© All rights reserved.
nok nok nok nok
  • Solutions
    • Passwordless Authentication
    • Passkeys
    • Secure Payments
    • Compliance
    • Professional Services
  • Industries
    • Government
    • E-Commerce
    • Financial Services
    • Mobile Network Operators
  • Products
    • Authentication Cloud
    • S3 Suite
    • IoT SDK
  • Resources
    • Demo
    • White Papers
    • Videos
    • Testimonials
  • Company
    • About
    • Team
    • Partners
    • Clients
    • Events
    • News
    • Blog
    • Contact Us
    • Support
Free Trial
Sign In
nok nok
Home / Uncategorized / Mobile Security Arms Race: FIDO2, Stronger Biometrics, and More

Mobile Security Arms Race: FIDO2, Stronger Biometrics, and More

  • Author
    Nok Nok News
  • Published
    11 Aug 2018
  • 0 comments
    Join Conversation
Uncategorized

Support for on-device biometric authentication has greatly enhanced the security of mobile devices. Mobile devices come with a variety of biometric mechanisms, but they may vary in their efficacy and security levels. Recognizing this, Google recently announced they are refining the way Android differentiates between weak and strong on-device biometrics. Android will adopt new metrics that provide an objective assessment of the ease of circumventing the biometric. For example, let’s consider voice authentication. How easy is it to bypass the biometric using a voice recording or doing your best voice impression? For face authentication, can you fool it using a picture or a silicone mask created from a 3D printed mold? By factoring in these additional metrics, Google is raising the bar for biometrics.

It’s important to recognize that not all fraud is necessarily malicious in nature. In 2017, 86% of all chargebacks were probable cases of “friendly fraud”. Biometrics can be a source of friendly fraud, for example when multiple people have enrolled their fingerprints on a shared device. Early on, Nok Nok Labs worked with authenticator vendors to pioneer concepts for friendly fraud protection. Some of these concepts were incorporated into FIDO and made their way into mobile platforms, available to all apps, while others remain a proprietary part of our solutions and IP portfolio.

In the previous blog, we talked about FIDO protocols and how it makes it possible to deliver strong authentication to users at population scale and changes the economics of authentication. One of the FIDO protocols is called FIDO2, and Android now comes with native FIDO2 APIs. This means you can build FIDO2 into your native Apps, and Web Apps can use FIDO2 in browsers. By providing FIDO2 support, Android greatly reduces the chance of account takeover and scalable attacks such as phishing as compared to passwords.

Another security concern on mobile devices is how private keys are protected on the device. Strong authentication relies on keys, and many Android devices can store and process them in a protected part of the main processor called the Trusted Execution Environment (TEE). In this way, malicious software cannot access the keys. However, storing keys in a separate chip could add security beyond TEE, although this is not always the case depending on implementation. Some modern Android devices contain a security chip called a Secure Element. Nok Nok Labs worked with security chip vendors and also with Telecom companies to build this capability for certain devices. Now, in Android P, this feature, known as StrongBox, is generally available.

Storing keys in hardware is important, but how does your backend know that it was stored in hardware? Nok Nok Labs developed the concept of attestation which provides cryptographic proof that a key has the protection of hardware. This capability is built into the FIDO protocol, and it is supported natively in Android. Nok Nok has also helped design and implement metadata services for attestation, a subject we will visit in future blog posts.

To safeguard against account takeover, an app can get confirmation from the user for a high-value transaction. To make this work, the mobile OS needs to provide the ability to display a message to the user such that the message cannot be altered by malicious software. You can think of this feature as “what you see is what you sign”. A few years ago, Nok Nok Labs worked with TEE vendors to develop a proof-of-concept showcasing this concept. The notion of a tamper-proof transaction display is built into FIDO, and Google has built this into Android P, which can close out the possibility of phishing completely if correctly used with FIDO.

Although Android has been getting more secure over the years, progress has not been in a straight path, as seen here in this timeline of Android OS releases versus features:

Not all security features are released as part of the operating system. Android has another release vehicle called Google Play Services. The timeline below shows security features delivered this way:

Complicating matters, Android has introduced security features and then superseded them by newer variants, sometimes changing the way the underlying biometric subsystem works. Also, with the ever-changing threat landscape, the evolution of security on mobile operating systems will continue. As an app developer, it can be difficult to keep up with this fast pace of change. Using FIDO authentication is one way to address this dilemma. With FIDO, you don’t need to change your app or backend infrastructure to take advantage of the mix of security capabilities available now and in the future.

We have also seen a similar evolution—perhaps more linear and consistent—in Apple’s iOS. Nok Nok has been the first to adapt these new capabilities to deliver FIDO based authentication on Apple’s devices as a part of our commitment to deliver to authentication for any device, any authenticator.

You can try out Nok Nok’s S3 Authentication Suite, which builds on top of the FIDO standards now.

Try Now

Nok Nok News
  • What is FIDO2?
    Previous PostWhat is FIDO2?
  • Next PostNok Nok Labs Addresses Potential WebAuthn Protocol Security Concerns
    Nok Nok Labs Addresses Potential WebAuthn Protocol Security Concerns
  • What is FIDO2?
    Nok Nok Labs Addresses Potential WebAuthn Protocol Security Concerns

Related Posts

Cybersecurity is a Personal Responsibility
Industry News Uncategorized

Cybersecurity is a Personal Responsibility

Going Beyond the Standard
Industry News Uncategorized

Going Beyond the Standard

Still not a FIDO believer? Apple Just Made a Big Bet
FIDO Alliance Industry News Uncategorized

Still not a FIDO believer? Apple Just Made a Big Bet

3 truths and no lies for identity protection and authentication in 2020
Industry News Uncategorized

3 truths and no lies for identity protection and authentication in 2020

Leave a Reply (Cancel reply)

Your email address will not be published. Required fields are marked *

*
*

Contact Us

Nok Nok, Inc.
2890 Zanker Rd #203
San Jose, CA 95134

(650) 433-1300

[email protected]

Get Google Maps Directions
footer-logo
fido

Latest Posts

  • Nok Nok: Making Mobile Banking More Secure and Convenient
  • Test Drive the Nok Nok Passkey Authentication Solution
  • Nok Nok at the White House
  • Most Organizations Still Using Phishable Multifactor Auth

Navigation

  • Subscribe
  • Resources
  • Careers
  • Support

Nok Nok Labs, Nok Nok, and NNL are all trademarks of Nok Nok Labs, Inc. © 2023 Nok Nok Labs, Inc.
FIDO is a trademark of the Fast IDentity Online, (FIDO), Alliance. All rights reserved.
Terms Of Use and Privacy Policy

About Us

Founded in Silicon Valey in 2011, Nok Nok is the trusted leader in frictionless, passwordless consumer authentication for the world’s largest organizations.

Recent posts

Nok Nok: Making Mobile Banking More Secure and Convenient

Nok Nok: Making Mobile Banking More Secure and Convenient

19 September 2023
0
75
The Mobile Banking Revolution Affords Freedom Mobile banking has become an integral part...
Test Drive the Nok Nok Passkey Authentication Solution

Test Drive the Nok Nok Passkey Authentication Solution

17 August 2023
0
239
Before you buy a new car, you test drive it. Sometimes you test...
Demo
Free Trial
Videos
Contact Us
Support

Contact Us: (650) 433-1300 • [email protected]

Copy
MUFG-800×600

“Transactions using mobile devices are rapidly spreading and it is essential to support both usability and security. By combining Hitachi’s abundant system development capabilities and know-how in the financial system and security related fields, and Nok Nok’s globally deployed and proven FIDO certified products, we achieved this compatibility, which led to this adoption.”

– Mr. Nobuo Nagaarashi, General Manager, Financial Information Systems 1st Division, Hitachi, Ltd.

 

The M in MUFG stands for Mitsubishi, which is a combination of the words mitsu and hishi. Mitsu means three. Hishi means water chestnut, and the word denotes a rhombus or diamond shape.  In partnership with Hitachi, MUFG has enabled passwordless authentication solutions across many of the bank’s apps and services.

Coverage In The Paypers
Coverage In Finextra
intuit

“As an early adopter of FIDO, we’ve seen significant business benefits and are completely on board with continuing to leverage the latest FIDO innovations with our partner, Nok Nok.”

– Rakan Khalid, Group Product Manager, Identity.

 

Intuit has delivered passwordless authentication across mobile applications and devices using Nok Nok’s S3 Suite. The results have reduced customer friction in their Intuit application experience.

Read The Nok Nok Intuit Case Study
Watch the FIDO Alliance Webinar: The Right Mix
Watch Marcio Mello discuss Intuit’s Nok Nok implementation at Identiverse 2019:
docomo-800×600

“DOCOMO is a worldwide innovator in providing its millions of customers with simple and strong authentication backed by a standards-based approach.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

As one of Nok Nok’s earliest customers, NTT DOCOMO became the first carrier to offer a billing system that is enabled by FIDO, the first to offer a federated Identity system integrated FIDO, and was the first to offer a mobile device that authenticates via the iris biometric modality.

Coverage In Find Biometrics
Coverage In Telecompaper
bbva-800×600-2

“Traditionally, one of the biggest challenges of authentication systems has been to balance security with user experience. Due to the FIDO standard, we are confident that both elements work together seamlessly to provide customers with the highest security standards, along with a transparent and agile user experience.”

– Juan Francisco Losa, Global Technology & Information Security Officer.

Nok Nok partnered with banking leader, BBVA to improve the security and user experience of the bank’s mobile banking services through state-of-the-art biometric capabilities.

Coverage In American Banker
Coverage In Planet Biometrics
Softbank-800×600-1

“We can no longer rely on passwords for our financial or other sensitive transactions as they are weak, forgotten and easily hacked. We are very pleased with SoftBank’s decision to choose our standards-based authentication platform for their millions of customers.”

– Phillip Dunkelberger, President & CEO of Nok Nok Labs.

 

Millions of SoftBank’s mobile subscribers now have the ability to use biometrics for authentication through the mobile application “My SoftBank Plus”. With this implementation, SoftBank’s mobile users access data with the My SoftBank service using biometrics for a frictionless, simple and fast authentication experience.

Coverage In Mobile ID World
Coverage In Planet Biometrics
Coverage In The Paypers
Aflac-Japan-800×600-1

“Aflac is the first Japanese insurance provider to deploy a FIDO-certified solution, and we would like to continue collaborating with Nok Nok Labs to introduce it to banks, insurance industry and other industries.”

– Michihiko Ejiri, VP, Head of Portal Service Division, Service Technology Unit, Fujitsu Limited.

With the Nok Nok S3 Suite, Fujitsu has provided Aflac customers with strong authentication to their mobile claims payment application using any biometrics on their iOS and Android devices. The solution also provides Aflac and their customers with a scalable method to authenticate users that is interoperable with their existing security environments and reduces or eliminates the reliance on usernames and passwords.

Coverage In Find Biometrics
Coverage In Find Authority
lichtenstein-800×600-1

“For our customers, we only use the most secure products on the market that meet their requirements. Nok Nok perfectly aligns within our product portfolio and we are proud of the very trusted partnership.”

– Lukas Praml, CEO of YOUNIQX.

 

YOUNIQX Identity AG, the award-winning subsidiary of the Austrian State Printing House (OeSD) and Nok Nok partnered to deliver a electronic identity system (eID) for the citizens of the country of Liechtenstein.  This deployment represents the first time that Nok Nok’s FIDO platform has been used to deliver an eID.

FUN FACT
As of 2009 Liechtenstein’s per capita income was $139,100, the highest of any country in the world.

Learn How FIDO Supports EIDAS Regulation
Coverage In Mobile ID World
Coverage In The Paypers
Coverage In Biometric Update
Gallagher-800×600-1

“Nok Nok’s state-of-the-art, standards-based platform will deliver a tremendous user experience,”

– Steve Bell, Chief Technology Officer at Gallagher

When a horse called Joe took too much of a liking to using a car as a scratching post, owner Bill Gallagher Sr. devised a cunning electrical circuit that delivered a shock whenever the horse rocked the vehicle, and in doing so created a company.  Today, with passwordless authentication from Nok Nok, Gallagher is leading the IoT industry with innovative solutions that work in your office and in the outback.

Coverage In Biometric Update
Coverage In Mobile ID World
Coverage In Planet Biometrics
tmobile-800×600-1

“Our Forgot Password flows were running at about 65%. After we rolled out FIDO by Nok Nok, our forgot passwords dropped to 7%.”

Michael Engan, T-Mobile

 

Using the Nok Nok S3 Suite, T-Mobile has become a leader in carrier adoption of passwordless authentication. Their solutions have reduced forgotten passwords and dramatically improved customer satisfaction.

Watch Michael Engan from T-Mobile talk about their implementation of Nok Nok’s S3 Authentication Suite at Identiverse 2019.

We use cookies on this website to improve functionality and performance, analyze traffic to the website, and enable social media features.  To learn more, please see Cookies in the Privacy Policy. Please click ACCEPT to agree to these terms.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

3rd Party Cookies

This website uses Google Analytics and other services to collect anonymous information such as the number of visitors to the website and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

More information about our Cookie Policy

  • 日本語