register for 2024
May 28-31, 2024 | Aria Resort & Casino, Las Vegas, NV
register for 2024
Identiverse 2023 • Session
Moving Beyond FIDO2 Limitations with Anonymous Credentials, a Privacy-Preserving Extension, and More
Identity Verification and Proofing
Back to Main Agenda
Ironwood 8
10:15 am - 10:40 am
Researcher
Macquarie University
Head of IAM Architecture
Credit Suisse

Session Abstract: FIDO2 enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments. The FIDO2 standard introduced cryptographic tokens into the authentication process, giving Web services and apps users a passwordless login experience via biometrics, mobile devices, and/or FIDO security keys. While FIDO2 provides secure authentication, it does not support verification of user attributes. Furthermore, the FIDO2 protocol does not define how an authentication event could be combined with verified and trusted attributes, nor how users could share them using consented and selective disclosure. Applications that require user attribute verification (e.g. date of birth, driver's license expiration dates, etc.) still rely on ad-hoc approaches that may not satisfy the data minimization principle or do not allow the user to vet the disclosed data. In this session, we will present an industry-ready solution that combines eID, zero-knowledge proofs ,and FIDO2 to enable a privacy-preserving way to share user attributes.

Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now