Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Business Considerations for Deploying FIDO Authentication

586 views

Published on

A look at how businesses can leverage multi-factor strong authentication to transform their business.

Published in: Technology
  • Be the first to comment

Business Considerations for Deploying FIDO Authentication

  1. 1. BUSINESS CONSIDERATIONS FOR DEPLOYING FIDO JANUARY 2018 RajivDholakia,VPProducts &BusinessDevelopment 1
  2. 2. LeveragingModernAuthenticationcanbeTransformativetoyourBusiness USABILITYDRIVESUSAGE 2 ReducedCosts ✓ ImprovedCustomerExperience ✓ Highercustomerretentionand satisfaction ✓ Enhancedbrandloyalty– “stickiness” ✓ Increasedrevenuefromuseof servicesandtransactions ✓ Reducedcostassociatedwith physicalvisits ✓ Reducedcostofpasswordresets ✓ Reductioninfraudandidentity theft ✓ Increasedprivacy ✓ Reducedcallcentercoststo verifyusers IncreaseRevenues
  3. 3. WHY FIDO? 3NOK NOK LABS GettingExecutiveSupportforAuthentication
  4. 4. Cloud Services, Ecommerce, IoT, Distributed Ledgers… NOACTIONABLEVALUETODATAORINTERACTIONSWITHOUTTRUST 4Nok Nok Labs USER ON PC/MOBILE CLOUD SERVERS CONNECTED OBJECTS INDUSTRIAL SENSORS CAN I POST THIS TX? SHOULD I TAKE THIS COMMAND? RIGHT USER? RIGHT DEVICE? RIGHT CONTEXT? CAN I POST THIS DATA?
  5. 5. TRUST IN DIGITALINTERACTIONS AUTHENTICATIONISAKEYBUILDINGBLOCK– BUT…ISCURRENTLYAMISH-MASHOFPASSWORDS&WEAKRISKSIGNALSTHATAREEASILYDEFEATED 5NOK NOK LABS Right User Right Device Right Context THE VALUE OF How could this assurance transform your business?
  6. 6. LEARNING FROM CUSTOMER ENGAGEMENTS MOTIVATIONS,SOLUTIONS,PROCESSES 6NOK NOK LABS
  7. 7. Cost Effectiveness Cost to develop and maintain? Ease of Deployment Effort to implement and support? Risk Biometric information storing and protection? Security Fraud reduction, e.g. man-in-the-middle and phishing attacks? Future Proofing Effort to incorporate additional modalities? Scalability Support for millions of users and diverse use cases? Customer Experience Seamless and frictionless experience? DECISIONSABOUTSECURITYARENOTALWAYSRATIONAL COMPLEXITYPARALYSIS,EMOTIONALDRIVERS,FEARHAZARDS 7NOK NOK LABS Considerations $
  8. 8. THEFIDOJOURNEY • DevelopanAuthenticationStrategy&Foundation -3-5yearroadmap • IntegrateFIDOintotheidentitysystem -Architecture,Scale,Exceptions,Security • Launch&Adoption -Customer,ServiceandPartnerfacingcommunication • Marketing&Monetization -UsingFIDOasastrategic/competitiveweapon • AdvancedInitiatives -Doesframeworkorplanaddressyourupcomingusecasese.g.IoT PRIVATE & CONFIDENTIAL 8NOK NOK LABS
  9. 9. MASTERINGAUTHENTICATION:BESTPRACTICES 9NOK NOK LABS Recognition or Authentication? What’s at stake? Consent? Active or Passive? Single or Multi-Modal? Recovery? Lifecycle model? Documented Threat Model? How are templates & matcher protected? Attack vectors? Failure modes, Predictability, Operational variations? Is there PII? Who owns the biometric? Operating multiple authentication silos or standards-based approach? ü Run a POC ü Develop a framework for use (beware shiny objects) ü Build a 3-5 year roadmap ü Consider a standards-based approach with FIDO
  10. 10. KEY THINGS TO KNOW ABOUT FIDO …whatmanygetwrong 10NOK NOK LABS
  11. 11. FIDOISAPLATFORMBUILDINGBLOCK PRIVATE & CONFIDENTIAL Passwords Identity Proofing User Management Authentication Federation Single Sign-On Risk-BasedStrong MODERN AUTHENTICATION Risk-Based Identity System 11
  12. 12. THE BENEFITS OF FIDO- ANANALOGY StandardsforElectricity (Cabling-Interconnects-Voltage) StandardsforAuthentication (Protocols-APIs-Abstractions) © 2017 Nok Nok Labs 12 FIDO IS A FRAMEWORK
  13. 13. HOWTOYOTABENEFITSFROMTHEK-PLATFORM 13 Toyota Sienna Lexus RX350Toyota Highlander Toyota Avalon The Toyota K platform, is a front-wheel drive automobile platform (also adaptable to four-wheel drive) that has underpinned various Toyota and Lexus models from the mid-size category upwards[1] since November 2000
  14. 14. WHATABOUTAUTHENTICATORS? • Nosingleauthenticatormodalitywillreplacepasswords • NoperfectAuthenticator -Allauthenticatorscanbeattacked,allauthenticatorsaresubjecttocompromise • Howdoyouchoose? -Usability -Security -Cost • Thepointoftheframeworkistodeploytherightauthenticator(s)toraise thecostofattackandmakeitnotworthwhile 14NOK NOK LABS
  15. 15. BENEFITOFAFIDOFRAMEWORK ENABLINGMULTIFACTORAUTHENTICATION EASYFORDEVELOPER,IT&END-USER RIGHTLEVELOFABSTRACTION 15NOK NOK LABS Something I Know Something I Have Something I Have + Something I Know Or Something I Have, Who I am … Or [Something I Have, Who I am] x2 … TapTouch SAME DEVELOPER API, SAME BACKEND, DIFFERENT POLICY
  16. 16. AGEOFUBIQUITOUSAUTHENTICATION2012-2022 16NOK NOK LABS Server Side Biometric Match Border/Perimeter Control Applications, Surveillance Systems Client Side Uni-Modal Biometrics for Device Unlock Client Side Uni-Modal Biometrics for Device & Cloud Service Access on Mobile Client Side Multi- Modal, Mobile, Wearable & Card based for Physical, IoT & Cloud Services Client & Server Side Multi-Modal, Mobile, Wearable & Card based for Physical & Cloud Services, Sensor Surround for Continuous Authentication Recognition to Authentication ü This is the curve we are riding ü Use Cases & Complexity Expanding Rapidly ü FIDO is preferred framework to tie both biometrics & non-biometric authenticators together
  17. 17. STANDARDS: WHAT ARE THEY GOOD FOR? 17NOK NOK LABS
  18. 18. PROJECTED PATH OF EVOLUTION PHASES TO UBIQUITY– THE NNLPERSPECTIVE 18NOK NOK LABS OEMs, Security Chip and SOC vendors include FIDO Security profiles vary by vendor, Interop & Conformance Testing Phase 22014-15 Operating Systems include “scaffolding” for FIDO Converging security profiles in hardware, Security Certification Testing, GOLD Server (all protocol versions supported) Phase 32015-18 Phase 4 Operating Systems, Browsers ship native FIDO support - Ubiquitous security, EMVCo, Global Platform, NIST/NCCOE, UK, Germany, Korean Citizen ID Initiatives other reference architectures 2017-2022 2013 FIDO delivered “over the top” in software Whitebox security Phase 1 Referenced by Regulators & Policy-Makers, Adopted by Industry Bodies
  19. 19. AUTHENTICATION HAS TO DELIVER INTEGRITY END TO END HASTOSCALEFROMSILICONTOTHECLOUDWITHOUTDEVELOPER,USER,ITCOMPLEXITY 19 Hardware Integrity OS Integrity App Integrity Network Integrity User Integrity & Consent Easy for Users, Easy for Developers, Easy for IT Operators Completing The Chain of Trust NOK NOK LABS
  20. 20. INFLUENCINGFIDO FIDOUNIQUEINBALANCINGTECHVENDORSWITHRELYINGPARTIES •More than buying membership – you have to vote with your presence and persistence for what you care about •Volunteer organization -Asgoodasparticipation -RPsneedtocontinueparticipationattechnicalandbusinesslevelto balancevendorinterest -Standardsareaboutcreatingconstituencies,lininguptheactivity&the votestomovethingsforward •WelcometojointheFIDOAlliance 20NOK NOK LABS
  21. 21. STATEOFTRUST&SECURITY NOK NOK LABS 21 Would you take pills for every waterborne disease every time you took a drink of water or would you rather chlorinate the water? Current state of security: Its like drinking water from the tap in 1800s
  22. 22. FIN 22NOK NOK LABS

×