FIDO: The Value of Certification

Executive Director and Chief Marketing Officer of FIDO Alliance, Andrew Shikiar updates viewers on the State of FIDO.

The document discusses modern authentication and Nok Nok Labs' role in pioneering this area. It notes that Nok Nok Labs invented modern authentication, founded and led the FIDO Alliance, and has deployed authentication solutions for major markets. The document promotes the benefits of leveraging modern authentication, such as improved customer experience, higher retention and satisfaction, and reduced fraud and costs. It argues that authentication, security, and privacy will be vital for society with the rise of cloud services, IoT, and other technologies.

1) LINE is replacing existing biometric authentication with FIDO2 authentication in their mobile payment app LINE Pay to enhance security following payment fraud incidents. 2) They plan to expand FIDO integration to more LINE platforms and countries starting with the iOS version of LINE Pay in Japan. 3) LINE has developed their own FIDO authenticator called LINE iOS FIDO2 Combo which leverages the iPhone's Touch ID/Face ID and provides attestation through a trusted security module and whitebox abstraction layer.

A look at trends in consumer authentication, including the growth of FIDO Authentication and how it complements adaptive authentication.

This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.

The document discusses mobile authentication and the growing market for connected devices. It summarizes Nok Nok Labs' solutions for securely authenticating users and devices using biometrics on mobile phones. Nok Nok Labs has provided mobile authentication solutions for major companies in financial services, IoT security, and mobile carriers to replace passwords with stronger authentication methods. The document highlights case studies of deployments and strategic partnerships with companies seeking more secure authentication for their customers and devices.

KuppingerCole Analyst, Anmol Singh, explores the current trends for consumer authentication in Asia Pacific.

This document discusses authentication methods used in Hong Kong, including two-factor authentication (2FA). It summarizes how the FIDO standard fits well with Hong Kong's requirements, having been adopted by several banks and other organizations. The document also outlines some lessons learned from implementing FIDO in Hong Kong, including the need for broad handset support. It explores how FIDO could be expanded to other uses beyond authentication.

The document discusses the problems with password-based authentication and introduces FIDO authentication as a solution. It summarizes that FIDO authentication uses public key cryptography to allow users to authenticate with a single gesture on their device, without needing shared secrets or passwords. FIDO authentication is being adopted by major companies and specifications are standardized, with over 500 authenticators certified for compatibility and security. The presentation promotes FIDO as the future of secure, usable authentication.

Millions of customers trust Intuit with their most sensitive financial information. With that in mind, Intuit recently rolled out FIDO Authentication on its mobile apps to provide additional layers of security while simultaneously making the user experience more convenient. In this webinar, Marcio Mello, director & head of Product Management – Intuit Identity & Profile Platform, presents Intuit’s approach to enable FIDO Authentication, including: Intuit’s priorities in choosing a mobile strong authentication solution --The steps Intuit took to evaluate strong authentication solutions that met its security and usability requirements --Intuit’s evaluation of FIDO authentication vendors and solution chosen --The steps Intuit took to roll out FIDO Authentication, challenges faced and how they were overcome --Intuits login time and security results after deploying FIDO --Intuit’s advice for other service providers deploying FIDO Speakers: Marcio Mello, Director & Head of Product Management – Intuit Identity & Profile Platform Andrew Shikiar, Executive Director & CMO, FIDO Alliance

This document discusses passwordless authentication using FIDO implementations. It provides a baseline study examining FIDO U2F deployments across different platforms and products. The study found a lack of consistent terminology, authentication methods, and browser support across services. Consistent user experiences are important for consumer adoption of passwordless authentication. The solution needs to be more convenient than passwords while providing security that consumers understand and value.

The document discusses technical principles of FIDO authentication. It provides an overview of how FIDO works, including the FIDO ecosystem with authenticators, clients, servers and relying parties. It also summarizes the FIDO registration and authentication processes, which separate user verification from authentication through the use of public and private keys.

The document discusses how governments are increasingly prioritizing strong authentication and looking to standards like FIDO to provide more secure, usable and privacy-preserving authentication. It notes that the UK and US governments have highlighted FIDO and endorsed its ability to deliver improved security without passwords. The document also discusses how authentication is an area of regulatory focus due to compliance needs around privacy, security and access across domains like digital government, healthcare, payments and financial services. It argues that FIDO specifications address regulatory needs by providing nimble, configurable and cost-effective strong authentication.

- FIDO2 is a passwordless authentication standard that uses public key cryptography instead of passwords - It involves an initial registration process where a public/private key pair is created and the public key is associated with the user's account - Authentication then involves validating the signature from the private key without exposing any secrets - FIDO2 supports various form factors beyond USB keys like mobile devices and provides stronger security than passwords

This document discusses lifecycle considerations for security key deployments. It covers account registration, device registration, and account recovery. For account recovery, it recommends using multiple security keys to allow for self-recovery. It also recommends expanding existing identity proofing mechanisms used during initial registration to be used during account recovery. The document discusses both self-service and assisted account recovery options.

This document summarizes a study that compared the performance of different multimodal biometric authentication methods using face and fingerprint data. 771 participants provided biometric data that was categorized as "good" or "bad" quality based on capture conditions. Error rates and usability metrics like average attempts were then calculated for different fusion rules (AND, OR, parallel, serial) and compared to FIDO standards. The results showed that AND and parallel fusion met FIDO certification requirements for both good and bad quality data, while other methods only met requirements for good data. Overall, multimodal biometrics improved performance over unimodal approaches.

A case study from FIDO Member, Yubico, exploring a partnership with NIST to deploy secure online access for a US school district integrating ID proofing with FIDO U2F Authentication.

This document discusses quality control for medical device software. It covers: 1) Regulations that govern medical device software from standards organizations like the FDA and IEC. 2) The V-model process for requirements, design, verification, and validation. 3) The importance of verification and validation, including static and dynamic testing, to ensure the software meets requirements and functions as intended.

The document outlines the need for companies to establish product security programs to address increasing demands and regulations. It recommends that product security programs include governance, a secure development lifecycle, production security, and security operations. Key elements are identified for each phase like threat analysis and risk assessments for development; secure boot, encryption, and firewalls for production; and over-the-air updates and a security operations center for operations. Considerations for prioritization include applicable standards, customer demands, and using security as a competitive differentiator.

1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators. 2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices. 3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.

This document summarizes an on-demand software and application security assessment service that identifies security risks and vulnerabilities in software code and applications. It conducts both static analysis of binary code and dynamic testing of applications to determine compliance with security standards. The service is offered to help software vendors, system integrators, and development organizations evaluate the security of their applications in a timely and cost-effective manner without requiring access to source code.