SlideShare a Scribd company logo
FIDO Taipei Workshop: Securing the Edge with FDO
1
© FIDO Alliance 2024
An introduction to FDO:
How it works & example
FDO applications
Richard Kerslake
FIDO Alliance
FIDO Taipei Workshop: Securing the Edge with FDO
2
What problem does FDO solve?
When a new enterprise, edge or IOT solution is being
installed in a facility (factory, hospital, car, store etc.),
the device must be “onboarded” to its management
platform (on-premise or cloud)
FDO provides secure “plug and play” onboarding for
almost any device/network.
FIDO Taipei Workshop: Securing the Edge with FDO
3
Manual Vs FDO onboarding
Manual
Slow – often 20 mins/device
Poor security
Need skilled technician
Expensive
FDO
Fast – about 1 min/device
High security
No skills needed for installation
Lower installation costs
Open standard
FIDO Taipei Workshop: Securing the Edge with FDO
4
FDO: Fast, Scalable Device Provisioning, Onboarding & Activation
Zero touch onboarding – integrates with existing zero touch solutions
Fast & more secure – ~1 minute
Hardware flexibility – any hardware - ARM MCU to Intel
®
Xeon
®
Any cloud – internet, intranet & closed network, multi-tenant
Late binding – reduces number of product SKUs needed
Multiple implementations – 5 implementations in various programming languages
Certification program – Available from FIDO Alliance
4
1. Drop ship device to
installation location
2. Power-up & connect
to Network 3. Auto-provisions, Onboards
to Device Management
Service
4
1. No product or component can be absolutely secure
FIDO Taipei Workshop: Securing the Edge with FDO
5
How FDO works
Device Manufacturer
3
Load Ownership
Voucher (OV) to
Cloud
Device in box shipped
to installation location
1
Ownership
Voucher (OV)
FDO
Manufacturing
tool
FDO Client, Credentials
path to RV server
a. FDO agent & FDO credentials
places in device.
b. Ownership Voucher (OV)
created
8
7
a. Mutual authentication
takes place
b. Secure channel is
established
c. Onboarding takes place
using FSIM’s
Device given network
connectivity and powers up
Target Cloud

Application
Data
/
Control
→
Cloud Managed,
Device data flows
FDO owner
5
Device contacts RV
and is re-directed to
Cloud
6
Rendezvous
server (RV)
4
Register OV
with
Rendezvous
Server
FDO Client &
credentials
2
Onboarding
Data
→
FIDO Taipei Workshop: Securing the Edge with FDO
6
How FDO works (with spec terms)
Device Manufacturer
Ownership
Voucher (OV)
FDO
Manufacturing
tool
FDO Client &
Credentials
Device Initialization (DI)
• Places FDO device credentials in Device
• Creates FDO Ownership Voucher
Target Cloud
FDO owner
Rendezvous
server (RV)
FDO Client &
credentials
T00/T01 protocols
• The interaction between Device and
Rendezvous Server
• Device identifies itself to the
Rendezvous Server. Obtains mapping to
connect to the Owner’s IP address.
T02 protocol
• The interaction between
Device and Owner.
• Device contacts Owner.
Establishes trust and then
performs onboarding

Application
Data
/
Control
→
Onboarding
Data
→
Final State
Cloud Managed,
Device data flows
FIDO Taipei Workshop: Securing the Edge with FDO
7
FIDO Device Onboard: Late Binding in Supply Chain
Customer 1
Build-to-order
Manufacturing
Infrastructure
• Zero Touch without FDO
Device software and security
customization happens at manufacture
• ➔ Complicated manufacturing
infrastructure, many SKUs, higher cost
Customer 1
Customer 2
Customer 3
Build-to-plan
Manufacturing
Infrastructure
• Zero Touch with FDO
Device software and security
customization happens at installation
• ➔ Simplified supply chain, lower costs
FDO reduces costs & complexity in supply chain – a single device SKU for all customers
Customer 1
Customer 1
Customer 2
Customer 3
FDO late
binding
FIDO Taipei Workshop: Securing the Edge with FDO
8
Authors of the FDO specification
The FDO spec was written by
technology leaders:
• Intel
• Amazon
• Google
• Microsoft
• Qualcomm
• ARM Link to FDO 1.1 specification
FIDO Taipei Workshop: Securing the Edge with FDO
9
Why adopt an onboarding standard like FDO?
Open standards are built on the contribution of security experts from multiple companies –
this often brings broader expertise and ideas than an individual company
As security threats evolve, the standard can evolve to address them
The standard expands over times to add more capabilities, while keeping backward
compatibility as a critical element. It can therefore meet short term and long term needs.
Ability to mix and match with confidence solutions from different vendors – via FIDO FDO
interoperability testing
Simplifies system security analysis
Users don’t need to own the upkeep of their solution as this is handled by open source or
commercial companies
With proprietary solutions, if the in-house expert leaves, that can create a long term support
issue
FIDO Taipei Workshop: Securing the Edge with FDO
10
Example FDO applications
FIDO Taipei Workshop: Securing the Edge with FDO
11
Potential application of FDO to
Manufacturing Applications
Manufacturing Cloud
Local Server (ACP)
PLC/DCN
FIDO Taipei Workshop: Securing the Edge with FDO
12
Potential application of FDO to
Retail Applications
Retail Cloud
Local Server
POS
Security
Camera
Cloud
FIDO Taipei Workshop: Securing the Edge with FDO
13
Potential application of FDO to
Medical Applications
Cloud
Local Server
FIDO Taipei Workshop: Securing the Edge with FDO
14
Potential application of FDO to
Automotive Applications
Software update
FIDO Taipei Workshop: Securing the Edge with FDO
15
Potential application of FDO to
In-vehicle Automotive Applications
Vehicle
computer
Zone
controller
FIDO Taipei Workshop: Securing the Edge with FDO
16
Example FDO architectures
FIDO Taipei Workshop: Securing the Edge with FDO
17
FDO is highly flexible and therefore can users can choose the architecture that
best meets there needs
As a users needs evolved, FDO can be extended without breaking backwards
compatibility
single cloud ➔ multi-cloud ➔ closed network ➔ ‘bring your own devices’
Choosing the right FDO deployment model for
your application
FIDO Taipei Workshop: Securing the Edge with FDO
18
Scenario 1: Onboarding devices with direct internet access,
single cloud/platform
Cloud 1
FIDO Taipei Workshop: Securing the Edge with FDO
19
Scenario 2: Onboarding devices with direct internet access,
multiple clouds
Cloud 1 Cloud 2
Clouds could be
different geographies
Same type of
hardware is
deployed to
different Clouds
FIDO Taipei Workshop: Securing the Edge with FDO
20
Scenario 3: Onboarding devices without direct internet access
(On-premise/Closed Network)
FIDO Taipei Workshop: Securing the Edge with FDO
21
Scenario 4: Onboarding devices – some with and some without
direct internet access
Cloud 1 Cloud 2
Cloud 3
FIDO Taipei Workshop: Securing the Edge with FDO
22
Scenario 5: Onboarding devices with direct internet access,
single cloud/platform, multi-tenant
Cloud 1
Tenant 1
Tenant 2
Tenant 3
Customer 1
Customer 2
Customer 3
FIDO Taipei Workshop: Securing the Edge with FDO
23
Scenario 6: Onboarding devices with internet access and
Closed Network, single cloud/platform, Roaming customers
and multi-tenant
Cloud 1
Tenant 1
Tenant 2
Tenant 3
Customer 1
Customer 2
Cloud 2
Roaming
Customer 3
FIDO Taipei Workshop: Securing the Edge with FDO
24
FDO – A Flexible and extensible
solution
FIDO Taipei Workshop: Securing the Edge with FDO
25
FDO Deployment Flexibility
Architectural Sophistication
Single Internet
Cloud
Internet Cloud
& On-
prem/Closed
Single Cloud
with Multi-
tenant
Multi-Cloud,
Internet and
closed network
with Multi-
tenant
FIDO Taipei Workshop: Securing the Edge with FDO
26
ExxonMobil
ExxonMobil is a leader in the move to standards-based, open,
secure, interoperable process control solutions (OPAF)
ExxonMobil and Yokogawa successfully used FDO in their
Texas testbed.
They expect to start running a field trial in the next year at an
ExxonMobil Manufacturing facility in Baton Rouge, LA
ExxonMobil’s integrator, Yokogawa, has integrated FDO to
automate device installation.
ExxonMobil’s collaborators for the field trial include various IT
and OT suppliers
Source: Yokogawa
FDO demo on LinkedIn
FIDO Taipei Workshop: Securing the Edge with FDO
27
FDO Business FAQ
1. Do I need to join the FIDO Alliance to use the FDO specification?
➢ No. FDO is an open standard. The spec can be downloaded from the FIDO Alliance web site.
➢ Joining the FIDO Alliance will allow you to impact the evolution of FDO and learn from other users and ecosystem
partners
2. What is the license agreement for the FDO technical specification
➢ The FIDO Alliance IPR terms can be found here:
https://media.fidoalliance.org/wp-content/uploads/2019/12/FIDO-IPR-flowchart-v4-W3C.pdf
3. Do I need to pay for certification?
➢ The FIDO Alliance does offer a paid FDO Certification program.
➢ There is no obligation for members to certify their products, however if companies want to use a FIDO FDO certification
logo then certification of the product is required.
➢ Members do receive a discount on Certification costs.
3. Is there software available that implements FDO? Do I need to pay for them?
➢ Yes, multiple versions. Some are open source, some are commercial version.
FIDO Taipei Workshop: Securing the Edge with FDO
28
Extending FDO applications with FSIMs
Hardware ships
with FDO only
Software deployed
at facility via FDO
Remote SW deployment
Firmware update
deployed at facility
via FDO
Remote firmware updated
Hardware ships with
FDO and SW load
FSIM protocols
• Embedded
protocols within
FDO that perform
onboarding
actions
• Examples: File
transfers, key
generation, shell
commands
FIDO Taipei Workshop: Securing the Edge with FDO
29
Conclusion
FDO is highly flexible and extensible
A wide range of deployment architectures are supported
Customers can evolve their architecture over time while retaining compatibility
FDO has been developed to offer a high degree of security
Customers can further extend the security as needed in their application
Users can mix-and-match their credential storage approach as needed
FDO can be used with a wide range of processors and Operating systems
In conclusion, FDO meets your onboarding needs for today and the future

More Related Content

Similar to Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
 
Forti cloud
Forti cloudForti cloud
Forti cloud
Lan & Wan Solutions
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
FIDO Alliance
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
LINE Corporation
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
 
Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005
Jaime Ruiz
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
FIDO Alliance
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
 
Profinet network design webinar - Peter Thomas may 2020 - v1.0
Profinet network design webinar - Peter Thomas   may 2020 - v1.0Profinet network design webinar - Peter Thomas   may 2020 - v1.0
Profinet network design webinar - Peter Thomas may 2020 - v1.0
PROFIBUS and PROFINET InternationaI - PI UK
 
Threat Landscape for Education
Threat Landscape for EducationThreat Landscape for Education
Threat Landscape for Education
ColloqueRISQ
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance
 
The FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and NewsThe FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and News
FIDO Alliance
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More Simple
FIDO Alliance
 

Similar to Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf (20)

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Forti cloud
Forti cloudForti cloud
Forti cloud
 
The Future of Authentication for IoT
The Future of Authentication for IoTThe Future of Authentication for IoT
The Future of Authentication for IoT
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
Profinet network design webinar - Peter Thomas may 2020 - v1.0
Profinet network design webinar - Peter Thomas   may 2020 - v1.0Profinet network design webinar - Peter Thomas   may 2020 - v1.0
Profinet network design webinar - Peter Thomas may 2020 - v1.0
 
Threat Landscape for Education
Threat Landscape for EducationThreat Landscape for Education
Threat Landscape for Education
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
The FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and NewsThe FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and News
 
NTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More SimpleNTT DOCOMO Deployment Case Study: Your Security, More Simple
NTT DOCOMO Deployment Case Study: Your Security, More Simple
 

More from FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
FIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
FIDO Alliance
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
FIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
FIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
FIDO Alliance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
FIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
FIDO Alliance
 

More from FIDO Alliance (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 

Recently uploaded

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 

Recently uploaded (20)

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

  • 1. FIDO Taipei Workshop: Securing the Edge with FDO 1 © FIDO Alliance 2024 An introduction to FDO: How it works & example FDO applications Richard Kerslake FIDO Alliance
  • 2. FIDO Taipei Workshop: Securing the Edge with FDO 2 What problem does FDO solve? When a new enterprise, edge or IOT solution is being installed in a facility (factory, hospital, car, store etc.), the device must be “onboarded” to its management platform (on-premise or cloud) FDO provides secure “plug and play” onboarding for almost any device/network.
  • 3. FIDO Taipei Workshop: Securing the Edge with FDO 3 Manual Vs FDO onboarding Manual Slow – often 20 mins/device Poor security Need skilled technician Expensive FDO Fast – about 1 min/device High security No skills needed for installation Lower installation costs Open standard
  • 4. FIDO Taipei Workshop: Securing the Edge with FDO 4 FDO: Fast, Scalable Device Provisioning, Onboarding & Activation Zero touch onboarding – integrates with existing zero touch solutions Fast & more secure – ~1 minute Hardware flexibility – any hardware - ARM MCU to Intel ® Xeon ® Any cloud – internet, intranet & closed network, multi-tenant Late binding – reduces number of product SKUs needed Multiple implementations – 5 implementations in various programming languages Certification program – Available from FIDO Alliance 4 1. Drop ship device to installation location 2. Power-up & connect to Network 3. Auto-provisions, Onboards to Device Management Service 4 1. No product or component can be absolutely secure
  • 5. FIDO Taipei Workshop: Securing the Edge with FDO 5 How FDO works Device Manufacturer 3 Load Ownership Voucher (OV) to Cloud Device in box shipped to installation location 1 Ownership Voucher (OV) FDO Manufacturing tool FDO Client, Credentials path to RV server a. FDO agent & FDO credentials places in device. b. Ownership Voucher (OV) created 8 7 a. Mutual authentication takes place b. Secure channel is established c. Onboarding takes place using FSIM’s Device given network connectivity and powers up Target Cloud  Application Data / Control → Cloud Managed, Device data flows FDO owner 5 Device contacts RV and is re-directed to Cloud 6 Rendezvous server (RV) 4 Register OV with Rendezvous Server FDO Client & credentials 2 Onboarding Data →
  • 6. FIDO Taipei Workshop: Securing the Edge with FDO 6 How FDO works (with spec terms) Device Manufacturer Ownership Voucher (OV) FDO Manufacturing tool FDO Client & Credentials Device Initialization (DI) • Places FDO device credentials in Device • Creates FDO Ownership Voucher Target Cloud FDO owner Rendezvous server (RV) FDO Client & credentials T00/T01 protocols • The interaction between Device and Rendezvous Server • Device identifies itself to the Rendezvous Server. Obtains mapping to connect to the Owner’s IP address. T02 protocol • The interaction between Device and Owner. • Device contacts Owner. Establishes trust and then performs onboarding  Application Data / Control → Onboarding Data → Final State Cloud Managed, Device data flows
  • 7. FIDO Taipei Workshop: Securing the Edge with FDO 7 FIDO Device Onboard: Late Binding in Supply Chain Customer 1 Build-to-order Manufacturing Infrastructure • Zero Touch without FDO Device software and security customization happens at manufacture • ➔ Complicated manufacturing infrastructure, many SKUs, higher cost Customer 1 Customer 2 Customer 3 Build-to-plan Manufacturing Infrastructure • Zero Touch with FDO Device software and security customization happens at installation • ➔ Simplified supply chain, lower costs FDO reduces costs & complexity in supply chain – a single device SKU for all customers Customer 1 Customer 1 Customer 2 Customer 3 FDO late binding
  • 8. FIDO Taipei Workshop: Securing the Edge with FDO 8 Authors of the FDO specification The FDO spec was written by technology leaders: • Intel • Amazon • Google • Microsoft • Qualcomm • ARM Link to FDO 1.1 specification
  • 9. FIDO Taipei Workshop: Securing the Edge with FDO 9 Why adopt an onboarding standard like FDO? Open standards are built on the contribution of security experts from multiple companies – this often brings broader expertise and ideas than an individual company As security threats evolve, the standard can evolve to address them The standard expands over times to add more capabilities, while keeping backward compatibility as a critical element. It can therefore meet short term and long term needs. Ability to mix and match with confidence solutions from different vendors – via FIDO FDO interoperability testing Simplifies system security analysis Users don’t need to own the upkeep of their solution as this is handled by open source or commercial companies With proprietary solutions, if the in-house expert leaves, that can create a long term support issue
  • 10. FIDO Taipei Workshop: Securing the Edge with FDO 10 Example FDO applications
  • 11. FIDO Taipei Workshop: Securing the Edge with FDO 11 Potential application of FDO to Manufacturing Applications Manufacturing Cloud Local Server (ACP) PLC/DCN
  • 12. FIDO Taipei Workshop: Securing the Edge with FDO 12 Potential application of FDO to Retail Applications Retail Cloud Local Server POS Security Camera Cloud
  • 13. FIDO Taipei Workshop: Securing the Edge with FDO 13 Potential application of FDO to Medical Applications Cloud Local Server
  • 14. FIDO Taipei Workshop: Securing the Edge with FDO 14 Potential application of FDO to Automotive Applications Software update
  • 15. FIDO Taipei Workshop: Securing the Edge with FDO 15 Potential application of FDO to In-vehicle Automotive Applications Vehicle computer Zone controller
  • 16. FIDO Taipei Workshop: Securing the Edge with FDO 16 Example FDO architectures
  • 17. FIDO Taipei Workshop: Securing the Edge with FDO 17 FDO is highly flexible and therefore can users can choose the architecture that best meets there needs As a users needs evolved, FDO can be extended without breaking backwards compatibility single cloud ➔ multi-cloud ➔ closed network ➔ ‘bring your own devices’ Choosing the right FDO deployment model for your application
  • 18. FIDO Taipei Workshop: Securing the Edge with FDO 18 Scenario 1: Onboarding devices with direct internet access, single cloud/platform Cloud 1
  • 19. FIDO Taipei Workshop: Securing the Edge with FDO 19 Scenario 2: Onboarding devices with direct internet access, multiple clouds Cloud 1 Cloud 2 Clouds could be different geographies Same type of hardware is deployed to different Clouds
  • 20. FIDO Taipei Workshop: Securing the Edge with FDO 20 Scenario 3: Onboarding devices without direct internet access (On-premise/Closed Network)
  • 21. FIDO Taipei Workshop: Securing the Edge with FDO 21 Scenario 4: Onboarding devices – some with and some without direct internet access Cloud 1 Cloud 2 Cloud 3
  • 22. FIDO Taipei Workshop: Securing the Edge with FDO 22 Scenario 5: Onboarding devices with direct internet access, single cloud/platform, multi-tenant Cloud 1 Tenant 1 Tenant 2 Tenant 3 Customer 1 Customer 2 Customer 3
  • 23. FIDO Taipei Workshop: Securing the Edge with FDO 23 Scenario 6: Onboarding devices with internet access and Closed Network, single cloud/platform, Roaming customers and multi-tenant Cloud 1 Tenant 1 Tenant 2 Tenant 3 Customer 1 Customer 2 Cloud 2 Roaming Customer 3
  • 24. FIDO Taipei Workshop: Securing the Edge with FDO 24 FDO – A Flexible and extensible solution
  • 25. FIDO Taipei Workshop: Securing the Edge with FDO 25 FDO Deployment Flexibility Architectural Sophistication Single Internet Cloud Internet Cloud & On- prem/Closed Single Cloud with Multi- tenant Multi-Cloud, Internet and closed network with Multi- tenant
  • 26. FIDO Taipei Workshop: Securing the Edge with FDO 26 ExxonMobil ExxonMobil is a leader in the move to standards-based, open, secure, interoperable process control solutions (OPAF) ExxonMobil and Yokogawa successfully used FDO in their Texas testbed. They expect to start running a field trial in the next year at an ExxonMobil Manufacturing facility in Baton Rouge, LA ExxonMobil’s integrator, Yokogawa, has integrated FDO to automate device installation. ExxonMobil’s collaborators for the field trial include various IT and OT suppliers Source: Yokogawa FDO demo on LinkedIn
  • 27. FIDO Taipei Workshop: Securing the Edge with FDO 27 FDO Business FAQ 1. Do I need to join the FIDO Alliance to use the FDO specification? ➢ No. FDO is an open standard. The spec can be downloaded from the FIDO Alliance web site. ➢ Joining the FIDO Alliance will allow you to impact the evolution of FDO and learn from other users and ecosystem partners 2. What is the license agreement for the FDO technical specification ➢ The FIDO Alliance IPR terms can be found here: https://media.fidoalliance.org/wp-content/uploads/2019/12/FIDO-IPR-flowchart-v4-W3C.pdf 3. Do I need to pay for certification? ➢ The FIDO Alliance does offer a paid FDO Certification program. ➢ There is no obligation for members to certify their products, however if companies want to use a FIDO FDO certification logo then certification of the product is required. ➢ Members do receive a discount on Certification costs. 3. Is there software available that implements FDO? Do I need to pay for them? ➢ Yes, multiple versions. Some are open source, some are commercial version.
  • 28. FIDO Taipei Workshop: Securing the Edge with FDO 28 Extending FDO applications with FSIMs Hardware ships with FDO only Software deployed at facility via FDO Remote SW deployment Firmware update deployed at facility via FDO Remote firmware updated Hardware ships with FDO and SW load FSIM protocols • Embedded protocols within FDO that perform onboarding actions • Examples: File transfers, key generation, shell commands
  • 29. FIDO Taipei Workshop: Securing the Edge with FDO 29 Conclusion FDO is highly flexible and extensible A wide range of deployment architectures are supported Customers can evolve their architecture over time while retaining compatibility FDO has been developed to offer a high degree of security Customers can further extend the security as needed in their application Users can mix-and-match their credential storage approach as needed FDO can be used with a wide range of processors and Operating systems In conclusion, FDO meets your onboarding needs for today and the future