Deployment Case Study: Login.gov & FIDO2FIDO Alliance
In September 2018, login.gov began supporting FIDO2 as an option for multi-factor authentication. The security experts at login.gov were seeking to reduce the volume of users opting for SMS for multi-factor authentication by offering a more secure option. The security team used an iterative approach to deploy FIDO2 authentication and are continuously making improvements based on user feedback and platform needs. This webinar will tell the story of the login.gov implementation of FIDO2 and discuss their roadmap for future improvements.
Featured Speakers:
Steve Urciuoli, Consultant, Senior Cloud Architect, GSA
Jonathan Hooper, Innovation Specialist/Software Developer, 18F
Mike Magrath, Director, Global Regulations & Standards, OneSpan & Chair of FIDO Government Deployment Working Group
2019 FIDO TOKYO Seminar - FIDO Deployment in KoreaFIDO Alliance
Henry Lee, Senior Vice President, Mobile Security Technologies, Samsung Electronics Co., Ltd. / a Board of Directors and Co-Chair of FIDO Korea WG, FIDO Alliance
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
Speaker: Rob Carter, Director, Product Development and Innovation, Mastercard
Speaker: Parker Crockford, Director of Policy & Strategic Accounts, Onfido
Speaker and Moderator: Andrew Shikiar, Executive Director and CMO, FIDO Alliance
Deployment Case Study: Login.gov & FIDO2FIDO Alliance
In September 2018, login.gov began supporting FIDO2 as an option for multi-factor authentication. The security experts at login.gov were seeking to reduce the volume of users opting for SMS for multi-factor authentication by offering a more secure option. The security team used an iterative approach to deploy FIDO2 authentication and are continuously making improvements based on user feedback and platform needs. This webinar will tell the story of the login.gov implementation of FIDO2 and discuss their roadmap for future improvements.
Featured Speakers:
Steve Urciuoli, Consultant, Senior Cloud Architect, GSA
Jonathan Hooper, Innovation Specialist/Software Developer, 18F
Mike Magrath, Director, Global Regulations & Standards, OneSpan & Chair of FIDO Government Deployment Working Group
2019 FIDO TOKYO Seminar - FIDO Deployment in KoreaFIDO Alliance
Henry Lee, Senior Vice President, Mobile Security Technologies, Samsung Electronics Co., Ltd. / a Board of Directors and Co-Chair of FIDO Korea WG, FIDO Alliance
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
Speaker: Rob Carter, Director, Product Development and Innovation, Mastercard
Speaker: Parker Crockford, Director of Policy & Strategic Accounts, Onfido
Speaker and Moderator: Andrew Shikiar, Executive Director and CMO, FIDO Alliance
The FIDO Alliance has launched a new microsite, LoginWithFIDO.com, for high level, non-technical information about FIDO for consumers and service providers. As part of this project, we wanted to learn more about consumer attitudes and habits around authentication. What are their password habits? What do they think about the FIDO approach? Do they want to see FIDO at login?
To find out, we conducted a survey of 1,000 U.S. consumers – the results of which were shared on this webinar. These slides include the findings from our research and how you may be able to utilize the data for your own FIDO offerings and/or deployments.
This webinar includes:
--How many different passwords consumers really use for their online accounts
--What tactics they use for password management and how often they are resetting passwords and
--Their familiarity with various types of authentication technologies including SMS OTPs, biometrics and others
--The types of apps and services where consumers most want to use FIDO
--How consumers want to be communicated with about FIDO at enrollment and login
We also gave the audience a detailed look at LoginWithFIDO.com and how you can consider using it for your own educational initiatives around FIDO. You’ll learn:
--How to navigate through the microsite and its two landing pages
--How you can reference the site and its materials for your own offerings and deployments
--Added insights into how to utilize FIDO’s consumer-facing marks
Javelin Research's State of Strong Authentication 2019 Report Webinar FIDO Alliance
Webinar:Javelin Research's State of Strong Authentication 2019 Report
Presented by:
Al Pascual, SVP and Research Director, Javelin Strategy
Andrew Shikiar, Chief Marketing Officer, FIDO Alliance
February 7, 2019
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
The FIDO Alliance was launched with the audacious goal – to move the entire world away from usernames, passwords, and traditional multi-factor authentication to a much simpler and stronger way to log in with FIDO. It’s now 2021, so … are we there yet?
Join us for a webinar to take a look at the past year’s progress, and see what’s next. Our executive director and CMO Andrew Shikiar and our director of standards development David Turner will be on the line to take your questions – ask us anything!
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance
Millions of customers trust Intuit with their most sensitive financial information. With that in mind, Intuit recently rolled out FIDO Authentication on its mobile apps to provide additional layers of security while simultaneously making the user experience more convenient. In this webinar, Marcio Mello, director & head of Product Management – Intuit Identity & Profile Platform, presents Intuit’s approach to enable FIDO Authentication, including:
Intuit’s priorities in choosing a mobile strong authentication solution
--The steps Intuit took to evaluate strong authentication solutions that met its security and usability requirements
--Intuit’s evaluation of FIDO authentication vendors and solution chosen
--The steps Intuit took to roll out FIDO Authentication, challenges faced and how they were overcome
--Intuits login time and security results after deploying FIDO
--Intuit’s advice for other service providers deploying FIDO
Speakers:
Marcio Mello, Director & Head of Product Management – Intuit Identity & Profile Platform
Andrew Shikiar, Executive Director & CMO, FIDO Alliance
Presented at FIDO Authentication Seminar – Tokyo
By: Alain Martin, VP, Strategic Partnerships, Gemalto; Secretary, FIDO Alliance Board of Directors; Co-Chair, FIDO Europe Working Group
The FIDO Alliance has launched of the FIDO Device Onboard (FDO) protocol, a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms. Through this standard, the FIDO Alliance addresses challenges of security, cost and complexity tied to IoT device deployment at scale. FIDO Device Onboard furthers the fundamental vision of the Alliance, which has brought together 250+ of the most influential and innovative companies and government agencies from around the world to address cyber security in order to eliminate data breaches, and enable secure online experiences.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
The FIDO Alliance has launched a new microsite, LoginWithFIDO.com, for high level, non-technical information about FIDO for consumers and service providers. As part of this project, we wanted to learn more about consumer attitudes and habits around authentication. What are their password habits? What do they think about the FIDO approach? Do they want to see FIDO at login?
To find out, we conducted a survey of 1,000 U.S. consumers – the results of which were shared on this webinar. These slides include the findings from our research and how you may be able to utilize the data for your own FIDO offerings and/or deployments.
This webinar includes:
--How many different passwords consumers really use for their online accounts
--What tactics they use for password management and how often they are resetting passwords and
--Their familiarity with various types of authentication technologies including SMS OTPs, biometrics and others
--The types of apps and services where consumers most want to use FIDO
--How consumers want to be communicated with about FIDO at enrollment and login
We also gave the audience a detailed look at LoginWithFIDO.com and how you can consider using it for your own educational initiatives around FIDO. You’ll learn:
--How to navigate through the microsite and its two landing pages
--How you can reference the site and its materials for your own offerings and deployments
--Added insights into how to utilize FIDO’s consumer-facing marks
Javelin Research's State of Strong Authentication 2019 Report Webinar FIDO Alliance
Webinar:Javelin Research's State of Strong Authentication 2019 Report
Presented by:
Al Pascual, SVP and Research Director, Javelin Strategy
Andrew Shikiar, Chief Marketing Officer, FIDO Alliance
February 7, 2019
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
The FIDO Alliance was launched with the audacious goal – to move the entire world away from usernames, passwords, and traditional multi-factor authentication to a much simpler and stronger way to log in with FIDO. It’s now 2021, so … are we there yet?
Join us for a webinar to take a look at the past year’s progress, and see what’s next. Our executive director and CMO Andrew Shikiar and our director of standards development David Turner will be on the line to take your questions – ask us anything!
FIDO Alliance Webinar: Intuit's Journey with FIDO AuthenticationFIDO Alliance
Millions of customers trust Intuit with their most sensitive financial information. With that in mind, Intuit recently rolled out FIDO Authentication on its mobile apps to provide additional layers of security while simultaneously making the user experience more convenient. In this webinar, Marcio Mello, director & head of Product Management – Intuit Identity & Profile Platform, presents Intuit’s approach to enable FIDO Authentication, including:
Intuit’s priorities in choosing a mobile strong authentication solution
--The steps Intuit took to evaluate strong authentication solutions that met its security and usability requirements
--Intuit’s evaluation of FIDO authentication vendors and solution chosen
--The steps Intuit took to roll out FIDO Authentication, challenges faced and how they were overcome
--Intuits login time and security results after deploying FIDO
--Intuit’s advice for other service providers deploying FIDO
Speakers:
Marcio Mello, Director & Head of Product Management – Intuit Identity & Profile Platform
Andrew Shikiar, Executive Director & CMO, FIDO Alliance
Presented at FIDO Authentication Seminar – Tokyo
By: Alain Martin, VP, Strategic Partnerships, Gemalto; Secretary, FIDO Alliance Board of Directors; Co-Chair, FIDO Europe Working Group
The FIDO Alliance has launched of the FIDO Device Onboard (FDO) protocol, a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms. Through this standard, the FIDO Alliance addresses challenges of security, cost and complexity tied to IoT device deployment at scale. FIDO Device Onboard furthers the fundamental vision of the Alliance, which has brought together 250+ of the most influential and innovative companies and government agencies from around the world to address cyber security in order to eliminate data breaches, and enable secure online experiences.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
An overview of the Alliance, the problem we are addressing the password problem, how FIDO is addressing it, the new ecosystem we are creating and the road ahead.
The rapid expansion of the Internet of Things has fostered convenience and connectedness for consumers. It has also opened the door for creative hackers. Recently, hackers used hundreds of thousands of common internet-connected devices in consumers’ homes, without the owners’ knowledge, to launch a DDoS attack that temporarily brought down crucial parts of the internet’s infrastructure.
Attacks in the past have shown that passwords in IoT devices provide insufficient security. Additionally, IoT devices are too constrained for implementing biometric functions.
The question then becomes how to authenticate to such devices and can the industry adopt a standardized approach despite a highly fragmented IoT landscape. This presentation by Rolf Lindemann of Nok Nok Labs, explores how FIDO Authentication can provide convenient and strong authentication in an array of IoT use cases.
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
IDC estimates that there will be 41.6 billion connected IoT devices by 2025, opening up opportunities for increased efficiencies and innovation across industries. Yet, lack of IoT security standards and typical processes such as shipping with default password credentials and manual onboarding leave devices, and the networks they operate on, open to large-scale attack.
Last summer, the FIDO Alliance announced a new standards initiative to tackle these security issues in IoT. The Alliance’s IoT Technical Working Group aims to provide a comprehensive authentication framework for IoT devices in keeping with the fundamental mission of the Alliance – passwordless authentication. These webinar slides provide an update on this new work area, including:
--How FIDO Authentication and existing specifications fit into the IoT ecosystem today
--The charter and goals of the IoT TWG, including development of specifications for IoT device attestation/authentication profiles to enable interoperability between service providers and IoT devices; automated onboarding, and binding of applications and/or users to IoT devices; and IoT device authentication and provisioning via smart routers and IoT hubs
--The progress of the working group to date, including the use case and target architectures the IoT TWG is looking at as a foundation for its specifications and certification program
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
A detailed look at the "Your Security, More Simple" d ACCOUNT initiative at NTT DOCOMO, including design principles, solution architecture, security architecture, FIDO standards and deployment of FIDO Authentication. Presented by Koichi Moriyama, Senior Director, Product Department, NTT DOCOMO, Inc.
Introduction to FIDO Biometric AuthenticationFIDO Alliance
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
Mastering the Concepts Tested in the Databricks Certified Data Engineer Assoc...SkillCertProExams
• For a full set of 760+ questions. Go to
https://skillcertpro.com/product/databricks-certified-data-engineer-associate-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
Collapsing Narratives: Exploring Non-Linearity • a micro report by Rosie WellsRosie Wells
Insight: In a landscape where traditional narrative structures are giving way to fragmented and non-linear forms of storytelling, there lies immense potential for creativity and exploration.
'Collapsing Narratives: Exploring Non-Linearity' is a micro report from Rosie Wells.
Rosie Wells is an Arts & Cultural Strategist uniquely positioned at the intersection of grassroots and mainstream storytelling.
Their work is focused on developing meaningful and lasting connections that can drive social change.
Please download this presentation to enjoy the hyperlinks!
This presentation, created by Syed Faiz ul Hassan, explores the profound influence of media on public perception and behavior. It delves into the evolution of media from oral traditions to modern digital and social media platforms. Key topics include the role of media in information propagation, socialization, crisis awareness, globalization, and education. The presentation also examines media influence through agenda setting, propaganda, and manipulative techniques used by advertisers and marketers. Furthermore, it highlights the impact of surveillance enabled by media technologies on personal behavior and preferences. Through this comprehensive overview, the presentation aims to shed light on how media shapes collective consciousness and public opinion.
1. All Rights Reserved | FIDO Alliance | Copyright 20191
Enhancing Security with FIDO
2019 FIDO Authentication Seminar - Seoul
SEP 23, 2019
2. All Rights Reserved | FIDO Alliance | Copyright 20192
AGENDA
FIDO deploying history of Samsung Mobile
Focused on “Inter Operability”
NEXT : Focus on “Security Enhancement”
NEXT : Focus on “Deployment”
4. All Rights Reserved | FIDO Alliance | Copyright 2019444444
FIDO deploying history of Samsung Mobile
Dec.
2013
Jul.
2014
Jul.
2012
FIDO
Founded
Jul.
2015
Dec.
2015
Dec.
2014
Dec.
2016
Jul.
2017
Jun.
2016
Jul.
2018
Dec.
2018
Dec.
2017
Jul.
2019
First FIDO
Authentication
Phone ( S5 )
1.0 Spec Published
K(orea)FWG
First FIDO Biometric
Component Certified
Phone ( S10 )
Samsung
Join as BoD
FIDO Ready
Certified
FIDO UAF
Certified
FIDO U2F
Certified
Samsung Pass
FIDO2 Spec Published
5. All Rights Reserved | FIDO Alliance | Copyright 2019555555
Focused on “Introduction & Inter Operability”
~ 2017 ~2020 2020 ~
6. All Rights Reserved | FIDO Alliance | Copyright 2019
Focused on “Security” – Officially tested
~ 2017 ~2020 2020 ~
FIDO Biometric Requirements
Test Crew’s Age/Gender/Group Distribution
Operation Process, internal QA process, Test Plan …
FAR : False Accept Rate (less 1:10,000 of 80% confidence interval)
FRR : False Reject Rate(less 3:100 of 80% confidence interval)
IAPMR : Impostor Attack Presentation Match Rate (less 20%)
PAD : Presentation Attack Detection (Paper/ Print / Tape / Mold / PCB / Gel / Gummy)
February 20, 2019
New Samsung Galaxy Ultrasonic
Fingerprint System World’s First to
Achieve FIDO Biometric Certification
Official Biometric Testing Lab. Of FIDO
Audit and testing by trusted 3rd party
Overall testing of biometric sensor quality
Biometric evaluation report (each model)
Bio Testing Lab. available from now
7. All Rights Reserved | FIDO Alliance | Copyright 2019
NEXT : focus on “Deploy” - Web friendly, phishing-resistant
~ 2017 ~2020 2020 ~
Statcounter / GlobalStats , `19.04
6.83%
* Considering variable deployment challenge
8. All Rights Reserved | FIDO Alliance | Copyright 2019
NEXT : focus on “Security” – (upward) Evaluation Level
~ 2017 ~2020 2020 ~
Functional
Compliance
Biometric
Enhanced
Security
Evaluation
(High)
L3/L3+ : Protection against chip fault injection
Defends against captured devices
L2/L2+ : Restricted Operating Environment
Defends against device OS compromise
9. All Rights Reserved | FIDO Alliance | Copyright 2019
NEXT : focus on “Security” – Hybrid (enhanced secure)
~ 2017 ~2020 2020 ~
Invasive HW Attacks
• Well resourced and funded
• Unlimited time, money & equipment.
Non-invasive HW Attacks
• Side channels (DEMA, DPA)
• Physical access to device
• JTAG, Bus Probing, IO Pins, etc.Software Attacks
• Malware & Viruses
• Social engineering
Cost/Effort
To Attack
Cost/Effort to
Secure
Trustzone (TEE)
Smartcard
EAL5+/6+
eSE(embedded Secure Element)
Certified
TrustZone OS
10. All Rights Reserved | FIDO Alliance | Copyright 2019
NEXT : focus on “Security” – eID+FIDO for Public Sectors
~ 2017 ~2020 2020 ~
{ Device } Requirements on Authentication
High/Substantial Levels of Assurance
QSCD (qualified signature creation device)
i.e. 2 factor Authentication, against attack
potential like duplication, tampering
* Electronic identification and trust services
for electronic transactions
Regulation of EU committee
for eGovernment
{ Benefits }
Cross-border recognition
Interoperability
legal certainty
High/
Substantial
Default Security
High Security
Very
High
{ Server } National ID system
eID authentication ( issuer/verify)
Binding the FIDO system
Using the FIDO protocol to auth.
11. All Rights Reserved | FIDO Alliance | Copyright 2019111111111111
Focus on “Security” & “Deploy” - IoT
Guess what? 90% of ourTVs, appliances,
smartphones, and tablets are
now IoT-ready.
– President at CES 2018
NOT ONLY Mobile, BUT ALSO IoT-ALL
WE ARE Looking for good FIDO use-case for user convenience on IoT
12. All Rights Reserved | FIDO Alliance | Copyright 201912
Thank you!
Jong-Su Kim // Principal Engineer
(Samsung Mobile Security S/W)
js365.kim@samsung.com