Digital Identity

Myntech's Digital Identity solution is based on FIDO, a new standard that allows you to authenticate yourself securely without using a password!

FIDO Alliance

Myntech è associata alla
FIDO Alliance

Scenario

Remembering dozens of passwords to access our favorite online services
is an essential daily training for our digital life.

Passwords, a distant memory!

These passwords are very often the same or not very complex, and put us at risk with respect to potential cyber attacks that we see proliferating day after day.

With the advent of the GDPR, companies have had to adopt new rules, new internal procedures and new security measures to protect the data of their customers and users, thus highlighting the importance of implementing new solutions. and new technologies to achieve this goal.

The European context

In the European context, we have seen a well-defined path with regard to the adoption of protocols and regulations shared between the Member States (eIDAS, GDPR, PSD2, etc ...) to ensure that there can be an interconnection between the digital services of the individual countries and achieve the goal of the European Digital Single Market.

The personal identity linked to the user of a digital service is the main element on which various public and private solutions have followed over the years, with the aim of solving the problem of certain and unequivocal identification of the person which is behind the device and which is performing operations on digital channels.

The FIDO Alliance

As we know, this will always be a topic of discussion and that will change over time with the evolution of technological tools.

As we know, this will always be a topic of discussion and that will change over time with the evolution of technological tools.

What's this

FIDO is a standard, as is Wi-Fi or Bluetooth

FIDO is a standard

Just as we know WiFi or Bluetooth, it is advisable to also start to know the acronym FIDO (Fast Identity Online), a standard developed and promoted by the FIDO Alliance which includes the largest technology companies (and not) in the world.

Also Myntech, with the aim of supporting companies and public bodies in the adoption of this new standard and of providing digital solutions based on this paradigm, joined the Alliance in 2020.

Cryptography

What makes FIDO an interesting standard is not only the possibility of authenticating without a password, but it is above all the methodology with which this takes place and which changes the rules of the game in terms of IT security.

FIDO uses encryption with the use of public and private keys to carry out a so-called "strong authentication", in particular, during the authentication process, the key private is kept exclusively on the user's device, while only the public key is stored by the online service.

Why it is a novelty

When we register for a digital service today, he doesn't know if it is really us or if our passwords are being used by another person on our behalf.

With this methodology, however, the digital service can say with almost absolute certainty that it is really us and, above all, our passwords will no longer be kept by the company that provides the service.

Consequently, on the one hand, companies will finally be relieved of the burden of protecting user passwords, on the other hand users will be physically in possession of their digital identity.

How does it work?

Once I have decided to authenticate or register with the digital service, FIDO asks me to unlock the device that I am using to verify that it is actually me.

If I am on a PC or smartphone I can unlock the device through a PIN, the FaceID, the Fingerprint or through the code unlock; if, however, I have an external security key, I can unlock it by clicking the button on it or bring it closer to the device using the NFC technology.

Only after unlocking it will the mechanism be activated whereby my private key will communicate with my public key in possession of the digital service.

Why is it different?

The basic concepts of the FIDO protocol are ease of use, privacy and security, and standardization.

Over the years many companies have worked hard to implement this entire stack of clients and protocols with proprietary solutions.

FIDO has changed the paradigm by standardizing both clients and protocols and using encryption through the public and private keys that are used by the parties to enable the authentication process.

FIDO2

Change of paradigm

FIDO2 is the naming given by the FIDO Alliance to this new technological stack.

The FIDO2 specifications are the specifications of the W3C "WebAuthn" and the corresponding "Client-to-Authenticator" (CTAP) protocol of the FIDO Alliance.

Web Authentication (WebAuthn)

WebAuthn enables digital services to use FIDO authentication through a standard web API that can be built inside web browsers.

WebAuthn has been designated as an official standard in March 2019 and is currently supported by Windows 10, Android, Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari.

Client-To-Authenticator Protocol (CTAP)

CTAP enables extended use cases through the use of the FIDO standard and gives the possibility for external devices to interact with the browsers that support WebAuthn.

CAREERS

Join us and get new opportunities for career growth.

European AI Alliance

Membri della
European AI Alliance

FIDO Alliance

Membri della
FIDO Alliance