FIDO2 authentication compatible "Yubi On FIDO Logon" cloud service started.
- Toward a safer and more convenient society with FIDO2 certification -
May 12, 2021
Soft Giken Co., Ltd. (Representative Director Norio Fujita Established in 1983) will start providing "YubiOn Security Authentication Service" and "YubiOn FIDO Logon" cloud service that anyone can easily realize a passwordless world from May 12, 2021.
We are developing a two-factor authentication "YubiOn Portal Authentication Service" that uses a password that is stored and OTP using an external authenticator.
Currently, the prevalence of COVID-19 has increased remote work, and there is a demand for safe and secure zero trust. Safe and secure certification by the latest FIDO2 certification is attracting attention. By using the user's biometric information (fingerprint, vein, face recognition, etc.) or an external authenticators (dedicated token, mobile terminal, etc.) that you own, you can reduce the risk of passwords and improve convenience.
We will start providing the "YubiOn FIDO Logon" cloud service using the FIDO-certified in-house developed "YubiOn FIDO2 (R) Server". The "YubiOn FIDO Logon" cloud service is equipped with a management site so that the administrator of the information system department can easily manage the authentication function, which can also improve business efficiency. Efficiency allows personnel to focus on leveraging new data and developing in-house services. By applying the YubiOn authentication solution, the information systems department can focus more on new challenges such as digital transformation.
In the future, we will further strengthen sales of appliance servers equipped with the "YubiOn FIDO2 (R) Server" function and FIDO2 authenticators. Together with the "YubiOn FIDO Logon" cloud service, we will contribute to strengthening authentication and promoting digital transformation in remote work environments.
1. What is the "YubiOn FIDO Logon" ?
"YubiOn FIDO Logon" is a cloud solution that can strengthen the logon of PC terminals to two-factor authentication using FIDO *. The biggest feature is that the administrator can manage and control on the cloud by using the FIDO authentication technology, which is becoming indispensable for Web service authentication, to strengthen the logon authentication of PC terminals. * FIDO = Fast IDentity Online. The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords.
2. Features of "YubiOn FIDO Logon"
1) Can be managed and controlled with a web console
The administrator can check the status and authentication information of the
registered terminal at any time from the Web console. Since you can check the
authentication log on the Web, you can immediately grasp the situation even when
an incident occurs.
2) Easy to introduce a robust FIDO authentication
Upgrade your PC terminal logon to FIDO authentication with software installation and
simple initial setup. The strong security strength of FIDO can be introduced into PC
terminals.
3) Corresponding to various FIDO authentication device.
Because you are in response to the various authentication device based on the
specifications of the "FIDO2", you can freely select an authentication method. You
can also use password-free combinations such as "PIN" & "Authenticator",
"Fingerprint" & "Authenticator".
3. Scene to use
You can use it in various scenes where security is a concern.
1)In your environment with Active Directory (AD)
If you want to introduce two-factor authentication to your PC but don't want to
change your AD settings. If you cannot use the authenticator you want to use with
Windows Hello, or if there are restrictions due to the environment. "YubiOn FIDO
Logon" allows you to freely design security without being bound by AD settings.
2) I want to use two-factor authentication only for a specific account.
You can make detailed security settings for each account, such as using two-factor
authentication only for Windows accounts that have Administrator privileges.
3) I want to reduce the number of inquiries about forgetting passwords.
By using the password memory function at the time of initial setting, you do not need
to enter the Windows password after that, and you can reduce the number of
inquiries about forgetting the password.
4. Product specifications
1) System configuration diagram
2) Operating environment
CPU : 800MHz or higher 32-bit or 64-bit processor (1GHz or higher recommended)
Memory : 512MB or more (1GB or more is recommended)
Storage : 100MB or more free space
Required middleware : .NET Framework 4.7.2 or later
3) Supported OS
Client OS : Windows8.1, Windows10 (version 1909 or later)
Server OS : Windows Server 2008 R2, Windows Server 2012 R2,
Windows Server 2016, Windows Server 2019
4) Main functions
(1) Two-factor authentication
Set the logon of the PC terminal to two-factor authentication using a password and a
FIDO authenticator.
You can also use password-free combinations such as "PIN" & "Authenticator",
"Fingerprint" & "Authenticator".
(2) FIDO logon forcing function
This feature is when you logon Windows, you can be set to force the logon using the
FIDO authentication device.
(3) Screen lock function
Locks the screen when the FIDO authenticator is removed from the PC terminal.
(4) Offline logon function
- Cache logon
It is a function (cache logon) that retains the cache at the time of the previous
authentication and authenticates at the time of offline.
- Expiration date setting
Set the number of valid days for cache information.
(5) Remote lockout function
This function is a function that makes the PC terminal unable to log on (lockout state)
by using the Web console remotely.
(6) Authentication failure lockout function
- Authentication failure lockout
This function locks out the terminal when logon fails a certain number of times.
- Automatic release setting
It is a function that automatically releases the lockout after a certain period of time
has passed after the automatic lockout.
(7) Group policy function
It is a function to reflect various settings of YubiOn FIDO Logon for each grouped
terminal.
(8) Log management function
It is a function to collect the log of the PC terminal and browse it on the Web
console.
(9) Get location information
It is a function that collects the location information of the PC terminal and displays it
in the log.
(10) Version update
This is a client software version upgrade function.
(11) Ability to limit uninstallation
This function restricts general users from uninstalling the software.
5. About charges
From 500 yen per month / 1 account (in the case of monthly payment)
* Please purchase the FIDO authenticator separately or contact us for details as it is
also available at Soft Giken.
6. About the service page
Please refer to the following page.
[About Soft Giken Co., Ltd.]
Soft Giken has a track record of software development in the social system business such as disaster prevention information as an independent software house for 37 years since its establishment. Based on the philosophy of "Make every world better.", We provide public and social systems, cloud security and authentication services.
We provide "YubiOn Authentication Solution" that supports from computer two-factor authentication login to cloud authentication. The YubiOn authentication solution also supports FIDO-based multi-factor authentication. You can solve the problem of online authentication by eliminating the anxiety of the conventional ID / password login method and pursuing ease of use. With the YubiOn Authentication Solution, you can reduce the cost and effort of operating and managing your IT assets while enhancing security by enhancing FIDO authentication.
[Future plans]
We plan to develop the OTP-based solutions "Windows Logon Portal" and "Windows Standalone" that we are currently offering so that they can be used on Macs in the future.
[YubiOn FIDO2(R) Server]
was officially certified by the FIDO Alliance on March 11, 2019.
We participate in the FIDO Alliance as a sponsor level member.
* "YubiOn" is a registered trademark of Soft Giken Co., Ltd.
[What is FIDO2?]
The latest specifications of the FIDO Alliance. FIDO2 allows users to easily authenticate online services in both desktop and mobile environments using the FIDO2 authenticator. The FIDO2 specification consists of the World Wide Web Consortium (W3C) WebAuthn (WebAuthn) specification and the corresponding Client-to-Authenticator Protocol (CTAP) of the FIDO Alliance.