UK Fintech Update Authlete, Inc. Co-founder, Representative Director Takahiko Kawasaki March 12, 2019

Jan. 2014 ! Starts to implement Authlete Sep. 2015 ! Establishes Authlete, Inc. Sep. 2016 ! Establishes Authlete UK, Ltd. Nov. 2016 ! Joins FINOLAB Feb. 2017 ! Joins OpenID Foundation Mar. 2017 ! Wins FIBC 2017 Grand Prize May 2017 ! Joins Level39 May 2017 ! Fund Raising (seed round) Jul. 2017 ! Gets OpenID Certification Aug. 2017 ! Cyber39 Founding Member Sep. 2017 ! Tech in Asia Tokyo 2017 Finalist Feb. 2018 ! Fund Raising (pre-series A) Apr. 2018 ! Wins IBM Prize at Draper Nexus B2B Summit 2018 Jul. 2018 ! Joins Fintech Association of Japan Jul. 2018 ! Organizes Japan/UK Open Banking and APIs Summit 2018 Jul. 2018 ! Supports Financial-grade API (Authlete 2.0) Aug. 2018 ! Passes Open Banking Security Profile Test Jan. 2019 ! Supervises "OAuth " (book) Feb. 2019 ! Supports CIBA 2 Name Authlete, Inc. Establishment September 18, 2015 Capital 444,710,000 JPY (including the capital reserve) Representative Takahiko Kawasaki Company Profile Offices Tokyo FINOLAB, Otemachi Bldg 4F, Otemachi 1-6-1, Chiyoda-ku, Tokyo, 100-0004, Japan London Level39, One Canada Square, Canary Wharf, London E14 5AB, UK History Team Takahiko Kawasaki – co-founder, software engineer Ali Adnan – co-founder, multilingual serial entrepreneur Joseph Heenan – lead of official OpenID test suite Justin Richer – author of "OAuth 2 in Action" Tatsuo Kudo – digital identity professional and others

Open Banking and Financial-grade API (FAPI) 3

Bank Financial Services Internet Banking Branch Office bank teller user user application (computer program) API Application Programming Interface 4

TPP Third Party Provider Bank Financial Services Fintech application API TPP Third Party Provider Fintech application 5

Bank API Bank API Bank API TPP Third Party Provider Fintech application Japanese French German 6

TPP Third Party Provider Bank API Bank API Bank API English English English English Speaker Fintech application 7

OBIE Open Banking Implementation Entity Open Banking Standard 1 Allied Irish Bank 2 Bank of Ireland 3 Barclays 4 Danske 5 HSBC 6 Lloyds Banking Group 7 Nationwide 8 RBS Group 9 Santander Others https://www.openbanking.org.uk/providers/standards/ 01 Read/Write API Specifications 02 Security Profile 03 Customer Experience Guidelines 04 Operational Guidelines 8

Technical Specification Stack OAuth 2.0 API authorization OpenID Connect (OIDC) verifiable user identity Financial-grade API (FAPI) higher security Open Banking Profile (OBP) standardized bank API OBIE OIDF OpenID Foundation defines defines defines defines 9

Technical Specification Stack OAuth 2.0 API authorization OpenID Connect (OIDC) verifiable user identity Financial-grade API (FAPI) higher security Open Banking Profile (OBP) standardized bank API implements implements implements Authlete, Inc. 1. provides a solution (implementation) 2. contributes to spec development 3. contributes to the official test suite 10

Bank TPP Before starting to use bank APIs apply KYC contract register a client application issue a client ID 11

Bank TPP TPP TPP TPP TPP TPP Bank Bank Bank Bank Bank apply, KYC, contract, register a client application, issue a client ID 12

Bank TPP TPP TPP TPP TPP TPP Bank Bank Bank Bank Bank Open Banking Directory 13

CIBA Client Initiated Backchannel Authentication 14

15 2017 2 Part 1 of Financial API Implementer's Draft Version 1 was approved 2017 7 Part 2 of Financial API Implementer's Draft Version 1 was approved 2018 10 Financial-grade API Implementer's Draft Version 2 was approved From Foreword of Financial-grade API Implementer's Draft Version 2: History of Financial-grade API 2019 2 CIBA Core 1.0 Implementer's Draft Version 1 was approved Financial-grade API consists of the following parts: • Part 1: Read-Only API Security Profile • Part 2: Read and Write API Security Profile • Part 3: Client Initiated Backchannel Authentication Profile NEW

16 CIBA enables to separate the authentication device on which a user is authenticated and API authorization is granted from the consumption device on which a client application that use APIs runs. smart speaker Purchase ABC. backend system authorization server that supports CIBA asks for the permission authentication device consumption device resource server that provides APIs grants the permission The system is asking for the permission. Approve? calls APIs 4 1 2 3 5 6 7

Summary 17

18 ü Open Banking Standard for ecosystem ü Financial-grade API for higher security ü CIBA for new use cases

References 19

20 Open Banking Website https://www.openbanking.org.uk/ Open Banking Developer Zone https://openbanking.atlassian.net/wiki/spaces/DZ/overview Financial-grade API Working Group Website https://openid.net/wg/fapi/ Financial-grade API Working Group Official Repository https://bitbucket.org/openid/fapi/src/master/ Financial-grade API Official Conformance Test Suite https://gitlab.com/fintechlabs/fapi-conformance-suite "CIBA", a new authentication/authorization technology in 2019, explained by an implementer https://medium.com/@darutk/ciba-a-new-authentication-authorization-technology-in-2019- explained-by-an-implementer-d1e0ac1311b4 2019 API %#()&"* FAPI+Financial-grade API, https://qiita.com/TakahikoKawasaki/items/83c47c9830097dba2744 2019 CIBA https://qiita.com/TakahikoKawasaki/items/9b9616b999d4ce959ba3 Authlete ! CIBA $*'*! https://qiita.com/hidebike712/items/8fc2938055d0b49cfc0a Financial-grade API Implementer's Draft Version 2 Part 1: Read-Only API Security Profile https://openid.net/specs/openid-financial-api-part-1-ID2.html Part 2: Read and Write API Security Profile https://openid.net/specs/openid-financial-api-part-2-ID2.html MODRNA Working Group Website https://openid.net/wg/mobile/ MODRNA Working Group Official Repository https://bitbucket.org/openid/mobile/src/default/ CIBA Core 1.0 Implementer's Draft Version 1 https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html Authlete Website https://www.authlete.com/ Authlete API Document https://docs.authlete.com/ Authlete Knowledge Base https://kb.authlete.com/ Authlete Open Source Repository https://github.com/authlete/