Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Authentication and ID Proofing in Education


Published on

A case study from FIDO Member, Yubico, exploring a partnership with NIST to deploy secure online access for a US school district integrating ID proofing with FIDO U2F Authentication.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Authentication and ID Proofing in Education

  1. 1. All Rights Reserved | FIDO Alliance | Copyright 20171 Deployment Case Study: Authentication and ID Proofing
  2. 2. 2 Why are we solving this? ● Strong authentication not always tied to identity of user ● FIDO authentication mostly decoupled from ID Proofing ● ID Proofing required for higher assurance levels ● Current options for ID Proofing and strong authentication violates user privacy ● Remote ID Proofing often tied to KBV
  3. 3. 3 NSTIC Vision “Individuals and organizations utilize secure, efficient, easy‐to‐use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” - National Strategy for Trusted Identities in Cyberspace (NSTIC)
  4. 4. 4 The Project ● Cooperative with US National Institute of Standards & Technology (NIST) ● Secure online access for US school district (Janesville, Wisconsin) ● Yubico awarded grant working with UnitedID and SUNET ● Integrate ID Proofing with FIDO U2F authentication ● Extend benefits of FIDO U2F to federated identity environments ● Share attributes securely, conveniently and privacy-enhancing ● ID Proofing (without KBV) with delivery of pre-registered authenticator
  5. 5. 5 ID verified FIDO Authenticators ● Successful Remote Proofing Pre-registers authenticator ● Pre-registration of authenticator ensures authenticity and integrity (first FIDO credential must be ID verified) U2F YubiKeys sent to the address on ID Secure access to any number of services Mobile ID scanning, Driver’s license or state ID
  6. 6. All Rights Reserved | FIDO Alliance | Copyright 20176 ID Proofing and Verification
  7. 7. All Rights Reserved | FIDO Alliance | Copyright 20177 Token Issuance and Logistics
  8. 8. All Rights Reserved | FIDO Alliance | Copyright 20178 Extending FIDO to Identity Ecosystem ● Extend U2F to services connected via these federation protocols • U2F Shibboleth (SAML) and OpenID Connect plug-in • Open source reference implementation ● Build ID Proofing engine using OpenID Connect • Allows for multiple proofing solutions/providers • Part of the Identity toolkit
  9. 9. All Rights Reserved | FIDO Alliance | Copyright 20179 Lessons Learned ● Protecting PII is time and resource intensive ● Difficult to achieve highest identity assurance with Remote ID proofing ● High level of trust required in integrations with third-party vendors ● Compatibility challenges across diverse operating systems and devices ● Additional techniques needed to onboard special education students ● Ongoing efforts to gather and correlate user metrics
  10. 10. All Rights Reserved | FIDO Alliance | Copyright 201710 Thank You!