S3 Authentication Suite

November 14, 2018

The Nok Nok Labs S3 Authentication Suite allows organizations to:

  • Improve customer satisfaction rates, increase engagement and drive revenue through an unparalleled, biometrics-enabled user experience
  • Enhance security by mitigating the impact of password theft commonly associated with large scale phishing attacks and security breaches
  • Reduce authentication costs by eliminating need for proprietary tokens, and customer service productivity with fewer calls for password resets or cost of knowledge-based authentication
  • Enable simple, secure access to apps operating on all major mobile and web platforms
  • Leverage a user’s mobile device to enhance security while accessing apps from another device
  • Easily future-proof for new biometric technologies and device capabilities
  • Preserve user privacy through local storage of personal data

In an era of increasing, high-profile security breaches, protecting your company and your customers is more critical than ever. The truth is, you don’t have to choose between security and usability. With today’s new biometric technologies, you can have both. The Nok Nok Labs S3 Authentication Suite delivers organizations the infrastructure necessary for risk-based, strong authentication through a Universal Server that supports all FIDO protocols - UAF, U2F and FIDO2 for mobile and web-based applications. The NNL™ S3 Suite allows businesses deploying consumer-facing apps to leverage biometrics for both enhanced security and a superior user experience, all while substantially lowering the costs associated with authentication.

Passwords are failing today’s organizations security and usability needs. According to Verizon Data Breach Report, more than 80% of attacks are attributed to passwords vulnerabilities.User testing at Amazon has illustrated that only 40% of customers who forget their passwords attempt to recover them, resulting in a potentially significant loss of revenue. Even today’s most successful organizations are struggling to balance strong password security protocols with frictionless user experience and revenue-enhancing business practices.

To successfully address these issues, organizations require a new approach to authentication that combines security with simplicity – and biometrics has emerged as the solution. By ensuring the protection of user identities while also eliminating the friction that prevents customers from completing transactions, biometrics delivers state-of-the-art security that actually helps business to grow.

Decentralized authentication: After evaluating both client-side and server-side biometrics options, the majority of today’s enterprises are selecting decentralized client-side biometrics, because it combines a better user experience with better security and privacy when implemented as advocated by the FIDO Alliance and the FIDO specifications. Unlike server-side biometrics, client-side solutions allow for multifactor authentication and virtually eliminate the potential for losing sensitive data when a server is hacked.

A client-side FIDO® Certified biometric approach means that all biometric information is securely maintained on the user’s personal device and is never sent to a server. This avoids reliance on the security of a deploying organization and mitigates the possibility of a scalable attack. Because maintaining user privacy is paramount, this client-side approach to storing biometric is ideal.

After several years of success in the public sector, biometrics has matured and are now entering the market en masse. This proliferation enables software solutions from Nok Nok Labs to offer an advanced infrastructure capable of leveraging client-side biometrics technologies for multi-factor authentication for millions of users across a multitude of devices. Companies are now implementing these technologies to enhance mobile app security and drive additional revenue through improved user convenience.

The Nok Nok Labs S3 Authentication Suite is the first full-featured, FIDO Certified authentication platform solution in the market. Built for simplicity, strength and scalability, the S3 Suite integrates with a wide range of mobile devices and FIDO Certified biometric authenticators including fingerprint, voice and face biometrics, as well as non-biometric authenticators, such as PIN.

The NNL S3 Authentication Suite simplifies strong authentication by leveraging the existing security capabilities available on most mobile devices and PCs. The solution enables any application to employ these capabilities by plugging them into an end-to-end framework based on the FIDO Protocols - UAF, U2F and FIDO2. Through FIDO UAF, users can quickly and securely authenticate through a variety of methods available today, as well as support emerging technologies – all without the need to store and manage user passwords. The FIDO U2F protocol support allows online services to augment the security of their existing password infrastructure by adding a strong second factor. The newly introduced support for FIDO2 brings native enablement for strong and passwordless authentication to web browsers. It makes it possible to deliver strong authentication to users at population scale, changes economics of authentication.

The NNL S3 Authentication Suite allows organizations to consolidate multiple authentication stacks into one simple, unified solution. Its core components include:

Nok Nok Authentication Server The Nok Nok Authentication Server enables multi-factor authentication for organizations with internet-scale mobile and web applications. It allows businesses to use standards-based authentication to rapidly support new devices, improve user engagement, reduce fraud and minimize costly password resets. The Authentication Server features out-of-the-box integration with popular federation systems (such as ForgeRock OpenAM, Ping Identity PingFederate and others) and provides strong authentication for SAML and OpenID Connect based infrastructure for more rapid deployment. Alternatively, the Nok Nok Authentication Server can be directly integrated with applications via a simple REST API.

The Authentication Server implements a Universal Server supporting all FIDO protocols, including the latest FIDO2/Web Authentication standards and supports all mobile, web and emerging IOT use cases and customer’s digital journeys. The W3C Web Authentication standard is supported by leading browsers, including Google Chrome, Mozilla Firefox, Microsoft Edge, etc. making it possible to deploy FIDO2 for web applications at scale.

The Authentication Server offers a policy driven risk and intelligence engine module that sets the solution apart from other biometrics-based authentication systems. This powerful platform augments FIDO-based authentication with risk signals based on user and device geolocation, travel speed, device ID and other factors to further evaluate the risk posed by each attempted authentication.

By first taking into account the established profile of the user and then monitoring for anomalies, organizations can either deny access outright for deviations from expected behavior, or calculate a risk score that will determine whether or not to approve access. The risk engine is essential in minimizing online fraud.

Nok Nok App SDK The NNL App SDK takes advantage of available secure hardware, such as Trusted Execution Environments (TEE), Secure Elements (SE) and Trusted Platform Modules (TPM) to protect critical components of authentication on the device. The App SDK allows enterprises to rapidly support heterogeneous device populations that include Android and iOS along with diverse authenticators such as Apple Touch ID, as it eliminates the need for users to carry separate tokens for authentication. Organizations incorporate the App SDK into their mobile app to deliver on-device authentication or to enable their mobile app to provide out-of-band authentication for access initiated from another device.


Reduced attack surface The S3 Suite eliminates the need for shared secrets such as static and one time passwords (OTPs). Superior to traditional passwords, OTPs mitigate some risk. But because modern malware can circumvent OTP security regardless of the use of hardware OTP tokens, software OTP tokens, or SMS-OTPs, OTPs offer minimal additional protection against an advanced adversary. By leveraging secure hardware, the S3 Suite removes the need to transmit or store sensitive passwords or biometric data. This results in no more password or OTP seed databases to secure, no more easily guessed or reused passwords, and added protection against phishing and malware attacks.

Omni-Channel Authentication:
By implementing a Universal Server with support for FIDO UAF, U2F and FIDO2 based web authentication, the S3 Suite gives you support for strong authentication on all platforms including mobile, web, ATMs, call centers and more.

Reduced fraud via risk-based authentication The S3 Suite’s risk engine adds a new layer of protection by evaluating and scoring each authentication attempt. A dynamic risk profile is used to separate individual users based on the factors typically associated with fraudulent behavior. Improved security encourages greater trust in the application, boosting adoption and usage by the target end user population.

Assured privacy The Nok Nok Las App SDK takes advantage of secure hardware to give the user security and control over their data. Because all user biometric data remains securely on each personal device, privacy is maintained. And because no identifiable information needs to be held by the organization, the burden of securing it is eliminated.

Minimized authentication costs By leveraging the standards-based FIDO protocol and the Nok Nok App SDK support for over a billion Android and Apple devices, the S3 Suite can address all the devices your users currently employ. It can expand to address new, more advanced biometric capabilities available on current and future devices. This minimizes the cost of developing support for new authenticators and further reduces operational costs as the industry standard approach removes the need for authentication silos.

Increased revenue Consumers that can log in through familiar, user-friendly biometric authentication methods on their own devices will be more satisfied – and less likely to abandon their shopping carts or move to a different application. Password avoidance improves the experience and promotes user engagement. Revenue increases as consumers adopt new apps and use them more frequently to complete more transactions.

Rich Analytics:

The Nok Nok Labs authentication server provides rich analytics capability which can be used to support analysis of user behavior for system optimization, fraud reduction, improved convenience, acceptance, cost reduction etc.

Regulatory Compliance:
Nok Nok Labs Authentication Server supports audit logs which help you meeting various industry regulations requirements such as PSD2, SOX and HIPAA.