SlideShare a Scribd company logo

Webinar: Case Study: FIDO, Federation, ID Proofing

A
Ads Manager

FIDO authentication is usually not positioned as a means of achieving high assurance Identity proofing but it can be a critical component in best-of-breed remote identity verification. Join this session for a look at how FIDO, Federation and ID Proofing can work together to create a robust identity ecosystem. The solution lays out an architecture for remote identity proofing to create a privacy-preserving credential, using an identity proofing engine based on OpenID Connect, and issuing a FIDO credential used for strong authentication. Featured Speaker: Jerrod Chong, CISSP, VP Solutions, Yubico

Technology
1 of 19
Download to read offline
©2017Yubico © 2017 Yubico FIDO, ID Proofing and Federation Jerrod Chong, VP Solutions
2 ©2017Yubico FIDO U2F AKA Security Keys Global open authentication standard co-created by Yubico & Google # of ServicesAny Shared SecretsNoOne Authenticator
3 Google Security Key Login 1 2 3 Secure Unphishable / UnMITMable Simple Insert and press button Scalable One device, many services Privacy No Link-ability between services
4 ©2017Yubico 4 1st Government to offer citizens opt-in U2F Secured Digital ID
©2017Yubico 5 Why are we solving this? ● Strong authentication not always tied to identity of user ● FIDO authentication mostly decoupled from ID Proofing ● ID Proofing required for higher assurance levels ● ID Proofing and strong authentication at odds with privacy ● Remote ID Proofing tied to Knowledge Based Verification (KBV) ● Reduce the reliance on weak recovery options
©2017Yubico “Individuals and organizations utilize secure, efficient, easy‐to‐use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” -NIST Trusted Identity Group (TIG) 6
7 ©2017Yubico NIST SP 800-63-3 Digital Identity Guidelines 800-63 Revision 3 Highlighting 3 Policy Recommendations - Decouple Identity assurance from Authenticator assurance - Deprecate the use of SMS as Out-of-Band verifier - Approves FIDO U2F for use at highest Authenticator assurance level (AAL3)
©2017Yubico 8 The Project Yubico awarded US NIST grant collaborating with various Identity Providers ● Extend benefits of FIDO U2F to federated identity environments ● Integrate ID Proofing with FIDO U2F authentication ● Share attributes securely, conveniently and privacy-enhancing
©2017Yubico 9 ID verified FIDO Authenticators U2F Authenticator sent to the address on ID Secure access to any number of services Mobile ID scanning, Driver’s license or state ID ● Successful Remote Proofing issues Pre-registered authenticator ● Pre-registration of authenticator ensures authenticity and integrity (first FIDO credential must be ID verified)
©2017Yubico 10 ID Proofing and Verification (IPV) 2 1 2 3 4 5 68 9 Token Issuance 7 10
11 ©2017Yubico Remote ID Proofing Mobile App
12 ©2017Yubico Token Issuance with Pre-Registration IdP
13 U2F Device Client Relying Party app id, challenge a; challenge, origin, channel id, etc. c a Check app id Generate: kpub kpriv handle h kpub , h, attestation cert, signature(a,c,kpub ,h) c, kpub , h, attestation cert, s Release kpub with handle h for user s Pre-Registration of Key Handle
©2017Yubico 14 Request access to Service Provider (SP) WebsiteUSER SP Redirect user to home institution Identity Provider (IdP) SP Deliver content to user SP Purge user attribute per IdP-SP contract IdP Prompt user to login + Send attributes to SP Attribute Assertion IdP data store Authentication Flow
15 U2F Device Client Relying Party handle, app id, challenge h, a; challenge, origin, channel id, etc. c a Check app id Lookup the kpriv associated with h Sign with kpriv counter++ counter, signature(a,c, counter) counter, c, s Check s using kpub Verify origin, channel id & counter s h Lookup the kpub associated with h Authentication
©2017Yubico 16 Identity Ecosystem using Open Standards ● Extend FIDO to services connected via these federation protocols • U2F Shibboleth (SAML) and OpenID Connect plug-in • Open source reference implementation ● Build ID Proofing engine using OpenID Connect • Allows for multiple proofing solutions/providers • Part of the Identity toolkit
©2017Yubico ● Protecting PII is time and resource intensive ● Difficult to achieve highest identity assurance with Remote ID proofing ● High level of trust required in integrations with third-party vendors ● Compatibility challenges across diverse operating systems and devices ● Additional techniques needed to onboard special needs individuals 17 Lessons Learned
18 ©2017Yubico Questions?
©2017Yubico © 2017 Yubico 19

Recommended

TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance
 
FIDO Present and Future from the mobile Perspective
FIDO Present and Future from the mobile PerspectiveFIDO Present and Future from the mobile Perspective
FIDO Present and Future from the mobile PerspectiveFIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
FIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in JapanFIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in JapanFIDO Alliance
 

Recommended

TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance
 
FIDO Present and Future from the mobile Perspective
FIDO Present and Future from the mobile PerspectiveFIDO Present and Future from the mobile Perspective
FIDO Present and Future from the mobile PerspectiveFIDO Alliance
 
LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望LINEのFIDO導入と将来展望
LINEのFIDO導入と将来展望FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
FIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in JapanFIDO Adoption and Market Trends in Japan
FIDO Adoption and Market Trends in JapanFIDO Alliance
 
U2F Tutorial - Authentication Tokens for Enterprise and Consumers
U2F Tutorial - Authentication Tokens for Enterprise and ConsumersU2F Tutorial - Authentication Tokens for Enterprise and Consumers
U2F Tutorial - Authentication Tokens for Enterprise and ConsumersFIDO Alliance
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressFIDO Alliance
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital SignaturesOlivier Libert
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew ShikiarFIDO Alliance
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Mobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsMobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsFIDO Alliance
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020Bjorn Hjelm
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM ArchitectureBjorn Hjelm
 
Mobile Innovation Vision 2020
Mobile Innovation Vision 2020Mobile Innovation Vision 2020
Mobile Innovation Vision 2020Cisco Service Provider
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In GovernmentFIDO Alliance
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM ArchitectureBjorn Hjelm
 
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...mfrancis
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarVeridium
 
Bloc Notary Use Cases
Bloc Notary Use CasesBloc Notary Use Cases
Bloc Notary Use Casesblocknotary
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewpjpallen
 
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...mfrancis
 
Interactive Powers 2020
Interactive Powers 2020Interactive Powers 2020
Interactive Powers 2020Interactive Powers
 
Sicap Webinar – NFC: Must-Dos to Turn Trials Into Reality
Sicap Webinar – NFC: Must-Dos to Turn Trials Into RealitySicap Webinar – NFC: Must-Dos to Turn Trials Into Reality
Sicap Webinar – NFC: Must-Dos to Turn Trials Into RealityComputaris
 
Authentication and ID Proofing in Education
Authentication and ID Proofing in EducationAuthentication and ID Proofing in Education
Authentication and ID Proofing in EducationFIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO AuthenticationLINE Corporation
 

More Related Content

What's hot

U2F Tutorial - Authentication Tokens for Enterprise and Consumers
U2F Tutorial - Authentication Tokens for Enterprise and ConsumersU2F Tutorial - Authentication Tokens for Enterprise and Consumers
U2F Tutorial - Authentication Tokens for Enterprise and ConsumersFIDO Alliance
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressFIDO Alliance
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital SignaturesOlivier Libert
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew ShikiarFIDO Alliance
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
 
Mobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsMobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsFIDO Alliance
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020Bjorn Hjelm
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM ArchitectureBjorn Hjelm
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In GovernmentFIDO Alliance
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM ArchitectureBjorn Hjelm
 
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...mfrancis
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarVeridium
 
Bloc Notary Use Cases
Bloc Notary Use CasesBloc Notary Use Cases
Bloc Notary Use Casesblocknotary
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewpjpallen
 
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...mfrancis
 
Sicap Webinar – NFC: Must-Dos to Turn Trials Into Reality
Sicap Webinar – NFC: Must-Dos to Turn Trials Into RealitySicap Webinar – NFC: Must-Dos to Turn Trials Into Reality
Sicap Webinar – NFC: Must-Dos to Turn Trials Into RealityComputaris
 

What's hot (18)

U2F Tutorial - Authentication Tokens for Enterprise and Consumers
U2F Tutorial - Authentication Tokens for Enterprise and ConsumersU2F Tutorial - Authentication Tokens for Enterprise and Consumers
U2F Tutorial - Authentication Tokens for Enterprise and Consumers
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome Address
 
Connective Digital Signatures
Connective Digital SignaturesConnective Digital Signatures
Connective Digital Signatures
 
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
2019 FIDO Tokyo Seminar - Welcome Keynote Andrew Shikiar
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
 
Mobile Connect and the FIDO standards
Mobile Connect and the FIDO standardsMobile Connect and the FIDO standards
Mobile Connect and the FIDO standards
 
MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020MODRNA WG Overview - October 2020
MODRNA WG Overview - October 2020
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
 
Mobile Innovation Vision 2020
Mobile Innovation Vision 2020Mobile Innovation Vision 2020
Mobile Innovation Vision 2020
 
Digital Identity In Government
Digital Identity In GovernmentDigital Identity In Government
Digital Identity In Government
 
Development of 5G IAM Architecture
Development of 5G IAM ArchitectureDevelopment of 5G IAM Architecture
Development of 5G IAM Architecture
 
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...
Cut the Gordian Knot - The QIVICON Ecosystem for Smarthome - Jochen Hiller,Ca...
 
Eliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management WebinarEliminating Passwords with Biometrics for Identity Access Management Webinar
Eliminating Passwords with Biometrics for Identity Access Management Webinar
 
Bloc Notary Use Cases
Bloc Notary Use CasesBloc Notary Use Cases
Bloc Notary Use Cases
 
Signify Overview
Signify OverviewSignify Overview
Signify Overview
 
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...
Developing Applications for Your Smart Home with QIVICON - Kai Kreuzer,Jochen...
 
Interactive Powers 2020
Interactive Powers 2020Interactive Powers 2020
Interactive Powers 2020
 
Sicap Webinar – NFC: Must-Dos to Turn Trials Into Reality
Sicap Webinar – NFC: Must-Dos to Turn Trials Into RealitySicap Webinar – NFC: Must-Dos to Turn Trials Into Reality
Sicap Webinar – NFC: Must-Dos to Turn Trials Into Reality
 

Similar to Webinar: Case Study: FIDO, Federation, ID Proofing

Authentication and ID Proofing in Education
Authentication and ID Proofing in EducationAuthentication and ID Proofing in Education
Authentication and ID Proofing in EducationFIDO Alliance
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO AuthenticationLINE Corporation
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusFIDO Alliance
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerYenlo
 
The FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and NewsThe FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and NewsFIDO Alliance
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptxssuserc1c6091
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO Alliance
 
DIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinDIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinCloudIDSummit
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCloudIDSummit
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
Welcome and FIDO Update.pptx
Welcome and FIDO Update.pptxWelcome and FIDO Update.pptx
Welcome and FIDO Update.pptxFIDO Alliance
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationFIDO Alliance
 

Similar to Webinar: Case Study: FIDO, Federation, ID Proofing (20)

Authentication and ID Proofing in Education
Authentication and ID Proofing in EducationAuthentication and ID Proofing in Education
Authentication and ID Proofing in Education
 
NTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case StudyNTT DOCOMO Deployment Case Study
NTT DOCOMO Deployment Case Study
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication“Your Security, More Simple.” by utilizing FIDO Authentication
“Your Security, More Simple.” by utilizing FIDO Authentication
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and Status
 
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
 
The FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and NewsThe FIDO Alliance Today: Status and News
The FIDO Alliance Today: Status and News
 
CIS14: PingID
CIS14: PingIDCIS14: PingID
CIS14: PingID
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
DIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinDIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric Fazendin
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
Welcome and FIDO Update.pptx
Welcome and FIDO Update.pptxWelcome and FIDO Update.pptx
Welcome and FIDO Update.pptx
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 

Recently uploaded

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Webinar: Case Study: FIDO, Federation, ID Proofing

  • 1. ©2017Yubico © 2017 Yubico FIDO, ID Proofing and Federation Jerrod Chong, VP Solutions
  • 2. 2 ©2017Yubico FIDO U2F AKA Security Keys Global open authentication standard co-created by Yubico & Google # of ServicesAny Shared SecretsNoOne Authenticator
  • 3. 3 Google Security Key Login 1 2 3 Secure Unphishable / UnMITMable Simple Insert and press button Scalable One device, many services Privacy No Link-ability between services
  • 5. ©2017Yubico 5 Why are we solving this? ● Strong authentication not always tied to identity of user ● FIDO authentication mostly decoupled from ID Proofing ● ID Proofing required for higher assurance levels ● ID Proofing and strong authentication at odds with privacy ● Remote ID Proofing tied to Knowledge Based Verification (KBV) ● Reduce the reliance on weak recovery options
  • 6. ©2017Yubico “Individuals and organizations utilize secure, efficient, easy‐to‐use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” -NIST Trusted Identity Group (TIG) 6
  • 7. 7 ©2017Yubico NIST SP 800-63-3 Digital Identity Guidelines 800-63 Revision 3 Highlighting 3 Policy Recommendations - Decouple Identity assurance from Authenticator assurance - Deprecate the use of SMS as Out-of-Band verifier - Approves FIDO U2F for use at highest Authenticator assurance level (AAL3)
  • 8. ©2017Yubico 8 The Project Yubico awarded US NIST grant collaborating with various Identity Providers ● Extend benefits of FIDO U2F to federated identity environments ● Integrate ID Proofing with FIDO U2F authentication ● Share attributes securely, conveniently and privacy-enhancing
  • 9. ©2017Yubico 9 ID verified FIDO Authenticators U2F Authenticator sent to the address on ID Secure access to any number of services Mobile ID scanning, Driver’s license or state ID ● Successful Remote Proofing issues Pre-registered authenticator ● Pre-registration of authenticator ensures authenticity and integrity (first FIDO credential must be ID verified)
  • 10. ©2017Yubico 10 ID Proofing and Verification (IPV) 2 1 2 3 4 5 68 9 Token Issuance 7 10
  • 13. 13 U2F Device Client Relying Party app id, challenge a; challenge, origin, channel id, etc. c a Check app id Generate: kpub kpriv handle h kpub , h, attestation cert, signature(a,c,kpub ,h) c, kpub , h, attestation cert, s Release kpub with handle h for user s Pre-Registration of Key Handle
  • 14. ©2017Yubico 14 Request access to Service Provider (SP) WebsiteUSER SP Redirect user to home institution Identity Provider (IdP) SP Deliver content to user SP Purge user attribute per IdP-SP contract IdP Prompt user to login + Send attributes to SP Attribute Assertion IdP data store Authentication Flow
  • 15. 15 U2F Device Client Relying Party handle, app id, challenge h, a; challenge, origin, channel id, etc. c a Check app id Lookup the kpriv associated with h Sign with kpriv counter++ counter, signature(a,c, counter) counter, c, s Check s using kpub Verify origin, channel id & counter s h Lookup the kpub associated with h Authentication
  • 16. ©2017Yubico 16 Identity Ecosystem using Open Standards ● Extend FIDO to services connected via these federation protocols • U2F Shibboleth (SAML) and OpenID Connect plug-in • Open source reference implementation ● Build ID Proofing engine using OpenID Connect • Allows for multiple proofing solutions/providers • Part of the Identity toolkit
  • 17. ©2017Yubico ● Protecting PII is time and resource intensive ● Difficult to achieve highest identity assurance with Remote ID proofing ● High level of trust required in integrations with third-party vendors ● Compatibility challenges across diverse operating systems and devices ● Additional techniques needed to onboard special needs individuals 17 Lessons Learned