experimentar sencillo, autenticaciÓn fuerte · •gsma mobile connect initiative •working on...
TRANSCRIPT
![Page 1: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/1.jpg)
EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE
1
![Page 2: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/2.jpg)
• John Bradley
• Yo trabajo en la Oficina CTO de Ping Identity
• Yo soy un autor de OAuth y OpenID Connect
• Yo vivo en Santiago de Chile
• En palabras de mi esposa “Hablar Inglés por favor”
¿Quién es el Gringo?
![Page 3: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/3.jpg)
Data breachesare out of control
3
![Page 4: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/4.jpg)
708 data breaches
IN 2014...
82 millionpersonal records stolen
4
$3.5 millionaverage cost per breach
![Page 5: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/5.jpg)
We have a PASSWORD PROBLEM
5
![Page 6: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/6.jpg)
Re-used Phished Keylogged
TOO MANY TO REMEMBER,
DIFFICULT TO TYPE,
AND TOO VULNERABLE
6
![Page 7: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/7.jpg)
Adding more authentication
has largely been rejected by users
7
![Page 8: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/8.jpg)
ONE-TIME PASSCODESImprove security but aren’t easy enough
Still Phishable
Poor User Experience
TokenNecklace
SMS Reliability
8
![Page 9: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/9.jpg)
WE NEED A NEW MODELFast IDentity Online
9
![Page 10: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/10.jpg)
THE FIDO PARADIGM
11
Poor Good
We
ak
Str
on
g
USABILITY
SEC
UR
ITY
Passwords PINs
OTP
2FA
![Page 11: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/11.jpg)
HOW DOES FIDO WORK?
USER VERIFICATION FIDO AUTHENTICATION
AUTHENTICATOR
13
![Page 12: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/12.jpg)
Passwordless Experience (FIDO UAF Standards)
Second Factor Experience (FIDO U2F Standards)
Transaction Detail User Authentication Done
1 2 3
Success
$10,000
Transfer Now
Login & Password
1
Insert Dongle
Press Button
2
Done
3
Success
14
![Page 13: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/13.jpg)
FIDO Registration
2
Registration Begins
1
15
User Approval
3
New Key Created
4
Key Registered Using
Public Key
Cryptography
![Page 14: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/14.jpg)
FIDO Login
2
Login
1
16
Login Challenge
3
Key Selected
4
Login Response Using
Public Key
Cryptography
User Approval
Login Complete
![Page 15: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/15.jpg)
Online authentication usingpublic key cryptography
17
![Page 16: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/16.jpg)
FIDO UNIVERSAL 2ND FACTOR
AUTHENTICATOR
Is a user present?
Same authenticator as registered
before?
USER VERIFICATION FIDO AUTHENTICATION
18
![Page 17: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/17.jpg)
19
Step 1U2F AUTHENTICATION DEMO EXAMPLE
![Page 18: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/18.jpg)
20
Step 2U2F AUTHENTICATION DEMO EXAMPLE
![Page 19: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/19.jpg)
21
Step 3U2F AUTHENTICATION DEMO EXAMPLE
![Page 20: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/20.jpg)
22
Step 4U2F AUTHENTICATION DEMO EXAMPLE
+Bob
![Page 21: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/21.jpg)
AUTHENTICATOR
USER VERIFICATION FIDO AUTHENTICATION
FIDO UNIVERSAL
AUTHENTICATION FRAMEWORK (UAF)
23
Same User as enrolled
before?
Same Authenticator as registered
before?
![Page 22: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/22.jpg)
UAF AUTHENTICATION
DEMO EXAMPLE
24
STEP 1
![Page 23: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/23.jpg)
25
UAF AUTHENTICATION
DEMO EXAMPLE
STEP 2
![Page 24: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/24.jpg)
26
UAF AUTHENTICATION
DEMO EXAMPLE
STEP 3
![Page 25: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/25.jpg)
27
UAF AUTHENTICATION
DEMO EXAMPLE
STEP 4
![Page 26: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/26.jpg)
USABILITY, SECURITYand
PRIVACY28
![Page 27: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/27.jpg)
29
No third party in the protocol
No secrets on the server side
Biometric data (if used) never leaves device
No link-ability between services or accounts
![Page 28: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/28.jpg)
Better security for online services
Reduced cost for the enterprise
Simple and safe for consumers
30
![Page 29: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/29.jpg)
The FIDO Alliance is an open
association of more than 200
diverse member organizations31
![Page 30: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/30.jpg)
Board Members
32
Online Services
Chip Providers
Device Providers
Biometrics Vendors
Enterprise Servers
Platform Providers
![Page 31: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/31.jpg)
FIDO TIMELINE
FIDO 1.0 FINALSpecification
First UAF & U2F Deployments
SpecificationReview Draft
FIDO Ready Program
AllianceAnnounced
FEB2013
(6 Members)
DEC2013
(59 Members)
FEB2014
(84 Members)
FEB-OCT2014
(129 Members)
DEC 92014
(152 Members)
33
![Page 32: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/32.jpg)
34
A range of
FIDO PRODUCTS are now available
![Page 33: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/33.jpg)
35
Implementing 1.0 Specifications(this is only a subset of active implementations)
Online Services
Chip Providers
Device Providers
Biometrics Technology Providers
Enterprise Servers
Open Source
Mobile Apps/Clients
WWW Browsers
![Page 34: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/34.jpg)
2014 Deployments
36
PayPal continues FIDO enablement in improved mobile wallet app.
Google has FIDO in Chrome and2-Step Verification.
Samsung adds FIDO enabled Touch authentication to Galaxy® S6
![Page 35: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/35.jpg)
The significance of early 2015 announcements
37
FIDO in 2015
![Page 36: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/36.jpg)
FIDO in Windows 10
38
Windows used by
1.5 billion users
Windows 10 in 190
countries by Q3
Free upgrade for
consumer
![Page 37: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/37.jpg)
FIDO in Snapdragon
39
Market leader to
ship FIDO client
85+ OEMs as of Q4
>1 billion Android
devices shipped
Innovative sensor
![Page 38: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/38.jpg)
FIDO in Healthcare
40
First healthcare
deployment
Physician access
to health records
up to 50 million
Healthcare users
![Page 39: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/39.jpg)
FIDO in Enterprise
41
Google for Work announced Enterprise admin support for FIDO® U2F “Security
Key” – April 21
Google for Work is used by over 5
million businesses worldwide
“The Security Keys are a great step
forward, as they are very practical and
more secure.” – Woolsworth IT
![Page 40: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/40.jpg)
FIDO in Mobile
42
Deployed multiple FIDO Certified™
Handsets (from Sharp, Samsung &
Fujitsu
Deployed Multiple Biometric Modalities
(Iris & Fingerprint)
Deployed Multiple Services including
carrier billing and digital goods
Joined FIDO Alliance Board of Directors
![Page 41: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/41.jpg)
FIDO & Government
43
2013 Data Breach Investigations Report (conducted
by Verizon in concert with the U.S. Department of
Homeland Security) noted that 76% of 2012 network
intrusions exploited weak or stolen credentials.
-- NIST Roadmap for Improving Critical Infrastructure Cybersecurity,12-
Feb-2014
Governments
worldwide are
looking at FIDO
FIDO featured at
White House Summit
New collaboration framework…
![Page 42: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/42.jpg)
Telco
• GSMA Mobile Connect initiative• Working on Using FIDO + Push notification for
authentication
• Standard Global platform based on OpenID Connect.
• Telefonica/Movistar currently running a pilot in España
![Page 43: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/43.jpg)
JOIN THE FIDO ALLIANCE
46
![Page 44: EXPERIMENTAR SENCILLO, AUTENTICACIÓN FUERTE · •GSMA Mobile Connect initiative •Working on Using FIDO + Push notification for authentication •Standard Global platform based](https://reader033.vdocuments.mx/reader033/viewer/2022060211/5f04e2477e708231d410309c/html5/thumbnails/44.jpg)
EXPERIENCE SIMPLER, STRONGER AUTHENTICATION
47