Very much for the introduction and welcome. Hello and welcome to this. Yeah. Late Speech and very appreciated that you are here. One click login as a convenient solution for MFA. I think you heard the whole day a lot of things about wallets and MFA and now it's just another MFA solution. And what we want to introduce here is a new approach, another approach, how to Yeah. Tackle the identity management challenge with with MFA and yeah, with me, I have Dominic Damel, who is the founder of Communi. Yeah.
One of, yeah. A very innovative company. Company. And we want to introduce a framework Yeah. Which is the baseline of that FMFA technology. And last year we had a same topic with the same technology framework, but the use case here was aidas. Yeah. Means identity wallet and the technology backend for that. What we introduce now is exactly the same.
So my name is, I'm from pwc, director of Digital Identity.
And yeah, first I want to, now it's working, I want to give you some details about why we want to address this topic. Most of the things here are not new for you because username and password not sufficient anymore and it's really a high factor to get for identity theft and fraud at account taking. But now we see a lot of regulations on the horizon. And with this two, one of the regulations really expect the introduction of MFA.
But I think what we see since years in the market, in the middle market, a lot of clients, they don't get an insurance anymore for their assets because they don't have MFA for for the end user. And this is not driven by regulation, it's simply driven by risk. Yeah. What is assigned when users, when companies stay for the application methodology with username and password.
Yeah. So this is really an issue that needs to be solved.
And two factor application is a must have for a lot of use cases to use to protect your critical, critical applications and data and the way how we want to solve that. I would like to introduce you first some of, yeah. Study results.
We, last year we had a, a study for, from one of our clients or or our client basis. And we asked them what authentication methods you use. Yeah. And what is, from their opinion, the security level of these authentication methods. Yeah. And compared to usability. Yeah. And this is a benchmark of about 100 clients. We ask for these authentication methods and it's probably one year ago, but it's still valid from my point of view. And we compared here, various factors means something, what you have something what you are and something what you know as factors.
And yeah, this is an, an overview and I think for MFA in combination of all these factors as well in AutoCAD auto dedication methods. So what is, what we see in the, in the, in the last two years is Fido. Yeah. Fido is very popular and brings a lot of Yeah. A better security level. I think that's, that's clear. A man in the middle is more or less solved with Fido and Yeah. And face recognition surprisingly was also a topic in a lot of organizations and they used it. Yeah. This was really a surprise.
And we want to introduce MFA technology or methodology here, which is based on the decentralized approach and on the identity wallet. So, and this is what we want to show now. And therefore, Dominic, your, it's your stage,
Thank you span for introduction and give you a brief overview about challenges.
I'm, as WAN mentioned, I'm the founder of Communi. Communi is a startup company.
We, we are small team of smart developers, which goes away to introduce technology for enterprises. And we focus on the question how we can transfer technology from backend to the mobile device. So if we talk about decentralization, it's a question of storage and processing of data. So how we can organize password life authentication means how we can bring existing passports and which we store in, in backend solutions into a convenient and secure manner to on the mobile device. So that's the biggest challenge part of somebody. The the question of convenient.
We, because we have a lot of tools which are not convenient for the customer, for the, for the, for customer in or for employees because they are needs a second, second app like authenticate app or needs a one time password as SMS or email something else that's not very convenient.
So the question is how we can organize it very smart and easy for the user.
That is for us, one of the relevant approaches if we look to existing portals or something else where if you take your email account or something else, which which is used, you are able, they, they, they, they offer you a two, two FA solution. But most of them, the customer, either employee must and customer or clients don't go into this two FA solution. They always use passports and username passports and they don't want to accept the, the different features or tools which different portals offer to the user.
So the question is how we can bring the user to activate the passwordless authentication and how we create the activation process and how we simple, we can then use a mobile device to authenticate on a really easy way. One of the questions we try to solve is how we can integrate these kind of tool of a in existing infrastructures.
So the reason that we decided to use open Id connect to do that is relevant because we know we can do that something with Fido as well, but we decided to go for open Id connect.
That is not prop to that's the standard, but it's not that what what other solution provider does. So what I want to give you a brief overview, and I'm sorry for the some germ slides or some germ warnings in the slides. I hope it's okay for you. I try to explain it. So the question is how we can integrate to FA into an existing mobile app with its today only based on username and passport and how we can activate these kind of two FA where we work with biometric.
So if we, if a, if the client or employee opens the, the, the app, this is only a screen of a enterprise app or of a client app and of a enterprise and he fill in username password, he will be asked if you want to change from username password to, we call it now it's, or the branding one click login.
And we offer him to set up these, these one click login. And that means for the user that he now use the device, unlock or hear the biometric like five face id, then he accept this combine or use the face ID to act with the app with the binding.
And then the two FA, the path of this two FA is activated. That's pretty easy for him to do. So the change he was in the, before he used using password, now he has activate the passwordless authentication and of course you know that if you want to get access to a portal for web solution or something else, he for instance, scan QR cord with a mobile device, very easy with a camera directly give or use a face recognition to activate it and be inside. So that's not the right it's, it's not the right screen, the former version, but it's then you mean the, she is in.
So that's pretty easy, the activation and of course the lockin. So everybody was asking, okay, that's, it's what's the different to other architectures. This architecture is based off deconnect and not on Fido. That means that we link existing EM solutions, for instance, as a service or other services with isolated identity with a OpenID connect process to the service or enterprise app, which we, where we include these smart decentralized wallet SDK, the wallet is not that what's relevant, but it's, it's, it's a starting point to use the FDK for other things as well.
And if you now have this FDK as part of your app, you are able to drive this process I show you. So you can use it for different kinds of access management for portal, for doors, for gates, for everything. What's what's relevant for this. And you can do it offline as block.
So the information transport, the transfer of information goes through and classical open ID connect server. The protocol or the process, the technical process is very easy. So that's in German as well.
We, we forgot to to, to translate it in the preparation of slides, but I hope you, I can explain it as for you. Very easy. So you have two layers. One layer is the service, like the existing identity access management solution. That's the in the background. And the second layer, this is the SDK, this is, that's the, the, the FDK, which is a component of and without any UI NJX, it's only the technical component.
If you have, if you saw the, the, the, the lockin process, it start with the locking process and then we link the existing session where with the, with user number passport, we open with user number passport with the Trinity FK. And we do that through the open ID connect server. This session allows us to this open session to bind now the device as a relevant factor with the biometric of the user as we use this with the device unlock. And then we transfer the device key from the SDK and from the mobile application back to the service.
And we do that through the existing open ID connect server as well. At the end, the existing service stores the device key and with the device key storage is able then at the next session to log in with the mobile SDK or with the mobile application at the end there is one factor stored in the existing solution. So it's the device key and the two FA only on the mobile device with the device binding. That's the key. And the biometric. Yes. So that's it.
And the question is, is this kind of solution architecture at the end easier to integrate as a It's from our perspective, from usability and integration, it's much easier and smarter.
Yeah. Thank you Dominic. And in the beginning I showed you the result of our study and if you want to rate that solution and in a, in a moment we explained at the end a passwordless our dedication. Yeah.
This is, this is one reason. Yeah. What we can use with this static, with this technology. And another one is a two of a solution with a a device binding. Yeah. That's one factor. And and this means, yeah, one click login is a very high security at the one hand side. Yeah. And the usability at the end for this mobile device is very good. On the other hand, when you have a typical identity access management infrastructure Yeah. Within central IDP, it's not necessary to use such a technology.
But for use cases where we have to work offline, we have external employees and you wanted to register these identities and provide an MFE solution, this is a way to introduce this SDK on a mobile app. Yeah. And there's also an SDK because the need to integrate that in existing application is Yeah. The most use case. Yeah. 'cause no one one use wants to use another ator app.
Yeah. Final summary, it's more com four less costs and yeah. Bring more security than username and password. Yeah. On the one hand side and on the other side. Yeah.
A better security and compliance to the, it complies to the actual frameworks, these two. And for a lot of middle market clients, what we see, they have always issues with Yeah. Multifactor education solutions. And it's a alternative way to introduce that to existing ecosystem for Yeah. External employees and partners and suppliers if they want to get access to your application and infrastructure. So I think now it's open to talk to Yeah. Answer your questions and to raise a discussion about this topic.
Well, first
Of all, thank you very much. It was really, well, maybe even an eyeopener or at least a, a strong contender to kind of in response to all the other standards we've seen earlier during the conference.
So if, again, if you have questions from the audience, just raise your hand.
Thank you.
Hi. Thank you. Very interesting presentation. Quick question about the face biometrics on the device. Is that actually, are you talking about the built-in face biometrics or fingerprint on the device for the biometrics? Or is this face matching software on the device?
In this
Case, it's the device unlocks the device supported biometric,
Unless I'm mistaken, PS two, PSD two doesn't consider the unlock on the phone or by face or by fingerprints being a biometric because you can of course have multiple people's biometrics installed on the same phone. You can't differentiate against how do you deal with that.
So you're right, that's the question.
If you, you really, it's your security, it's your account. You can give your password or something else to other purple as well.
So it's, the question is, is this your password? And if you really use this device for yourself, if you share, share with your family, of course, and then that's the protection protected. It's the same if you share your password or something else with your family.
So it's, it's the question of PF two, I don't know if this regulation really allow this to, to use existing device binding.
Yeah, it must be it must be a trusted device. True. Yes. Yeah. So because this is one factor. Yeah. And this device must be a trusted device. That's true. Thank
You.
Any more questions?
Naish, do we have something from the online audience? We don't have any questions online yet. If I may ask one myself. So as I said, you position this solution as like an easier and maybe even cheaper alternative to all those established standards.
Of course, a standard has always has like a, a benefit. It's recognized by a lot of, not just technical, but also like legal and other compliance. Yes.
But how, how would you prove, basically how would you prove to your customer that you are just as reliable or even better?
Absolutely. That's a relevant question. That's a good question to prove.
I, I think these FDK Span mentioned it's not only a two of a solution, it's more wallet application and you can use it for other use cases for decentralized identity and so on. So it's more for other entrance point so that if you are really go for a decentralized approach, then you can use it as a first feature. And so it's not against Fido or something else. So it's more a part on your roadmap.
If you, if your roadmap is that you really decentralized some functions often use and so on, then this could be a good first introduction point. And so, and the differentiator to the other is that you don't need to change anything at your infrastructure. You can use your existing infrastructure. You don't need to, yeah. Learn about other new standards. So that's the reason that we really focus on the OpenID Connect server that we are, combine it with them and make it easy to implement so quick and easy and smart in the that's differentiator, but it's, yeah.
Well, what if your, what if your legacy app didn't even have support for open? I connect if it's just, if you haven't, if just username and password.
Yeah.
It, the question is username, password is one authentication for where I expect that it, that that it part of your open I connect support. If you don't have any kind of open ID connect support. I don't know if it's, it's a good question, but it, are there existing systems in in, in the place which don't support Open Id connect.
This is definitely a limitation. Yeah.
Yeah, that's right. And MFA in that matter here, it's just one use case for that, for that framework, for that s for the SSDK. Yeah. But because technically behind is a wallet. Yeah.
But it's of course, it's, it's, it needs to implement or have any kind of matic connect stand that in place.
So basically it's just another good reason to start adopting standards. Yes. Okay. That's right. Okay. Yeah.
Well, if you don't have any further questions, well, thanks a lot. Again, it was really interesting and I can totally imagine people wanting to learn more. There's one question.
Oh, of
Course. The question is like, why should I integrate one click login in a SSI based world where wallets inherently have MFA capabilities?
Oh,
Can you, can you ex repeat
Repeat it us, show it to us. Yeah. Yes. The question is do we have a SSI based world?
Yes, of course. In the SS I based world, we, we use other principles which we support as well. With this FDK, the question is, do we have a FS i based world today?
So if the, it's a, it's always a question how we really integrated in existing infrastructure. So in the SSI world, in a upcoming real decentralized ecosystem, we, we, we use other part of our SDK to for the authentication.
So, so that, so that then we don't speak about open connect, then we speak about open connect for, open for verified credentials, or we speak about Theo protocols and so on. We support this as well. But we know the enterprises and the, the industries not so much ready today. So that's the reason that really bring this as an entrance point to A SSI that is a starting point for enterprises to, to, to, to find real added value for wallet based solutions and then increase the value in use more features for, for SSI Vault.
Okay. Great.
Well, thanks a lot. And as I was saying, if you have technical questions, if you want to follow up on a more like serious business level, of course you can just reach out to community and of course PWC or always there. Yeah. Thank you very much. Thank you. Yep. Thank you very much.
