egis fido uaf solution
TRANSCRIPT
Egis FIDO UAF Solution
| Egis Technology Inc. CONFIDENTIAL 2
FIDO Server
Payment Server
Enterprise Server
Content Server
Eco System Architecture fingerprint enabled device
| Egis Technology Inc. CONFIDENTIAL 3
FIDO and Connected Applications • Egis offers Trusted IOT via FIDO at different area
Sensor
Transport
Discovery Data Transmission Device Management Access Control
Framework
Application
Platform
Smart Home
Education Enterprise Transport Mobility
Healthy Bank Payment
Secure
Secure Most Secure More Secure
| Egis Technology Inc. CONFIDENTIAL 4
Possible Trusted Solution • Different level of authenticators ensures different
secure requirements
Software
Protect keys in REE
Crypto in REE
Authenticator in REE
TEE Protect keys in TEE
Crypto in TEE
Authenticator in TEE
Secure display in TEE
SE
Protect keys in SE
HW Crypto in SE
Authenticator in SE
SE + TEE Protect keys in SE
HW Crypto in SE
Authenticators in TEE/SE
Secure display in TEE
FIDO
Smart Home
Education Enterprise Transport Mobility
Healthy & Medical
Bank Payment
Single Sign-On
Federation
Authentication
User Management
Digital Identity
FIDO
| Egis Technology Inc. CONFIDENTIAL 5
TEE
“Yukey” Egis UAF solution
• Offering Client & Server SDK, both are FIDO certified at May & July
• Biometric verification enabled authenticator, a.k.a. Egis touch solution (fingerprint)
5
Clo
ud
An
dro
id
Egis touch solution
Sen
sor
I/O
FIDO UAF Client
Fingerprint Service
Fingerprint Verifier Trusted AP
Fingerprint matcher UAF Authenticator Trusted AP
FIDO-Enabled Web APP:
FIDO UAF Server
FIDO-Enabled APP
Authenticator TEE API
Egis FIDO UAF SDK
ASM
Relying party
Payment Service using Egis Fingerprint FIDO UAF Solution
| Egis Technology Inc. CONFIDENTIAL 7
Clo
ud
Integration case: Payment Service • Multiple authorization services supporting • Visible in 3rd party application
An
dro
id
Payment gateway
Payment Services (Payment API)
Payment App Authorization
Service
Authenticator (FP enabled)
Egis
FIDO Authentication
Service (FIDO API)
FIDO Client
preload CA
E-Commerce
Merchant Client App
Authenticate Service
provider
Certificate Authority service
FIDO RP
Select authorize method
Merchant Web App
CONFIDENTIAL | Egis Technology Inc. CONFIDENTIAL 8
Integration Case Study • Client
Seamless upgrade to 2nd factor verification
Bio-metric identification methodology adopt
Account association & registered authenticator house keeping
• Server Performance issue,
considering cryptographic hardware accelerator
Scalability & security
Multiple authentication strategy method
| Egis Technology Inc. CONFIDENTIAL 9
Demo
• Egis YuKey UAF Demo
• Egis YuKey Payment Service Demo
– Federated ID & payment ‘YuKey QRBuy’