FIDO CERITFIED SYSTEMS
TOUCHEN ONEPASS MEANS SECURITY
The TouchEn OnePass system implements an extremely high level of security at every point of the process.
The UAF protocol itself is built on some of the strongest available encryption available and the TouchEn OnePass architecture provides an additional security advantage in that by being highly modular and easy-to-implement, its security is scalable as newer and even more secure authenticators become available, there is no need to deploy additional systems.
What Makes FIDO Different?
The core ideas driving FIDO are:
(1) ease of use,
(2) privacy and security,
For implementing authentication beyond a password (and perhaps an OTP), companies have traditionally been faced with an entire stack of proprietary clients and protocols.
FIDO changes this by standardizing the client and protocol layers. This ignites a thriving ecosystem of client authentication methods such as biometrics, PINs and second–factors that can be used with a variety of online services in an interoperable manner.
User is prompted to choose an available FIDO authenticator that matches the online service’s acceptance policy.
User unlocks the FIDO authenticator using a fingerprint reader, a button on a second–factor device (U2F protocol), securely–entered PIN or other method.
User’s device creates a new public/private key pair unique for the local device, online service and user’s account.
Public key is sent to the online service and associated with the user’s account. The private key and any information about the local authentication method (such as biometric measurements or templates) never leave the local device.
Online service challenges the user to login with a previously registered device that matches the service’s acceptance policy.
User unlocks the FIDO authenticator using the same method as at Registration time.
Device uses the user’s account identifier provided by the service to select the correct key and sign the service’s challenge.
Client device sends the signed challenge back to the service, which verifies it with the stored public key and logs in the user.
Online Crypto Protocol Standardization
FIDO standardizes the authentication protocol used between the client and the online service. The protocol is based on standard public key cryptography — the client registers a public key with the online service at initial setup. Later, when authenticating, the service verifies that the client owns the private key by asking it to sign a challenge. The protocol is designed to ensure user privacy and security in the current day state of the internet.
Client Standardization for Local Authentication
FIDO standards define a common interface at the client for the local authentication method that the user exercises. The client can be pre–installed on the operating system or web browser. Different authentication methods such as secure PIN, biometrics (face, voice, iris, fingerprint recognition, etc.) and second–factor devices can be “plugged in” via this standardized interface into the client.
The TouchEn OnePass system brings all the security and ease-of-use inherent in the FIDO protocol.
It is easy to implement and extensible.
It improves the user experience by minimizing password use as well as provisioning biometric authentication methods such as fingerprint scanning or voice or facial recognition.
It also provides more secure authentication end-to-end by segmenting risk and taking advantage of secure hardware implementation as well as public key infrastructure on the server side.
The system is modular and scalable and will grow and be enhanced by future improvements in mobile devices and authenticators thus “future-proofing” an organization at the same time as it simplifies authentication silos.
Mobile Security / PC Security / Integrated Authentication Security / FIDO-based BIO authentication
Effective management through an integrated platform of various authentication services. Provides an authentication service with guaranteed convenience and security.
FIDO provides two user experiences to address a wide range of use cases and deployment scenarios. FIDO protocols are based on public key cryptography and are strongly resistant to phishing.
Passwordless UX (UAF)
User carries client device with UAF stack installed
User presents a local biometric or PIN
Website can choose whether to retain a password
The Passwordless FIDO experience is supported by the Universal Authentication Framework (UAF) protocol. In this experience, the user registers their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. The UAF protocol allows the service to select which mechanisms are presented to the user.
Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. The user no longer needs to enter their password when authenticating from that device. UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN.