Upload File

build 2016 - p491 - windows unlock with iot devices

30
#Build2016 Windows Unlock with IoT Devices Anoosh Saboori Senior Program Manager

Upload: windows-developer

Post on 13-Jan-2017

383 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Build 2016 - P491 - Windows Unlock with IoT Devices

#Build2016

Windows Unlock with IoT DevicesAnoosh SabooriSenior Program Manager

Page 2: Build 2016 - P491 - Windows Unlock with IoT Devices

MICROSOFT CONFIDENTIAL

Page 3: Build 2016 - P491 - Windows Unlock with IoT Devices

DemosMicrosoft Band Sign In

Page 4: Build 2016 - P491 - Windows Unlock with IoT Devices
Page 5: Build 2016 - P491 - Windows Unlock with IoT Devices

Microsoft Passport & Windows HelloA two-factor authentication system built for you and your users

Achieve higher levels of security while reducing costs

Increase user convenience with simple

unlock gestures

Page 6: Build 2016 - P491 - Windows Unlock with IoT Devices

PIN

Private keys secured in TPM

Windows HelloBiometric

or

Second Factor in Previous Release

First Factor

Second Factor

Page 7: Build 2016 - P491 - Windows Unlock with IoT Devices

PIN

Private keys secured in TPM

Windows HelloBiometric

or

First Factor

Second Factor

Second Factor in Upcoming Release

or

Companion Devices

Page 8: Build 2016 - P491 - Windows Unlock with IoT Devices

Overview

An app or service Companion UWP App

Companion Device

Companion Device Authentication Service

Companion Device Credential Provider

Trigger Start

Registration/Authentication

PC

Device specific transport protocol

Page 9: Build 2016 - P491 - Windows Unlock with IoT Devices

Make Companion Device Sociable via Signals Intent signal a signal that allows the user to show his intent for unlock

Disambiguation signala signal to disambiguate which Windows 10 desktop the user wants to unlock when multiple options are available to the Companion Device

User presence signala signal that proves presence of user, like a device PIN

Page 10: Build 2016 - P491 - Windows Unlock with IoT Devices

User Flow OverviewSet up a PC PIN on each of target Windows 10 desktop she wants to unlock with that Companion Device.

Download and run the companion app on Windows 10 desktop to register the Companion Device with Windows 10 desktop

Collect the signals and unlock PCwhen PC is in locked state

Page 11: Build 2016 - P491 - Windows Unlock with IoT Devices

Messaging

Page 12: Build 2016 - P491 - Windows Unlock with IoT Devices

Protocol Overview

Page 13: Build 2016 - P491 - Windows Unlock with IoT Devices

Register Unlock

Page 14: Build 2016 - P491 - Windows Unlock with IoT Devices

Security Principles1. PC unlock requires

registered companion device being present

2. Companion device only talks to PC with which it was registered

HMAC key 1 (stored on Companion Device)

HMAC key 2 (stored on both PC and Companion Device)

Page 15: Build 2016 - P491 - Windows Unlock with IoT Devices

Register

Page 16: Build 2016 - P491 - Windows Unlock with IoT Devices

Prepare

• Register background task• Establish two HMAC keys, signals, and device

capabilities

Start• Call RequestStartRegisteringDeviceAsync

Finish• Call FinishRegisteringDeviceAsync

Clean up

• Companion Device stores HMAC keys• Companion app discards its copies

Page 17: Build 2016 - P491 - Windows Unlock with IoT Devices

Code WalkthroughRegister

Page 18: Build 2016 - P491 - Windows Unlock with IoT Devices

RequestStartRegisteringDeviceAsync API HRESULT RequestStartRegisteringDeviceAsync( [in] HSTRING deviceId, [in] SecondaryAuthenticationFactorDeviceCapabilities capabilities, [in] HSTRING deviceFriendlyName, [in] HSTRING deviceModelNumber, [in] Windows.Storage.Streams.IBuffer* deviceKey, [in] Windows.Storage.Streams.IBuffer* mutualAuthenticationKey, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorRegistrationResult*>** operation);

Page 19: Build 2016 - P491 - Windows Unlock with IoT Devices

FinishRegisteringDeviceAsync API HRESULT FinishRegisteringDeviceAsync( [in] Windows.Storage.Streams.IBuffer* deviceConfigurationData, [out, retval] Windows.Foundation.IAsyncAction** result);

Page 20: Build 2016 - P491 - Windows Unlock with IoT Devices

Unlock

Page 21: Build 2016 - P491 - Windows Unlock with IoT Devices

Wait• WaitingForUserConfirmation, OR• CollectingCredential

Start• Call StartAuthenticationAsync

Compute

• Communicate with Companion Device to perform required HMAC operations

Finish

• Call FinishAuthenticationAsync• Wait for CredentialAuthenticated to start success flow• Wait for StoppingAuthentication to kill your background task

Two API calls should be made within 20 seconds

PC was locked

All signals collected

Page 22: Build 2016 - P491 - Windows Unlock with IoT Devices

Code WalkthroughUnlock

Page 23: Build 2016 - P491 - Windows Unlock with IoT Devices

StartAuthenticationAsync API HRESULT StartAuthenticationAsync( [in] HSTRING deviceId, [in] Windows.Storage.Streams.IBuffer* serviceAuthenticationNonce, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorAuthenticationResult*>** operation);

Page 24: Build 2016 - P491 - Windows Unlock with IoT Devices

FinishAuthenticationAsync API HRESULT FinishAuthenticationAsync( [in] Windows.Storage.Streams.IBuffer* deviceHmac, [in] Windows.Storage.Streams.IBuffer* sessionHmac, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorFinishAuthenticationStatus>** result);

Page 25: Build 2016 - P491 - Windows Unlock with IoT Devices

Security, Management, and Policy

Page 26: Build 2016 - P491 - Windows Unlock with IoT Devices

A Word on SecurityProtect HMAC keys, at rest and on fly

offline attackcloningexportability

Verify user presence securelyanti spoofinguniquenessanti hammeringreliable

Page 27: Build 2016 - P491 - Windows Unlock with IoT Devices

ManagementVia Windows

Windows performs A/AD or MSA authenticationWindows does not provide a portal to view, audit, revoke, or manage these devicesWindows does not provide roaming

Via app From the app, user can

unregister a Companion Device

MICROSOFT CONFIDENTIAL

Page 28: Build 2016 - P491 - Windows Unlock with IoT Devices

IT Admin Concepts

PolicyAn on/off switch for Companion DevicesAllowed list of Companion Device apps via Windows app locker

RevocationRemove a device type from companion app allowed list when a breach is detected in that device type

MICROSOFT CONFIDENTIAL

Page 29: Build 2016 - P491 - Windows Unlock with IoT Devices

•Send email to [email protected] to get started

Call to Action

mailto:[email protected]
Page 30: Build 2016 - P491 - Windows Unlock with IoT Devices

© 2016 Microsoft Corporation. All rights reserved.


Unlock Logistika

Unlock SGCh29

How to unlock the full potential of the IoT with a smart & light operating system?

Unlock Value of your IoT Data with Tableau · 2020-01-06 · AWS Getting Started with IoT Collect Process Store Analyze. Let’s Build an IoT Platform! Coffee = Productivity. Success

Comportamento Grupo-Felix Neto UAberta p491-548

Imei unlock | iPhone Unlock | Official iPhone Unlock

Unlock lenovo k800 – free unlock codes

Using IoT Device Gateways to Unlock Business Value from ... · what is commonly called the Internet of Things (IoT). McKinsey Global Institute estimates that the global economic impact

IoT Cloud: How TeMeDa & Hexagon Metrology Unlock the Power of Connected

Unlock Programacion

Unlock the power of Industrial IoT with analytics · 2025, the global volume of data will soar to 163 zettabytes. Those IoT devices create large amounts of data that need to be analyzed

Unlock Proyectodeunsistema

Unlock the Future of Security and IoT industry · Overview • Technology Trends ... and cyber-physical system can ... Southeast Asia 73% Asian Security Professionals 36%

Semantic Metastandards will Unlock IoT Interoperability

Allion Unlock

Unlock Bab2

A Vision for Secure IoT - CableLabs · 2020-05-14 · A Vision for Secure IoT 3 other physical damage to his or her home.7 Researchers have demonstrated the ability to easily unlock

How IoT solutions and services unlock value for … IoT solutions and services unlock value for people, assets, and operations ... IoT-enabled innovation areas in the industrial world

Unlock Scilab13

Web of Things - Microsoft · Web of Things Countering Fragmentation to unlock the potential of the IoT ... • Registering with home hub or a cloud based service – IoT device discovers

0521825741pt08 c01 p491-544 - UNHCR · 8.1 Cessationofrefugeeprotection joan fitzpatrick and rafael bonoan∗ Contents I.Introduction page 492 II.Ceasedcircumstancescessation 493

Mastering the 6 LEVELS - PTC · Mastering the 6 LEVELS of IoT Success How to use a purpose-built IoT platform to unlock the benefits of smart, connected products PAGE: 1 2 3 4 5 6

How 5G Can Unlock the Potential of Industrial IoT...How 5G Can Unlock the Potential of Industrial IoT Ben Timmons Senior Director, Business Development Qualcomm Technologies International,

Unlock Dermunicipal

Unlock htc

Enduring the IoT storm to unlock new paths to value · Hollywood action movie plots? No. These are real news ... 5 Internet of Things (IoT) connected devices installed base worldwide

Unlock Auditoria

A Vision for Secure IoT - CableLabs...A Vision for Secure IoT 3 other physical damage to his or her home.7 Researchers have demonstrated the ability to easily unlock a connected door-lock

Unlock 04SistemasUnion

UNLOCK magazine

Unlock Sdfsdfsdfsdfsdf

Unlock blockchain technology for your business · Technology AT&T advantage Industry • Blockchain infrastructure development • Blockchain IoT data and asset management • Immutable

Unlock RisquesBancairesIscae

Unlock cellphone

How 5G can unlock the Potential of Industrial IoT · 2020. 4. 7. · 9 Industrial IoT with eURLLC, 5G NR C-V2X… Integrated Access and Backhaul, Unlicensed/shared spectrum,… Continued