fido alliance: year in review webinar slides from january 20 2016
TRANSCRIPT
![Page 1: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/1.jpg)
EXPERIENCE SIMPLER, STRONGER AUTHENTICATION
![Page 2: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/2.jpg)
AGENDAThe ProblemThe SolutionThe AllianceUpdates
![Page 3: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/3.jpg)
781 data breaches in 2015
Data Breaches…
170m records in 2015 (up 50%)$3.8m/breach (up 23% f/2013)
![Page 4: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/4.jpg)
“95% of these incidents involve harvesting credentials stolen from customer devices, then logging into web applications with them.”2015 Data Breach Investigations Report
![Page 5: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/5.jpg)
“A look through the details of these incidents shows a common sequence of
phish customer ≥ get credentials ≥ abuse web application ≥ empty bank/bitcoin account.”
2015 Data Breach Investigations Report
![Page 6: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/6.jpg)
The world has a PASSWORD PROBLEM
![Page 7: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/7.jpg)
ONE-TIME PASSCODESImprove security but aren’t easy enough to use
Still Phishable
User Confusion
TokenNecklace
SMS Reliability
![Page 8: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/8.jpg)
WE NEED A NEW MODEL
![Page 9: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/9.jpg)
WE CALL OURNEW MODEL
Fast IDentity Onlineonline authentication usingpublic key cryptography
![Page 10: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/10.jpg)
AGENDAThe ProblemThe SolutionThe AllianceUpdates
![Page 11: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/11.jpg)
THE OLDPARADIGM
USABILITYSECURITY
![Page 12: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/12.jpg)
THE FIDO PARADIGM
Poor EasyW
eak
Stro
ngUSABILITY
SECU
RITY
![Page 13: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/13.jpg)
HOW OLD AUTHN WORKS
ONLINE
The user authenticates themselves online by presenting a human-
readable secret
![Page 14: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/14.jpg)
HOW FIDO AUTHN WORKS
AUTHENTICATOR
LOCAL ONLINE
The user authenticates
“locally” to their device by various
means
The device authenticates the user online using
public key cryptography
![Page 15: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/15.jpg)
Introduction to FIDO 1.0 standardsUniversal Authentication Framework (UAF)
Universal 2nd Factor (U2F)
![Page 16: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/16.jpg)
Passwordless Experience (UAF Standards)
Second Factor Experience (U2F Standards)
*There are other types of authenticators Second Factor Challenge
1
Authenticated Online
3
Insert Dongle* / Press Button
2
Biometric Verification*
2
Authentication Challenge
1
?Authenticated
Online
3
![Page 17: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/17.jpg)
FIDO Registration
Invitation Sent New Keys Created
Pubic Key RegisteredWith Online Server
User is in a Session Or
New Account Flow
1 2 3
4
Registration Complete
User Approval
![Page 18: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/18.jpg)
Login Complete
FIDO Authentication
FIDO Challenge Key Selected & Signs
Signed Response verified usingPublic Key Cryptography
User needs to login or authorize a transaction
1 2 3
4User Approval
![Page 19: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/19.jpg)
FIDO UAFUNIVERSAL AUTHENTICATION FRAMEWORK
AUTHENTICATOR
Same users as enrolled before?
Same authenticator as
registered before?
![Page 20: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/20.jpg)
FIDO ServerFIDO Authenticator
Metadata
Signed Attestation Object
Verify Trust Anchor
Understand Authenticator Characteristic
ATTESTATION & METADATA
![Page 21: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/21.jpg)
UAF AUTHENTICATIONDEMO EXAMPLE
STEP 1
![Page 22: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/22.jpg)
UAF AUTHENTICATIONDEMO EXAMPLE
STEP 2
![Page 23: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/23.jpg)
UAF AUTHENTICATIONDEMO EXAMPLE
STEP 3
![Page 24: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/24.jpg)
UAF AUTHENTICATIONDEMO EXAMPLE
STEP 4
![Page 25: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/25.jpg)
FIDO U2FUNIVERSAL 2ND FACTOR
AUTHENTICATOR
USER VERIFICATION FIDO AUTHENTICATION
Same authenticator as
registered before?
Is a user present?
![Page 26: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/26.jpg)
Step 1U2F AUTHENTICATION DEMO EXAMPLE
![Page 27: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/27.jpg)
Step 2U2F AUTHENTICATION DEMO EXAMPLE
![Page 28: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/28.jpg)
Step 3U2F AUTHENTICATION DEMO EXAMPLE
![Page 29: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/29.jpg)
Step 4U2F AUTHENTICATION DEMO EXAMPLE
+Bob
![Page 30: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/30.jpg)
USABILITY, SECURITY and
PRIVACY by Design
![Page 31: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/31.jpg)
Privacy by Design History
31
• Ann Cavoukian, the former Information and Privacy Commissioner of Ontario/Canada, coined the term “Privacy by Design” back in the late 90’s.
• Idea was to take privacy into account already early in the design process.
• Cavoukian went a step further and developed 7 principles.
• It took years to investigate the idea further and to become familiar with privacy as an engineering concept.
![Page 32: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/32.jpg)
Privacy Principles
32https://fidoalliance.org/wp-content/uploads/2014/12/FIDO_Alliance_Whitepaper_Privacy_Principles.pdf
![Page 33: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/33.jpg)
No 3rd Party in the Protocol
No Secrets generated/stored on the Server side
Biometric Data (if used) Never Leaves Device
No Link-ability Between Services and Accounts
De-register at any time
No release of information without consent
![Page 34: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/34.jpg)
FIDO & Privacy
AUTHENTICATOR
USER VERIFICATION FIDO AUTHENTICATION
![Page 35: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/35.jpg)
Prepare0
STEP 1FIDO
AuthenticatorFIDO Server
App WebApp
FIDO REGISTRATION
![Page 36: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/36.jpg)
FIDO REGISTRATION
Prepare0
STEP 2FIDO
AuthenticatorFIDO Server
App WebApp
TLS Channel Establishment
1
No 3rd Party in the Protocol
![Page 37: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/37.jpg)
FIDO REGISTRATION
Prepare0
STEP 2FIDO Authenticator
FIDO Server
App WebApp
User is invited by Online Service to register their FIDO device(Specific to Online Service Providers)
Legacy Auth.+ Initiate Reg.
Reg. Request+ Policy
1
2
No release of information without consent
![Page 38: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/38.jpg)
FIDO REGISTRATION
Prepare0
STEP 3FIDO
AuthenticatorFIDO Server
App WebApp
38
3
Legacy Auth.+ Initiate Reg.
Reg. Request[Policy]
1
2
Verify User & Generate New Key Pair(Specific to Account with Online Service Provider)
No Secrets generated/stored on the Server side
![Page 39: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/39.jpg)
FIDO REGISTRATION
Prepare0
STEP 4FIDO
AuthenticatorFIDO Server
App WebApp
3
Register public key with FIDO Server for verifying signed challenges(Specific to Account with Online Service Provider)
Legacy Auth.+ Initiate Reg.
Reg. Request+ Policy
1
2
Reg. Response4
Biometric Data (if used) Never Leaves Device
![Page 40: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/40.jpg)
No Link-ability Between Accounts and Services
Website A
Website B
FIDO REGISTRATION(On Multiple Sites)
![Page 41: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/41.jpg)
PERSONAL DATAApplication-specific Data
Depending on the service(e.g., shipping address, credit card details)
User Verification DataBiometric data
(e.g., fingerprint or voice template, heart-rate variation data)
FIDO-related Data
Identifiers used by the FIDO authenticator
protocols(e.g., public key, key handle)
Data Minimization
, Purpose
Limitationand
protectionagainst
unauthorized
access
Outside the scope of FIDO
![Page 42: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/42.jpg)
Better security for online servicesReduced cost for the enterprise
Simpler and safer for consumers
![Page 43: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/43.jpg)
AGENDAThe ProblemThe SolutionThe AllianceUpdates
![Page 44: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/44.jpg)
The FIDO Alliance is an open industry association of over 250 global member organizations
![Page 45: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/45.jpg)
Physical-to-digital identity
User Management
Authentication
Federation
SingleSign-On
Passwords Risk-BasedStrong
MODERNAUTHENTICATION
FIDO SCOPE
![Page 46: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/46.jpg)
FIDO Alliance Mission
DevelopSpecifications
OperateAdoption Programs
Pursue Formal Standardization
1 2 3
![Page 47: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/47.jpg)
Board Members
47 47 4747
Services/Apps
Vendors/Enablers Devices/Platforms
![Page 48: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/48.jpg)
AGENDAThe ProblemThe SolutionThe AllianceUpdates
![Page 49: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/49.jpg)
Government Members
49
Public Sector
49 4949
“The fact that FIDO has now welcomed government participation is a logical and exciting step toward further advancement of the Identity Ecosystem; we look forward to continued progress.” -- Mike Garcia, NSTIC NPO
![Page 50: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/50.jpg)
Liaison Program
50
Industry Partners
50 5050
Our mission is highly complementary to many other associations around the world. We welcome the opportunity to collaborate with this growing list of industry partner organizations.
![Page 51: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/51.jpg)
“Microsoft Announces FIDO Support Coming to Windows 10”Feb 23, 2015
“Qualcomm launches Snapdragon fingerprint scanning technology”, March 2, 2015
“Google for Work announced Enterprise admin support for FIDO® U2F “Security Key”,April 21, 2015
“Largest mobile network in Japan becomes first wireless carrier to enhance customer experience with natural, simple and strong ways to authenticate to DOCOMO’s services using FIDO standards”May 26, 2015
2015 FIDO ADOPTION
“Today, we’re adding Universal 2nd Factor (U2F) security keys as an additional method for two-step verification, giving you stronger authentication protection.” August 12, 2015
“the technology supporting fingerprint sign-in was built according to FIDO (Fast IDentity Online) standards.”September 15, 2015
“GitHub says it will now handle what is called the FIDO Universal 2nd Factor, or U2F, specification”October 1, 2015
![Page 52: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/52.jpg)
Deployments are enabled by FIDO Certified™ Productsavailable today
![Page 53: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/53.jpg)
53
![Page 54: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/54.jpg)
54
Available to anyone Ensures interoperability Promotes the FIDO ecosystem
Steps to certification:1. Conformance Self-Validation2. Interoperability Testing3. Certification Request4. Trademark License (optional)
fidoalliance.org/certification
![Page 55: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/55.jpg)
20-NOV-2015FIDO Authentication Poised for Continued Growth as Alliance Submits FIDO 2.0 Web API to W3C• W3C has accepted our submission • Specifications required to define a FIDO-compliant Web API • Designed to extend FIDO’s existing reach to all platforms• OEM community should begin to plan their support now• RP community should deploy FIDO 1.x now knowing FIDO
standards are “future proof” --strategically positioned as the de facto authentication scheme for the Web & OS Platforms
![Page 56: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/56.jpg)
FIDO in 2015
FEB MAYMAR APR MAY NOVJUNE AUG SEP OCTJUN OCT
![Page 57: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/57.jpg)
Relying Parties – deploy FIDO 1.X nowOEMs – plan for FIDO 2.x now
Vendors – get FIDO Certified™
![Page 58: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/58.jpg)
JOIN THE FIDO ECOSYSTEM
![Page 59: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/59.jpg)
JOIN THE FIDO ALLIANCE
![Page 60: FIDO Alliance: Year in Review Webinar slides from January 20 2016](https://reader036.vdocuments.mx/reader036/viewer/2022081520/58763cfb1a28ab68098b7477/html5/thumbnails/60.jpg)
EXPERIENCE SIMPLER, STRONGER AUTHENTICATION