Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fast IDentity Online – a new industry alliance formed to develop technical standards that enable Internet Services to use Simpler Stronger Auth solutions.

Published byKyla Unthank Modified over 9 years ago

Similar presentations

Presentation on theme: "Fast IDentity Online – a new industry alliance formed to develop technical standards that enable Internet Services to use Simpler Stronger Auth solutions."— Presentation transcript:

1 Fast IDentity Online – a new industry alliance formed to develop technical standards that enable Internet Services to use Simpler Stronger Auth solutions © 2014 FIDO Alliance

2 Who… What… Why… Repeat that we are growing the Alliance now, if you represent any of these constituencies please join!

3 Slide deck includes members from all parts of the value chain: authenticator vendors, device OEMs, OS vendors, authentication players and relying parties Strong motivation for multiple players to support FIDO For example, Microsoft’s customers are increasingly having to deal with non-Windows devices

4 142+ & growing…

5 142+ & growing…

6 To Change Authentication Online by:
(a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b) Operating programs to help ensure industry adoption (c) Submitting mature Specifications for formal standardization Emphasize this is the User eXperience, acknowledge that most of us do much more on the backend with risk-based techniques, but the UX is password/OTP

7 FIDO Alliance’s Role… “Paper” Specifications
Interoperability and Conformance testing Trademark licensing against criteria Thought leadership, nurture ecosystem The Alliance does not ship products! Implementations left to commercial vendors Emphasize this is the User eXperience, acknowledge that most of us do much more on the backend with risk-based techniques, but the UX is password/OTP

8 Identity & Authentication Building Blocks
E-Gov Payments Security Personalization Single Sign-On Modern Authentication Federation Passwords Risk-Based Authentication Strong Identity services will be a key control point in the modern computing ecosystem. Whether its Over-the-Top players like Google, Facebook and PayPal or Device-OEMs like Apple, Samsung, and Lenovo or communication providers like Telefonica, Vodafone, Verizon and other MNOs who are in this room, everyone is beginning to understand that Identity & Authentication are the “Ignition Keys” for their business We’re going to zoom into a pivotal part of the identity problem - Authentication User Management Physical-to-digital identity ©NOK NOK LABS – Used by Permission

9 Why Authentication is Cybersecurity Priority #1
Poor authentication mechanisms are a commonly exploited vector of attack by adversaries; the 2013 Data Breach Investigations Report (conducted by Verizon in concert with the U.S. Department of Homeland Security) noted that 76% of 2012 network intrusions exploited weak or stolen credentials. -- NIST Roadmap for Improving Critical Infrastructure Cybersecurity,12-Feb-2014 The Internet Services need Simpler, Stronger authentication online, the devices are coming with Simpler, Stronger local auth innovations, why not put them together (which will require open, interoperable wire protocols that can be implemented to by any device and any online service) – that’s what FIDO is!

10 Today’s Passwords REUSED PHISHED KEYLOGGED
We all know the inherent problems with passwords… REUSED PHISHED KEYLOGGED

11 Today’s Password Alternatives
One Time Codes with SMS or Device SMS USABILITY DEVICE USABILITY USER EXPERIEN CE STILL PHISHABL E In spite of the recent trend to bolt-on optional OTP solutions (aka “2-step verification”) f/Google, Twitter, etc. – this is a temp. fix, only makes UX worse Improves security but not easy enough Coverage | Delay | Cost One per site | $$ | Fragile User find it hard Known attacks today

12 Major Industry Trend PERSONAL DEVICES LOCAL LOCKING
Simpler, Stronger Local Device Auth PERSONAL DEVICES LOCAL LOCKING NEW WAVE: CONVENIENT SECURITY Carry Personal Data Pins & Patterns today Simpler, Stronger local authentication With so many people carrying mobile devices full of personal information, they are locking their devices, now with PIN & Gesture, but even more convenient and stronger solutions are on the horizon: finger scan, keychain devices, voice, facial recognition, etc. with an underpinning of silicon-based security

13 Putting It Together The problem: Simpler, Stronger online The trend:
Simpler, Stronger local device auth Why not: Use local device auth for online auth? The Internet Services need Simpler, Stronger authentication online, the devices are coming with Simpler, Stronger local auth innovations, why not put them together (which will require open, interoperable wire protocols that can be implemented to by any device and any online service) – that’s what FIDO is! This is the core idea behind FIDO standards!

14 FIDO Experiences ONLINE AUTH REQUEST LOCAL DEVICE AUTH SUCCESS
PASSWORDLESS EXPERIENCE (UAF standards) Transaction Detail Show a biometric Done SECOND FACTOR EXPERIENCE (U2F standards) We are enabling two fundamental use cases/user experiences: Passwordless w/UAF (requires native device support), PW+token w/U2F (FIDO-enable any device with an innovative “driverless PKI” keychain-type device) FIDO provides two user experiences to address a wide range of use cases and deployment scenarios. FIDO protocols are based on public key cryptography and are strongly resistant to phishing. Passwordless UX: The passwordless FIDO experience is supported by the Universal Authentication Framework (UAF) protocol. In this experience, the user registers their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc. The UAF protocols allows the service to select which mechanisms are presented to the user. Once registered, the user simply repeats the local authentication action whenever they need to authenticate to the service. The user no longer needs to enter their password when authenticating from that device. UAF also allows experiences that combine multiple authentication mechanisms such as fingerprint + PIN. Second Factor UX: The second factor FIDO experience is supported by the Universal Second Factor (U2F) protocol. This experience allows online services to augment the security of their existing password infrastructure by adding a strong second factor to user login. The user logs in with a username and password as before. The service can also prompt the user to present a second factor device at any time it chooses. The strong second factor allows the service to simplify its passwords (eg. 4-digit PIN) without compromising security. During registration and authentication, the user presents the second factor by simply pressing a button on a USB device or tapping over NFC. The user can use their FIDO U2F device across all online services that support the protocol leveraging built-in support in web browsers. Login & Password Insert Dongle, Press button Done

15 State of Market Adoption
Repeat that we are growing the Alliance now, if you represent any of these constituencies please join!

16 Version 1.0 is in Public Review

17 13+ products have participated in and satisfied the requirements of our testing program and are conferred the right to use the FIDO Ready™ mark.

18 OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors
OEMs SHIPPING FIDO-READY ™ PRODUCTS New and existing devices are supported OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors OEM Enabled: Samsung Galaxy S5 - On the authenticator side, we are working with dozens of authenticator manufacturers - Here are three that we have publicly demonstrated Clients available for these operating systems : Software Authenticator Examples: Voice/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element DOCUMENT & TITLE

19 First FIDO Deployment already live…
Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready™ software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique cryptographic “public key” that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers.

20 From July 2014… Alipay – formerly a part of Alibaba Group in China
Processed $519 Billion in transactions in 2013 Launched FIDO-based payments using Galaxy S5

21 How it works Repeat that we are growing the Alliance now, if you represent any of these constituencies please join!

22 REGISTRATION COMPLETE
FIDO Registration REGISTRATION BEGINS USER APPROVAL 1 2 USER APPROVAL REGISTRATION COMPLETE NEW KEY CREATED 4 3 KEY REGISTERED Using Public key Cryptography

23 FIDO Login LOGIN USER APPROVAL 1 2 LOGIN COMPLETE KEY SELECTED 4 3
LOGIN CHALLENGE Login LOGIN COMPLETE KEY SELECTED 4 3 LOGIN RESPONSE Using Public key Cryptography

24 Decouple User Verification Method from Authentication Protocol
PLUGGABLE LOCAL AUTH LOGIN USER APPROVAL 1 2 LOGIN CHALLENGE ONLINE SECURITY PROTOCOL REGISTRATION COMPLETE KEY SELECTED 4 3 LOGIN RESPONSE Leverage public key cryptography

25 No 3rd Party in the Protocol

26 No secrets on Server side

27 Key Benefit for Service Providers
CHA-BOA IN-LJ-v1

28 FIDO’s Focus on User Privacy
Biometric data (if used) never leaves device No link-ability between Services No link-ability between Accounts

29 Call to Action FIDO is ready for use Get involved:
launch a Proof-of-Concept & Pilot Get involved: Adapt your strategy & roadmap to include FIDO Join the Alliance – we are non-profit & volunteer Contact Brett McDowell – Come to the plenary, meet and mingle, speak with the pioneers, select your partners

30 THANK YOU Repeat that we are growing the Alliance now, if you represent any of these constituencies please join!

Download ppt "Fast IDentity Online – a new industry alliance formed to develop technical standards that enable Internet Services to use Simpler Stronger Auth solutions."

Similar presentations

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.
Mobile Devices in the DoD

Mobile Devices in the DoD
Selecting a Strong Authentication Solution Scott Mackelprang, V.P. of Security Digital Insight.

Selecting a Strong Authentication Solution Scott Mackelprang, V.P. of Security Digital Insight.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
The team - currently 25 people

The team - currently 25 people
Not Built On Sand. IT Has Scaled $$$ Technological capabilities: (1971  2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 

Not Built On Sand. IT Has Scaled $$$ Technological capabilities: (1971  2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
FICAM Testing Program For more information, please contact GSA-FICAM- The FIPS 201 Evaluation Program is now the FICAM Testing.

FICAM Testing Program For more information, please contact GSA-FICAM- The FIPS 201 Evaluation Program is now the FICAM Testing.
National Institute of Science & Technology Fingerprint Verification Maheswar Dalai Presented By MHESWAR DALAI Roll No. #CS200127358 “Fingerprint Verification.

National Institute of Science & Technology Fingerprint Verification Maheswar Dalai Presented By MHESWAR DALAI Roll No. #CS “Fingerprint Verification.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September 2014 1 Oberthur Technologies – Identity.

Secure Element Access from a Web browser W3C Workshop on Authentication, Hardware Tokens and Beyond 11 September Oberthur Technologies – Identity.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.

Smart Card Deployment David Gautrey IT Manager – Microsoft New Zealaand Microsoft Corporation.
Fast, Friendly, Secure Authentication. Hackers favor authentication-based attacks, report shows. Summary: A suitable password replacement could disrupt.

Fast, Friendly, Secure Authentication. Hackers favor authentication-based attacks, report shows. Summary: A suitable password replacement could disrupt.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

Similar presentations

Ads by Google