FIDO Certification

32
FIDO CERTIFICATION: VALIDATING THE NEXT GENERATION OF STRONGER, SIMPLER AUTHENTICATION Steve Wilson, Ramesh Kesanupalli, Adam Powers All Rights Reserved | FIDO Alliance | Copyright 2016

Transcript of FIDO Certification

FIDO CERTIFICATION:VALIDATING THE NEXT GENERATION OF STRONGER, SIMPLER AUTHENTICATION

Steve Wilson, Ramesh Kesanupalli, Adam Powers

All Rights Reserved | FIDO Alliance | Copyright 2016

2All Rights Reserved | FIDO Alliance | Copyright 2016

Agenda• Welcome• The Importance of Interoperability• FIDO Certification Program Overview

• Highlights from Year One• What’s New with the Program

• Implementation Highlights• Getting Certified• Q & A

3All Rights Reserved | FIDO Alliance | Copyright 2016

The Importance of Interoperability

STEVE WILSONVice President and Principal Analyst, Constellation Research

Physical-to-digital identity

User Management

Authentication

Federation

SingleSign-On

Passwords Risk-BasedStrong

MODERNAUTHENTICATION

FIDO Scope

5All Rights Reserved | FIDO Alliance | Copyright 2016

PROGRAM OVERVIEWRamesh Kesanupalli, FIDO Visionary & Founder Nok Nok

Labs

6All Rights Reserved | FIDO Alliance | Copyright 2016

Certification Goals• Enable implementations to be

identified as officially FIDO certified• Ensure interoperability between FIDO

officially recognized implementations• Promote the adoption of the FIDO

ecosystem

7All Rights Reserved | FIDO Alliance | Copyright 2016

Certification Overview• Available to both members and non-members• Four steps to certification

8All Rights Reserved | FIDO Alliance | Copyright 2016

Deployments are enabled by 150+ 200+ FIDO® Certified

productsavailable today

10All Rights Reserved | FIDO Alliance | Copyright 2016

Certification Growth

Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16

151

62

32

6274

108

159

213TOTA

L

OEMs Now Shipping FIDO Certified Devices

S5, Mini Alpha Note 4,5 Note Edge Tab S, Tab S2

S6,S6 Edge

S7,S7 Edge

VerneeThor

Aquos Zeta Xperia Z5

Xperia Z5 Compact

Xperia Z5 Premium

Mate 8

V10

G5

Phab2 Pro

Phab2

PlusZ2, Z2

ProArrows

NXArrows

FitArrows

TabAll Rights Reserved | FIDO Alliance | Copyright 2016

12All Rights Reserved | FIDO Alliance | Copyright 2016

FIDO Applications Now Run on iOS 9

iPhone 5s iPhone 6, 6+

iPad Air 2, Mini 3

iPhone 6s, 6s+

iPad Mini 4 iPad Pro

Supported iOS Fingerprint Devices

13All Rights Reserved | FIDO Alliance | Copyright 2016

WHAT’S NEW WITH THE CERTIFICATION PROGRAMAdam Powers, Director of Technology, FIDO Alliance

14

BLE• 2014: USB• 2015: NFC• 2016: BLE

• Bluetooth Smart authenticators, based on new U2F BLE specification

• One-click authentication• U2F support for iOS

+All Rights Reserved | FIDO Alliance | Copyright 2016

15

On Demand Testing Overview

On Demand Testing

Virtual

Shipped

In-Person

ConfidentialFIDO Alliance | Confidential | All Rights Reserved | Copyright

2016

• Existing Process – Interop Testing• Interop every 90 days• Plan ahead! May impact product schedules…

• New Process – On Demand Testing• Pick your testing date from a calendar• Servers: remote / virtual testing• Authenticators: ship device or in-person

testing• Convenience and fast turn-around

Upcoming Certification Programs• Security Certification

• Third-party lab security testing• Ensure authenticators are secure against at-scale

and targeted attacks• Biometric Certification

• Biometric neutral third-party biometric testing• Ensure levels of False Accept Rate (FAR) and

resistance to predefined presentation attacks• New Specification Releases

• Stay tuned for more details…

16All Rights Reserved | FIDO Alliance | Copyright 2016

17All Rights Reserved | FIDO Alliance | Copyright 2016

IMPLEMENTATION HIGHLIGHTS

18All Rights Reserved | FIDO Alliance | Copyright 2016

Korean Market Growth• Most markets seeing

healthy growth…• Huge spike in Korean

certifications in 2016

Sept-15 Dec-15 Mar-16 May-163

16

55

73

BLE & NFC

“click”

“tap”

All Rights Reserved | FIDO Alliance | Copyright 2016

21

BLE / NFC Implementations

All Rights Reserved | FIDO Alliance | Copyright 2016

Cool Authentication

22

Voice + FacePalm Recognition

Iris Recognition PIN + Mini jack

All Rights Reserved | FIDO Alliance | Copyright 2016

23

TIPS FOR RELYING PARTIES

All Rights Reserved | FIDO Alliance | Copyright 2016

24

Key Considerations• FIDO® Certified

• Out-of-the-box interoperability• Broad ecosystem of authenticators and devices

• Open Source Implementations• Exist for both UAF and U2F• Great for prototyping and small deployments

• Include FIDO in your RFP• The simple way to ask for secure authentication

All Rights Reserved | FIDO Alliance | Copyright 2016

25

Deploying: Authentication

All Rights Reserved | FIDO Alliance | Copyright 2016

Deploying: Second Factor

Original DB

Original Database

user_id Password#

JohnDoe 4^hfd;`gpo

U2F Database

U2F DB

Relation

Relying Party

user_id Meta U2F Data

JohnDoe Yubico, Security Key, USB

key handle, public key, certificate

JohnDoeYubico, YubiKey

NEO, USB + NFC key handle, public key, certificate

John Doe Yubico, Mobile app

key handle, public key, certificatediagram provided by:

• Average time to integrate: < 1 week

• Stats from Google Deployment:

• 4x faster login• Significant fraud reduction• 40% support reduction

All Rights Reserved | FIDO Alliance | Copyright 2016

27

TIPS FOR PRODUCT IMPLEMENTERS

All Rights Reserved | FIDO Alliance | Copyright 2016

28

The Value of Ecosystem

All Rights Reserved | FIDO Alliance | Copyright 2016

29

The Value of Certification

All Rights Reserved | FIDO Alliance | Copyright 2016

Higher Quality

Deployment Ready

Interoperability

Market Ready

30

Getting the Most from Certification

• Remember to use your FIDO Certified logo!• Tradeshows, websites, product briefs, etc.

• Being a member has its privileges• Connect with RPs at plenaries, networking events, etc.• Certification discounts• Early access to specifications = first mover advantage

All Rights Reserved | FIDO Alliance | Copyright 2016

31

Getting Started• Register for Self-Conformance Test Tool Access : https

://fidoalliance.org/test-tool-access-request/ • For UAF, you will need to complete both automated and manual testing• UAF Authenticators only will need a Vendor ID: http://fidoalliance.org/vendor-id-request/

• Complete Self-Conformance Testing at least two weeks prior to interoperability event. • Elect to Participate in Pre-Testing in the two weeks prior to the interoperability event

(recommended)• Register for the next interoperability event to be held in Korea :

https://fidoalliance.org/interop-registration/

• Next Interoperability Event Host: CrucialTec (Korea)

• August 30 – 31, 2016: UAF• September 1, 2016: U2F

All Rights Reserved | FIDO Alliance | Copyright 2016

32

Next Steps

All Rights Reserved | FIDO Alliance | Copyright 2016

https://fidoalliance.org/certification/

33

QUESTIONS?

All Rights Reserved | FIDO Alliance | Copyright 2016