webinar fingerprint authentication done right
TRANSCRIPT
Onegini makes doing online business easy and secure
Onegini Mobile Security Platform
Fingerprint AuthenticationDone Right
Agenda
Short introduction Onegini
Requirements fingerprint authentication
How Onegini implemented fingerprint
FIDO
16-07-15
> 10 Financial Customers
16-07-15
About us
We seamlessly connect end-users to their online personal service using any device.
Onegini brings together personal services, the best user experience and relevant data.
Banks Insurance Healthcare Telecom
Onegini Mobile Security Platform
Onegini SDK provides all user centric functions: enrollment, identity verification, push authentication, mobile login, payments, integration
Onegini SDK supports any authenticator such as:PIN code, fingerprint, bio and voice
Security features included: payload encryption, jailbreak detection, hardening, anti tampering and much more
Onegini protects your APIs
Onegini continuous authentication prevents abuse
Onegini provides management and control to be compliant
16-07-15
Support multiple vendors Support multiple OS versions Configurable by the enterprise (enable/disable) Auditing: Keep control when fingerprint is used Integrate in the user processes such as:
Enrollment Login 2-factor authentication
Analyze and manage security risk per device (threat analysis) Multiple authenticators such as PIN code or voice
Requirements fingerprint in mobile apps
16-07-15
15-04-2023
And many more to come!
Devices which already support fingerprint
Samsung Galaxy S6 Samsung Galaxy S5 Samsung Galaxy Note 4 HTC One M9+ HTC One Max
Huawei Ascend Mate 7 Oppo N3 Meizu MX4 Pro Elephone P7000 Xolo Q2100 Motorola Atrix
Apple iPhone 5S / 6 / 6 Plus
Depending on the type of mobile app, fingerprint has a security level / assurance (1..5)
Do not build these requirement in the mobile app itself Change / add authenticators per mobile app should be
configured Enable / disable authenticators depending on security
threats
Be in control
16-07-15
Support PIN code & fingerprint
Support only PIN code
User experience is important
Needs to enable / disable fingerprint Fallback (in case fingerprint is not working anymore) People forget PIN code because they use fingerprint Add voice authentication to unlock phone or for fallback
16-07-15
Adding fingerprint needs security mitigations
16-07-15
Confused authorization attack Fingerprint DB Manipulating Collect fingerprints through malware
How Onegini implemented fingerprint authentication
16-07-15
PIN always as fallback PIN authentication is detached from fingerprint
authentication Onegini SDK integrates with all the different vendor APIs
Policy management
The server must be in control Multiple influencers:
Jailbreak / debug detection OS version / device type Other context information (e.g. location)
Update the policy at runtime
16-07-15