yubico

advertisement
Welkom
Network Solutions Nederland
heet u van harte welkom op
Zorg & ICT 2015
en gaat verder als
Een nieuwe naam bij een ervaren team
Safety
Gebruikersidentificatie | Toegangsmanagement
Control
Applicaties | Werkplekken | Informatiesystemen
Consultancy
Bedrijfsprocessen | Trends | Optimalisatie
Sterke authenticatie
Referentie: ZorgSaam Zeeuws Vlaanderen
FIDO alliance
Yubico en Yubikeys
Tord Fransson
VP Sales EMEA
Yubico
Changing the Nature of
Authentication
The New Standards for One Touch, Secure Login to
Health Care Services and Beyond
Tord Fransson
VP Sales EMEA
2
Yubico Today
Founded in 2007 in Sweden
HQ relocated to Silicon Valley 2011
Privately held
25 employees
3 offices worldwide: Palo Alto, London, Stockholm
2M users, 50K customers, 140 countries
3
The YubiKey Invention
•  The keyboard authenticator – no client software!
•  Instant, one touch user authentication
•  No batteries, practically indestructible, manufactured in USA & Sweden
•  FIPS cert. nr 2267 140-2, Oct 2014
YubiKey login
Enter PIN/password
****
Touch YubiKey
4
Web passwords are broken
Reused
Phished
Keylogged
5
Yubico vision - One key all Internet
6
YubiKey NEO
7
FIDO U2F emerging global standard
•  No drivers, client software or middleware
–  Native drivers, browser support
•  Highly scalable, protecting your privacy
–  New encryption keys for every service, only stored
on specific service
–  No secrets shared between service providers
•  Great user experience
–  To register and authenticate; a simple touch of a
button!
–  One U2F device to any number of services
8
U2F Entities
User Side
U2F Authenticator
Browser
FIDO Client
Relying Party
Web Application
User Action
U2F JS API
Secure U2F
Element
Transport
USB (HID)
U2F Library
U2F Code
USB (HID) API
Public Key +
KeyHandles
Registration
FIDO Client/
Browser
U2F Token
Relying
Party
app id, challenge
check
app id
a
a; challenge, origin, channel id, etc.
generate:
key kpub
key kpriv
handle h
c
kpub, h, attestation cert, signature(a,c,kpub,h)
s
c, kpub, h, attestation cert, s
cookie
store:
key kpub
handle h
for user
Authentication
FIDO Client/
Browser
U2F Token
Relying
Party
handle, app id, challenge
check
app id
h
a
retrieve:
key kpub
from
handle h
h, a; challenge, origin, channel id, etc.
retrieve:
key kpriv
from
handle h;
counter++
c
counter, signature(a,c,counter)
s
counter, c, s
set cookie
check:
signature
using
key kpub
Getting from username+password
Relying Party
username+password+U2F
Original DB
U2F DB
Original Database
U2F Database
user_id
user_id
Users
Password
Users
Password
Resources
Strengthen 2 step verification with Security Key
Google security blog
Yubico Security Key
yubico.com/security-key
Yubico Libraries, Plugins, Sample Code,
Documentation
developers.yubico.com
FIDO U2F Protocol Specification
fidoalliance.org/specifications
Yubico Demo Server - Test U2F
demo.yubico.com/u2f
Yubico Demo Server - Test Yubico OTP
demo.yubico.com
13
Contact
information
Contact
information
Tord Fransson
Mail: tord@yubico.com
Cell: +46 70 673 33 13
yubico.com
14
yubico.com
Two factors. One touch. Zero drivers
Dankt u voor uw aandacht
Wij spreken u graag op onze stand E62 in hal 11.
Download