Nok Nok
Labs announced the latest version of the Nok Nok S3 Authentication
Suite.
With this latest release, companies and organizations can now
more easily operationalize modern identity and passwordless authentication in
their system-level workflows, business processes and customer payment
transactions. The enhancements to the Nok Nok S3 Authentication Suite are also
designed to streamline large-scale operations in modern cloud environments and
securely integrate with existing cryptographic infrastructure.
Key features and business
benefits in this release include:
- Enhanced
Risk-Based Authentication: The
S3 Suite now simplifies Registration and Authentication rules into a
single ruleset. This allows customers to have full control over
registration and authentication workflows based on predetermined business
risk criteria to create very low friction customer journey experiences.
- Federation
Integration:
The S3 Suite now supports OpenID Connect as an integration mechanism
allowing S3 to serve as an "authentication provider" that works
with industry-leading identity providers (e.g., ForgeRock, Azure B2C)
which allows Nok Nok customers to quickly integrate into existing identity
and authentication systems.
- Enhanced
Transaction Confirmation Support: The S3 Suite will support payment transaction
confirmation in Web Applications. Customers supporting PSD2-SCA workflows
will be able to implement dynamic linking on both Mobile native and Web
applications so that a fraudulent merchant or man-in-the-network can't
change the details of a FIDO-authenticated transaction to hijack and steal
transaction revenue.
- Integration
With Existing Enterprise Cryptographic Infrastructure: Customers will be able to
store sensitive digital system keys of our S3 server into standalone HSM
(hardware security modules) or cloud-HSM hardware infrastructure to
provide the ultimate business safeguards for storing and managing digital
keys that control access to business servers and databases.
- Pluggable
Authentication for Backend Database Access: The S3 Suite servers will
offer a pluggable connection framework that supports multiple
architectural approaches to help our customers eliminate vulnerable
database connections based on username and passwords from all of their
existing system-level workflows and applications.
- Support
an External Backend "Secrets" Store: The S3 Server will support
the ability to send push notifications and email-OTP messages through
typically insecure, external gateways. To be secure, connecting and
opening sessions to those external systems requires strong
authentication. With the new "external backend secrets
store", S3 offers the highest security in connecting with the systems
of external MFA vendors.
"Through continued innovations that stay ahead of changing
threat environments, Nok Nok continues to raise the bar above the modern
authentication standards we helped to create. These new capabilities will offer
greater integration flexibility for our customers that will enable them to
integrate our S3 Suite with the use of their own APIs for handling encryption
operations and also the use of external, hardware-based key vaults for storing
sensitive information," said Rolf Lindemann, Vice President of
Products at Nok Nok.
Nok Nok's S3 Authentication Suite was the first commercially
deployed, highly scalable authentication suite built from the ground up
leveraging the industry's FIDO authentication protocols. With its modular
architecture and container support, the Nok Nok S3 Suite has proven to run at
internet scale, supporting mission-critical identity and modern authentication
for tens of millions of users while protecting over 1B daily authentications around the globe.