Mobile Commerce Insider Featured Article

September 19, 2014

Alipay Becomes First FIDO Ready Authentication Ecosystem in China

As one of the subsidiaries of Alibaba, Alipay is going to be part of the biggest IPO in the world today. The company is the largest third-party payment solution in China, and the infusion of cash its parent company receives will likely push Alibaba to start expanding its services around the world. This will require a robust easy to use authentication solution while ensuring the best security protocol in the market. To make that possible, Alipay selected Nok Nok Labs, provider of authentication solutions and founding member of the FIDO Alliance, NNL S3 Authentication Suite to enable secure online payments using the Fingerprint Sensor (FPS) technology on the Samsung Galaxy S5. By integrating this solution in its payment platform, Alipay will be the first FIDO ready authentication ecosystem in China.

The FIDO (Fast IDentity Online) Alliance is a not-for-profit organization established in 2012 with the goal of changing the nature of online authentication by developing technical specifications that define an open, scalable, interoperable set of mechanisms to reduce the reliance on passwords to authenticate users.

The NNL S3 Authentication Suite allows Alipay customers to make purchases and transfers using its mobile application and Alipay Wallet without having to enter a password. The NNL Multifactor Authentication Server (MFAS) provides a unified, flexible authentication infrastructure and communicates securely with the customer on the Galaxy S5.

The Nok Nok solution uses existing security capabilities on today's smart phones such as built-in fingerprint sensor, camera or Trusted Platform Module (TPM) by delivering a seamless integration to authenticate any application. The platform is a flexible and extensible architecture with risk-appropriate authentication capabilities for many different types of applications.

The NNL S3 architecture features:

  • An NNL Multifactor Authentication Client (MFAC) that detects and plugs in the various authentication methods present on the device, using an abstraction layer.
  • Authentication for Web applications achieved using a JavaScript library that communicates with MFAC using a browser plug-in.
  • Authentication for mobile apps enabled by integrating with the NNL Mobile App SDK.
  • MFAC communicates to MFAS using the Universal Authentication Framework (UAF) protocol allowing MFAS to interoperate with any FIDO Ready device and authentication method, with no need to be integrated with each method.
  • MFAS can be deployed in a wide range of environments and it provides Web and mobile applications with REST API endpoints to handle device registration and with authentication functions.

The S3 Authentication Suite is the only authentication platform that supports the entire FIDO authentication modes including the passwordless mode (using the Universal Authentication Framework Protocol) and the password augmentation mode (using the Universal Second Factor Protocol).

“Working with Alipay, a major player in the global online commerce, to provide an easy, secure experience for their customers is tremendous validation for the FIDO movement. As a global leader in delivering Internet-scale services to their customers, they needed a solution that can scale to meet future authentication requirements, while ensuring that consumers get a secure, yet easy-to-use solution today,” said Phillip Dunkelberger, President & CEO, Nok Nok Labs.




Edited by Maurice Nagle




Comments powered by Disqus


Related Mobile Commerce Insider Articles