Welkom Network Solutions Nederland heet u van harte welkom op Zorg & ICT 2015 en gaat verder als Een nieuwe naam bij een ervaren team Safety Gebruikersidentificatie | Toegangsmanagement Control Applicaties | Werkplekken | Informatiesystemen Consultancy Bedrijfsprocessen | Trends | Optimalisatie Sterke authenticatie Referentie: ZorgSaam Zeeuws Vlaanderen FIDO alliance Yubico en Yubikeys Tord Fransson VP Sales EMEA Yubico Changing the Nature of Authentication The New Standards for One Touch, Secure Login to Health Care Services and Beyond Tord Fransson VP Sales EMEA 2 Yubico Today Founded in 2007 in Sweden HQ relocated to Silicon Valley 2011 Privately held 25 employees 3 offices worldwide: Palo Alto, London, Stockholm 2M users, 50K customers, 140 countries 3 The YubiKey Invention • The keyboard authenticator – no client software! • Instant, one touch user authentication • No batteries, practically indestructible, manufactured in USA & Sweden • FIPS cert. nr 2267 140-2, Oct 2014 YubiKey login Enter PIN/password **** Touch YubiKey 4 Web passwords are broken Reused Phished Keylogged 5 Yubico vision - One key all Internet 6 YubiKey NEO 7 FIDO U2F emerging global standard • No drivers, client software or middleware – Native drivers, browser support • Highly scalable, protecting your privacy – New encryption keys for every service, only stored on specific service – No secrets shared between service providers • Great user experience – To register and authenticate; a simple touch of a button! – One U2F device to any number of services 8 U2F Entities User Side U2F Authenticator Browser FIDO Client Relying Party Web Application User Action U2F JS API Secure U2F Element Transport USB (HID) U2F Library U2F Code USB (HID) API Public Key + KeyHandles Registration FIDO Client/ Browser U2F Token Relying Party app id, challenge check app id a a; challenge, origin, channel id, etc. generate: key kpub key kpriv handle h c kpub, h, attestation cert, signature(a,c,kpub,h) s c, kpub, h, attestation cert, s cookie store: key kpub handle h for user Authentication FIDO Client/ Browser U2F Token Relying Party handle, app id, challenge check app id h a retrieve: key kpub from handle h h, a; challenge, origin, channel id, etc. retrieve: key kpriv from handle h; counter++ c counter, signature(a,c,counter) s counter, c, s set cookie check: signature using key kpub Getting from username+password Relying Party username+password+U2F Original DB U2F DB Original Database U2F Database user_id user_id Users Password Users Password Resources Strengthen 2 step verification with Security Key Google security blog Yubico Security Key yubico.com/security-key Yubico Libraries, Plugins, Sample Code, Documentation developers.yubico.com FIDO U2F Protocol Specification fidoalliance.org/specifications Yubico Demo Server - Test U2F demo.yubico.com/u2f Yubico Demo Server - Test Yubico OTP demo.yubico.com 13 Contact information Contact information Tord Fransson Mail: tord@yubico.com Cell: +46 70 673 33 13 yubico.com 14 yubico.com Two factors. One touch. Zero drivers Dankt u voor uw aandacht Wij spreken u graag op onze stand E62 in hal 11.