Ijlal Loutfi


Post Doctoral Researcher


ijlal.loutfi@ntnu.no

Department of Information Security and Communication Technology


Norwegian University of Science and Technology


FitraKey


I am very interested in commercial technology transfer. Since last year I have been worked on designing, prototyping and manufacturing  FIDO security tokens, which are universally accessible and usable by visually disabled users.

Motivation
Besides providing strong authentication, FIDO protocols also standardize a feature called: Transaction Authorization. The standards propose to augment the hardware tokens with screens/displays where transaction details (e.g. order amount, destination address..etc) which are securely sent from the server, are displayed securely to the user, who should confirm them before the transaction can be completed.

Transaction Authorization is very important in protecting against overlay attacks (or Man-In-The-Browser attacks), which can take place within the complex and untrustworthy execution environment of end-point devices. 

Transaction confirmation is also necessary for making FIDO token compliant with the European Open Banking directive, PSD2.

However, we notice that a display is only useful for seeing users, and unusable by visually-impaired ones.

Our Solution: Fitrakey

We augment FIDO token with voice and Braille secure output channels.
For instance, FitraKey translates Transaction amounts from text into voice which is played in a user's headset, or hearing aid.

Similarly, FitraKey can also translate text into braille which is sent over Bluetooth to braille displays.


Achievement

. We have went through several prototyping cycles, and have now reached a manufacturing-ready product. 

- We are working on the logistics of manufacturing and commercialization.