How FEITIAN FIPS and Formfactors Solve for Azure AD Passwordless and OTP Authentication OD424

Show video

[Music] hi my name is michael gwen i'm the director of strategic projects at feitian technologies with u.s headquarters in santa clara california today i'd like to talk to you about the azure ad password list and otp mfa and with a sub-topic of feitian fips and form factors giving you an overview on the importance and explanation of fips as well as information and the importance of having different form factors to choose from for your password list and otp mfa so in the process i'd like to go over a little bit about what i'll be discussing in the next 20 minutes or so uh we'll talk about fips we'll talk about form factors and then i'll give you some more details at the end uh about feitian and as a bonus if you can stick to the end of the presentation i have some information on a buy one get one offer from faithian what is fips and what does it mean well fips is the federal information processing standards and they have a publication which uh lists all the information that's in fips and it specifies the requirements that are to be used to satisfy the cryptographic module uh review of the devices that are going for the fips certifications and there are multiple areas to be covered throughout the fifth certification and that includes checking both the insides of the device uh the mechanics of it the digital uh operation of it as well as the physical aspect of the device making sure that everything is running properly and two standards and so the users of a fip certified product can be assured that they're using a quality product in the cryptographic module their validation program which is what fatim is going through with two of our current systems biometric and otp the fips requires that a third party tests the device and validates uh their performance and then reports to nest who does a certification to the device that the device owners or operators can then promote the areas covered again are multiple parts of the cryptographic module validation program uh five steps to the fips process the first part is assessment and training or in so i'm sorry assessment and testing uh and in that part they will review the uh actual functioning of the uh product uh the second step of the fips 140-2 certification is the uh source code review and in that source code review they'll review every aspect of the actual source code to make sure that there's nothing added into it or nothing harmful in that in the actual source code functioning the device step three is operational testing where they will make sure that it performs the functions that it needs to perform uh as a multi-factor authentication system uh for feitian for otp as they're doing the testing on the feitian oath otp cryptographic module they're going to see if it provides the proper otp oath solution for the user so they're going to make sure it does what it's supposed to do number three is a validation report submission that once all the tests and the first parts are verified that the submission will be made uh and that's where it transfers from the uh third-party uh provider that's doing the all the testing and verification to nest and then at that point it will be in a uh have a validation coordination uh in that situation it'll go into the final review making sure all the tests are passed and all the certifications and processes are accomplished to the fips standards some assumptions and requirements during the process it's important to do have a schedule and communication policy meaning that the organization that is working with the third party to get the fifth certification is in contact and in communication and has regular meetings etc uh the second part of the assumption requirements is that there is documentation uh any uh either from the company or third party documentation that is available and needs to be provided and submitted with the uh request for the fip certification the documentation all gets to be reviewed in the uh third portion of the requirements meaning that i want to make sure that every component is accounted for all the paperwork is proper and ready to be submitted and then throughout this process there is ongoing communications and dialogues uh for uh getting the fips to be uh uh properly certified to make sure that the third party company is working with the device owning company uh so they can get the uh processes completed properly as well as the documentation that goes with that submit it to nist and hopefully get a fix 140-2 certification uh let's talk about uh more about what the current one is now as of this past september there is a new fips 140-3 there is overlap on the current fips program and this will be the the next step or the next uh level of fip certifications uh once the fips 140-2 closes out and that closes out if you can see on the bottom portion of that in september of 2021 this year uh fips 140-2 will be closed out uh for any new testing and uh all uh tests after that will go into the fips 140 140-3 process and requirements on there here are here's the example of the four state levels of fip certification starting on the left side the left column is level one uh well the the far left column are the areas which are checked in the certification process and then up on top are the four levels listed that creates four different columns of what is to be checked during each uh fips level certification and it's important to know that level one is the lowest working up to level two level three and level four is the highest and each uh at each higher level there are more requirements and a higher standard for the fifth certification to proceed uh what are some of the benefits for the security of microsoft uh users who are using fips or any users who are using a fip certified product first of all it assures them that the technology that is presented or has the fip certification has passed a number of tests uh by an accredited lab so uh that third party that facilitates the testing has to be accredited uh it also verifies that the best results uh the test results have been uh validated and they were true and it actually performed as stated on there and it was verified and documented and so that uh as the final result is that there is a verification of the information as well as the documentation and the operation of the device the device can now be used safely for secure sensitive information once it has the fips certification uh all other considerations are that it is digitally secure as uh the software in the device as well as the hardware is uh checked and verified that it's functioning properly uh the functionality uh of the overall device means not only is it safe but it actually does what it's supposed to do uh either generate an otp as an otp device going through the process or with our fips fido fido biometric security key going through the process the functionality is to work properly with the fido protocol so it does perform the multi-factor authentication with the password list solution using the fingerprint biometric and then lastly the quality assurance that you know that the quality of items that you're using for your enterprise or your organization is at a higher level of quality because it's not only has all the items on there but they've been verified and tested and documented let's talk about uh as your hardware format options um so for the format options um for hardware you could have security keys and there's a number of different types of security click keys there are smart cards and that's the standard smart card uh that you have uh looks like a uh credit card uh there's the biometric smart card which uh faithian has and that's the smart card with the chip but it also has the biometric fingerprint reader on there that reads the fingerprint and locks it down only in the device other form factors for azure that could have fip certification this could be a one-time password token otp cards and otp mini cards so otp cards are the credit card uh shaped cards uh that when you press a button it'll generate the one-time password and the mini cards are the smaller or about 40 percent of the credit card size uh that can generate a one-time password and that can be used with azure two other items uh considerating azure uh form factor options and is that the form factor could be uh that could have connectivity through usba connectivity through usb c uh nfc as well as uh ble and that's the different ways that the form factors can connect with uh the devices um and then the characteristic options uh can include either fingerprint biometric or non-fingerprint biometric so these are all the different form factors and some of the connectivities and characteristics associated with them that can be used for the microsoft azure product one quick option here is to uh put basically the the multiple functions in one uh device or solution and we call that a convert access card solution and what that does it performs the form the four functions as indicated wanna conserve as the identity card and in this case uh jane doe and charlotte thompson look awful similar i'm just saying um but you could also uh have in these uh in either of these devices multi-factor authentication the device on the left with the fingerprint biometric uh it can be used for password lists access to azure the device on the right it can be used with an otp a totp solution for azure so either one of these can be used with azure the third function that the either one of these cards can uh perform is physical access that will actually uh open uh the the doors uh or allow access in the different areas so there are some limitations and some some good advantages uh of that so um we can we can discuss that if it's something that you're you're looking at however this is just an option of combining uh those three features onto the car either one of the cards uh the last and final piece of the card uh or function that the converge card can do is it could interact with iot or internet of things and with that interaction the device can indicate when a person is present and that's why uh the the biometric is important and there may be new things that an enterprise want to do wants to do with iot monitor uh temperatures uh record uh who's actually present in certain rooms and uh with the rf uh id uh it can be used uh with that uh these converged access cards to actually interact uh with iot all right again i'm just kind of giving the overview if you want more information be happy to assist you all right who is faithian and what do we do feitean has the mission to provide secure innovative and value price security products in a wide variety of different product areas and those areas include authentication identification access management and payment we've been feitien has been in business for over 20 years with about a thousand employees and about half of those in r d so we love our r d projects we've worked with a number of the major technology and security companies to create solutions that are customized and white label branded we have clients all over the world we feighten is a member of the microsoft intelligence security association and feitin is a seated board member of the fido alliance so we're not just a member we're actually a board member of some of the greatest organizations that are involved together with the fight out protocol and phyto is a fast identity online here's some options on form factors uh from baytian we have a number of different connections and form factors including devices that connect up with lightning or the ios as well as devices that use bluetooth nfc and then as you go across into the middle area we have biometric devices and different uh connectivity fashions usba usbc uh the the black all in pass uh has the opportunity to use not only usb but also nfc or uh bluetooth with the fingerprint biometric and azure for a true passwordless experience on the right we have some card options uh and again the biometric fingerprint card uh can work for multiple functions but it can easily perform uh password lists uh sign on to azure the next device is a little bit thicker that has a battery the biometric card does not have any battery it's powered by rfid so the all in pass plus gives you the ability to use bluetooth nfc or the connected usb c cable uh that's on the device and uh here we're again we're showing the uh campus card which is basically an otp card that can be used for our identification as well as physical access so these are otp solutions and for the otp form factors uh the form factors include uh one uh one touch tokens at the top the cards at the bottom uh within the cards is the mini cards the smaller version that goes on that and then we have a number of different uh other otp solutions inc including challenge and response otp qr code reading otp as well as the new uh voice otp solution for those who are visually impaired it'll sound through the process and provide a one-time password okay our form factors show diversity and uh we include a biometric uh form factor and the two uh items that feitean currently has in process with fips is our fips biometric and our otp projects um and they're they're listed there uh they're underway they're on the nist uh website to see where they are as they're tracking their progress all right as a special bonus for uh tolerating the presentation give you the opportunity to get a buy one get one from baetian we have our website there on the bottom and you're going through check out uh you can this applies to any uh password list security key any of our fido keys or biometric smart card so not every product in our system uh applies to this so it's either a passwordless security key or a biometric smart card uh use that uh bottom um the coupon that's on there the feytienne ignite 2021 logo and you'll get if you buy one security key we'll provide the second one at no charge all right this concludes my presentation presentation thank you very much for uh attending if you have any questions we have a number of great individuals that are available through our organization and they're ready willing and available to assist you


Show video