December 11, 2017 -
Nok Nok Labs has announced an implementation of a FIDO UAF 1.1 product on Android 8.0 devices by NTT DOCOMO, the first of its kind by a major mobile network operator, according to the announcement. The implementation leverages Nok Nok Authentication Server to provide hardware-based key attestation, which can mitigate many scalable attacks on authentication protocols.
“Key attestation can be vital to solving a core problem with internet security – specifically, how to tell a real device from a virtual machine that a bad actor could use to mount scalable attacks,” said Rajiv Dholakia, VP Products at Nok Nok Labs. “Nok Nok Labs pioneered the concept of key attestation in FIDO authentication. We have worked with hardware and OEM partners such as Lenovo and Samsung, and operating system partners such as Google to leverage hardware-based key attestation over a standards-based mechanism to deliver the best possible security to our customers.”
The integration enables app providers to leverage strong, standards-based authentication for mobile users with the Nok Nok AppSDK, and Nok Nok S3 Authentication Suite Customers can utilize key attestation without making changes to their applications.
“Key attestation is a vital component of a strong identity chain. It is the way we provide strong, cryptographic proof of the clear provenance and security of the method of authentication,” said Dr. Rolf Lindemann, Senior Director of Technology at Nok Nok Labs, and the editor and main author of the UAF 1.1 specification. “With the new capabilities of UAF 1.1, a developer need not wonder if a device manufacturer provides support for standards-based authentication natively on their latest device. They can leverage the Nok Nok solution to assure strong security on any new device with Android 8.0.”
Last month Nok Nok Labs launched version 5.2 of its S3 Authentication Suite just over a month ago.