eID (Mandatory, with PKI option),
e-Government, e-Commerce, etc.
Taiwan ✓ (GPKI[4], FRCA) ✓ (ESA, 2002) Mandatory for high risk bank
transactions and all online stock trading
eID (Optional, with PKI),
e-Government, e-Commerce, etc.
Thailand ✓ (NRCA[17]) ✓ (ETA, 2001) Optional
eID, e-Government, e-Commerce
6. All Rights Reserved | FIDO Alliance | Copyright 20186
CURRENT DEVELOPMENT IN ASIA (2)
• Deployment of FIDO, PKI, and Others
China
Korea (1)
Macao (5)
Thailand (3)
India (6)
Taiwan (2)
Hong Kong
• eID by MPS with PKI
• Domain/Regional PKI
CFCA, BJCA, …
• FIDO in Chinese
FCWG
• National eID(UIDAI)
AADHAAR(Fingerprint, IRIS)
• National PKI(CCA)
eMudhra, (n)Code, …
- Financial, Government,
Procurement, …
• Digital Signature Regulation
• Nation eID
NID card & i-PIN
• National PKI(KISA)
NPKI & K-FIDO/GPKI & G-FIDO
Financial, Commerce, Government…
• Digital Signature Regulation
• Financial Sector
TWID (Financial Identification with PKI and FIDO)
• Government Sector
T-FIDO & Government PKI (MOEACA for Citizen)
• Telecom (Mobile Connect & FIDO)
• Digital Signature Regulation
• Hongkong Post, Macau Post -
eID with PKI (and FIDO)
• Digital Signature Regulation
• National PKI(ETDA)
NRCA, PKI/Mobile
Connect/FIDO
• eID (not active yet)
• Digital Signature
Regulation
Singapore
Malaysia
• eID (SingPass)
• eID with PKI and fingerprint (MyKad, …)
Japan
• National eID
My Number Card with JPKI
• FIDO in Telecom and others
• Digital Signature Regulation
7. All Rights Reserved | FIDO Alliance | Copyright 20187
NEEDS TO BE ADDRESSED
• Both financial and government sectors are highly regulated
in the regions
▸ Most regions in Asia/Europe have regulations to use PKI for digital(electronic)
signature with legal effects
▸ Financial transactions are required to use PKI in some regions
With the certificate issued by the “Certificate Authority”(CA) endorsed by the
regulations for digital(electronic) signature
• Accelerate the adoption of FIDO in Asia
▸ APKIC Member companies are not so familiar with FIDO and its use of biometrics
▸ Whitelist FIDO is needed in certain regions
• e.g., FIDO is whitelisted in certain financial transactions in some regions(Korea, Taiwan)
▸ Different member companies have different ideas on how FIDO should be used,
especially together with an existing PKI system
▸ FIDO has its own policies/opinions, too
8. All Rights Reserved | FIDO Alliance | Copyright 20188
WHITE PAPER IS THE ANSWER
• Whi te Pa per o f ‘Ho w to us e F IDO i n PKI pla tfo rm i n s o m e
A s i a n c o unti es ’
▸ Could communicate what could be done with FIDO in PKI platform
▸ Is an authoritative document endorsed by both organizations
APKIC members would recognize that it is official document to follow
▸ Is a tool to solidify consensus within APKIC members (public organizations and companies)
▸ Is a document used to educate rest of APKIC members and promote the adoption of FIDO
• B enefi ts :
▸ Support the development of FIDO where PKI has been used widely for certain
applications where PKI is mandatory for digital signature,
▸ and to provide a more convenient way and better user experience for the usage of PKI
with the adoption of FIDO technology
• Current Sta tus
▸ Joint work between members of FIDO and APKIC starting from early 2017, the copyright will
be co-owned by APKIC and FIDO
▸ Currently in the working draft stage
9. All Rights Reserved | FIDO Alliance | Copyright 20189
FIDO VS. PKI
Authenticator
Token
Certificate
Authority
Authentication Server Relying Party
Relying Party
Registration
Authority
Validation
Authority
Attestation
Service
…
FIDO
PKI
Key pairs
Key pairs
10. All Rights Reserved | FIDO Alliance | Copyright 201810
CASE STUDY (1)
• K-FIDO (FIDO + NPKI certificate) by KISA
11. All Rights Reserved | FIDO Alliance | Copyright 201811
CASE STUDY (2)
• Taiwan Identification Center (FIDO + PKI) by TWCA
12. All Rights Reserved | FIDO Alliance | Copyright 201812
RECOMMENDATIONS
• T h r e e c l a s s e s t o i n t e g r a t e F I D O a n d P K I
▸ Class 1: Shared Authenticator
Only client side implementation is needed
▸ Class 2: Synchronized Registration Process
Server side integration with or without client side implementation (reference from derived credential model)
(1) Bootstrapping PKI Registration with FIDO
(2) Bootstrapping FIDO Registration with PKI
(3) Combined Registration for FIDO and PKI
▸ Class 3: Shared Key Pairs
Need both server side integration and client side implementation
(1) FIDO reuse PKI’s key pair
(2) PKI reuse FIDO’s key pair
(3) Generate new FIDO+PKI key pair
• C l a s s 1 a n d 2 c o u l d b e i m p l e m e n t e d b y e x t e n s i o n o f F I D O
s p e c i f i c a t i o n s
• C l a s s 3 m a y c o n f l i c t w i t h F I D O S e c u r i t y G u i d e l i n e a n d U A F
s p e c i f i c a t i o n
▸ Not in the scope of recommendations in this version of white paper
13. All Rights Reserved | FIDO Alliance | Copyright 201813
CLIENT ARCHITECTURE (1)
• PKI us e F IDO ’s A uthentic ator
14. All Rights Reserved | FIDO Alliance | Copyright 201814
CLIENT ARCHITECTURE (2)
• F IDO us e PKI’s To ken
15. All Rights Reserved | FIDO Alliance | Copyright 201815
CLASS 2 (1)
• B o o ts tra ppi ng PKI regi s tra ti o n wi th F IDO
16. All Rights Reserved | FIDO Alliance | Copyright 201816
CLASS 2 (2)
• B o o ts tra ppi ng F IDO regi s tra ti on wi th PKI
17. All Rights Reserved | FIDO Alliance | Copyright 201817
CLASS 2 (3)
• Co m bi ned Regi s tra ti on fo r F IDO a nd PKI
18. All Rights Reserved | FIDO Alliance | Copyright 201818
CLASS 2 (4)
• Revo c a ti on Pro c es s
20. FIDO2 and PKI
20
Browser PKI
Platform PKI
Internal PKI Token
External PKI Token
RP APP Server
PKI Server
CA/RA/VA
Server
RP PKI App
PKCS#11
PKI Identification/Signature
Class 1
Class 2
•Browser
•Platform
21. 21
FIDO2+PKI
• Future Use Cases:
▸ United States:
• Education (Students and Teachers)
• Healthcare (Medical Wallet)
• Government (First Responders, DoD, DoI)
▸ Taiwan:
• Government Mobile Identity for Citizen (G2C services)
22. All Rights Reserved | FIDO Alliance | Copyright 201822
WELCOME JOINING WITH US!
23. 2018 FIDO TAIPEI SEMINAR
NOVEMBER 30, 2018
VICTORIA TAIPEI HOTEL
23
We Work together!
Moving Beyond Passwords!