104/29/15

New Directions

for Authentication & Identification

FIDO, PKI and beyond

11th of May 2015,

FIDO Seminar, Dublin

Dr. Kim Nguyen | Managing Director, D-TRUST GmbH

204/29/15

Agenda

1

2

FIDO Next Generation Authentication

FIDO and beyondAdding Identification to Authentication

304/29/15

FIDO Next generation authentication

InternetServices

Component & Device Vendors

Software & Stacks

Building a

TRUSTED ECOSYSTEM

404/29/15

FIDO and PKI?

504/29/15

Establishing Trust – Four Dimensions

FIDOTRUSTED

Protocols

11

TRUSTED

Key Storage

22

TRUSTED

Ecosystem

33

TRUSTED

Personalization

44

604/29/15

FIDO and beyond -

joining authentication and identification.

704/29/15

Authentication and Identification

804/29/15

Authentication and Identification worlds

Typically, no interaction between these two worlds.

„Proprietary“ authentication systemse.g. usernames/passwords, AppleID, token...

Governmental eID Solutionswith officially verified ID

-

904/29/15

Bridging the worlds

Bridging the world offers advantages for users and relying parties.

„Proprietary“ authentication systemse.g. usernames/passwords, AppleID, token...

Governmental eID Solutionswith officially verified ID

+

1004/29/15

Layered Authentication/Identification model for FIDO and PKI

PKI…

PKI

Token + Certificate

uaf

Token + PIN/Biometrics

u2f

Token only

Different levels

of identification possible

Recognition,

user consent, identification

Recognition with user consent

but without identification

Recognition

without identification

Asc

endin

gle

velof

co

mp

ex

ity

Asc

endin

gle

velof

ide

nti

fica

tio

n

1104/29/15

The Solution The Token

FIDOenabled

PKI/IDenabled

ONE TOKEN

TWO WORLDS

1204/29/15

The Solution The Token

1304/29/15

Use cases

Identification

Authentication

PKI based signing/Encryption/ID provisioning

Authentification using FIDO

Post issuance of PKI cert/Federation ID

1404/29/15

Two interesting migration scenarios

Move an existing PKI ecosystem to a PKI/ID + FIDOecosystem.

Move an existing FIDO ecosystem to a FIDO + PKI/IDecosystem.

PKIPKI

FIDOFIDO

1504/29/15

Summary

1

2

FIDO offers a new userfriendly approach toauthentication – FIDO is the future.

3

Trust in FIDO mechanism will rely both on trustinto the token as well as in the ecosystem.

4

FIDO can be combined easily with (PKI/ID based) identification mechanisms – bridging two worlds.

Switch from device to user centric approach is vital –the success will largely depend on this!

1604/29/15

Summary

Thank you very much for your attention.

1704/29/15

Note: This presentation is property of Bundesdruckerei GmbH. All content – including exerpts –

may not be reproduced, divulged or published without the permission of Bundesdruckerei.

Copyright 2014 by Bundesdruckerei GmbH.

Disclaimer

Dr. Kim Nguyen

E-Mail: k.nguyen@d-trust.net