SlideShare a Scribd company logo
1 of 54
Download to read offline
© 2014 FIDO Alliance
Standards for
Simpler Stronger Authentication
Rajiv Dholakia – VP Products & Business Development
, Nok Nok Labs
rajiv@noknok.com
Context & Aspirations
I.T. HAS SCALED: IT’S A HETEROGENEOUS WORLD
$$$
Technological capabilities: (1971 ! 2013)
Clock speed x4700
#transistors x608k
Structure size /450
Price: (1980 ! 2013)
HDD $/MB /12k
NV RAM $/MB /1.3m
Ubiquity:
More than 7bn mobile
connected devices by end of
2013
Connectivity: (2013)
34% of all people ww have internet
access
Relevance: (2012)
$1 trillion eCommerce
Social media: (2013)
>10% of all people ww active
NOK NOK LABS
The Authentication Tower of Babel
Silos, proprietary, privacy, reliance on 3rd party, tolls
NOK NOK LABS
?
4
IMPLEMENTOR’s PERSPECTIVE: A CHALLENGE
Aplumbingproblem:ShadesofRubeGoldberg…
NOK NOK LABS
App 2
New
App
?
RP 1
RP 1
App 1
?
Applications Authentication MethodsOrganizations
Silo 1
Silo 2
Silo N
Silo 3
5
Taking lessons from History
6
Authentication
SSL
Communication
???
Common authentication plumbing
7
Users
Cloud/Enterprise
Devices
Federation
Open Standard
Plug-In Approach
Interoperable Ecosystem
Usable
Authentication
WHAT IS NEEDED
FIDO 101
Goal: Simpler, Stronger Authentication
(a) Developing unencumbered Specifications that define
interoperable mechanisms that supplant reliance on
passwords
(b) Operating programs to help ensure industry adoption
(c) Submitting mature Specifications for formal
standardization
Mission: To Change Authentication Online by:
Identity & Authentication Building Blocks
NOK NOK LABS 10
Physical-to-digital identity
User Management
Authentication
Federation
Single
Sign-On
E-Gov Payments Security
Passwords Risk-BasedStrong
MODERN
AUTHENTICATION
Personalization
User Authentication Online
Do you want to login?
Do you want to transfer $100 to Frank?
Do you want to ship to a new address?
Do you want to delete all of your emails?
Do you want to share your dental record?
Authentication today:
Ask user for a password
(and perhaps a one time code)
Today’s Passwords
REUSED PHISHED KEYLOGGED
Today’s Password Alternatives
One Time Codes with SMS or Device
SMS
USABILITY
DEVICE
USABILITY
USER
EXPERIENCE
STILL
PHISHABLE
Coverage | Delay | Cost One per site | $$ | Fragile User find it hard Known attacks today
Megatrend
Simpler, Stronger Local Device Auth
PERSONAL DEVICES LOCAL LOCKING
NEW WAVE: CONVENIENT
SECURITY
Carry Personal Data Pins & Patterns today
Simpler, Stronger local
auth
Putting It Together
The problem:
Simpler, Stronger online
The trend:
Simpler, Stronger local device auth
Why not:
Use local device auth for online auth?
This is the core idea behind FIDO standards!
FIDO Experiences
LOCAL DEVICE AUTH SUCCESSONLINE AUTH REQUEST
PASSWORDLESS EXPERIENCE (UAF standards)
SECOND FACTOR EXPERIENCE (U2F standards)
Show a biometricTransaction Detail Done
Login & Password Insert Dongle, Press button Done
FIDO Registration
REGISTRATION BEGINS USER APPROVAL
REGISTRATION COMPLETE NEW KEY CREATED
USER APPROVAL
KEY REGISTERED
1 2
Using
Public key
Cryptography
4 3
FIDO Login
LOGIN USER APPROVAL
LOGIN COMPLETE KEY SELECTED
LOGIN CHALLENGE
LOGIN RESPONSE
1 2
4 3
Login
Using
Public key
Cryptography
Decouple User Verification Method from
Authentication Protocol
LOGIN USER APPROVAL
REGISTRATION COMPLETE KEY SELECTED
LOGIN CHALLENGE
LOGIN RESPONSE
1 2
4 3
Leverage public key
cryptography
ONLINE SECURITY
PROTOCOL
PLUGGABLE
LOCAL
AUTH
User Device
User Agent Mobile Apps
Authenticator Abstraction
(ASM)
Authenticators
Authenticators
Private Keys
Authentication Keys
Attestation Keys
Relying Party
Web Application
FIDO UAF Server
Authentication Keys
Attestation Key
Public KeysRegistration,
Authentication &
Transaction Confirmation!
UAF
Protocol
UAF ARCHITECTURE OVERVIEW
UAF Authenticators
Relying Party
User Side
U2F APDU
USB API
NFC API
Bluetooth API
U2F JS API
Secure U2F
Element
Connectors
USB
NFC
Bluetooth
Web Application
FIDO U2F
Server
User Keys
U2F Flow Diagram
User Action
BrowserU2F Token
Options
Passwordless UX = UAF:
Universal Auth Framework
•  User carries client device with UAF
stack installed
•  User presents a local biometric or PIN
•  Website can choose whether to retain
password
Simpler Stronger Authentication
Second Factor UX = U2F:
Universal Second Factor
•  User carries U2F device with built-
in support in web browsers
•  User presents U2F device
•  Website can simplify password
(e.g, 4 digit PIN)
Design
Considerations
No 3rd Party in the Protocol
No secrets on Server side
Focus on User Privacy
• Biometric data never leaves user’s device
• No linkability between RPs
• No linkability between RP accounts
Embrace all kinds of Authenticators
software, proprietary hardware,
certified hardware, ...
Risk Based Authentication
"  Login to online account
"  Change shipping address
"  Transfer $10.000
Low
High
Choice of Security Profiles
NOK NOK LABS
User Space
Secure
Hardware
FIDO
UX Layer
Input, Display
Crypto Layer
FIDO
UX Layer
Input, Display
Crypto Layer
FIDO
Crypto Layer
UX Layer
Input, Display
No Secure HW Secure Crypto
+
Storage
Secure Execution
Environment
Risk Appropriate Authentication
30
Strong Stronger
FIDO Security Spectrum
Software Only
ID
TPM/SE
ID
TEE + SE
ID
Protects Keys
Protects Keys
Protects Crypto
Protects Keys
Protects Crypto
Protects Code
Protects Display
Strongest
Permanent link to this comic: http://xkcd.com/538/
A webcomic of romance, sarcasm, math, and language.
On SECURITY
A peek into MODERN AUTHENTICATION
32NOK NOK LABS
IMPLICIT
AUTHENTICATION
EXPLICIT
AUTHENTICATION
COMPLEMENTS IDENTITY &
FEDERATION STANDARDS
NOK NOK LABS 33
STRONG AUTH
PASSWORDS
SSO/FEDERATION
Recreated PMS
First Mile Second Mile
SAML
OpenID
FIDO/Strong Auth Federation Standards
FIDO Model: Direct to Relying Party OR through IdP
34Devices support multiple authenticators
User Authenticates to the Device
Relying Parties (SP)
Device Authenticates
to Relying Party
2a
1
Identity Provider (IdP)
2b
OR Device Authenticates
to Identity Provider (IDP)
2c
IDP asserts identity via
SAML, Oauth,
OpenID Connect…
OR
Recap
Identity & Authentication
NOK NOK LABS 36
Physical-to-digital identity
User Management
Authentication
Federation
Single
Sign-On
E-Gov Payments Security
Passwords Risk-BasedStrong
MODERN
AUTHENTICATION
Personalization
Simplifying and Scaling Authentication
AnyDevice.AnyApplication.AnyAuthenticator.
37
Standardized Protocols
Local authentication
unlocks app specific key
Key used to authenticate
to server
IMPLEMENTATION CHALLENGE
Aplumbingproblem:ShadesofRubeGoldberg…
NOK NOK LABS
App 2
New
App
?
RP 1
RP 1
App 1
?
Applications Authentication MethodsOrganizations
Silo 1
Silo 2
Silo N
Silo 3
38
SIMPLIFIED IMPLEMENTATION
WHATISBEINGSTANDARDIZED
App 2
Applications Authentication Methods
RP 1
RP 1
App 1
New
App
FIDO UNIFIED
STANDARDS
Organizations
?
39
Online Crypto Protocol
Pluggable Authentication
CONCLUSIONS
•  The enemy is symmetric shared secrets
•  The enemy is poor user experiences and friction
•  FIDO is a building block
•  Even simple software-based authenticator with a pin
offers many advantages over passwords
•  FIDO complements your investments in federation and
improves your security and ease of use
FIDO Alliance Snapshot
July 2014
42Nok Nok Labs Confidential — Do Not Distribute
FIDO Alliance Role
•  Paper Specifications, Interop and Conformance testing, Trademark
licensing against criteria, thought leadership, nurture ecosystem of
vendors delivering FIDO implementations to market
•  Alliance does not ship products (only specifications)
o  Implementations left to commercial vendors
•  FIDO Alliance designs core protocol
o  Like SSL, FIDO has no domain semantics
o  Relying parties and Vendors may adapt FIDO into commercial solutions
o  Vendors may deliver FIDO specification as product or service, standalone or as
part of a solution stack
o  Extended use cases may be explored by vendors long before imported into
protocol
Version 1.0 (Review Draft) is in Public Review
FIDO at Industry Events – Readiness
FIDO-Ready Products & Deployment for Mobile & More
SIM + Secure Element
PIN + MicroSD, USB
Fingerprint, Mobile
Speaker Recognition
Mobile via NFC*
Useful to keep these separate:
Design Intent
FIDO Protocol Specification
Specific Implementations
Solution that incorporates FIDO
Select Authenticate Purchase
47
MOBILE DEVICES reshaping Security, Commerce
NOK NOK LABS
AUTHENTICATION THAT IS
“One-Swipe”, “One-Phrase”, “One-Look”, “One Touch”
OEMs SHIPPING FIDO-READY ™ PRODUCTS
New and existing devices are supported
48
OEM Enabled: Samsung Galaxy S5OEM Enabled: Lenovo ThinkPads with
Fingerprint Sensors
Clients available for these operating systems :
Software Authenticator Examples:
Voice/Face recognition, PIN, QR Code, etc.
Aftermarket Hardware Authenticator Examples:
USB fingerprint scanner, MicroSD Secure Element
First FIDO Deployment already live…
49
•  Customers can use their finger to pay with
PayPal from their new Samsung Galaxy S5
because the FIDO Ready™ software on the
device securely communicates between the
fingerprint sensor on their device and
PayPal’s service in the cloud. The only
information the device shares with PayPal
is a unique cryptographic “public key”
that allows PayPal to verify the identity of the
customer without having to store any
biometric information on PayPal’s
servers.
Breaking news for July…
•  Alipay – formerly a part of
Alibaba Group in China
•  Processed $519 Billion in
transactions in 2013
•  Launched FIDO-based
payments using Galaxy S5
Better Security, Better User Experience
Goingbeyond“Risk,Regulation,Reputation”
51
Setup Confirm Sent
DESIGN, DELIGHT & DOLLARS!
Call to Action
•  FIDO is ready for use – launch a POC, Pilot
•  Get involved:
o  Develop or adapt your products to FIDO
o  Come to the plenary, meet and mingle, speak with the pioneers,
select your partners
o  Join the Alliance and contribute – we are a volunteer run
organization!
o  Contact donal@fidoalliance.org for membership details
o  Other questions – rajiv@noknok.com
FIN
THANK YOU

More Related Content

What's hot

Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and FutureFIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO AuthenticationFIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO Alliance
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCloudIDSummit
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonFIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud IdentityMark Diodati
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO Alliance
 

What's hot (20)

Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO Authentication
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO in Government
FIDO in GovernmentFIDO in Government
FIDO in Government
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 

Viewers also liked

Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO SolutionForgeRock
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidKan-Han (John) Lu
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fCyber Security Alliance
 
Why FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesWhy FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesFIDO Alliance
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18Nov Matake
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.NextMark Diodati
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Brian Campbell
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.FIDO Alliance
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarBrian Campbell
 

Viewers also liked (19)

Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Why FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesWhy FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government Services
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
Usher functionality
Usher functionalityUsher functionality
Usher functionality
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
 
20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
 

Similar to CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Digital authentication
Digital authenticationDigital authentication
Digital authenticationallanh0526
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingOKsystem
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge -  A New Way To Think About Securing the Internet of ThingsSecurity On The Edge -  A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_IntroductionJohnson Wu
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO Alliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationFIDO Alliance
 
Beyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleBeyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleNFC Forum
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with MicrosoftFIDO Alliance
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerYenlo
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Alliance
 

Similar to CIS14: FIDO 101 (What, Why and Wherefore of FIDO) (20)

Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Digital authentication
Digital authenticationDigital authentication
Digital authentication
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge -  A New Way To Think About Securing the Internet of ThingsSecurity On The Edge -  A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO Authentication
 
Beyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleBeyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at Scale
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
 
Passwordless Mobile Banking.pdf
Passwordless Mobile Banking.pdfPasswordless Mobile Banking.pdf
Passwordless Mobile Banking.pdf
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimaginedpanagenda
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceSamy Fodil
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGDSC PJATK
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 

Recently uploaded (20)

Easier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties ReimaginedEasier, Faster, and More Powerful – Notes Document Properties Reimagined
Easier, Faster, and More Powerful – Notes Document Properties Reimagined
 
WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 

CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

  • 1. © 2014 FIDO Alliance Standards for Simpler Stronger Authentication Rajiv Dholakia – VP Products & Business Development , Nok Nok Labs rajiv@noknok.com
  • 3. I.T. HAS SCALED: IT’S A HETEROGENEOUS WORLD $$$ Technological capabilities: (1971 ! 2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 ! 2013) HDD $/MB /12k NV RAM $/MB /1.3m Ubiquity: More than 7bn mobile connected devices by end of 2013 Connectivity: (2013) 34% of all people ww have internet access Relevance: (2012) $1 trillion eCommerce Social media: (2013) >10% of all people ww active NOK NOK LABS
  • 4. The Authentication Tower of Babel Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS ? 4
  • 5. IMPLEMENTOR’s PERSPECTIVE: A CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 5
  • 6. Taking lessons from History 6 Authentication SSL Communication ???
  • 7. Common authentication plumbing 7 Users Cloud/Enterprise Devices Federation Open Standard Plug-In Approach Interoperable Ecosystem Usable Authentication WHAT IS NEEDED
  • 9. Goal: Simpler, Stronger Authentication (a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b) Operating programs to help ensure industry adoption (c) Submitting mature Specifications for formal standardization Mission: To Change Authentication Online by:
  • 10. Identity & Authentication Building Blocks NOK NOK LABS 10 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
  • 11. User Authentication Online Do you want to login? Do you want to transfer $100 to Frank? Do you want to ship to a new address? Do you want to delete all of your emails? Do you want to share your dental record? Authentication today: Ask user for a password (and perhaps a one time code)
  • 13. Today’s Password Alternatives One Time Codes with SMS or Device SMS USABILITY DEVICE USABILITY USER EXPERIENCE STILL PHISHABLE Coverage | Delay | Cost One per site | $$ | Fragile User find it hard Known attacks today
  • 14. Megatrend Simpler, Stronger Local Device Auth PERSONAL DEVICES LOCAL LOCKING NEW WAVE: CONVENIENT SECURITY Carry Personal Data Pins & Patterns today Simpler, Stronger local auth
  • 15. Putting It Together The problem: Simpler, Stronger online The trend: Simpler, Stronger local device auth Why not: Use local device auth for online auth? This is the core idea behind FIDO standards!
  • 16. FIDO Experiences LOCAL DEVICE AUTH SUCCESSONLINE AUTH REQUEST PASSWORDLESS EXPERIENCE (UAF standards) SECOND FACTOR EXPERIENCE (U2F standards) Show a biometricTransaction Detail Done Login & Password Insert Dongle, Press button Done
  • 17. FIDO Registration REGISTRATION BEGINS USER APPROVAL REGISTRATION COMPLETE NEW KEY CREATED USER APPROVAL KEY REGISTERED 1 2 Using Public key Cryptography 4 3
  • 18. FIDO Login LOGIN USER APPROVAL LOGIN COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Login Using Public key Cryptography
  • 19. Decouple User Verification Method from Authentication Protocol LOGIN USER APPROVAL REGISTRATION COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Leverage public key cryptography ONLINE SECURITY PROTOCOL PLUGGABLE LOCAL AUTH
  • 20. User Device User Agent Mobile Apps Authenticator Abstraction (ASM) Authenticators Authenticators Private Keys Authentication Keys Attestation Keys Relying Party Web Application FIDO UAF Server Authentication Keys Attestation Key Public KeysRegistration, Authentication & Transaction Confirmation! UAF Protocol UAF ARCHITECTURE OVERVIEW UAF Authenticators
  • 21. Relying Party User Side U2F APDU USB API NFC API Bluetooth API U2F JS API Secure U2F Element Connectors USB NFC Bluetooth Web Application FIDO U2F Server User Keys U2F Flow Diagram User Action BrowserU2F Token
  • 22. Options Passwordless UX = UAF: Universal Auth Framework •  User carries client device with UAF stack installed •  User presents a local biometric or PIN •  Website can choose whether to retain password Simpler Stronger Authentication Second Factor UX = U2F: Universal Second Factor •  User carries U2F device with built- in support in web browsers •  User presents U2F device •  Website can simplify password (e.g, 4 digit PIN)
  • 24. No 3rd Party in the Protocol
  • 25. No secrets on Server side
  • 26. Focus on User Privacy • Biometric data never leaves user’s device • No linkability between RPs • No linkability between RP accounts
  • 27. Embrace all kinds of Authenticators software, proprietary hardware, certified hardware, ...
  • 28. Risk Based Authentication "  Login to online account "  Change shipping address "  Transfer $10.000 Low High
  • 29. Choice of Security Profiles NOK NOK LABS User Space Secure Hardware FIDO UX Layer Input, Display Crypto Layer FIDO UX Layer Input, Display Crypto Layer FIDO Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
  • 30. Risk Appropriate Authentication 30 Strong Stronger FIDO Security Spectrum Software Only ID TPM/SE ID TEE + SE ID Protects Keys Protects Keys Protects Crypto Protects Keys Protects Crypto Protects Code Protects Display Strongest
  • 31. Permanent link to this comic: http://xkcd.com/538/ A webcomic of romance, sarcasm, math, and language. On SECURITY
  • 32. A peek into MODERN AUTHENTICATION 32NOK NOK LABS IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
  • 33. COMPLEMENTS IDENTITY & FEDERATION STANDARDS NOK NOK LABS 33 STRONG AUTH PASSWORDS SSO/FEDERATION Recreated PMS First Mile Second Mile SAML OpenID FIDO/Strong Auth Federation Standards
  • 34. FIDO Model: Direct to Relying Party OR through IdP 34Devices support multiple authenticators User Authenticates to the Device Relying Parties (SP) Device Authenticates to Relying Party 2a 1 Identity Provider (IdP) 2b OR Device Authenticates to Identity Provider (IDP) 2c IDP asserts identity via SAML, Oauth, OpenID Connect… OR
  • 35. Recap
  • 36. Identity & Authentication NOK NOK LABS 36 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
  • 37. Simplifying and Scaling Authentication AnyDevice.AnyApplication.AnyAuthenticator. 37 Standardized Protocols Local authentication unlocks app specific key Key used to authenticate to server
  • 38. IMPLEMENTATION CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 38
  • 39. SIMPLIFIED IMPLEMENTATION WHATISBEINGSTANDARDIZED App 2 Applications Authentication Methods RP 1 RP 1 App 1 New App FIDO UNIFIED STANDARDS Organizations ? 39 Online Crypto Protocol Pluggable Authentication
  • 40. CONCLUSIONS •  The enemy is symmetric shared secrets •  The enemy is poor user experiences and friction •  FIDO is a building block •  Even simple software-based authenticator with a pin offers many advantages over passwords •  FIDO complements your investments in federation and improves your security and ease of use
  • 42. 42Nok Nok Labs Confidential — Do Not Distribute
  • 43. FIDO Alliance Role •  Paper Specifications, Interop and Conformance testing, Trademark licensing against criteria, thought leadership, nurture ecosystem of vendors delivering FIDO implementations to market •  Alliance does not ship products (only specifications) o  Implementations left to commercial vendors •  FIDO Alliance designs core protocol o  Like SSL, FIDO has no domain semantics o  Relying parties and Vendors may adapt FIDO into commercial solutions o  Vendors may deliver FIDO specification as product or service, standalone or as part of a solution stack o  Extended use cases may be explored by vendors long before imported into protocol
  • 44. Version 1.0 (Review Draft) is in Public Review
  • 45. FIDO at Industry Events – Readiness FIDO-Ready Products & Deployment for Mobile & More SIM + Secure Element PIN + MicroSD, USB Fingerprint, Mobile Speaker Recognition Mobile via NFC*
  • 46. Useful to keep these separate: Design Intent FIDO Protocol Specification Specific Implementations Solution that incorporates FIDO
  • 47. Select Authenticate Purchase 47 MOBILE DEVICES reshaping Security, Commerce NOK NOK LABS AUTHENTICATION THAT IS “One-Swipe”, “One-Phrase”, “One-Look”, “One Touch”
  • 48. OEMs SHIPPING FIDO-READY ™ PRODUCTS New and existing devices are supported 48 OEM Enabled: Samsung Galaxy S5OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors Clients available for these operating systems : Software Authenticator Examples: Voice/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element
  • 49. First FIDO Deployment already live… 49 •  Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready™ software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique cryptographic “public key” that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers.
  • 50. Breaking news for July… •  Alipay – formerly a part of Alibaba Group in China •  Processed $519 Billion in transactions in 2013 •  Launched FIDO-based payments using Galaxy S5
  • 51. Better Security, Better User Experience Goingbeyond“Risk,Regulation,Reputation” 51 Setup Confirm Sent DESIGN, DELIGHT & DOLLARS!
  • 52. Call to Action •  FIDO is ready for use – launch a POC, Pilot •  Get involved: o  Develop or adapt your products to FIDO o  Come to the plenary, meet and mingle, speak with the pioneers, select your partners o  Join the Alliance and contribute – we are a volunteer run organization! o  Contact donal@fidoalliance.org for membership details o  Other questions – rajiv@noknok.com
  • 53. FIN