Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Unlock with IoT Devices

Published byΔήλια Βαρνακιώτης Modified over 6 years ago

Similar presentations

Presentation on theme: "Windows Unlock with IoT Devices"— Presentation transcript:

1 Windows Unlock with IoT Devices
Microsoft Build 2016 11/23/2018 6:12 PM Windows Unlock with IoT Devices Anoosh Saboori Senior Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 MICROSOFT CONFIDENTIAL

3 Demos Microsoft Band Sign In
11/23/2018 6:12 PM Demos Microsoft Band Sign In © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 11/23/2018 6:12 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Microsoft Passport & Windows Hello A two-factor authentication system built for you and your users
Achieve higher levels of security while reducing costs Increase user convenience with simple unlock gestures

6 Private keys secured in TPM
Second Factor in Previous Release Second Factor Windows Hello Biometric First Factor or PIN Private keys secured in TPM

7 Private keys secured in TPM
Second Factor in Upcoming Release Second Factor Windows Hello Biometric First Factor or PIN or Private keys secured in TPM Companion Devices

8 11/23/2018 6:12 PM Overview © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Make Companion Device Sociable via Signals 
Intent signal a signal that allows the user to show his intent for unlock Disambiguation signal a signal to disambiguate which Windows 10 desktop the user wants to unlock when multiple options are available to the Companion Device User presence signal a signal that proves presence of user, like a device PIN

10 User Flow Overview Set up a PC PIN Download and run the companion app
on each of target Windows 10 desktop she wants to unlock with that Companion Device. Download and run the companion app on Windows 10 desktop to register the Companion Device with Windows 10 desktop Collect the signals and unlock PC when PC is in locked state

11 Messaging

12 Protocol Overview 11/23/2018 6:12 PM
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Register Unlock

14 Security Principles PC unlock requires registered companion device being present Companion device only talks to PC with which it was registered HMAC key 1 (stored on Companion Device) HMAC key 2 (stored on both PC and Companion Device)

15 11/23/2018 6:12 PM Register © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Register background task
Prepare Register background task Establish two HMAC keys, signals, and device capabilities Start Call RequestStartRegisteringDeviceAsync Finish Call FinishRegisteringDeviceAsync Clean up Companion Device stores HMAC keys Companion app discards its copies

17 Code Walkthrough Register
11/23/2018 6:12 PM Code Walkthrough Register © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 RequestStartRegisteringDeviceAsync API
11/23/2018 6:12 PM RequestStartRegisteringDeviceAsync API HRESULT RequestStartRegisteringDeviceAsync( [in] HSTRING deviceId, [in] SecondaryAuthenticationFactorDeviceCapabilities capabilities, [in] HSTRING deviceFriendlyName, [in] HSTRING deviceModelNumber, [in] Windows.Storage.Streams.IBuffer* deviceKey, [in] Windows.Storage.Streams.IBuffer* mutualAuthenticationKey, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorRegistrationResult*>** operation); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 FinishRegisteringDeviceAsync API
11/23/2018 6:12 PM FinishRegisteringDeviceAsync API HRESULT FinishRegisteringDeviceAsync( [in] Windows.Storage.Streams.IBuffer* deviceConfigurationData, [out, retval] Windows.Foundation.IAsyncAction** result); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 11/23/2018 6:12 PM Unlock © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Two API calls should be made within 20 seconds
Microsoft Build 2016 11/23/2018 6:12 PM Wait WaitingForUserConfirmation, OR CollectingCredential Start Call StartAuthenticationAsync Compute Communicate with Companion Device to perform required HMAC operations Finish Call FinishAuthenticationAsync Wait for CredentialAuthenticated to start success flow Wait for StoppingAuthentication to kill your background task PC was locked All signals collected Two API calls should be made within 20 seconds © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Code Walkthrough Unlock
11/23/2018 6:12 PM Code Walkthrough Unlock © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 StartAuthenticationAsync API
11/23/2018 6:12 PM StartAuthenticationAsync API HRESULT StartAuthenticationAsync( [in] HSTRING deviceId, [in] Windows.Storage.Streams.IBuffer* serviceAuthenticationNonce, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorAuthenticationResult*>** operation); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 FinishAuthenticationAsync API
11/23/2018 6:12 PM FinishAuthenticationAsync API HRESULT FinishAuthenticationAsync( [in] Windows.Storage.Streams.IBuffer* deviceHmac, [in] Windows.Storage.Streams.IBuffer* sessionHmac, [out, retval] Windows.Foundation.IAsyncOperation<SecondaryAuthenticationFactorFinishAuthenticationStatus>** result); © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Security, Management, and Policy
11/23/2018 6:12 PM Security, Management, and Policy © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 A Word on Security Protect HMAC keys, at rest and on fly
offline attack cloning exportability Verify user presence securely anti spoofing uniqueness anti hammering reliable

27 Management Via Windows Via app
Windows performs A/AD or MSA authentication Windows does not provide a portal to view, audit, revoke, or manage these devices Windows does not provide roaming Via app From the app, user can unregister a Companion Device MICROSOFT CONFIDENTIAL

28 IT Admin Concepts Policy Revocation
An on/off switch for Companion Devices Allowed list of Companion Device apps via Windows app locker Revocation Remove a device type from companion app allowed list when a breach is detected in that device type MICROSOFT CONFIDENTIAL

29 Call to Action Send to to get started

30 11/23/2018 6:12 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Windows Unlock with IoT Devices"

Similar presentations

demo Receive Inventory Export Parse and Normalize.

demo Receive Inventory Export Parse and Normalize.
Secure Windows App Development. Authentication.

Secure Windows App Development. Authentication.
04 | Business Analyzer Brian Meier| Senior Lead Program Manager.

04 | Business Analyzer Brian Meier| Senior Lead Program Manager.
demo User Signs Up Temporary Account is Created Email with Verification Link Sent User Clicks Link Account is Activated Login.Register(userName,

demo User Signs Up Temporary Account is Created with Verification Link Sent User Clicks Link Account is Activated Login.Register(userName,
DataModel VisualizationExternal Assets Workbook Excel Services API BrowserRich Apps EWA JSOMBrowser REST BrowserRich Apps.

DataModel VisualizationExternal Assets Workbook Excel Services API BrowserRich Apps EWA JSOMBrowser REST BrowserRich Apps.
11 | Managing User Info Jeremy Foster Michael Palermo

11 | Managing User Info Jeremy Foster Michael Palermo
11/12/2017 12:06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

11/12/ :06 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Secure your complete data lifecycle using Azure Information Protection

Secure your complete data lifecycle using Azure Information Protection
Microsoft Ignite 2016 5/16/2018 3:12 PM BRK2119

Microsoft Ignite /16/2018 3:12 PM BRK2119
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.

5/29/2018 1:51 AM THR2071 Managing enterprise applications, permissions, and consent in Azure Active Directory Adam Steenwyk & Jeff Sakowicz Program Managers.
Accelerate GDPR compliance with Microsoft 365

Accelerate GDPR compliance with Microsoft 365
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
6/12/2018 3:52 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

6/12/2018 3:52 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Secure authentication with Windows Hello

Secure authentication with Windows Hello
6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure AD for the client management guy (or gal!)

Azure AD for the client management guy (or gal!)
Deploy Windows 10 Mobile for the mobile workforce

Deploy Windows 10 Mobile for the mobile workforce
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

Similar presentations

Ads by Google