with Total Support for Robust, FIDO-Compliant Security
21, 2016 – (JCN Newswire) – Fujitsu today announced that it will begin offering
a new FIDO-compliant service for online biometric authentication. The
“Online Biometric Authentication Service” will initially roll out
from early April 2017, starting with Japan.
With this service, Fujitsu will provide companies that offer online services with
the servers and software necessary to implement FIDO (Fast IDentity Online),
services that support the construction of cloud environments, and also software
development kits and development support for incorporating FIDO into
Customers can use this service to easily build online personal authentication
systems with robust security and that do not require passwords for a variety of
day-to-day situations, such as online banking and shopping, ticket
arrangements, and car sharing. This also reduces the burden of getting online
authentication services up and running. In addition, because this service
functions to use FIDO with facial recognition obtained through camera-equipped
smartphones and other biometrics, the number of supported devices on the client
side can be dramatically expanded.
This service is being positioned as one of the IoT solutions that are being
developed for FUJITSU Digital Business Platform MetaArc(1). With MetaArc, which
enables customers to undergo digital transformations, Fujitsu is supporting
connections between people, things, and infrastructure across company and
industry boundaries, and contributing to creating new value and strengthening
competitiveness for customers.
As the number of people using online banking and e-commerce has increased in
recent years, there are concerns about the safety of online authentication via
passwords for a variety of services, and the harm from leaks of personal
information and account spoofing have become a problem for society.
Password-based personal authentication has also been criticized for the high
risks of harm from identity fraud and unauthorized use of services, such as
list attacks, which target repeated use of the same password for multiple
services, and key loggers, which record a keyboard’s activity to steal
At the same time, biometric-authentication-equipped devices, such as
smartphones, are becoming familiar to users, creating an environment where
biometric authentication can be easily used.
On August 1, 2016, Fujitsu joined the FIDO Alliance, an international NPO which
promotes the standardization of password-less online authentication technology,
as a sponsoring member.
FIDO is a new authentication method that resolves the vulnerabilities of
password-based online authentication by using biometric authentication and
public key encryption(2) which do not depend on IDs or passwords. With FIDO,
users simply register their FIDO-compatible device, such as a smartphone, with
the online service they want to use, which enables them to do things like log
in or make payments authenticated by the biometric information stored on their
device, eliminating the need for passwords and improving both safety and
convenience. Businesses that provide online service can accept authentication
from a wide variety of FIDO devices, just by adding support for FIDO to their
server and client applications, and by adopting an authentication method using
public key encryption, they can also reduce their data storage risks because it
is no longer necessary to manage the biometric information of the users of
their service on their own servers.
Summary of the Online Biometric Authentication Service
1. Flexible support for customers implementing FIDO
Fujitsu is supporting customers in implementing FIDO, by providing the
necessary FIDO-compliant software and servers, building necessary cloud
environments, and providing services that support the development of client
applications. In this way, Fujitsu can reduce the burden of customers looking
to start services with online authentication.
2. Development of and support for software that features FIDO support for
Based on the technologies accumulated through the development of its smart
devices and sensors, Fujitsu is offering a software development kit and
development support services necessary for incorporating FIDO into the client
applications for online services installed on users’ biometric authentication
devices. Because it is possible to incorporate biometric authentication
functionality to camera-equipped smartphones that do not feature biometric
authentication sensors, applications can broadly cover Android and iOS
smartphone users, covering 98% of smartphone users in Japan in 2017 (according
to research by Fujitsu).
Fujitsu is aiming to provide the service for 10 million IDs by fiscal 2018.
Going forward, Fujitsu plans to expand the service to cover authentication on a
variety of devices.
A digital business platform that fuses advanced technology such as the cloud,
mobile, big data, IoT, and AI, with Fujitsu’s systems engineering knowledge and
(2) Public key encryption
A method of encryption that uses two keys, a public key and a private key, to
encrypt and decrypt data.