cryptography. Device (Authenticator) RP Server (Web Server) User verification FIDO Protocol User (Device owner) Challenge (random number) Prompt user gesture User gesture Response (signature) Success or fail Unlock private key Verify signature (/w public key)
credentials. > Provides MFA if the authenticator has user verification features > Splits local authentication (user verification) and online authentication > Provides strong assurance of device possession What makes FIDO different? > Supported by major browsers and platforms
properties. Generated randomly (Guess) Stored in secure area (Extraction) Attested by trust root (Emulation) Generating the signature (Forgery) > Strongly assure the authentication was performed with the device which was registered before.
FIDO Server is built on top of Spring Boot with Reactive stack. Storage Mongo DB Redis Routers/ Handlers Framework (Library) Challenge Response Attestation Metadata Session Certificate Spring Boot Spring Webflux Crypto COSE X509 Validator Mapper Config Lettuce Reactive Mongo Reactive Netty Metadata client MDS client Serializer Deserializer Verifier Spring Security Bouncy Castle
native authenticator and LINE authenticator RP App (Activity) LINE FIDO2 Glue Layer (Abstraction) LINE Authenticator FIDO2 GMS Core Native Authenticator External Authenticator Single API entry point FIDO Play service API CTAP2 LTSM
Server (for JP) LINE Pay Central Server LINE FIDO2 Server (for JP Pay) Passcode authentication (or old biometric authentication) FIDO Operations FIDO Operations LINE FIDO2 Combo for iOS Authentication management LINE FIDO2 Server (for TW Pay) LINE Pay RP Server (for TW) FIDO Operations Future works
with your phone LINE is trying to verify your identity. Verify your identity with biometric. LINE is trying to verify your identity. Verify your identity with biometric. Confirm access to your account LINE is requesting access to your account
passwords Integrate FIDO to all LINE services. Users can authenticate with FIDO for all LINE services. Integrate FIDO to all LINE services Encourage users to enroll multiple authenticators. Introduce multiple FIDO authenticators Introduce FIDO to LINE Login and LINE Pay. Educate users for the convenience. FIDO authentication for user convenience