SlideShare a Scribd company logo

CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

CloudIDSummit
CloudIDSummit

Rajiv Dholakia, Nok Nok Labs Basics of how FIDO protocols work, how they fit into the broader identity ecosystem, the benefits of the design and the state of implementation/deployment in the market; appropriate for both technical and non-technical individuals, giving orientation before diving into the details of the specific FIDO protocols.

Technology
1 of 54
Download to read offline
© 2014 FIDO Alliance Standards for Simpler Stronger Authentication Rajiv Dholakia – VP Products & Business Development , Nok Nok Labs rajiv@noknok.com
Context & Aspirations
I.T. HAS SCALED: IT’S A HETEROGENEOUS WORLD $$$ Technological capabilities: (1971 ! 2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 ! 2013) HDD $/MB /12k NV RAM $/MB /1.3m Ubiquity: More than 7bn mobile connected devices by end of 2013 Connectivity: (2013) 34% of all people ww have internet access Relevance: (2012) $1 trillion eCommerce Social media: (2013) >10% of all people ww active NOK NOK LABS
The Authentication Tower of Babel Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS ? 4
IMPLEMENTOR’s PERSPECTIVE: A CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 5
Taking lessons from History 6 Authentication SSL Communication ???
Common authentication plumbing 7 Users Cloud/Enterprise Devices Federation Open Standard Plug-In Approach Interoperable Ecosystem Usable Authentication WHAT IS NEEDED
FIDO 101
Goal: Simpler, Stronger Authentication (a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b) Operating programs to help ensure industry adoption (c) Submitting mature Specifications for formal standardization Mission: To Change Authentication Online by:
Identity & Authentication Building Blocks NOK NOK LABS 10 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
User Authentication Online Do you want to login? Do you want to transfer $100 to Frank? Do you want to ship to a new address? Do you want to delete all of your emails? Do you want to share your dental record? Authentication today: Ask user for a password (and perhaps a one time code)
Today’s Passwords REUSED PHISHED KEYLOGGED
Today’s Password Alternatives One Time Codes with SMS or Device SMS USABILITY DEVICE USABILITY USER EXPERIENCE STILL PHISHABLE Coverage | Delay | Cost One per site | $$ | Fragile User find it hard Known attacks today
Megatrend Simpler, Stronger Local Device Auth PERSONAL DEVICES LOCAL LOCKING NEW WAVE: CONVENIENT SECURITY Carry Personal Data Pins & Patterns today Simpler, Stronger local auth
Putting It Together The problem: Simpler, Stronger online The trend: Simpler, Stronger local device auth Why not: Use local device auth for online auth? This is the core idea behind FIDO standards!
FIDO Experiences LOCAL DEVICE AUTH SUCCESSONLINE AUTH REQUEST PASSWORDLESS EXPERIENCE (UAF standards) SECOND FACTOR EXPERIENCE (U2F standards) Show a biometricTransaction Detail Done Login & Password Insert Dongle, Press button Done
FIDO Registration REGISTRATION BEGINS USER APPROVAL REGISTRATION COMPLETE NEW KEY CREATED USER APPROVAL KEY REGISTERED 1 2 Using Public key Cryptography 4 3
FIDO Login LOGIN USER APPROVAL LOGIN COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Login Using Public key Cryptography
Decouple User Verification Method from Authentication Protocol LOGIN USER APPROVAL REGISTRATION COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Leverage public key cryptography ONLINE SECURITY PROTOCOL PLUGGABLE LOCAL AUTH
User Device User Agent Mobile Apps Authenticator Abstraction (ASM) Authenticators Authenticators Private Keys Authentication Keys Attestation Keys Relying Party Web Application FIDO UAF Server Authentication Keys Attestation Key Public KeysRegistration, Authentication & Transaction Confirmation! UAF Protocol UAF ARCHITECTURE OVERVIEW UAF Authenticators
Relying Party User Side U2F APDU USB API NFC API Bluetooth API U2F JS API Secure U2F Element Connectors USB NFC Bluetooth Web Application FIDO U2F Server User Keys U2F Flow Diagram User Action BrowserU2F Token
Options Passwordless UX = UAF: Universal Auth Framework •  User carries client device with UAF stack installed •  User presents a local biometric or PIN •  Website can choose whether to retain password Simpler Stronger Authentication Second Factor UX = U2F: Universal Second Factor •  User carries U2F device with built- in support in web browsers •  User presents U2F device •  Website can simplify password (e.g, 4 digit PIN)
Design Considerations
No 3rd Party in the Protocol
No secrets on Server side
Focus on User Privacy • Biometric data never leaves user’s device • No linkability between RPs • No linkability between RP accounts
Embrace all kinds of Authenticators software, proprietary hardware, certified hardware, ...
Risk Based Authentication "  Login to online account "  Change shipping address "  Transfer $10.000 Low High
Choice of Security Profiles NOK NOK LABS User Space Secure Hardware FIDO UX Layer Input, Display Crypto Layer FIDO UX Layer Input, Display Crypto Layer FIDO Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
Risk Appropriate Authentication 30 Strong Stronger FIDO Security Spectrum Software Only ID TPM/SE ID TEE + SE ID Protects Keys Protects Keys Protects Crypto Protects Keys Protects Crypto Protects Code Protects Display Strongest
Permanent link to this comic: http://xkcd.com/538/ A webcomic of romance, sarcasm, math, and language. On SECURITY
A peek into MODERN AUTHENTICATION 32NOK NOK LABS IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
COMPLEMENTS IDENTITY & FEDERATION STANDARDS NOK NOK LABS 33 STRONG AUTH PASSWORDS SSO/FEDERATION Recreated PMS First Mile Second Mile SAML OpenID FIDO/Strong Auth Federation Standards
FIDO Model: Direct to Relying Party OR through IdP 34Devices support multiple authenticators User Authenticates to the Device Relying Parties (SP) Device Authenticates to Relying Party 2a 1 Identity Provider (IdP) 2b OR Device Authenticates to Identity Provider (IDP) 2c IDP asserts identity via SAML, Oauth, OpenID Connect… OR
Recap
Identity & Authentication NOK NOK LABS 36 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
Simplifying and Scaling Authentication AnyDevice.AnyApplication.AnyAuthenticator. 37 Standardized Protocols Local authentication unlocks app specific key Key used to authenticate to server
IMPLEMENTATION CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 38
SIMPLIFIED IMPLEMENTATION WHATISBEINGSTANDARDIZED App 2 Applications Authentication Methods RP 1 RP 1 App 1 New App FIDO UNIFIED STANDARDS Organizations ? 39 Online Crypto Protocol Pluggable Authentication
CONCLUSIONS •  The enemy is symmetric shared secrets •  The enemy is poor user experiences and friction •  FIDO is a building block •  Even simple software-based authenticator with a pin offers many advantages over passwords •  FIDO complements your investments in federation and improves your security and ease of use
FIDO Alliance Snapshot July 2014
42Nok Nok Labs Confidential — Do Not Distribute
FIDO Alliance Role •  Paper Specifications, Interop and Conformance testing, Trademark licensing against criteria, thought leadership, nurture ecosystem of vendors delivering FIDO implementations to market •  Alliance does not ship products (only specifications) o  Implementations left to commercial vendors •  FIDO Alliance designs core protocol o  Like SSL, FIDO has no domain semantics o  Relying parties and Vendors may adapt FIDO into commercial solutions o  Vendors may deliver FIDO specification as product or service, standalone or as part of a solution stack o  Extended use cases may be explored by vendors long before imported into protocol
Version 1.0 (Review Draft) is in Public Review
FIDO at Industry Events – Readiness FIDO-Ready Products & Deployment for Mobile & More SIM + Secure Element PIN + MicroSD, USB Fingerprint, Mobile Speaker Recognition Mobile via NFC*
Useful to keep these separate: Design Intent FIDO Protocol Specification Specific Implementations Solution that incorporates FIDO
Select Authenticate Purchase 47 MOBILE DEVICES reshaping Security, Commerce NOK NOK LABS AUTHENTICATION THAT IS “One-Swipe”, “One-Phrase”, “One-Look”, “One Touch”
OEMs SHIPPING FIDO-READY ™ PRODUCTS New and existing devices are supported 48 OEM Enabled: Samsung Galaxy S5OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors Clients available for these operating systems : Software Authenticator Examples: Voice/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element
First FIDO Deployment already live… 49 •  Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready™ software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique cryptographic “public key” that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers.
Breaking news for July… •  Alipay – formerly a part of Alibaba Group in China •  Processed $519 Billion in transactions in 2013 •  Launched FIDO-based payments using Galaxy S5
Better Security, Better User Experience Goingbeyond“Risk,Regulation,Reputation” 51 Setup Confirm Sent DESIGN, DELIGHT & DOLLARS!
Call to Action •  FIDO is ready for use – launch a POC, Pilot •  Get involved: o  Develop or adapt your products to FIDO o  Come to the plenary, meet and mingle, speak with the pioneers, select your partners o  Join the Alliance and contribute – we are a volunteer run organization! o  Contact donal@fidoalliance.org for membership details o  Other questions – rajiv@noknok.com
FIN
THANK YOU

Recommended

FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...FIDO Alliance
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 

Recommended

FIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Specifications Tutorial
FIDO Specifications TutorialFIDO Alliance
 
FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
Bio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaBio-Authentication (FIDO) and PKI Trends in Korea
Bio-Authentication (FIDO) and PKI Trends in KoreaFIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...FIDO Alliance
 
FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in Korea FIDO’s fit for Key Industries in Korea
FIDO’s fit for Key Industries in KoreaFIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAllianceSanjeev Verma, PhD
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO AuthenticationFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO in Government
FIDO in GovernmentFIDO in Government
FIDO in GovernmentFIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and MicrosoftFIDO Alliance
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 
Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO SolutionForgeRock
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 

More Related Content

What's hot

Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO AuthenticationFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 

What's hot (20)

Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO Authentication
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO in Government
FIDO in GovernmentFIDO in Government
FIDO in Government
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 

Viewers also liked

Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO SolutionForgeRock
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidKan-Han (John) Lu
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Why FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesWhy FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesFIDO Alliance
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Brian Campbell
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.FIDO Alliance
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarBrian Campbell
 

Viewers also liked (19)

Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Why FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesWhy FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government Services
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
Usher functionality
Usher functionalityUsher functionality
Usher functionality
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
 
20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
 

Similar to CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Digital authentication
Digital authenticationDigital authentication
Digital authenticationallanh0526
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_IntroductionJohnson Wu
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO Alliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationFIDO Alliance
 
Beyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleBeyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleNFC Forum
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with MicrosoftFIDO Alliance
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerYenlo
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Alliance
 

Similar to CIS14: FIDO 101 (What, Why and Wherefore of FIDO) (20)

Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Digital authentication
Digital authenticationDigital authentication
Digital authentication
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO Authentication
 
Beyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleBeyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at Scale
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
 
Passwordless Mobile Banking.pdf
Passwordless Mobile Banking.pdfPasswordless Mobile Banking.pdf
Passwordless Mobile Banking.pdf
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

  • 1. © 2014 FIDO Alliance Standards for Simpler Stronger Authentication Rajiv Dholakia – VP Products & Business Development , Nok Nok Labs rajiv@noknok.com
  • 3. I.T. HAS SCALED: IT’S A HETEROGENEOUS WORLD $$$ Technological capabilities: (1971 ! 2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 ! 2013) HDD $/MB /12k NV RAM $/MB /1.3m Ubiquity: More than 7bn mobile connected devices by end of 2013 Connectivity: (2013) 34% of all people ww have internet access Relevance: (2012) $1 trillion eCommerce Social media: (2013) >10% of all people ww active NOK NOK LABS
  • 4. The Authentication Tower of Babel Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS ? 4
  • 5. IMPLEMENTOR’s PERSPECTIVE: A CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 5
  • 6. Taking lessons from History 6 Authentication SSL Communication ???
  • 7. Common authentication plumbing 7 Users Cloud/Enterprise Devices Federation Open Standard Plug-In Approach Interoperable Ecosystem Usable Authentication WHAT IS NEEDED
  • 9. Goal: Simpler, Stronger Authentication (a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b) Operating programs to help ensure industry adoption (c) Submitting mature Specifications for formal standardization Mission: To Change Authentication Online by:
  • 10. Identity & Authentication Building Blocks NOK NOK LABS 10 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
  • 11. User Authentication Online Do you want to login? Do you want to transfer $100 to Frank? Do you want to ship to a new address? Do you want to delete all of your emails? Do you want to share your dental record? Authentication today: Ask user for a password (and perhaps a one time code)
  • 13. Today’s Password Alternatives One Time Codes with SMS or Device SMS USABILITY DEVICE USABILITY USER EXPERIENCE STILL PHISHABLE Coverage | Delay | Cost One per site | $$ | Fragile User find it hard Known attacks today
  • 14. Megatrend Simpler, Stronger Local Device Auth PERSONAL DEVICES LOCAL LOCKING NEW WAVE: CONVENIENT SECURITY Carry Personal Data Pins & Patterns today Simpler, Stronger local auth
  • 15. Putting It Together The problem: Simpler, Stronger online The trend: Simpler, Stronger local device auth Why not: Use local device auth for online auth? This is the core idea behind FIDO standards!
  • 16. FIDO Experiences LOCAL DEVICE AUTH SUCCESSONLINE AUTH REQUEST PASSWORDLESS EXPERIENCE (UAF standards) SECOND FACTOR EXPERIENCE (U2F standards) Show a biometricTransaction Detail Done Login & Password Insert Dongle, Press button Done
  • 17. FIDO Registration REGISTRATION BEGINS USER APPROVAL REGISTRATION COMPLETE NEW KEY CREATED USER APPROVAL KEY REGISTERED 1 2 Using Public key Cryptography 4 3
  • 18. FIDO Login LOGIN USER APPROVAL LOGIN COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Login Using Public key Cryptography
  • 19. Decouple User Verification Method from Authentication Protocol LOGIN USER APPROVAL REGISTRATION COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Leverage public key cryptography ONLINE SECURITY PROTOCOL PLUGGABLE LOCAL AUTH
  • 20. User Device User Agent Mobile Apps Authenticator Abstraction (ASM) Authenticators Authenticators Private Keys Authentication Keys Attestation Keys Relying Party Web Application FIDO UAF Server Authentication Keys Attestation Key Public KeysRegistration, Authentication & Transaction Confirmation! UAF Protocol UAF ARCHITECTURE OVERVIEW UAF Authenticators
  • 21. Relying Party User Side U2F APDU USB API NFC API Bluetooth API U2F JS API Secure U2F Element Connectors USB NFC Bluetooth Web Application FIDO U2F Server User Keys U2F Flow Diagram User Action BrowserU2F Token
  • 22. Options Passwordless UX = UAF: Universal Auth Framework •  User carries client device with UAF stack installed •  User presents a local biometric or PIN •  Website can choose whether to retain password Simpler Stronger Authentication Second Factor UX = U2F: Universal Second Factor •  User carries U2F device with built- in support in web browsers •  User presents U2F device •  Website can simplify password (e.g, 4 digit PIN)
  • 24. No 3rd Party in the Protocol
  • 25. No secrets on Server side
  • 26. Focus on User Privacy • Biometric data never leaves user’s device • No linkability between RPs • No linkability between RP accounts
  • 27. Embrace all kinds of Authenticators software, proprietary hardware, certified hardware, ...
  • 28. Risk Based Authentication "  Login to online account "  Change shipping address "  Transfer $10.000 Low High
  • 29. Choice of Security Profiles NOK NOK LABS User Space Secure Hardware FIDO UX Layer Input, Display Crypto Layer FIDO UX Layer Input, Display Crypto Layer FIDO Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
  • 30. Risk Appropriate Authentication 30 Strong Stronger FIDO Security Spectrum Software Only ID TPM/SE ID TEE + SE ID Protects Keys Protects Keys Protects Crypto Protects Keys Protects Crypto Protects Code Protects Display Strongest
  • 31. Permanent link to this comic: http://xkcd.com/538/ A webcomic of romance, sarcasm, math, and language. On SECURITY
  • 32. A peek into MODERN AUTHENTICATION 32NOK NOK LABS IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
  • 33. COMPLEMENTS IDENTITY & FEDERATION STANDARDS NOK NOK LABS 33 STRONG AUTH PASSWORDS SSO/FEDERATION Recreated PMS First Mile Second Mile SAML OpenID FIDO/Strong Auth Federation Standards
  • 34. FIDO Model: Direct to Relying Party OR through IdP 34Devices support multiple authenticators User Authenticates to the Device Relying Parties (SP) Device Authenticates to Relying Party 2a 1 Identity Provider (IdP) 2b OR Device Authenticates to Identity Provider (IDP) 2c IDP asserts identity via SAML, Oauth, OpenID Connect… OR
  • 35. Recap
  • 36. Identity & Authentication NOK NOK LABS 36 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
  • 37. Simplifying and Scaling Authentication AnyDevice.AnyApplication.AnyAuthenticator. 37 Standardized Protocols Local authentication unlocks app specific key Key used to authenticate to server
  • 38. IMPLEMENTATION CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 38
  • 39. SIMPLIFIED IMPLEMENTATION WHATISBEINGSTANDARDIZED App 2 Applications Authentication Methods RP 1 RP 1 App 1 New App FIDO UNIFIED STANDARDS Organizations ? 39 Online Crypto Protocol Pluggable Authentication
  • 40. CONCLUSIONS •  The enemy is symmetric shared secrets •  The enemy is poor user experiences and friction •  FIDO is a building block •  Even simple software-based authenticator with a pin offers many advantages over passwords •  FIDO complements your investments in federation and improves your security and ease of use
  • 42. 42Nok Nok Labs Confidential — Do Not Distribute
  • 43. FIDO Alliance Role •  Paper Specifications, Interop and Conformance testing, Trademark licensing against criteria, thought leadership, nurture ecosystem of vendors delivering FIDO implementations to market •  Alliance does not ship products (only specifications) o  Implementations left to commercial vendors •  FIDO Alliance designs core protocol o  Like SSL, FIDO has no domain semantics o  Relying parties and Vendors may adapt FIDO into commercial solutions o  Vendors may deliver FIDO specification as product or service, standalone or as part of a solution stack o  Extended use cases may be explored by vendors long before imported into protocol
  • 44. Version 1.0 (Review Draft) is in Public Review
  • 45. FIDO at Industry Events – Readiness FIDO-Ready Products & Deployment for Mobile & More SIM + Secure Element PIN + MicroSD, USB Fingerprint, Mobile Speaker Recognition Mobile via NFC*
  • 46. Useful to keep these separate: Design Intent FIDO Protocol Specification Specific Implementations Solution that incorporates FIDO
  • 47. Select Authenticate Purchase 47 MOBILE DEVICES reshaping Security, Commerce NOK NOK LABS AUTHENTICATION THAT IS “One-Swipe”, “One-Phrase”, “One-Look”, “One Touch”
  • 48. OEMs SHIPPING FIDO-READY ™ PRODUCTS New and existing devices are supported 48 OEM Enabled: Samsung Galaxy S5OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors Clients available for these operating systems : Software Authenticator Examples: Voice/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element
  • 49. First FIDO Deployment already live… 49 •  Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready™ software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique cryptographic “public key” that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers.
  • 50. Breaking news for July… •  Alipay – formerly a part of Alibaba Group in China •  Processed $519 Billion in transactions in 2013 •  Launched FIDO-based payments using Galaxy S5
  • 51. Better Security, Better User Experience Goingbeyond“Risk,Regulation,Reputation” 51 Setup Confirm Sent DESIGN, DELIGHT & DOLLARS!
  • 52. Call to Action •  FIDO is ready for use – launch a POC, Pilot •  Get involved: o  Develop or adapt your products to FIDO o  Come to the plenary, meet and mingle, speak with the pioneers, select your partners o  Join the Alliance and contribute – we are a volunteer run organization! o  Contact donal@fidoalliance.org for membership details o  Other questions – rajiv@noknok.com
  • 53. FIN