Samsung SDS’ Nexsign™ Acquires FIDO 2 Certification

Samsung SDS’ biometric authentication solution, Nexsign™ was certified by the FIDO Alliance to meet FIDO 2 standard as of September 26.

The solution provides user authentication using individuals’ biometric information such as fingerprints, iris, etc. Applying to a wide range of services, including Samsung Pay (a mobile payment service) and e-Bay Korea, Nexsign™ offers secure and convenient services.

The FIDO Alliance is an official institute that sets standards for global authentication solutions and runs certification programs. FIDO accredited certification means a product is internationally recognized for its stability and security.

Nexsign™ is the first in Korea and the second in the world to obtain FIDO certification. Among those registered with the FIDO Alliance, Nexsign™ is the only solution that has achieved the Common Criteria certification, proving it to be a reliable solution in the global arena.

Thanks to such achievements, Samsung SDS was chosen as one of the 10 vendors that own FIDO-certified technology by the global IT research institute Gartner’s Hype Cycle for two consecutive years.

FIDO 2 is comprised of W3C’s Web API (WebAuthn) and a corresponding CTAP (Client-to-Authenticator Protocol). FIDO 2-certified companies can provide biometric authentication for various IoT devices as well as mobiles and for web browsers including Google Chrome.

Now various platforms including desktop web browsers and OS, as well as mobiles, can offer biometric authentication. In particular, thanks to web browsers’ built-in support for FIDO 2, users can securely and conveniently use biometric authentication without the need to install additional programs.

At the FIDO 2 Interoperability Testing event, held in San Francisco, U.S., 18 businesses including eight Korean companies were in attendance. Platform providers, including Google and Microsoft, joined the test for the first time to test the authentication functionality of their web browsers.

Once the FIDO 2 technology becomes the standard, companies will be able to further reduce the risk of security breaches such as hacking and phishing during user authentication processes, while also providing authentication services on various platforms beyond mobile devices. Furthermore, users will be able to conveniently use both web and mobile services using their own biometric information without the need to memorize complex login passwords.