EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Similar documents
EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Who What Why

FIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies

A NEW MODEL FOR AUTHENTICATION

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

FIDO TECHNICAL OVERVIEW. All Rights Reserved FIDO Alliance Copyright 2018

FIDO ALLIANCE: UPDATES & OVERVIEW BRETT MCDOWELL EXECUTIVE DIRECTOR. All Rights Reserved FIDO Alliance Copyright 2017

THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

Internet is Global. 120m. 300m 1.3bn Users. 160m. 300m. 289m

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP

Next Gen Security Technologies for Healthcare Authentication

More than just being signed-in or signed-out. Parul Jain, Architect,

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

Addressing Credential Compromise & Account Takeovers: Bearersensitive. Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19

ADOPTING FIDO SearchSecurity

Breaking FIDO Yubico. Are Exploits in There?

TECHNICAL WHITE PAPER FIDO APPROACHES: NOK NOK LABS S3 SUITE VS BUILD YOUR OWN FIDO

BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

EMERGING TRENDS AROUND AUTHENTICATION

FIDO & PSD2. Providing for a satisfactory customer journey. April, Copyright 2018 FIDO Alliance All Rights Reserved.

ICE CLEAR EUROPE DMS GLOBAL ID CREATION USER GUIDE VERSION 1.0

Authentication Technology for a Smart eid Infrastructure.

SurePassID ServicePass User Guide. SurePassID Authentication Server 2017

Dissecting NIST Digital Identity Guidelines

Prof. Christos Xenakis

Prof. Christos Xenakis

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

ITU-T SG 17 Q10/17. Trust Elevation Frameworks

BlackBerry Enterprise Identity

We Believe: The market will soon require:

Installation Guide for Android Revision v4.02, November 29th 2016

EPCS stands for Electronic Prescribing of Controlled Substances.

Duo End User Education Templates

Paystar Remittance Suite Tokenless Two-Factor Authentication

A privacy-preserving authentication service using mobile devices

Enterprise Adoption Best Practices

How Next Generation Trusted Identities Can Help Transform Your Business

RHS EPCS Webinar 1 of 3

Authentication Work stream FIGI Security Infrastructure and Trust Working Group. Abbie Barbir, Chair

TRUE PASSWORD-LESS SECURITY

Duo Security Enrollment Guide

Secure Authentication for Internet environment using Biometric and One-Time Password

Humanistic Multi-Factor Authentication (MFA) Why We Don't Use MFA

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

CONVENIENCE & SECURITY ARE THE KEYS TO SUCCESS NOW - SUBJECT TO THE SMART AUTHENTICATION. Kelly Ng Co-Founder

DIGIPASS SecureClick User manual

Architecture Assessment Case Study. Single Sign on Approach Document PROBLEM: Technology for a Changing World

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Rethinking Authentication. Steven M. Bellovin

Authlogics for Azure and Office 365

HIPAA Compliance discussion

AS emas emudhra Authentication Solution

User Guide: Adding a Device in Duo and Managing Settings

Mobile Biometric Authentication: Pros and Cons of Server and Device-Based

Cloud sicherung durch Adaptive Multi-factor Authentication

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Password-less protection. Reduce your risk exposure with password alternatives

Using Biometric Authentication to Elevate Enterprise Security

Mobile Devices prioritize User Experience

Contents. Multi-Factor Authentication Overview. Available MFA Factors

DTB Multicurrency Prepaid Card Guide

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA

CNT4406/5412 Network Security

Digital Identity Guidelines aka NIST SP March 1, 2017 Ken Klingenstein, Internet2

FIDO Alliance Response to the European Banking Authority (EBA)

Lecture 14 Passwords and Authentication

Digital Identity Trends in Banking

Getting Started with Duo Security Two-Factor Authentication (2FA)

epass FIDO -NFC PRODUCT MANUAL

Azure Multi-Factor Authentication: Who do you think you are?

Integrated Access Management Solutions. Access Televentures

A REVIEW ON SECURITY OF GOOGLE S INFRASTRUCTURE & DATA STORAGE

INSTRUCTIONS FOR CREATING YOUR FBBE ACCOUNT

Google on BeyondCorp: Empowering employees with security for the cloud era

Introduction of the Identity Assurance Framework. Defining the framework and its goals

Using CSE Cisco Anyconnect with 2FA

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Password-less Strong Authentication

MICROSOFT (MS) INTUNE IOS/ANDROID DEVICE ENROLLMENT

Defeating the Secrets of OTP Apps

Choosing the right two-factor authentication solution for healthcare

PKI is Alive and Well: The Symantec Managed PKI Service

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

IMPROVING MOBILE AUTHENTICATION FOR PUBLIC SAFETY AND FIRST RESPONDERS

What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security 3/20/18

Innovative Authentication method for boosting Mobile Connect global roll-out

<Partner Name> <Partner Product> RSA SECURID ACCESS. NetMove SaAT Secure Starter. Standard Agent Client Implementation Guide

Keeping your VPN protected. proven. trusted.

SOFTWARE DEMONSTRATION

Mobile Identity as key enabler for the Digital Consumer

Samsung Pay Frequently Asked Questions

Modern two-factor authentication: Easy. Affordable. Secure.

Transcription:

1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

2 Data Breaches are out of control

3 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach

4 We have a PASSWORD PROBLEM

5 TOO MANY TO REMEMBER, DIFFICULT TO TYPE, AND TOO VULNERABLE Re-used Phished Keylogged

6 Adding more authentication has largely been rejected by users

7 ONE-TIME PASSCODES Improve security but aren t easy enough SMS Reliability Token Necklace Poor User Experience Still Phishable

8 WE NEED A NEW MODEL Fast IDentity Online

9 THE OLD PARADIGM OTP 2FA Passwords PINs SECURITY USABILITY

10 THE FIDO PARADIGM SECURITY Weak Strong OTP 2FA Passwords PINs Poor Good USABILITY

10 Single Sign-On Federation MODERN AUTHENTICATION Authentication Passwords Strong Risk-Based User Management Physical-to-digital identity 11

12 HOW DOES FIDO WORK? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR

13 Passwordless Experience (FIDO UAF Standards) 1 2 3 $10,000 Success Transfer Now Transaction Detail User Authentication Done Second Factor Experience (FIDO U2F Standards) 1 2 Success 3 Login & Password Insert dongle Press Button Done

14 Fido Registration 1 2 3 User Approval New Key Created Registration Begins 4 Key Registered using Public Key Cryptography

15 Fido Login 1 2 3 Login Challenge Key Selected Login User Approval 4 Login Complete Login Response using Public Key Cryptography

16 online authentication using public key cryptography

17 THE BUILDING BLOCKS FIDO USER DEVICE BROWSER/APP RELYING PARTY WEB SERVER FIDO CLIENT TLS Server Key FIDO SERVER FIDO UPDATE ASM FIDO AUTHENTICATOR Cryptographic authentication key reference DB Authenticator Metadata & attestation trust store Authentication keys Attestation keys METADATA SERVICE

18 ATTESTATION & METADATA Signed Attestation Object Verify using trust anchor Included in Metadata FIDO Authenticator FIDO Server Metadata Understand Authenticator security characteristic by looking into Metadata (and potentially other sources)

19 FIDO UNIVERSAL 2 ND FACTOR Is a user present? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR Same authenticator as registered before?

20 Step 1 U2F AUTHENTICATION DEMO EXAMPLE

21 Step 2 U2F AUTHENTICATION DEMO EXAMPLE

22 Step 3 U2F AUTHENTICATION DEMO EXAMPLE

23 Step 4 U2F AUTHENTICATION DEMO EXAMPLE +Bob

24 FIDO UNIVERSAL AUTHENTICATION FRAMEWORK UAF Same User as enrolled before? Same Authenticator as registered before? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR

25 STEP 1 UAF AUTHENTICATION DEMO EXAMPLE

26 STEP 2 UAF AUTHENTICATION DEMO EXAMPLE

27 STEP 3 UAF AUTHENTICATION DEMO EXAMPLE

28 STEP 4 UAF AUTHENTICATION DEMO EXAMPLE

29 USABILITY, SECURITY and PRIVACY

30 No 3rd Party in the Protocol No Secrets on the Server side Biometric data (if used) never leaves device No link-ability between Services or Accounts

31 Better Security for online services Reduced cost for the enterprise Simple & Safe for consumers

32 The FIDO Alliance is an open association of more than 180 diverse member organizations

33 Online Services Chip Providers Device Providers Biometrics Vendors Enterprise Servers Platform Providers Board Members

34 FIDO TIMELINE FIDO 1.0 FINAL Specification FIDO Ready Program Specification Review Draft First UAF & U2F Deployments Alliance Announced FEB 2013 (6 Members) DEC 2013 (59 Members) FEB 2014 (84 Members) FEB-OCT 2014 (129 Members) DEC 9 2014 (152 Members)

35 News from the front The significance of early 2015 announcements

36 Windows used by 1.5 billion users Windows 10 in 190 countries by Q3 Free upgrade FIDO in Windows 10

37 First healthcare deployment Physician access to health records up to 50 million Healthcare users FIDO in Healthcare

38 PayPal continues FIDO enablement in improved mobile wallet app. Google has FIDO in Chrome and 2-Step Verification. Samsung adds touch to Galaxy S6 and ships FIDO on all Galaxy devices 2014 Deployments

39 A range of FIDO PRODUCTS is now available

40 Online Services Chip Providers Device Providers Biometrics Technology Providers Implementing 1.0 Specifications (this is only a subset of active implementations) Enterprise Servers Open Source Mobile Apps/Clients WWW Browsers

41 JOIN THE FIDO ALLIANCE

42 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback