Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

U2F Tutorial - Authentication Tokens for Enterprise and Consumers

Download as PPTX, PDF
FIDO Alliance
FIDO Alliance

A technical tutorial on deploying FIDO U2F specifications for security tokens for enterprise and consumer authentication.

1 of 25
U2F Tutorial: Authentication Tokens for Enterprise and Consumers MIGUEL RODRIGUEZ, EXPERT SERVICES, YUBICO
2 ©2018Yubico Agenda ● About FIDO U2F and Security Keys ● Exploring FIDO U2F ● FIDO U2F Demos ● Integrating FIDO U2F
3 ©2018Yubico © 2017 Yubico About FIDO U2F and Security Keys
4 ©2017Yubico FIDO U2F / Security Keys Co-developed by Yubico and Google, completed and published as a standard by the FIDO Alliance in 2014 # of ServicesAny Shared SecretsNoOne Authenticator
5 ©2018Yubico U2F Value Secure Eliminates Phishing & Prevents MitM Simple Insert and Touch Gold Contact Scalable Use the Same Key for Unlimited Services Private No Shared Secrets Between Services No Shared Secrets with Yubico
6 Google Case Study U2F YubiKey vs Google Authenticator ● 4x faster to login ● Significant fraud reduction ● Support reduced by 92% ● YubiKey mandatory for all Google staff and contractors ● Support for Google end users
7 ©2018Yubico © 2017 Yubico Exploring FIDO U2F Protocol flows
8 Relying PartyUser Side U2F Code USB (HID) API U2F JS APISecure Hardware (optional) Transport USB (HID) Web Application U2F Library FIDO Client/ BrowserU2F Authenticator U2F Entities NFC API Bluetooth API NFC Bluetooth User Action Public Keys + Key Handles + Attestation Certificates
9 ©2018Yubico Generate private key, public key, key handle AppId, Challenge, origin, channel ID Private key (per service/site) 1 4 Verify client data, verify signature, store public key and key handle 5 Registration request 7 8 Successful registration How FIDO Registration Works Relying Party (e.g. web service/site) Authenticator (e.g. YubiKey) AppId, Challenge2 Client (e.g. web browser) Public key, key handle, signature 6 PK,KH, sig, client data 3 andFIDO
10 ©2018Yubico Require test of user presence before private key can be used Challenge, origin, channel ID Private key (per service/site) Public key 1 4 Check signature using public key to verify origin and channel ID 5 Login request 7 8 Successful login How FIDO Authentication Works Relying Party (e.g. web service/site) Authenticator (e.g. YubiKey) Challenge2 Client (e.g. web browser) Signed response 6 Signed response 3 andFIDO
11 ©2018Yubico © 2017 Yubico Demo 1 FIDO U2F and Firefox
12 ©2018Yubico © 2017 Yubico Demo 2 FIDO U2F and Android
13 ©2018Yubico © 2017 Yubico Integrating FIDO U2F
14 ©2018Yubico Integrating FIDO U2F- client side ● Typically a U2F enabled browser ● Use the u2f-api.js library (high level API) ○ Simplest way to get started ● Call two functions ○ u2f.register ○ u2f.sign ● If not a browser use a U2F host library (Python, C)
15 ©2018Yubico Integrating FIDO U2F- client side Errors 1. OTHER_ERROR: An error otherwise not enumerated here. 2. BAD_REQUEST: One of the following reasons: ○ The visited URL doesn’t match the App ID. ○ The App ID does not conform with the rules for App ID’s. ○ The U2F API is called with bad parameters (e.g. calling u2f.register with the parameters in the wrong order). 3. CONFIGURATION_UNSUPPORTED: Client configuration is not supported. 4. DEVICE_INELIGIBLE: The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle. 5. TIMEOUT: Timeout reached before request could be satisfied.
16 ©2018Yubico Integrating FIDO U2F- server side ● Some servers are tightly coupled with the web application ● Others are decoupled (U2F as REST or SOAP API) ● Pros and cons dependent on the web application ● Messages between the U2F Authenticator and the U2F Server are standardized ● Server implementation based on typical considerations ○ Cost ○ Ease-of-integration ○ Support ○ Scalability ○ Etc.
17 ©2018Yubico Integrating FIDO U2F- server side Tools for implementation (open source) ● Server libraries, in several programming languages: ○ C (libu2f-server) ○ Java (java-u2flib-server) ○ PHP (php-u2flib-server ○ Python (python-u2flib-server) ● Stand alone server (demo only): ○ Yubico U2FVAL server (REST, Python)
18 ©2018Yubico Integrating FIDO U2F- server side ● Server-side U2F library has 4 basic functions: ○ Start registration ○ Finish registration ○ Start authentication ○ Finish authentication
19 ©2018Yubico Integrating FIDO U2F- server side Registration
20 ©2018Yubico Generate private key, public key, key handle AppId, Challenge, origin, channel ID Private key (per service/site) 1 4 Verify client data, verify signature, store public key and key handle 5 Registration request 7 8 Successful registration Integrating FIDO U2F - server side Relying Party Authenticator (e.g. YubiKey) start_registration 2 Client (e.g. web browser) Public key, key handle, signature 6 end_registration 3 andFIDO Generate challenge
21 ©2018Yubico Integrating FIDO U2F- server side Authentication
22 ©2018Yubico Integrating FIDO U2F- server side Authentication: create challenges for all registered devices
23 ©2018Yubico Integrating FIDO U2F- server side Authentication: successful for one registered device
Get Started ● Read the specifications: fidoalliance.org/specifications/overview/ ● Go through a MiniTwit U2F tutorial: MiniTwit training video Implement ● Google reference code: github.com/google/u2f-ref-code ● Build your own U2F server: dev.yubi.co/U2F/libraries ● Use Yubico standalone U2F server: dev.yubi.co/u2fval Test ● Yubico U2F demo server: demo.yubico.com/u2f ● Google U2F demo server: u2fdemo.appspot.com FIDO U2F - Learn More 24
25 ©2017Yubico

More Related Content

What's hot

FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
FIDO Alliance
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
FIDO Alliance
 
ID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-on
Nov Matake
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?
Thomas Konrad
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
FIDO Alliance
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
Guy Marom
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
FIDO Alliance
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
marcuschristie
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
FIDO Alliance
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
Yuichi Nakamura
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
Vasiliy Suvorov
 
パスワードのいらない世界へ
パスワードのいらない世界へパスワードのいらない世界へ
パスワードのいらない世界へ
Keiko Itakura
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
FIDO Alliance
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
Torsten Lodderstedt
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
Haniyama Wataru
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
Evernym
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
FIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance
 

What's hot (20)

FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
 
ID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-onID & IT 2013 - OpenID Connect Hands-on
ID & IT 2013 - OpenID Connect Hands-on
 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
Introduction to FIDO Alliance
Introduction to FIDO AllianceIntroduction to FIDO Alliance
Introduction to FIDO Alliance
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
 
Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs Verifiable Credentials, Self Sovereign Identity and DLTs
Verifiable Credentials, Self Sovereign Identity and DLTs
 
パスワードのいらない世界へ
パスワードのいらない世界へパスワードのいらない世界へ
パスワードのいらない世界へ
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)OpenID for Verifiable Credentials (IIW 35)
OpenID for Verifiable Credentials (IIW 35)
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
 
The Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized IdentityThe Shift from Federated to Decentralized Identity
The Shift from Federated to Decentralized Identity
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 

Similar to U2F Tutorial - Authentication Tokens for Enterprise and Consumers

Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User Experience
FIDO Alliance
 
FIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social LoginFIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social Login
FIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
FIDO Alliance
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
FIDO Alliance
 
FIDO Certified Program: Status & Futures
FIDO Certified Program: Status & FuturesFIDO Certified Program: Status & Futures
FIDO Certified Program: Status & Futures
FIDO Alliance
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
FIDO, Federation & Facebook Social login
FIDO, Federation & Facebook Social loginFIDO, Federation & Facebook Social login
FIDO, Federation & Facebook Social login
FIDO Alliance
 
FIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in JapanFIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in Japan
FIDO Alliance
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
FIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
FIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
FIDO Alliance
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
LINE Corporation
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
FIDO Alliance
 
UAF Case Study by NTT Docomo
UAF Case Study by NTT DocomoUAF Case Study by NTT Docomo
UAF Case Study by NTT Docomo
FIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
Yenlo
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
FIDO Alliance
 

Similar to U2F Tutorial - Authentication Tokens for Enterprise and Consumers (20)

Normalization of Security Key User Experience
Normalization of Security Key User ExperienceNormalization of Security Key User Experience
Normalization of Security Key User Experience
 
FIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social LoginFIDO, Federation & Facebook Social Login
FIDO, Federation & Facebook Social Login
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
 
FIDO Certified Program: Status & Futures
FIDO Certified Program: Status & FuturesFIDO Certified Program: Status & Futures
FIDO Certified Program: Status & Futures
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
FIDO, Federation & Facebook Social login
FIDO, Federation & Facebook Social loginFIDO, Federation & Facebook Social login
FIDO, Federation & Facebook Social login
 
FIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in JapanFIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in Japan
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
 
UAF Case Study by NTT Docomo
UAF Case Study by NTT DocomoUAF Case Study by NTT Docomo
UAF Case Study by NTT Docomo
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
 

More from FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
FIDO Alliance
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
FIDO Alliance
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
FIDO Alliance
 

More from FIDO Alliance (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 

Recently uploaded

Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum ThreatsNavigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
anupriti
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
Larry Smarr
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
anupriti
 
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design ApproachesKnowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Earley Information Science
 
AI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AIAI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AI
Raphaël Semeteys
 
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
uuuot
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
Matthew Sinclair
 
How Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global ScaleHow Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global Scale
ScyllaDB
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions
 
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
amitchopra0215
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
Alpen-Adria-Universität
 
Performance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy EvertsPerformance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy Everts
ScyllaDB
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Chris Swan
 
AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)
apoorva2579
 
STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1
Dr. Jimmy Schwarzkopf
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
BookNet Canada
 
What's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdfWhat's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdf
SeasiaInfotech2
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
Margaret Fero
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
Aurora Consulting
 
How to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory ModelHow to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory Model
ScyllaDB
 

Recently uploaded (20)

Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum ThreatsNavigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
Navigating Post-Quantum Blockchain: Resilient Cryptography in Quantum Threats
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
 
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design ApproachesKnowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
Knowledge and Prompt Engineering Part 2 Focus on Prompt Design Approaches
 
AI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AIAI_dev Europe 2024 - From OpenAI to Opensource AI
AI_dev Europe 2024 - From OpenAI to Opensource AI
 
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
一比一原版(msvu毕业证书)圣文森山大学毕业证如何办理
 
20240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 202420240702 QFM021 Machine Intelligence Reading List June 2024
20240702 QFM021 Machine Intelligence Reading List June 2024
 
How Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global ScaleHow Netflix Builds High Performance Applications at Global Scale
How Netflix Builds High Performance Applications at Global Scale
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
 
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
@Call @Girls Pune 0000000000 Riya Khan Beautiful Girl any Time
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
 
Performance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy EvertsPerformance Budgets for the Real World by Tammy Everts
Performance Budgets for the Real World by Tammy Everts
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
 
AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)AC Atlassian Coimbatore Session Slides( 22/06/2024)
AC Atlassian Coimbatore Session Slides( 22/06/2024)
 
STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1STKI Israeli Market Study 2024 final v1
STKI Israeli Market Study 2024 final v1
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
 
What's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdfWhat's Next Web Development Trends to Watch.pdf
What's Next Web Development Trends to Watch.pdf
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
 
How to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory ModelHow to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory Model
 

U2F Tutorial - Authentication Tokens for Enterprise and Consumers

  • 1. U2F Tutorial: Authentication Tokens for Enterprise and Consumers MIGUEL RODRIGUEZ, EXPERT SERVICES, YUBICO
  • 2. 2 ©2018Yubico Agenda ● About FIDO U2F and Security Keys ● Exploring FIDO U2F ● FIDO U2F Demos ● Integrating FIDO U2F
  • 3. 3 ©2018Yubico © 2017 Yubico About FIDO U2F and Security Keys
  • 4. 4 ©2017Yubico FIDO U2F / Security Keys Co-developed by Yubico and Google, completed and published as a standard by the FIDO Alliance in 2014 # of ServicesAny Shared SecretsNoOne Authenticator
  • 5. 5 ©2018Yubico U2F Value Secure Eliminates Phishing & Prevents MitM Simple Insert and Touch Gold Contact Scalable Use the Same Key for Unlimited Services Private No Shared Secrets Between Services No Shared Secrets with Yubico
  • 6. 6 Google Case Study U2F YubiKey vs Google Authenticator ● 4x faster to login ● Significant fraud reduction ● Support reduced by 92% ● YubiKey mandatory for all Google staff and contractors ● Support for Google end users
  • 7. 7 ©2018Yubico © 2017 Yubico Exploring FIDO U2F Protocol flows
  • 8. 8 Relying PartyUser Side U2F Code USB (HID) API U2F JS APISecure Hardware (optional) Transport USB (HID) Web Application U2F Library FIDO Client/ BrowserU2F Authenticator U2F Entities NFC API Bluetooth API NFC Bluetooth User Action Public Keys + Key Handles + Attestation Certificates
  • 9. 9 ©2018Yubico Generate private key, public key, key handle AppId, Challenge, origin, channel ID Private key (per service/site) 1 4 Verify client data, verify signature, store public key and key handle 5 Registration request 7 8 Successful registration How FIDO Registration Works Relying Party (e.g. web service/site) Authenticator (e.g. YubiKey) AppId, Challenge2 Client (e.g. web browser) Public key, key handle, signature 6 PK,KH, sig, client data 3 andFIDO
  • 10. 10 ©2018Yubico Require test of user presence before private key can be used Challenge, origin, channel ID Private key (per service/site) Public key 1 4 Check signature using public key to verify origin and channel ID 5 Login request 7 8 Successful login How FIDO Authentication Works Relying Party (e.g. web service/site) Authenticator (e.g. YubiKey) Challenge2 Client (e.g. web browser) Signed response 6 Signed response 3 andFIDO
  • 11. 11 ©2018Yubico © 2017 Yubico Demo 1 FIDO U2F and Firefox
  • 12. 12 ©2018Yubico © 2017 Yubico Demo 2 FIDO U2F and Android
  • 14. 14 ©2018Yubico Integrating FIDO U2F- client side ● Typically a U2F enabled browser ● Use the u2f-api.js library (high level API) ○ Simplest way to get started ● Call two functions ○ u2f.register ○ u2f.sign ● If not a browser use a U2F host library (Python, C)
  • 15. 15 ©2018Yubico Integrating FIDO U2F- client side Errors 1. OTHER_ERROR: An error otherwise not enumerated here. 2. BAD_REQUEST: One of the following reasons: ○ The visited URL doesn’t match the App ID. ○ The App ID does not conform with the rules for App ID’s. ○ The U2F API is called with bad parameters (e.g. calling u2f.register with the parameters in the wrong order). 3. CONFIGURATION_UNSUPPORTED: Client configuration is not supported. 4. DEVICE_INELIGIBLE: The presented device is not eligible for this request. For a registration request this may mean that the token is already registered, and for a sign request it may mean that the token does not know the presented key handle. 5. TIMEOUT: Timeout reached before request could be satisfied.
  • 16. 16 ©2018Yubico Integrating FIDO U2F- server side ● Some servers are tightly coupled with the web application ● Others are decoupled (U2F as REST or SOAP API) ● Pros and cons dependent on the web application ● Messages between the U2F Authenticator and the U2F Server are standardized ● Server implementation based on typical considerations ○ Cost ○ Ease-of-integration ○ Support ○ Scalability ○ Etc.
  • 17. 17 ©2018Yubico Integrating FIDO U2F- server side Tools for implementation (open source) ● Server libraries, in several programming languages: ○ C (libu2f-server) ○ Java (java-u2flib-server) ○ PHP (php-u2flib-server ○ Python (python-u2flib-server) ● Stand alone server (demo only): ○ Yubico U2FVAL server (REST, Python)
  • 18. 18 ©2018Yubico Integrating FIDO U2F- server side ● Server-side U2F library has 4 basic functions: ○ Start registration ○ Finish registration ○ Start authentication ○ Finish authentication
  • 19. 19 ©2018Yubico Integrating FIDO U2F- server side Registration
  • 20. 20 ©2018Yubico Generate private key, public key, key handle AppId, Challenge, origin, channel ID Private key (per service/site) 1 4 Verify client data, verify signature, store public key and key handle 5 Registration request 7 8 Successful registration Integrating FIDO U2F - server side Relying Party Authenticator (e.g. YubiKey) start_registration 2 Client (e.g. web browser) Public key, key handle, signature 6 end_registration 3 andFIDO Generate challenge
  • 21. 21 ©2018Yubico Integrating FIDO U2F- server side Authentication
  • 22. 22 ©2018Yubico Integrating FIDO U2F- server side Authentication: create challenges for all registered devices
  • 23. 23 ©2018Yubico Integrating FIDO U2F- server side Authentication: successful for one registered device
  • 24. Get Started ● Read the specifications: fidoalliance.org/specifications/overview/ ● Go through a MiniTwit U2F tutorial: MiniTwit training video Implement ● Google reference code: github.com/google/u2f-ref-code ● Build your own U2F server: dev.yubi.co/U2F/libraries ● Use Yubico standalone U2F server: dev.yubi.co/u2fval Test ● Yubico U2F demo server: demo.yubico.com/u2f ● Google U2F demo server: u2fdemo.appspot.com FIDO U2F - Learn More 24