A FIDO2 Server-certified solution, effortless
verification using biometrics, no more passwords.
What is FIDO?
An alliance of leading global technology companies who are committed to work together to replace passwords from the user authentication process.
The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair.
It retains the private key and registers the public key with the online service. ASLI LoginID utilizes two independent strong factors of authentication.
How does FIDO work?
Sample FIDO members are the leading technology companies in each tech layer:
Technology Industry Members
Simple. Secure. No downloads or plugins required
Privacy is a RightComply with the upcoming Data Privacy Protection Law (UU PDP) with our solution. Protect your customer's private data through passwordless authentication. Eliminate consumer privacy concerns & reduce the risks of a data breach.
FIDO2 Server CertifiedCompatible across multiple platforms and devices, while still complying with the world’s toughest banking regulation today, the European Open- banking Standards (PSD2) and General Data Protection Regulation (EU-GDPR).
No More PasswordsAccessing your online account with just a touch.
No More SMS OTPsCut down costs by eliminating SMS fees.
More SecureAccess your account with something only you possess.
One touch biometric login on your mobile apps or website
How does FIDO help to replace passwords?
Today’s broken process of authentication uses 2FA (username/password + OTP via SMS). FIDO’s version of 2FA (user’s device + user’s biometric) is strong, secure and convenient. Can also add OTP for multi-factor authentication.
ASLI Login ID allows you to easily use FIDO2 server certiﬁed biometric authentication-as-a-service on your website and app, through the implementation of API/sdk on your website/app.
FIDO2 certiﬁcation allows for users to directly user FIDO-level biometric authentication right “out of the box”, without the need to download plug-ins, software or apps. ASLI Login ID is FIDO UAF and FIDO2 server certiﬁed.
Something You Have
Something You Are
2FA Strong Authentication
What makes it strong? Two independent factors of authentication
2 Factor Authentications & Higher Security Topology
TYPICAL CENTRALIZED PASSWORD SERVER BECOMES A HONEY POT for HACKERS
Biometrics / Passwords Stored on Central Server
LOGIN ID DISTRIBUTED PRIVATE KEYS: SECURE BY DESIGN
Private Keys & Biometrics Stored in the users’ hardware chip, never leaving the device
Public/private key authentication uses asymmetric cryptography, where an associated set of keys are created upon registration by the user. The user maintains possession of the private key while the public key is stored in the organization’s server.
Authentication occurs when:1) the user’s device calls the website for a login challenge,
2) the website responds with a challenge containing the public key,
3) the device receives the challenge,
4) the device then requests the user’s biometric,
5) upon receiving the correct biometric the device answers the public key challenge (i.e. veriﬁes the “ﬁt” of the public key with the private key),
6) then the device sends the authenticated status of the user back to the server.
ASLI LoginID distributed private keys:
SECURE BY DESIGN
Stored in the user’s hardware chip
Stored on server side
HACK EVENTRevoke then re-issue public keys. If a single user device is hacked, will not impact other users.
ASLI Login ID stores the user’s biometric inside the hardware’s secure element such as Qualcomm’s Trusted Execution Environment (TEE) / secure enclave. The biometric NEVER LEAVES THE DEVICE at any point even during the authentication process.
Upon registration by the user, the biometric is stored inside the secure element, the private key is created and stored in the same secure element, while the corresponding public key is created and stored on the server side.
Existing non-FIDO solutions store the user biometric either in the device’s OS or centrally with the client’s server. While this method “may work and is convenient”, but it’s incredibly insecure and vulnerable to centralized honey pot attacks. If the user biometric is stored centrally, breaches may be catastrophic because biometrics (ﬁngerprints/face/iris) cannot be reset.