The rise in mobile and cloud computing continue to drive the urgent need to rethink whether authentication is fit for purpose. The Mobile Network Operators (MNO) are well positioned to participate in this evolution, by enabling the secure storage of credentials within the SIM and delivering authentication-driven services to their business customers. These slides cover: - The respective roles of the FIDO Alliance, The Organization for the Advancement of Structured Information Standards (OASIS) and The OpenID Foundation; - GSMA’s Mobile Connect program which supports the use of mobile devices for authentication purposes; - The benefits of Nok Nok’s FIDO Ready™ technology for the MNO

1. FIDO & THE MOBILE
NETWORK OPERATOR
Alan Goode, Managing Director,
Goode Intelligence
Jamie Cowper, Senior Director,
Nok Nok Labs

2. THE AUTHENTICATION CHALLENGE:
HOW DO WE KNOW WHO YOU ARE?
2
?

3. MODERN AUTHENTICATION NEEDS
3
COST
PRIVACY
SECURITY
USABILITY
INFRASTRUCTURE:
EXISTING
TECHNOLOGY
AUTHENTICATION
LEGACY

4. LATEST RESEARCH
4
• What is the current Standard
landscape for Authentication &
identity?
• What are the integration points
between Identity &
Authentication
• How can MNO’s take advantage
of the new opportunities in
Authentication

5. THE MOBILE NETWORK
OPERATORS AND THE FUTURE
OF AUTHENTICATION
11 November 2014
Alan Goode - Goode Intelligence

6. 1
• Two inter-connected megatrends:
• The rise of mobile computing
• Cloud and SaaS
• Mobile & Cloud – legacy authentication not fit for
purpose
• Failure of traditional of monolithic authentication
solutions:
• Passwords
• Siloed 2FA
• The need to support legacy IT

7. 2
• Putting the mobile at the heart of authentication and
identity
• Industry standards and initiatives facilitating
emergence of intelligent mobile-based
authentication
• OpenID Connect
• SAML
• GSMA Mobile Connect
• FIDO
• Leverage the security of the SIM and built-in
features of mobile for authentication

8. 3
• The first mile = using a mobile device as an
authenticator
• Leveraging native capabilities including
biometrics
• The second mile = connections to wider risk and
fraud management and authorisation services
• Importance of Identity Federation services
• Authenticate once & then access multiple
services
• Vital to smoothly connect first and second miles
• Seamless user experience

9. 4
• GSMA Mobile Connect provides a framework for
MNOs to deliver mobile-based authentication
services
• Opportunity to become a central part of modern
authentication ecosystem
• MNOs are logical owners of mobile authentication
and can leverage existing components and
infrastructure:
• SIM
• Subscriber Data

10. 5
• First-to-market for FIDO Ready™
Authentication with S3
Authentication Suite
• Powers fingerprint biometric
authentication for Alipay and
Paypal
• Reference model for mobile-based
authentication using FIDO
standards
• Leverages mobile device secure
hardware

11. Thank you.
alan.goode@goodeintelligence.com
www.goodeintelligence.com
Twitter: @goodeintel

12. THE FIDO APPROACH
ANY DEVICE. ANY APPLICATION. ANY AUTHENTICATOR.
12
Standardized Protocols
Local authentication
unlocks app specific key
Key used to authenticate
to server

13. FIDO ECOSYSTEM MOMENTUM
13

14. MARKET DRIVERS FOR FIDO
• Reduce
transaction
abandonment
- Lower friction
• Reduce
transaction time
• Reduce fraud
• Increase trust in
provider
• Increase adoption
of stronger
adoption
• Risk appropriate
• Unified
framework
- Any device
- Any
authenticator
• Future-proof
architecture
14
Usability Security Cost

15. BROAD UTILITY FOR BETTER AUTHENTICATION
15
Enables innovation and revenue across B2C, B2B, B2B2C Ecosystems
Strong FIDO Authentication is the
eHealth
gateway to…
Federated Identity Services
Home Automation
Mobile / Retail Commerce and
Payments
The Internet of ThingsNew Cloud Services
Much, much more...
Ecosystems

16. FINGERPRINT SENSOR UPTAKE
16
iPhone 5s
Galaxy S5 & Mini
Galaxy Tab S
iPhone 6
“By 2017 there will over 990 million mobile devices (smart phones, phablets and
tablets) with fingerprint sensors. This number is set to increase further by the
following year when there will be well over one billion mobile devices – making
fingerprint sensors a common feature in mobile devices.”
Goode Intelligence, December 2013

17. MANY AUTHENTICATORS, MANY DEVICES…
17

18. AUTHENTICATION IS THE GATEWAY
TO USER EXPERIENCE
Benefits
• Service & Product Differentiation
• Increased Brand Loyalty
• Expanded Customer Revenue
• New Partnership Opportunities
Current Innovation Examples
• Google – Personal Unlocking
• Apple – TouchID + iTunes
• PayPal – “Swipe to Pay” on Samsung S5, Tab S
Lessons Learned
• NFC + Softcard Wallet
18
Simpler, Faster, and Contextual Authentication
Increases User Engagement and Satisfaction

19. NOK NOK’S S3 SUITE ARCHITECTURE
19
NOK NOK LABS
3RD PARTY

20. DEPLOYED TODAY
20
Devices Customers
S5 & Mini
Tab S
Pat
Johnson
pat@example.com
Note 4

21. PARTNERS
21
Device
Authenticator
Secure Hardware

22. GSMA ‘MOBILE CONNECT’

23. HOW FIDO FITS INTO MOBILE CONNECT
FIDO client in a
TEE/SIM based
config
FIDO server
hosted by
MNO

24. MNO/IDP INFRASTRUCTURE
NNL server
MNO DEPLOYMENT
Web Browser
24
FEDERATION INTEGRATION MODEL
USER’S DEVICE
RELYING PARTY’S INFRASTRUCTURE
HTML
Javascript
Browser Extension
NNL client
Web Application
Session
Management
Infrastructure
Relying Party
FIDO
3rd party
Federation Gateway
(SAML, OpenID, etc.)
IDP Adapter Plugin
Authen4ca4on
Registra4on

25. SECURE AUTHENTICATOR
IMPLEMENTATION MODELS
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User
Verification /
Presence
Trusted
UI
eSE/SIM
Attestation Key
Authentication Key(s)
Biometric Template(s)
Implemented with NXP,
Infineon & Oberthur
Implemented with
Trustonic

26. EXTENSIBLE AND FUTURE PROOF
ARCHITECTURE
New Authenticators
New Devices
New Use Cases
Internet of Things
Home Automation
and more…

27. CONSUMER PREFERENCES
PRIVATE & CONFIDENTIAL
27

28. Q&A
28