New Directions forAuthentication & Identification 1 New Directions forAuthentication &...
Transcript of New Directions forAuthentication & Identification 1 New Directions forAuthentication &...
104/29/15
New Directions
for Authentication & Identification
FIDO, PKI and beyond
11th of May 2015,
FIDO Seminar, Dublin
Dr. Kim Nguyen | Managing Director, D-TRUST GmbH
204/29/15
Agenda
1
2
FIDO Next Generation Authentication
FIDO and beyondAdding Identification to Authentication
304/29/15
FIDO Next generation authentication
InternetServices
Component & Device Vendors
Software & Stacks
Building a
TRUSTED ECOSYSTEM
404/29/15
FIDO and PKI?
504/29/15
Establishing Trust – Four Dimensions
FIDOTRUSTED
Protocols
11
TRUSTED
Key Storage
22
TRUSTED
Ecosystem
33
TRUSTED
Personalization
44
604/29/15
FIDO and beyond -
joining authentication and identification.
704/29/15
Authentication and Identification
804/29/15
Authentication and Identification worlds
Typically, no interaction between these two worlds.
„Proprietary“ authentication systemse.g. usernames/passwords, AppleID, token...
Governmental eID Solutionswith officially verified ID
-
904/29/15
Bridging the worlds
Bridging the world offers advantages for users and relying parties.
„Proprietary“ authentication systemse.g. usernames/passwords, AppleID, token...
Governmental eID Solutionswith officially verified ID
+
1004/29/15
Layered Authentication/Identification model for FIDO and PKI
PKI…
PKI
Token + Certificate
uaf
Token + PIN/Biometrics
u2f
Token only
Different levels
of identification possible
Recognition,
user consent, identification
Recognition with user consent
but without identification
Recognition
without identification
Asc
endin
gle
velof
co
mp
ex
ity
Asc
endin
gle
velof
ide
nti
fica
tio
n
1104/29/15
The Solution The Token
FIDOenabled
PKI/IDenabled
ONE TOKEN
TWO WORLDS
1204/29/15
The Solution The Token
1304/29/15
Use cases
Identification
Authentication
PKI based signing/Encryption/ID provisioning
Authentification using FIDO
Post issuance of PKI cert/Federation ID
1404/29/15
Two interesting migration scenarios
Move an existing PKI ecosystem to a PKI/ID + FIDOecosystem.
Move an existing FIDO ecosystem to a FIDO + PKI/IDecosystem.
PKIPKI
FIDOFIDO
1504/29/15
Summary
1
2
FIDO offers a new userfriendly approach toauthentication – FIDO is the future.
3
Trust in FIDO mechanism will rely both on trustinto the token as well as in the ecosystem.
4
FIDO can be combined easily with (PKI/ID based) identification mechanisms – bridging two worlds.
Switch from device to user centric approach is vital –the success will largely depend on this!
1604/29/15
Summary
Thank you very much for your attention.
1704/29/15
Note: This presentation is property of Bundesdruckerei GmbH. All content – including exerpts –
may not be reproduced, divulged or published without the permission of Bundesdruckerei.
Copyright 2014 by Bundesdruckerei GmbH.
Disclaimer
Dr. Kim Nguyen
E-Mail: [email protected]