2. Profile
Image
Naohisa Ichihara
Security Department
Security consulting for NFC, mobile enterprise app,
FIDO projects since mid 2000s to 2014
Security consultant, manager since 2015 in LINE
FIDO Alliance Board member since 2017
FIDO Alliance Japan Working Group, Vice Chair
10. Authentication / Privacy related features
Account
Registration
Back-Up
Restore
Application
Unlock
Chat
History
Backup
/ Export
Account
Migration
Change
Email or
Password
11. Authentication / Privacy related features
Account
Registration
Back-Up
Restore
Application
Unlock
Chat
History
Backup
/ Export
Account
Migration
Change
Email or
Password
FIDO not available
↑
“Account Recovery” issue
FIDO not available
↑
Off-line UX
Only in case of
the same device
Authentication
itself as Optional
Authentication
itself as Optional
12. Federation
Fin-Tech / Block chain
IoT
3rd Party App (Web) Clova
Desktop LINE app
“LINE Things”
LINE Pay
“LINE Login”
13. Federation
Fin-Tech / Block chain
IoT
3rd Party App (Web) Clova
Desktop LINE app
“LINE Login”
“LINE Things”
LINE Pay
14. 14
3. Use cases Analysis
Introduce how we integrate FIDO and our feasible use cases
15. Possible use cases
Web
LINE
mobile app
LINE
Desktop App
3rd Party Web/Mobile App 3rd Party IoT
Mobile app
LINE Pay
LINE Pay App inside of LINE
Clova
LINE xxx
LINE family app
(normal)
AI speaker
Connected Car
LINE xxxLINE Game
LINE family app
(critical)
(1)Social Login
(federation)
(1) or (4)
(3) Desktop App
Login
(2) Setting
Confirmation
(4)(4) Transaction Auth
(5) IoT Control
(1) + (5)
(6) Hands-free
IoT Control
(6)
17. 1st factor authentication without email/pw
3rd party services can authenticate/authorize users secure and fast.
(1) Social Login (“LINE Login” in Mobile webs)
access.line.
me
18. LINE Login can get high assurance level of user consent
User confirmation check
With single gesture, 3rd party native apps can provide easy account creation and authentication.
LINE app
(1) Social Login (“LINE Login” in Mobile native apps)
access.line.me
3rd party app
19. With single gesture, 3rd party native apps can provide easy account creation and authentication.
- Re-design for (1) login authentication screen and flow (2) anonymous auto-login? (3) FIDO-device MGT, ..
(1) Social Login (“LINE Login” in Web apps)
20. When changing email, password or in case of backup, export or restore of chat history
(2) Setting Confirmation
LINE app
access.line.me
21. (3-1) First login (currently, email + password -> QR code or PIN-code)
(3-2) Re-login (currently, email + password)
(3) Desktop App Login
LINE app
access.line.me
LINE app (Desktop)
22. Transaction confirmation for payment (Step-up authentication) across web and app
For high risk transaction, multi factor authentication is required
(4) Transaction Authentication
LINE Pay
access.line.me
23. Add extra layer of security by leveraging secret keys (2nd factor authentication for login and withdrawal)
(4) Transaction Authentication
bitbox.mebitbox.me
24. Manage and control IoT devices with secure manner
Users can control IoT devices
with LINE app
• Start the car engine
• Turn on the air conditioner
• Monitor and watch your house
LINE Things
(5) IoT Control
access.line.me
LINE app
25. Preserve user privacy (read private messages) and provide transaction confirmation
(6) Hands-free IoT Control
Make credit card payment!
Okay, Alice Not allowed
Read new messages!
26. Use cases and FIDO protocol
Use cases Scenes FIDO
(0) FIDO Registration Reg, Login, Setting, Just before usage UAF, U2F/FIDO2
(1) Social Login Mobile app UAF
Mobile web UAF
PC web U2F/FIDO2
(2) Setting Confirmation Email/PW change, Backup/Export chat history UAF
(3) Desktop App
Login
Native desktop app, UAF
(4) Transaction
Authentication
Payment, Transfer money, Invest, .. UAF, U2F/FIDO2
(5) IoT Control IoT with Mobile app UAF
(6) Hands-free IoT Control ?
27. LINE integration architecture (to-be)
Mobile web
FIDO server
LINE Pay
LINE Login
Native app
Universal server
Client platforms
LINE
LINE Wallet
LINE Insurance
LINE PFM
LINE finance
LINE Shopping
LINE Gift
LINE channels
Desktop web
Hybrid app
Authenticators Platform services
2
FIDO2
Web apps
& services
ems
USB/NFC/BLE devices
Built-in chips
Human gesture
2
On-premises apps
Federation across services
Credential sharing across platforms