Presentation is loading. Please wait.

Presentation is loading. Please wait.

“The FIDO Alliance Today”

Published byPhilippa Ferguson Modified over 8 years ago

Similar presentations

Presentation on theme: "“The FIDO Alliance Today”"— Presentation transcript:

1 “The FIDO Alliance Today”
Brett McDowell, Executive Director, FIDO Alliance Hear FIDO leadership detail the market/enterprise/consumer opportunities, current deployment use cases, the structure and participants inside the Alliance, how FIDO capabilities and protocols layer into the current IAM stack, and where the technology fits in with desktops, devices and smartphones.

2 AGENDA The Problem The Solution The Alliance Updates

3 Data Breaches… 783 data breaches in 2014
>1 billion records since 2012 $3.5 million cost/breach Source of 783 breaches = Identity Theft Resource Center Breach Report Source of $3.5m / breach = Ponemon Institute Source of >1 billion records stolen since 2012 = WSJ Breaches since 2012, by industry (source WSJ): Misc. businesses (443m records) / Financial & Insurance (350m) / Retail (183m) / Gov (20m) etc. Top data breaches since 2012 (source WSJ): Experian (200m) / eBay (145m) / JPMC (76m) / Target (70m + 40m) / Home Depot (56m) / Evernote (50m) / Adobe (33m) etc.

4 “76% of 2012 network intrusions exploited weak or stolen credentials”
2013 Data Breach Investigations Report Source: 2013 Data Breach Investigations Report (conducted by Verizon in concert with the U.S. Department of Homeland Security)

5 The world has a PASSWORD PROBLEM
But what specifically makes passwords such a problem? (lead into next slide) 2013 Data Breach Investigations Report (conducted by Verizon in concert with the U.S. Department of Homeland Security) noted that

6 ONE-TIME PASSCODES Improve security but aren’t easy enough to use
SMS Reliability Token Necklace User Confusion Still Phishable The only thing worse than a password is two passwords. SMS is not always available / dedicated hardware is often service-specific / it’s cumbersome process users generally don’t like / and it is still vulnerable to phishing (it is still a symmetric shared secret, just short-lived, but malware tools have adjusted to this)

7 WE NEED A NEW MODEL

8 NEW MODEL Fast IDentity Online WE CALL OUR online authentication using
public key cryptography User convenience is so important that we put it in the very name of the technology itself - the “F” in FIDO stands for Fast. Historically, “Fast” has always meant “Weak” – but it’s important to understand that FIDO was designed from the ground up to provide privacy protections in addition to providing strong authentication. Fundamentally, the solution that we developed replaces passwords, which are over 50 years old, with modern public key cryptography. 8

9 AGENDA The Problem The Solution The Alliance Updates

10 THE OLD PARADIGM SECURITY USABILITY

11 SECURITY Strong THE FIDO PARADIGM Weak Poor Easy USABILITY

12 HOW OLD AUTHN WORKS The user authenticates themselves online by presenting a human-readable secret ONLINE

13 HOW FIDO AUTHN WORKS The user authenticates “locally” to their device by various means The device authenticates the user online using public key cryptography AUTHENTICATOR LOCAL ONLINE

14 public key cryptography
online authentication using public key cryptography

15 ? 2 1 3 1 2 3 Passwordless Experience (UAF Standards)
Biometric Verification* 2 Authentication Challenge 1 ? Authenticated Online 3 Second Factor Experience (U2F Standards) Second Factor Challenge 1 Insert Dongle* / Press Button 2 Authenticated Online 3 *There are other types of authenticators

16 FIDO Registration 1 2 3 4 Registration Complete Invitation Sent
New Keys Created User is in a Session Or New Account Flow User Approval 4 Registration Complete Pubic Key Registered With Online Server

17 FIDO Authentication 1 2 3 4 Login Complete FIDO Challenge
Key Selected & Signs User needs to login or authorize a transaction User Approval 4 Login Complete Signed Response verified using Public Key Cryptography

18 USABILITY, SECURITY and PRIVACY

19 No 3rd Party in the Protocol
No Secrets on the Server side Biometric Data (if used) Never Leaves Device No Link-ability Between Services No Link-ability Between Accounts

20 Better Security for online services
Reduced cost for the enterprise Simpler and Safer for consumers

21 AGENDA The Problem The Solution The Alliance Updates

22 The Fast IDentity Online (FIDO) Alliance is an open industry association of over 220 global member organizations The FIDO Alliance is an open industry association of nearly 200 global member organizations from many different types of industries. Our mission is to end the world’s reliance on passwords by developing and promoting the use of our innovative, open technology standards that enable simpler and stronger authentication for consumers, citizens, governments and businesses. 22

23 Services/Networks Devices/Platforms Vendors/Enablers Board Members
Online Services: Visa, PayPal, Discover, Mastercard, Bank of America, Alibaba (Microsoft and Google) Chips and Device Providers: NXP, ARM, Samsung, Qualcomm, Oberthur, Yubico, Lenovo, Intel Biometrics Providers: Synaptics, Identity X (Daon), CrucialTec, (Microsoft) Enterprise Server/Security Vendors: RSA, Nok Nok Labs, Mobile Network Operators: NTT DOCOMO 23 23 23

24 Pursue Formal Standardization
FIDO Alliance Mission 1 2 3 Develop Specifications Operate Adoption Programs Pursue Formal Standardization

25 Physical-to-digital identity
FIDO SCOPE Physical-to-digital identity User Management Authentication Federation Single Sign-On Passwords Risk-Based Strong MODERN AUTHENTICATION

26 AGENDA The Problem The Solution The Alliance Updates

27 FIDO TIMELINE FEB 2013 DEC 2013 FEB 2014 FEB-OCT 2014 DEC 9 2014 MAY
Broad Adoption New U2F Transports Certification Program FIDO 1.0 FINAL First Deployments Specification Review Draft FIDO Ready Program Alliance Announced FEB 2013 6 Members DEC 2013 FEB 2014 FEB-OCT 2014 DEC 9 2014 MAY 2015 JUNE 2015 TODAY >220 Members

28 2014 FIDO ADOPTION “Secure Consumer Payments Enabled for Alipay Customers with Easy-to-Use Fingerprint Sensors on Recently-Launched Samsung Galaxy S5”, September 17, 2014 “Google Launches Security Key, World’s First Deployment of Fast Identity Online Universal Second Factor (FIDO U2F) Authentication”, October 21, 2014 “PayPal and Samsung Enable Consumer Payments with Fingerprint Authentication on New Samsung Galaxy S5”, Feb 24, 2014

29 2015 FIDO ADOPTION “Today, we’re adding Universal 2nd Factor (U2F) security keys as an additional method for two-step verification, giving you stronger authentication protection.” August 12, 2015 “Google for Work announced Enterprise admin support for FIDO® U2F “Security Key”, April 21, 2015 “Qualcomm launches Snapdragon fingerprint scanning technology”, March 2, 2015 “the technology supporting fingerprint sign-in was built according to FIDO (Fast IDentity Online) standards.” September 15, 2015 “GitHub says it will now handle what is called the FIDO Universal 2nd Factor, or U2F, specification” October 1, 2015 “Largest mobile network in Japan becomes first wireless carrier to enhance customer experience with natural, simple and strong ways to authenticate to DOCOMO’s services using FIDO standards” May 26, 2015 Microsoft: 1.5 billion users, 190 countries in Q3, free upgrade for consumers Qualcomm Snapdragon: drives >1 billion android devices, >85 OEM customers Google: Full lifecycle management for >5 million businesses who use “Google for Work” “Microsoft Announces FIDO Support Coming to Windows 10” Feb 23, 2015

30 FIDO Certified™ Products
Deployments are enabled by FIDO Certified™ Products available today

31 33 Products from 19 companies (21 counting Sharp and Fujitsu)

32 Ensures interoperability Promotes the FIDO ecosystem
Available to anyone Ensures interoperability Promotes the FIDO ecosystem Steps to certification: Conformance Self-Validation Interoperability Testing Certification Request Trademark License (optional) fidoalliance.org/certification

33 New in 2015 Government Members
FIDO Alliance Announces Government Membership Program – US and UK Government Agencies are First to Join Government Agencies to Participate in Development of FIDO Standards for Universal Strong Authentication “The fact that FIDO has now welcomed government participation is a logical and exciting step toward further advancement of the Identity Ecosystem; we look forward to continued progress.” Government Members One more prominent EU government agency is about to be announced. 33 33 33

34 JOIN THE FIDO ECOSYSTEM

35 JOIN THE FIDO ALLIANCE

36 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Download ppt "“The FIDO Alliance Today”"

Similar presentations

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.

Access & Identity Management “An integrated set of policies, processes and systems that allow an enterprise to facilitate and control access to online.
Fast IDentity Online – a new industry alliance formed to develop technical standards that enable Internet Services to use Simpler Stronger Auth solutions.

Fast IDentity Online – a new industry alliance formed to develop technical standards that enable Internet Services to use Simpler Stronger Auth solutions.
OTP – SMS Two-Factor Authentication. TABLE OF CONTENTS Introduction3 OTP – SMS Two-Factor Authentication5 Technical Overview9 Features10 Benefits11 About.

OTP – SMS Two-Factor Authentication. TABLE OF CONTENTS Introduction3 OTP – SMS Two-Factor Authentication5 Technical Overview9 Features10 Benefits11 About.
Not Built On Sand. IT Has Scaled $$$ Technological capabilities: (1971  2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 

Not Built On Sand. IT Has Scaled $$$ Technological capabilities: (1971  2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Authentication & Kerberos

Authentication & Kerberos
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Network Identity Kai Kang 27 th October 2004. Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.

Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management

Geneva, Switzerland, 4 December 2014 Evolving Payments into The Digital World Richard Smith, Vice President, MasterCard Customer Fraud Management
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Single-Sign On and Federated Identity.
Secure Your Future Now ….. Logical Access Control and Data Security Brought to you by Support & Maintenance by DCS Global Info.

Secure Your Future Now ….. Logical Access Control and Data Security Brought to you by Support & Maintenance by DCS Global Info.
Peace Out, Passwords Identity and Access Management for the rest of us.

Peace Out, Passwords Identity and Access Management for the rest of us.
Fast, Friendly, Secure Authentication. Hackers favor authentication-based attacks, report shows. Summary: A suitable password replacement could disrupt.

Fast, Friendly, Secure Authentication. Hackers favor authentication-based attacks, report shows. Summary: A suitable password replacement could disrupt.
Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.
Private, Secure, Guaranteed ACH Credits – The Next Generation of Online Payments Samantha Carrier, Director, eCommerce, NACHA.

Private, Secure, Guaranteed ACH Credits – The Next Generation of Online Payments Samantha Carrier, Director, eCommerce, NACHA.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Similar presentations

Ads by Google