Post on 14-Apr-2017
FIDO CERTIFICATION:VALIDATING THE NEXT GENERATION OF STRONGER, SIMPLER AUTHENTICATION
Steve Wilson, Ramesh Kesanupalli, Adam Powers
All Rights Reserved | FIDO Alliance | Copyright 2016
2All Rights Reserved | FIDO Alliance | Copyright 2016
Agenda• Welcome• The Importance of Interoperability• FIDO Certification Program Overview
• Highlights from Year One• What’s New with the Program
• Implementation Highlights• Getting Certified• Q & A
3All Rights Reserved | FIDO Alliance | Copyright 2016
The Importance of Interoperability
STEVE WILSONVice President and Principal Analyst, Constellation Research
Physical-to-digital identity
User Management
Authentication
Federation
SingleSign-On
Passwords Risk-BasedStrong
MODERNAUTHENTICATION
FIDO Scope
5All Rights Reserved | FIDO Alliance | Copyright 2016
PROGRAM OVERVIEWRamesh Kesanupalli, FIDO Visionary & Founder Nok Nok
Labs
6All Rights Reserved | FIDO Alliance | Copyright 2016
Certification Goals• Enable implementations to be
identified as officially FIDO certified• Ensure interoperability between FIDO
officially recognized implementations• Promote the adoption of the FIDO
ecosystem
7All Rights Reserved | FIDO Alliance | Copyright 2016
Certification Overview• Available to both members and non-members• Four steps to certification
8All Rights Reserved | FIDO Alliance | Copyright 2016
Deployments are enabled by 150+ 200+ FIDO® Certified
productsavailable today
9All Rights Reserved | FIDO Alliance | Copyright 2016
10All Rights Reserved | FIDO Alliance | Copyright 2016
Certification Growth
Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16
151
62
32
6274
108
159
213TOTA
L
OEMs Now Shipping FIDO Certified Devices
S5, Mini Alpha Note 4,5 Note Edge Tab S, Tab S2
S6,S6 Edge
S7,S7 Edge
VerneeThor
Aquos Zeta Xperia Z5
Xperia Z5 Compact
Xperia Z5 Premium
Mate 8
V10
G5
Phab2 Pro
Phab2
PlusZ2, Z2
ProArrows
NXArrows
FitArrows
TabAll Rights Reserved | FIDO Alliance | Copyright 2016
12All Rights Reserved | FIDO Alliance | Copyright 2016
FIDO Applications Now Run on iOS 9
iPhone 5s iPhone 6, 6+
iPad Air 2, Mini 3
iPhone 6s, 6s+
iPad Mini 4 iPad Pro
Supported iOS Fingerprint Devices
13All Rights Reserved | FIDO Alliance | Copyright 2016
WHAT’S NEW WITH THE CERTIFICATION PROGRAMAdam Powers, Director of Technology, FIDO Alliance
14
BLE• 2014: USB• 2015: NFC• 2016: BLE
• Bluetooth Smart authenticators, based on new U2F BLE specification
• One-click authentication• U2F support for iOS
+All Rights Reserved | FIDO Alliance | Copyright 2016
15
On Demand Testing Overview
On Demand Testing
Virtual
Shipped
In-Person
ConfidentialFIDO Alliance | Confidential | All Rights Reserved | Copyright
2016
• Existing Process – Interop Testing• Interop every 90 days• Plan ahead! May impact product schedules…
• New Process – On Demand Testing• Pick your testing date from a calendar• Servers: remote / virtual testing• Authenticators: ship device or in-person
testing• Convenience and fast turn-around
Upcoming Certification Programs• Security Certification
• Third-party lab security testing• Ensure authenticators are secure against at-scale
and targeted attacks• Biometric Certification
• Biometric neutral third-party biometric testing• Ensure levels of False Accept Rate (FAR) and
resistance to predefined presentation attacks• New Specification Releases
• Stay tuned for more details…
16All Rights Reserved | FIDO Alliance | Copyright 2016
18All Rights Reserved | FIDO Alliance | Copyright 2016
Korean Market Growth• Most markets seeing
healthy growth…• Huge spike in Korean
certifications in 2016
Sept-15 Dec-15 Mar-16 May-163
16
55
73
Cool Authentication
22
Voice + FacePalm Recognition
Iris Recognition PIN + Mini jack
All Rights Reserved | FIDO Alliance | Copyright 2016
24
Key Considerations• FIDO® Certified
• Out-of-the-box interoperability• Broad ecosystem of authenticators and devices
• Open Source Implementations• Exist for both UAF and U2F• Great for prototyping and small deployments
• Include FIDO in your RFP• The simple way to ask for secure authentication
All Rights Reserved | FIDO Alliance | Copyright 2016
Deploying: Second Factor
Original DB
Original Database
user_id Password#
JohnDoe 4^hfd;`gpo
U2F Database
U2F DB
Relation
Relying Party
user_id Meta U2F Data
JohnDoe Yubico, Security Key, USB
key handle, public key, certificate
JohnDoeYubico, YubiKey
NEO, USB + NFC key handle, public key, certificate
John Doe Yubico, Mobile app
key handle, public key, certificatediagram provided by:
• Average time to integrate: < 1 week
• Stats from Google Deployment:
• 4x faster login• Significant fraud reduction• 40% support reduction
All Rights Reserved | FIDO Alliance | Copyright 2016
29
The Value of Certification
All Rights Reserved | FIDO Alliance | Copyright 2016
Higher Quality
Deployment Ready
Interoperability
Market Ready
30
Getting the Most from Certification
• Remember to use your FIDO Certified logo!• Tradeshows, websites, product briefs, etc.
• Being a member has its privileges• Connect with RPs at plenaries, networking events, etc.• Certification discounts• Early access to specifications = first mover advantage
All Rights Reserved | FIDO Alliance | Copyright 2016
31
Getting Started• Register for Self-Conformance Test Tool Access : https
://fidoalliance.org/test-tool-access-request/ • For UAF, you will need to complete both automated and manual testing• UAF Authenticators only will need a Vendor ID: http://fidoalliance.org/vendor-id-request/
• Complete Self-Conformance Testing at least two weeks prior to interoperability event. • Elect to Participate in Pre-Testing in the two weeks prior to the interoperability event
(recommended)• Register for the next interoperability event to be held in Korea :
https://fidoalliance.org/interop-registration/
• Next Interoperability Event Host: CrucialTec (Korea)
• August 30 – 31, 2016: UAF• September 1, 2016: U2F
All Rights Reserved | FIDO Alliance | Copyright 2016
32
Next Steps
All Rights Reserved | FIDO Alliance | Copyright 2016
https://fidoalliance.org/certification/