This video shows the YubiKey NEO which is build upon the NXP A700x serience secure element. This YubiKey NEO is configured to operate the U2F protocol hosted by the FIDO Alliance.
Welcome to Yubico and NXP Semiconductor!
In this video, I will demonstrate YubiKey NEO, built on the NXP A seven thousand series Secure Element, configured as a FIDO Universal 2nd Factor device - or U2F.
The Secure Element is the key component in the Yubikey that provides high quality True Random Numbers, cryptographic engines to accelerate the Elliptic Curve Cryptography calculations, and several layers of physical and logical protection to provide tamper resistant key storage.
Back to the use case.
At the Yubico U2F enabled demo site, I begin the registration process for a new account.
I enter my chosen user name and a simple PIN or password - as security is provided by the NXP secure element.
When I click "Next", the service instructs the browser to initiate U2F device discovery to find all connected FIDO U2F devices such as my YubiKey NEO with NXP secure element. Technically this process starts a digital certificate based Challenge/Response Authentication process with the Yubikey. The LED starts to flash on all U2F devices found. The browser pop-up appears, instructing me to touch the U2F device I want to be associated with the domain shown.
I touch the gold sensor on my YubiKey NEO, which instructs the embedded NXP secure element to calculate a True Random Number and mints a new public/private key pair based on Elliptic Curve Cryptography for this web service and the response is sent via the browser to the authentication server.
If I wanted to see the details of the messages sent between my YubiKey NEO, the NXP Secure Element, the browser and service, I could press the "Technical data" button.
I can now login to my new account. The service can choose whether to require user presence that is requiring the user to touch their U2F device before the NXP secure element responds to the SIGN request. On our Demo site user presence is set as required by ticking the required user presence checkbox.
I enter my user name and password I used to setup the account, and click login; the browser displays a pop up, showing the requesting site domain and instructs me to touch my U2F device. Once I touch my YubiKey NEO, the NXP secure element signs the login request and I'm in.
The service can also request the browser asks my YubiKey NEO to digitally SIGN without requiring a touch - I can demonstrate this on our demo site by clearing the require user presence checkbox and login again. This time I just enter my user name and password, click login. The browser then sends a challenge to my YubiKey NEO and it's immediately signed by the NXP secure element, and I'm in.
I can also use the YubiKey NEO to perform SIGN operations on any NFC equipped mobile device - such as the Galaxy Nexus or Nokia Lumia 920. I have a Galaxy Nexus I here. The NXP secure element supports both USB and NFC directly - so I run the Yubico U2F Demo App which asks for my username and password, which I enter on the pop up keyboard. The app then requests a U2F device to be swiped/tapped which I do and I'm in. I can tap the Details button if I want to see the technical details.
Want to know more? Visit NXP.com/U2F
Loading more stuff…
Hmm…it looks like things are taking a while to load. Try again?