SlideShare a Scribd company logo
© 2014 FIDO Alliance
Standards for
Simpler Stronger Authentication
Rajiv Dholakia – VP Products & Business Development
, Nok Nok Labs
rajiv@noknok.com
Context & Aspirations
I.T. HAS SCALED: IT’S A HETEROGENEOUS WORLD
$$$
Technological capabilities: (1971 ! 2013)
Clock speed x4700
#transistors x608k
Structure size /450
Price: (1980 ! 2013)
HDD $/MB /12k
NV RAM $/MB /1.3m
Ubiquity:
More than 7bn mobile
connected devices by end of
2013
Connectivity: (2013)
34% of all people ww have internet
access
Relevance: (2012)
$1 trillion eCommerce
Social media: (2013)
>10% of all people ww active
NOK NOK LABS
The Authentication Tower of Babel
Silos, proprietary, privacy, reliance on 3rd party, tolls
NOK NOK LABS
?
4
IMPLEMENTOR’s PERSPECTIVE: A CHALLENGE
Aplumbingproblem:ShadesofRubeGoldberg…
NOK NOK LABS
App 2
New
App
?
RP 1
RP 1
App 1
?
Applications Authentication MethodsOrganizations
Silo 1
Silo 2
Silo N
Silo 3
5
Taking lessons from History
6
Authentication
SSL
Communication
???
Common authentication plumbing
7
Users
Cloud/Enterprise
Devices
Federation
Open Standard
Plug-In Approach
Interoperable Ecosystem
Usable
Authentication
WHAT IS NEEDED
FIDO 101
Goal: Simpler, Stronger Authentication
(a) Developing unencumbered Specifications that define
interoperable mechanisms that supplant reliance on
passwords
(b) Operating programs to help ensure industry adoption
(c) Submitting mature Specifications for formal
standardization
Mission: To Change Authentication Online by:
Identity & Authentication Building Blocks
NOK NOK LABS 10
Physical-to-digital identity
User Management
Authentication
Federation
Single
Sign-On
E-Gov Payments Security
Passwords Risk-BasedStrong
MODERN
AUTHENTICATION
Personalization
User Authentication Online
Do you want to login?
Do you want to transfer $100 to Frank?
Do you want to ship to a new address?
Do you want to delete all of your emails?
Do you want to share your dental record?
Authentication today:
Ask user for a password
(and perhaps a one time code)
Today’s Passwords
REUSED PHISHED KEYLOGGED
Today’s Password Alternatives
One Time Codes with SMS or Device
SMS
USABILITY
DEVICE
USABILITY
USER
EXPERIENCE
STILL
PHISHABLE
Coverage | Delay | Cost One per site | $$ | Fragile User find it hard Known attacks today
Megatrend
Simpler, Stronger Local Device Auth
PERSONAL DEVICES LOCAL LOCKING
NEW WAVE: CONVENIENT
SECURITY
Carry Personal Data Pins & Patterns today
Simpler, Stronger local
auth
Putting It Together
The problem:
Simpler, Stronger online
The trend:
Simpler, Stronger local device auth
Why not:
Use local device auth for online auth?
This is the core idea behind FIDO standards!
FIDO Experiences
LOCAL DEVICE AUTH SUCCESSONLINE AUTH REQUEST
PASSWORDLESS EXPERIENCE (UAF standards)
SECOND FACTOR EXPERIENCE (U2F standards)
Show a biometricTransaction Detail Done
Login & Password Insert Dongle, Press button Done
FIDO Registration
REGISTRATION BEGINS USER APPROVAL
REGISTRATION COMPLETE NEW KEY CREATED
USER APPROVAL
KEY REGISTERED
1 2
Using
Public key
Cryptography
4 3
FIDO Login
LOGIN USER APPROVAL
LOGIN COMPLETE KEY SELECTED
LOGIN CHALLENGE
LOGIN RESPONSE
1 2
4 3
Login
Using
Public key
Cryptography
Decouple User Verification Method from
Authentication Protocol
LOGIN USER APPROVAL
REGISTRATION COMPLETE KEY SELECTED
LOGIN CHALLENGE
LOGIN RESPONSE
1 2
4 3
Leverage public key
cryptography
ONLINE SECURITY
PROTOCOL
PLUGGABLE
LOCAL
AUTH
User Device
User Agent Mobile Apps
Authenticator Abstraction
(ASM)
Authenticators
Authenticators
Private Keys
Authentication Keys
Attestation Keys
Relying Party
Web Application
FIDO UAF Server
Authentication Keys
Attestation Key
Public KeysRegistration,
Authentication &
Transaction Confirmation!
UAF
Protocol
UAF ARCHITECTURE OVERVIEW
UAF Authenticators
Relying Party
User Side
U2F APDU
USB API
NFC API
Bluetooth API
U2F JS API
Secure U2F
Element
Connectors
USB
NFC
Bluetooth
Web Application
FIDO U2F
Server
User Keys
U2F Flow Diagram
User Action
BrowserU2F Token
Options
Passwordless UX = UAF:
Universal Auth Framework
•  User carries client device with UAF
stack installed
•  User presents a local biometric or PIN
•  Website can choose whether to retain
password
Simpler Stronger Authentication
Second Factor UX = U2F:
Universal Second Factor
•  User carries U2F device with built-
in support in web browsers
•  User presents U2F device
•  Website can simplify password
(e.g, 4 digit PIN)
Design
Considerations
No 3rd Party in the Protocol
No secrets on Server side
Focus on User Privacy
• Biometric data never leaves user’s device
• No linkability between RPs
• No linkability between RP accounts
Embrace all kinds of Authenticators
software, proprietary hardware,
certified hardware, ...
Risk Based Authentication
"  Login to online account
"  Change shipping address
"  Transfer $10.000
Low
High
Choice of Security Profiles
NOK NOK LABS
User Space
Secure
Hardware
FIDO
UX Layer
Input, Display
Crypto Layer
FIDO
UX Layer
Input, Display
Crypto Layer
FIDO
Crypto Layer
UX Layer
Input, Display
No Secure HW Secure Crypto
+
Storage
Secure Execution
Environment
Risk Appropriate Authentication
30
Strong Stronger
FIDO Security Spectrum
Software Only
ID
TPM/SE
ID
TEE + SE
ID
Protects Keys
Protects Keys
Protects Crypto
Protects Keys
Protects Crypto
Protects Code
Protects Display
Strongest
Permanent link to this comic: http://xkcd.com/538/
A webcomic of romance, sarcasm, math, and language.
On SECURITY
A peek into MODERN AUTHENTICATION
32NOK NOK LABS
IMPLICIT
AUTHENTICATION
EXPLICIT
AUTHENTICATION
COMPLEMENTS IDENTITY &
FEDERATION STANDARDS
NOK NOK LABS 33
STRONG AUTH
PASSWORDS
SSO/FEDERATION
Recreated PMS
First Mile Second Mile
SAML
OpenID
FIDO/Strong Auth Federation Standards
FIDO Model: Direct to Relying Party OR through IdP
34Devices support multiple authenticators
User Authenticates to the Device
Relying Parties (SP)
Device Authenticates
to Relying Party
2a
1
Identity Provider (IdP)
2b
OR Device Authenticates
to Identity Provider (IDP)
2c
IDP asserts identity via
SAML, Oauth,
OpenID Connect…
OR
Recap
Identity & Authentication
NOK NOK LABS 36
Physical-to-digital identity
User Management
Authentication
Federation
Single
Sign-On
E-Gov Payments Security
Passwords Risk-BasedStrong
MODERN
AUTHENTICATION
Personalization
Simplifying and Scaling Authentication
AnyDevice.AnyApplication.AnyAuthenticator.
37
Standardized Protocols
Local authentication
unlocks app specific key
Key used to authenticate
to server
IMPLEMENTATION CHALLENGE
Aplumbingproblem:ShadesofRubeGoldberg…
NOK NOK LABS
App 2
New
App
?
RP 1
RP 1
App 1
?
Applications Authentication MethodsOrganizations
Silo 1
Silo 2
Silo N
Silo 3
38
SIMPLIFIED IMPLEMENTATION
WHATISBEINGSTANDARDIZED
App 2
Applications Authentication Methods
RP 1
RP 1
App 1
New
App
FIDO UNIFIED
STANDARDS
Organizations
?
39
Online Crypto Protocol
Pluggable Authentication
CONCLUSIONS
•  The enemy is symmetric shared secrets
•  The enemy is poor user experiences and friction
•  FIDO is a building block
•  Even simple software-based authenticator with a pin
offers many advantages over passwords
•  FIDO complements your investments in federation and
improves your security and ease of use
FIDO Alliance Snapshot
July 2014
42Nok Nok Labs Confidential — Do Not Distribute
FIDO Alliance Role
•  Paper Specifications, Interop and Conformance testing, Trademark
licensing against criteria, thought leadership, nurture ecosystem of
vendors delivering FIDO implementations to market
•  Alliance does not ship products (only specifications)
o  Implementations left to commercial vendors
•  FIDO Alliance designs core protocol
o  Like SSL, FIDO has no domain semantics
o  Relying parties and Vendors may adapt FIDO into commercial solutions
o  Vendors may deliver FIDO specification as product or service, standalone or as
part of a solution stack
o  Extended use cases may be explored by vendors long before imported into
protocol
Version 1.0 (Review Draft) is in Public Review
FIDO at Industry Events – Readiness
FIDO-Ready Products & Deployment for Mobile & More
SIM + Secure Element
PIN + MicroSD, USB
Fingerprint, Mobile
Speaker Recognition
Mobile via NFC*
Useful to keep these separate:
Design Intent
FIDO Protocol Specification
Specific Implementations
Solution that incorporates FIDO
Select Authenticate Purchase
47
MOBILE DEVICES reshaping Security, Commerce
NOK NOK LABS
AUTHENTICATION THAT IS
“One-Swipe”, “One-Phrase”, “One-Look”, “One Touch”
OEMs SHIPPING FIDO-READY ™ PRODUCTS
New and existing devices are supported
48
OEM Enabled: Samsung Galaxy S5OEM Enabled: Lenovo ThinkPads with
Fingerprint Sensors
Clients available for these operating systems :
Software Authenticator Examples:
Voice/Face recognition, PIN, QR Code, etc.
Aftermarket Hardware Authenticator Examples:
USB fingerprint scanner, MicroSD Secure Element
First FIDO Deployment already live…
49
•  Customers can use their finger to pay with
PayPal from their new Samsung Galaxy S5
because the FIDO Ready™ software on the
device securely communicates between the
fingerprint sensor on their device and
PayPal’s service in the cloud. The only
information the device shares with PayPal
is a unique cryptographic “public key”
that allows PayPal to verify the identity of the
customer without having to store any
biometric information on PayPal’s
servers.
Breaking news for July…
•  Alipay – formerly a part of
Alibaba Group in China
•  Processed $519 Billion in
transactions in 2013
•  Launched FIDO-based
payments using Galaxy S5
Better Security, Better User Experience
Goingbeyond“Risk,Regulation,Reputation”
51
Setup Confirm Sent
DESIGN, DELIGHT & DOLLARS!
Call to Action
•  FIDO is ready for use – launch a POC, Pilot
•  Get involved:
o  Develop or adapt your products to FIDO
o  Come to the plenary, meet and mingle, speak with the pioneers,
select your partners
o  Join the Alliance and contribute – we are a volunteer run
organization!
o  Contact donal@fidoalliance.org for membership details
o  Other questions – rajiv@noknok.com
FIN
THANK YOU

More Related Content

What's hot

Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
FIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
FIDO Alliance
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
Sanjeev Verma, PhD
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
FIDO Alliance
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
FIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CloudIDSummit
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
FIDO Alliance
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO Authentication
FIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
FIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
FIDO Alliance
 
FIDO in Government
FIDO in GovernmentFIDO in Government
FIDO in Government
FIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
FIDO Alliance
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
FIDO Alliance
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
OWASP Delhi
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
FIDO Alliance
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CloudIDSummit
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
Mark Diodati
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
FIDO Alliance
 

What's hot (20)

Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
Fido Overview: Status and Future
Fido Overview: Status and FutureFido Overview: Status and Future
Fido Overview: Status and Future
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
Introduction to FIDO Authentication
Introduction to FIDO AuthenticationIntroduction to FIDO Authentication
Introduction to FIDO Authentication
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO in Government
FIDO in GovernmentFIDO in Government
FIDO in Government
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
FIDO & GSMA Mobile Connect
FIDO & GSMA Mobile ConnectFIDO & GSMA Mobile Connect
FIDO & GSMA Mobile Connect
 
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) SpecificationCIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
CIS14: An Overview of FIDO’s Universal 2nd Factor (U2F) Specification
 
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger AuthenticatonGoogle Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
Google Case Sudy: Becoming Unphishable: Towards Simpler, Stronger Authenticaton
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Mobile Cloud Identity
Mobile Cloud IdentityMobile Cloud Identity
Mobile Cloud Identity
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 

Viewers also liked

Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
ForgeRock
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
FIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
Kan-Han (John) Lu
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
FIDO Alliance
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
Cyber Security Alliance
 
Why FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesWhy FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government Services
FIDO Alliance
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
COMPUTEX TAIPEI
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
Nov Matake
 
Usher functionality
Usher functionalityUsher functionality
Usher functionality
Mark Fazackerley
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
Mark Diodati
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)
Brian Campbell
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
FIDO Alliance
 
20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編
Tatsuya (達也) Katsuhara (勝原)
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
FIDO Alliance
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
Brian Campbell
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
Hakim El Hattab
 

Viewers also liked (19)

Technical Overview of FIDO Solution
Technical Overview of FIDO SolutionTechnical Overview of FIDO Solution
Technical Overview of FIDO Solution
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
 
Easy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 fEasy public-private-keys-strong-authentication-using-u2 f
Easy public-private-keys-strong-authentication-using-u2 f
 
Why FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government ServicesWhy FIDO Matters: Digital Government Services
Why FIDO Matters: Digital Government Services
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18FIDO alliance #idcon vol.18
FIDO alliance #idcon vol.18
 
Usher functionality
Usher functionalityUsher functionality
Usher functionality
 
Authentication.Next
Authentication.NextAuthentication.Next
Authentication.Next
 
Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)Mobile Single Sign-On (Gluecon '15)
Mobile Single Sign-On (Gluecon '15)
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.NTT DOCOMO Deployment Case Study: Your Security, More Simple.
NTT DOCOMO Deployment Case Study: Your Security, More Simple.
 
20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編20150723 最近の興味動向 fido編
20150723 最近の興味動向 fido編
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 
Identity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations SeminarIdentity and Access Management - RSA 2017 Security Foundations Seminar
Identity and Access Management - RSA 2017 Security Foundations Seminar
 
reveal.js 3.0.0
reveal.js 3.0.0reveal.js 3.0.0
reveal.js 3.0.0
 

Similar to CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
FIDO Alliance
 
Digital authentication
Digital authenticationDigital authentication
Digital authentication
allanh0526
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
Brian Spector
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge -  A New Way To Think About Securing the Internet of ThingsSecurity On The Edge -  A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
ForgeRock
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
OKsystem
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
Johnson Wu
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
FIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO Authentication
FIDO Alliance
 
Beyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleBeyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at Scale
NFC Forum
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
FIDO Alliance
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
Sylvain Maret
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
FIDO Alliance
 
Passwordless Mobile Banking.pdf
Passwordless Mobile Banking.pdfPasswordless Mobile Banking.pdf
Passwordless Mobile Banking.pdf
KMSSolutionsMarketin
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
FIDO Alliance
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
indragantiSaiHiranma
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
Yenlo
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
FIDO Alliance
 

Similar to CIS14: FIDO 101 (What, Why and Wherefore of FIDO) (20)

Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Digital authentication
Digital authenticationDigital authentication
Digital authentication
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
 
Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016Apache Milagro Presentation at ApacheCon Europe 2016
Apache Milagro Presentation at ApacheCon Europe 2016
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge -  A New Way To Think About Securing the Internet of ThingsSecurity On The Edge -  A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
SOTP_Introduction
SOTP_IntroductionSOTP_Introduction
SOTP_Introduction
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO Authentication
 
Beyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at ScaleBeyond Payment: Deploying NFC at Scale
Beyond Payment: Deploying NFC at Scale
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
 
Passwordless Mobile Banking.pdf
Passwordless Mobile Banking.pdfPasswordless Mobile Banking.pdf
Passwordless Mobile Banking.pdf
 
Going Passwordless with Microsoft
Going Passwordless with MicrosoftGoing Passwordless with Microsoft
Going Passwordless with Microsoft
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
FIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming WebinarFIDO Authentication for Gaming Webinar
FIDO Authentication for Gaming Webinar
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
CloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication   reasons for optimism 20150607 v2Mobile security, identity & authentication   reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM  in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM  in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015  Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015  Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
ssuser1915fe1
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
digitalxplive
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
Axel Rennoch
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
aakash malhotra
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
Management Institute of Skills Development
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 

Recently uploaded (20)

(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
Feature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptxFeature sql server terbaru performance.pptx
Feature sql server terbaru performance.pptx
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
The Rise of AI in Cybersecurity How Machine Learning Will Shape Threat Detect...
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
The importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT StandardizationThe importance of Quality Assurance for ICT Standardization
The importance of Quality Assurance for ICT Standardization
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024Three New Criminal Laws in India 1 July 2024
Three New Criminal Laws in India 1 July 2024
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 

CIS14: FIDO 101 (What, Why and Wherefore of FIDO)

  • 1. © 2014 FIDO Alliance Standards for Simpler Stronger Authentication Rajiv Dholakia – VP Products & Business Development , Nok Nok Labs rajiv@noknok.com
  • 3. I.T. HAS SCALED: IT’S A HETEROGENEOUS WORLD $$$ Technological capabilities: (1971 ! 2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 ! 2013) HDD $/MB /12k NV RAM $/MB /1.3m Ubiquity: More than 7bn mobile connected devices by end of 2013 Connectivity: (2013) 34% of all people ww have internet access Relevance: (2012) $1 trillion eCommerce Social media: (2013) >10% of all people ww active NOK NOK LABS
  • 4. The Authentication Tower of Babel Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS ? 4
  • 5. IMPLEMENTOR’s PERSPECTIVE: A CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 5
  • 6. Taking lessons from History 6 Authentication SSL Communication ???
  • 7. Common authentication plumbing 7 Users Cloud/Enterprise Devices Federation Open Standard Plug-In Approach Interoperable Ecosystem Usable Authentication WHAT IS NEEDED
  • 9. Goal: Simpler, Stronger Authentication (a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b) Operating programs to help ensure industry adoption (c) Submitting mature Specifications for formal standardization Mission: To Change Authentication Online by:
  • 10. Identity & Authentication Building Blocks NOK NOK LABS 10 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
  • 11. User Authentication Online Do you want to login? Do you want to transfer $100 to Frank? Do you want to ship to a new address? Do you want to delete all of your emails? Do you want to share your dental record? Authentication today: Ask user for a password (and perhaps a one time code)
  • 13. Today’s Password Alternatives One Time Codes with SMS or Device SMS USABILITY DEVICE USABILITY USER EXPERIENCE STILL PHISHABLE Coverage | Delay | Cost One per site | $$ | Fragile User find it hard Known attacks today
  • 14. Megatrend Simpler, Stronger Local Device Auth PERSONAL DEVICES LOCAL LOCKING NEW WAVE: CONVENIENT SECURITY Carry Personal Data Pins & Patterns today Simpler, Stronger local auth
  • 15. Putting It Together The problem: Simpler, Stronger online The trend: Simpler, Stronger local device auth Why not: Use local device auth for online auth? This is the core idea behind FIDO standards!
  • 16. FIDO Experiences LOCAL DEVICE AUTH SUCCESSONLINE AUTH REQUEST PASSWORDLESS EXPERIENCE (UAF standards) SECOND FACTOR EXPERIENCE (U2F standards) Show a biometricTransaction Detail Done Login & Password Insert Dongle, Press button Done
  • 17. FIDO Registration REGISTRATION BEGINS USER APPROVAL REGISTRATION COMPLETE NEW KEY CREATED USER APPROVAL KEY REGISTERED 1 2 Using Public key Cryptography 4 3
  • 18. FIDO Login LOGIN USER APPROVAL LOGIN COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Login Using Public key Cryptography
  • 19. Decouple User Verification Method from Authentication Protocol LOGIN USER APPROVAL REGISTRATION COMPLETE KEY SELECTED LOGIN CHALLENGE LOGIN RESPONSE 1 2 4 3 Leverage public key cryptography ONLINE SECURITY PROTOCOL PLUGGABLE LOCAL AUTH
  • 20. User Device User Agent Mobile Apps Authenticator Abstraction (ASM) Authenticators Authenticators Private Keys Authentication Keys Attestation Keys Relying Party Web Application FIDO UAF Server Authentication Keys Attestation Key Public KeysRegistration, Authentication & Transaction Confirmation! UAF Protocol UAF ARCHITECTURE OVERVIEW UAF Authenticators
  • 21. Relying Party User Side U2F APDU USB API NFC API Bluetooth API U2F JS API Secure U2F Element Connectors USB NFC Bluetooth Web Application FIDO U2F Server User Keys U2F Flow Diagram User Action BrowserU2F Token
  • 22. Options Passwordless UX = UAF: Universal Auth Framework •  User carries client device with UAF stack installed •  User presents a local biometric or PIN •  Website can choose whether to retain password Simpler Stronger Authentication Second Factor UX = U2F: Universal Second Factor •  User carries U2F device with built- in support in web browsers •  User presents U2F device •  Website can simplify password (e.g, 4 digit PIN)
  • 24. No 3rd Party in the Protocol
  • 25. No secrets on Server side
  • 26. Focus on User Privacy • Biometric data never leaves user’s device • No linkability between RPs • No linkability between RP accounts
  • 27. Embrace all kinds of Authenticators software, proprietary hardware, certified hardware, ...
  • 28. Risk Based Authentication "  Login to online account "  Change shipping address "  Transfer $10.000 Low High
  • 29. Choice of Security Profiles NOK NOK LABS User Space Secure Hardware FIDO UX Layer Input, Display Crypto Layer FIDO UX Layer Input, Display Crypto Layer FIDO Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
  • 30. Risk Appropriate Authentication 30 Strong Stronger FIDO Security Spectrum Software Only ID TPM/SE ID TEE + SE ID Protects Keys Protects Keys Protects Crypto Protects Keys Protects Crypto Protects Code Protects Display Strongest
  • 31. Permanent link to this comic: http://xkcd.com/538/ A webcomic of romance, sarcasm, math, and language. On SECURITY
  • 32. A peek into MODERN AUTHENTICATION 32NOK NOK LABS IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
  • 33. COMPLEMENTS IDENTITY & FEDERATION STANDARDS NOK NOK LABS 33 STRONG AUTH PASSWORDS SSO/FEDERATION Recreated PMS First Mile Second Mile SAML OpenID FIDO/Strong Auth Federation Standards
  • 34. FIDO Model: Direct to Relying Party OR through IdP 34Devices support multiple authenticators User Authenticates to the Device Relying Parties (SP) Device Authenticates to Relying Party 2a 1 Identity Provider (IdP) 2b OR Device Authenticates to Identity Provider (IDP) 2c IDP asserts identity via SAML, Oauth, OpenID Connect… OR
  • 35. Recap
  • 36. Identity & Authentication NOK NOK LABS 36 Physical-to-digital identity User Management Authentication Federation Single Sign-On E-Gov Payments Security Passwords Risk-BasedStrong MODERN AUTHENTICATION Personalization
  • 37. Simplifying and Scaling Authentication AnyDevice.AnyApplication.AnyAuthenticator. 37 Standardized Protocols Local authentication unlocks app specific key Key used to authenticate to server
  • 38. IMPLEMENTATION CHALLENGE Aplumbingproblem:ShadesofRubeGoldberg… NOK NOK LABS App 2 New App ? RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 38
  • 39. SIMPLIFIED IMPLEMENTATION WHATISBEINGSTANDARDIZED App 2 Applications Authentication Methods RP 1 RP 1 App 1 New App FIDO UNIFIED STANDARDS Organizations ? 39 Online Crypto Protocol Pluggable Authentication
  • 40. CONCLUSIONS •  The enemy is symmetric shared secrets •  The enemy is poor user experiences and friction •  FIDO is a building block •  Even simple software-based authenticator with a pin offers many advantages over passwords •  FIDO complements your investments in federation and improves your security and ease of use
  • 42. 42Nok Nok Labs Confidential — Do Not Distribute
  • 43. FIDO Alliance Role •  Paper Specifications, Interop and Conformance testing, Trademark licensing against criteria, thought leadership, nurture ecosystem of vendors delivering FIDO implementations to market •  Alliance does not ship products (only specifications) o  Implementations left to commercial vendors •  FIDO Alliance designs core protocol o  Like SSL, FIDO has no domain semantics o  Relying parties and Vendors may adapt FIDO into commercial solutions o  Vendors may deliver FIDO specification as product or service, standalone or as part of a solution stack o  Extended use cases may be explored by vendors long before imported into protocol
  • 44. Version 1.0 (Review Draft) is in Public Review
  • 45. FIDO at Industry Events – Readiness FIDO-Ready Products & Deployment for Mobile & More SIM + Secure Element PIN + MicroSD, USB Fingerprint, Mobile Speaker Recognition Mobile via NFC*
  • 46. Useful to keep these separate: Design Intent FIDO Protocol Specification Specific Implementations Solution that incorporates FIDO
  • 47. Select Authenticate Purchase 47 MOBILE DEVICES reshaping Security, Commerce NOK NOK LABS AUTHENTICATION THAT IS “One-Swipe”, “One-Phrase”, “One-Look”, “One Touch”
  • 48. OEMs SHIPPING FIDO-READY ™ PRODUCTS New and existing devices are supported 48 OEM Enabled: Samsung Galaxy S5OEM Enabled: Lenovo ThinkPads with Fingerprint Sensors Clients available for these operating systems : Software Authenticator Examples: Voice/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element
  • 49. First FIDO Deployment already live… 49 •  Customers can use their finger to pay with PayPal from their new Samsung Galaxy S5 because the FIDO Ready™ software on the device securely communicates between the fingerprint sensor on their device and PayPal’s service in the cloud. The only information the device shares with PayPal is a unique cryptographic “public key” that allows PayPal to verify the identity of the customer without having to store any biometric information on PayPal’s servers.
  • 50. Breaking news for July… •  Alipay – formerly a part of Alibaba Group in China •  Processed $519 Billion in transactions in 2013 •  Launched FIDO-based payments using Galaxy S5
  • 51. Better Security, Better User Experience Goingbeyond“Risk,Regulation,Reputation” 51 Setup Confirm Sent DESIGN, DELIGHT & DOLLARS!
  • 52. Call to Action •  FIDO is ready for use – launch a POC, Pilot •  Get involved: o  Develop or adapt your products to FIDO o  Come to the plenary, meet and mingle, speak with the pioneers, select your partners o  Join the Alliance and contribute – we are a volunteer run organization! o  Contact donal@fidoalliance.org for membership details o  Other questions – rajiv@noknok.com
  • 53. FIN