Download - UAF Case Study by NTT Docomo
![Page 1: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/1.jpg)
FIDO Alliance Seminar in D.C. Case Study: NTT DOCOMO
October 5, 2015
NTT DOCOMO, INC.
FIDO Seminar in D.C. 10/5/2015 © 2015 NTT DOCOMO, INC. All Rights Reserved. 1
![Page 2: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/2.jpg)
Table of Contents
• Motivation: docomo ID and 4-digits
• Overview: NTT DOCOMO’s Deployment
• Solution Architecture: docomo ID and 4-digits
– Before and after the FIDO integration
• More About NTT DOCOMO’s Deployment and Thoughts
– Biometric Data and Secret Key stored in Secure Area
– Open Standards for Future Interoperability
• DOCOMO Joined the FIDO Alliance
• Fresh News as of September 30th
– Six More FIDO-certified™ Devices Unveiled
– More Services, New Payment Method, and w/ Partners
FIDO Seminar in D.C. 10/5/2015 2 © 2015 NTT DOCOMO, INC. All Rights Reserved.
![Page 3: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/3.jpg)
Motivation: docomo ID and 4-digits
• NTT DOCOMO provides our customers Open ID based docomo ID in addition to 4-digit passwords for online service access including DOCOMO branded services and carrier billing payments.
• NTT DOCOMO wanted to help our customers, who always needed to remember their passwords, for their convenience in a secure way, and recognized that the FIDO standards may help.
FIDO Seminar in D.C. 10/5/2015 3 © 2015 NTT DOCOMO, INC. All Rights Reserved. https://www.youtube.com/watch?v=UP0DyYk5IXc
![Page 4: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/4.jpg)
Overview: NTT DOCOMO’s Deployment (1/2)
• DOCOMO used to provide DOCOMO branded devices equipped with fingerprint sensor but mainly for device lock/unlock.
• DOCOMO started to support online authentication with biometric sensor device for docomo ID login and carrier billing payments from May 2015.
FIDO Seminar in D.C. 10/5/2015 4
Password-less Biometric Authentication
Iris Fingerprint loginUnlock devices
Payments
Limited number of services FIDO-enabled at the beginning.
© 2015 NTT DOCOMO, INC. All Rights Reserved.
![Page 5: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/5.jpg)
Overview: NTT DOCOMO’s Deployment (2/2)
• NTT DOCOMO selected the FIDO UAF 1.0 standard due to reasons below:
– Easy, and fast online authentication using biometric data
– Secure protocol that utilizes public key cryptography
– Open-standard specification for practical interoperability in the future
• NTT DOCOMO launched four FIDO-certified™ devices, and enabled the docomo ID server FIDO compliant in May 2015.
FIDO Seminar in D.C. 10/5/2015 5 © 2015 NTT DOCOMO, INC. All Rights Reserved.
Iris: one model Fingerprint: three models
![Page 6: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/6.jpg)
• The docomo ID app and system had already been introduced and operated for authentication and single-sign-on experience.
Solution Architecture: docomo ID and 4-digits [before the FIDO integration]
FIDO Seminar in D.C. 10/5/2015 6
…
DOCOMO Branded Devices by OEM Partners
docomo ID Client App Pre-installed
… Web Browser
Pre-installed Service Apps
docomo ID System Server
…
DOCOMO Branded Services
Carrier Billing Partner Services
Billing System Servers
Launched by Service Apps or Web Browser
Authenticate user by ID/Password or 4-digits
ID/Password
• Single Sign-On
© 2015 NTT DOCOMO, INC. All Rights Reserved.
![Page 7: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/7.jpg)
• The docomo ID app and system had already been introduced and operated for authentication and single-sign-on experience.
Solution Architecture: docomo ID and 4-digits [after the FIDO integration]
FIDO Seminar in D.C. 10/5/2015 7
DOCOMO Branded Devices by OEM Partners
docomo ID Client App Pre-installed
… Web Browser
Pre-installed Service Apps
docomo ID System Server
…
DOCOMO Branded Services
Carrier Billing Partner Services
(FIDO Adaption under planning)
Billing System Servers
FIDO-enabled by xxxx Client SDK
FIDO-enabled by Server
FIDO-enabled w/ some new requirements to fill lacks of the FIDO spec
…
In addition to ID/Password
• Single Sign-On • Biometric Authentication
without Passwords
© 2015 NTT DOCOMO, INC. All Rights Reserved.
![Page 8: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/8.jpg)
FIDO Enables Online Authentication by Utilizing Biometric Data in a Secure Manner
– Biometric Data and Secret Key stored in Secure Area –
docomo ID Server
docomo ID App
Biometric Authentication Device
Secure Area (TEE)
User Verification through Matching
Secure App
Secure Folder
Biometric Data
FIDO Client
Authentication Data
FIDO Authenticator
FIDO Server
Encrypted Authentication Data (Token)
Registered Template
Secret Key
Encrypts Token using Secret Key (Signature)
✓ ✓
✓
✓
Public Key Cryptography Secure Protocol
Authentication is completed once the token is decrypted and verified by using Public Key
Scope of FIDO UAF 1.0 Specification
8 FIDO Seminar in D.C. 10/5/2015 © 2015 NTT DOCOMO, INC. All Rights Reserved.
Device Server FIDO-enabled services are enhanced gradually…
![Page 9: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/9.jpg)
FIDO Allows Multiple Types of Authenticators Equipped with Different Biometric Devices
– Open Standards for Future Interoperability –
Company A’s Server
Company B’s Server
Company C’s Server
Fingerprint (Area-type)
Fingerprint (Swipe-type)
Iris recognition
Standards
DOCOMO Services Server
9 FIDO Seminar in D.C. 10/5/2015 © 2015 NTT DOCOMO, INC. All Rights Reserved.
![Page 10: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/10.jpg)
DOCOMO Joins FIDO Alliance as a Board of Directors
• By commercially launching FIDO devices and services in May 2015, NTT DOCOMO achieved the following "world’s firsts" :
– Commercial deployment by a mobile network operator
– Support for both Iris and Fingerprint sensors
– Launch of multiple FIDO-certified devices from multiple OEMs
• NTT DOCOMO joined FIDO Alliance in May to contribute toward future FIDO specs and enhancing the FIDO ecosystem through collaboration with FIDO Alliance with our deployment experience.
• NTT DOCOMO is now chairing a new WG “Deployment at Scale” in short “D@S”. Please join FIDO, join D@S WG, and let’s make it happen together!
© 2015 NTT DOCOMO, INC. All Rights Reserved. 10 FIDO Seminar in D.C. 10/5/2015
![Page 11: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/11.jpg)
Fresh News as of September 30th (1/2)
Six More xxxxxi Devices Unveiled
© 2015 NTT DOCOMO, INC. All Rights Reserved. 11
SH-01H SO-03H SO-01H SO-02H F-02H F-01H
Iris: one more model Fingerprint: five more models
In total 10 FIDO-enabled smartphones will become available from NTT DOCOMO this year. FIDO Seminar in D.C. 10/5/2015
![Page 12: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/12.jpg)
Fresh News as of September 30th (2/2)
More Services, New Payment Method, and w/ Partners
© 2015 NTT DOCOMO, INC. All Rights Reserved. 12
More DOCOMO Services gradually… Additionally d-Point will become
available for FIDO authentication. DOCOMO Carrier Billing
Partners will also be supported.
FIDO Seminar in D.C. 10/5/2015
![Page 13: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/13.jpg)
Creating a World without Passwords
“The new of today, the norm of tomorrow.”
• Through collaboration with the FIDO Alliance, NTT DOCOMO will further deliver “Your Security. More Simple.”
13 © 2015 NTT DOCOMO, INC. All Rights Reserved. FIDO Seminar in D.C. 10/5/2015 http://www.youtube.com/watch?v=NOHkCXH9tj4 (only Japanese at YouTube as of Oct 5th)
![Page 14: UAF Case Study by NTT Docomo](https://reader031.vdocuments.site/reader031/viewer/2022022412/58f20e421a28ab516c8b462b/html5/thumbnails/14.jpg)
Links
• 2015 May Announcements - https://www.nttdocomo.co.jp/english/info/media_center/pr/2015/0526_00.html
Attachment: Biometric Authentication from DOCOMO (PDF format: 957KB)
Movie: Biometric Authentication
- https://fidoalliance.org/fido-alliance-welcomes-ntt-docomo-to-board/
- https://www.qualcomm.com/#/news/releases/2015/05/25
- https://www.noknok.com/what-they-say/press-releases/ntt-docomo-selects-nok-nok-labs-power-first-fido-enabled-ecosystem
• 2015 September Announcements - https://www.nttdocomo.co.jp/english/info/media_center/pr/2015/0930_01.html
- https://fidoalliance.org/worlds-first-mobile-network-operator-to-deploy-fido-authentication-ntt-docomo-extends-its-mobile-innovation-lead-with-new-fido-certified-devices-and-services/
Movie: Biometric Authentication Chapter II (only in Japanese as of Oct 5th. English will become available very soon.)
FIDO Seminar in D.C. 10/5/2015 © 2015 NTT DOCOMO, INC. All Rights Reserved. 14