SYS-CON MEDIA Authors: Carmen Gonzalez, Sean Houghton, Glenn Rossman, Ignacio M. Llorente, Xenia von Wedel

News Feed Item

FIDO Alliance Opens Technology for First Public Review to an Industry Desperate for Simpler, Stronger Authentication

The FIDO Alliance Marks 1st Anniversary by Publishing Review Draft Specifications as Membership Nears 100

MOUNTAIN VIEW, CA -- (Marketwired) -- 02/11/14 -- The FIDO (Fast IDentity Online) Alliance (http://www.fidoalliance.org/), an open industry consortium delivering standards for simpler, stronger authentication, achieved a historic milestone today by releasing its first public review draft technology specifications. These open technologies have been collaboratively developed by a rapidly increasing number of the most innovative companies in the world to enable simpler, stronger authentication to scale in the market.

The Q1 2013 Forrester Wave™: Enterprise Fraud Management asserts the online services industry is seeing upwards of $200B in annual losses from password breaches and related hacks that exploit the vulnerabilities inherent in single-factor password systems. According to the Verizon 2013 Network Investigations Data Breach Report, 76 percent of network intrusions exploit weak or stolen credentials. According to Gartner, 20 to 50 percent of all help desk calls are for password resets. Forrester Research estimates help desk labor cost at $70 per password reset*. In Mobile Consumer Insights, Jumio reports that 68 percent of smartphone and tablet owners have attempted to make purchases on their device. Due to problems during the payment process, 66 percent of that group abandon transactions, and 47 percent of these said they abandoned transactions that took too long. Upon its first-year anniversary, the FIDO Alliance demonstrates momentum that attests to pent-up demand for simpler, stronger authentication that must scale, as only open industry standards can deliver.

"It is with pride that the FIDO Alliance releases the review draft specifications to the public today, before our first anniversary of starting the long overdue revolution in authentication. Congratulations to our members for their insights, expertise, and tireless dedication to delivering better authentication that is more secure, private and easier-to-use than prevailing password schemas," said FIDO Alliance president, Michael Barrett. "With today's public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises. Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies."

The FIDO Alliance also announces that its membership is approaching 100 strong, with Aetna, ARM, Dell, Discretix, IdentityX, Netflix, Next Biometrics, Oesterreichische Staatsdruckerei GmbH, Salesforce, SafeNet, Sonavation, STMicroelectronics, and Wave Systems being among the most recent companies to join as Sponsor members of the Alliance. Launched in February 2013 with six founding members, the alliance has grown rapidly with representation from every continent and every industry.

"When I first started discussing the need for a strong authentication protocol with Michael Barrett, Taher Elgamal and others many years ago, we knew we had something big on our hands," said Ramesh Kesanupalli, founder of Nok Nok Labs and FIDO visionary, "and the progress we've seen in a single year in attracting membership and delivering draft specifications signifies the need for a drastic change in the marketplace and a collective determination to accomplish it. As a founding member, Nok Nok Labs is proud to be delivering FIDO Ready solutions based on these new specifications."

FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to today's prevailing reliance on single-factor passwords.

"It is incumbent upon Enterprise IT to begin moving away from the world of basic username/password authentication, and we are excited to join the FIDO Alliance in shaping the future of strong authentication," said Mike D. Kail, VP of IT Operations, Netflix. "We look forward to collaborating with various sectors and industry experts and contributing experience and guidance on best security and authentication practices for Enterprise IT."

The FIDO specifications emphasize a device-centric model that reflects the Alliance's thoughtful dedication to usability, privacy and security. FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as further enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO specifications complement and add value to identity federation. The improved user authentication enabled by FIDO specifications can be federated using existing industry standards such as OpenID and SAML. Committed to core privacy principles, the FIDO Alliance today published a reference whitepaper. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real-world deployment experience.

"Increased awareness of identity protection and the associated complexities of securely authenticating users across diverse devices and environments underscore the need for a universal authentication framework," commented Andrew Young, VP Product Management, Authentication at SafeNet. "To this end, one of the clear advantages of the FIDO approach is that it offers users a consistent experience across multiple services and user devices, a range of multi-factor schemes, and maintains privacy by using distinct authentication keys for different services. The FIDO Alliance, by helping to standardize multi-factor practices, will contribute to the formation of a broader identity framework based on greater trust and better security in both consumer and enterprise environments."

"As a leading provider of trusted identity and authentication networks and sponsor member of FIDO Alliance, SecureKey enthusiastically supports the principles of interoperable, simple and strong authentication for consumer-scale deployments, said Stu Vaeth, VP of Products, SecureKey. We look forward to delivering FIDO Ready solutions based on this specification to our customers and partners, leveraging our briidge.net™ Connect cloud-based authentication service."

"At PayPal the security of our customer's personal and financial information is our top priority, which is why we co-founded the FIDO Alliance," said Brett McDowell, FIDO Alliance vice president, and eBay Inc. Head of Ecosystem Security. "The open standards and best practices we develop in collaboration with other members of the Alliance provide our industry with an interoperable, scalable framework for delivering simpler, stronger authentication to our customers."

FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real world deployment experience.

"IDC Financial Insights believes that most successful financial institutions in 2014 will be those that can deliver an engaging, omnichannel experience for their customers and prospects. Simple, convenient, and strong authentication is the foundation to convenience, and contributes to a channel-less experience for the end-user. The finalization and adoption of the FIDO Alliance draft specifications, shared today, can play an important role in delivering convenience," said Michael Versace, Global Research Director at IDC Financial Insights.

FIDO Alliance members are already developing FIDO Ready™ products and services based on early draft FIDO specifications. In October 2013, The FIDO Alliance began a certification program with FIDO Ready™ branding for implementations passing conformance and interoperability testing to early draft specifications. The 2014 Consumer Electronics Show (CES) revealed the first demonstrations of FIDO Ready products. Members are shaping the marketplace with FIDO specifications already in play in products like FingerQ with FIDO Ready™ components from Synaptics and FIDO Ready products from AGNITiO, Go-Trust, Nok Nok Labs, and Yubico.

FIDO members are featuring FIDO Ready products at this month's Mobile World Congress 2014 (MWC 2014), RSA Security Conference and FIDO Public Forum Event in Palo Alto California. Online Service providers who want to assess FIDO technologies are encouraged to look for the FIDO Ready(tm) certification on vendor implementations. The FIDO Certification program will continue to advance in scope and depth as the specifications mature, while adhering to a core principal of backward compatibility of FIDO infrastructure to ensure ongoing interoperability with all FIDO certified authenticators in the market.

Rob Coombs, Director of Security Marketing, ARM said: "Last year, our partners shipped over ten billion ARM-based microprocessors, the vast majority in internet-enabled devices. With the growing need to connect people and products securely to cloud services it is clear that we need to move beyond passwords for authentication. The FIDO alliance provides an excellent forum for industry to work together to provide a scalable verification architecture that can make the lives of consumers more convenient and help cloud-based services manage risk."

"Discretix' Passwordless and Second Factor User Authentication solutions are hardware-assisted and utilize the device's Trusted Execution Environment. These solutions leverage our expertise in deploying field-proven, mass-market solutions for mobile, particularly on Android devices," said Roni Sasson, Director Product Marketing at Discretix. "Simple and strong authentication is a key enabler for premium mobile services, and Discretix fully endorses the FIDO Alliance's specification and certification initiatives, and we are pleased to be an active contributor."

"As a long-time leader in semiconductors for trust and data security, STMicroelectronics recognizes the value and fully endorses the FIDO Alliance's efforts to develop an open and standardized solution for strong authentication," said Laurent Degauque, Embedded Security Marketing Director. "ST is committed to bringing its security expertise, products and solutions to bear to help the deployment of FIDO-enabled devices."

"FIDO specifications establish an authentication perimeter, so only content by consent can be accessed. As more 'things' proliferate in the Internet of Things (IoT), an authentication perimeter becomes very important to managing our world. Beyond addressing the need for password and PIN alternatives, FIDO authentication flips the model and increases both security and convenience, while ensuring privacy by placing local authentication controls entirely in the hands of the true owner. This control is essential to managing increasingly connected devices as they demand access to our data and personal content," said Tim Bajarin, president, Creative Strategies. "Generating a local signature understood by a remote service that protects both consumer and service provider from unauthorized access to owners and their data is unique. FIDO specifications flip the authentication model from user subjugation to user control with this truly revolutionary capability."

The FIDO Alliance invites all interested organizations to join and contribute their use cases and expertise to these open industry standards that will enable the next generation of authentication to online and cloud services.

About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was launched in February 2013 to address the lack of interoperability amongstrong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

The FIDO Alliance Board of Directors includes leading global organizations: Blackberry®; CrucialTec (KRX: 114120); Discover Financial Services (NYSE: DFS); Google; Lenovo; MasterCard (NYSE: MA); Microsoft (NASDAQ: MSFT); Nok Nok Labs, Inc.; NXP Semiconductors N.V. (NASDAQ: NXPI); Oberthur Technologies OT; PayPal (NASDAQ: EBAY); RSA®; Synaptics (NASDAQ: SYNA); Yubico

*Note: These are widely published, referenced statements. Citations: http://static.helpsystems.com/safestone/pdfs/WP_PasswordSelfHelp.pdf and http://www.mandylionlabs.com/PRCCalc/PRCCalc.htm

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for FIDO Alliance
831-479-1888
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect...
What do a firewall and a fortress have in common? They are no longer strong enough to protect the valuables housed inside. Like the walls of an old fortress, the cracks in the firewall are allowing the bad guys to slip in - unannounced and unnoticed. By the time these thieves get in, the damage is already done and the network is already compromised. Intellectual property is easily slipped out the back door leaving no trace of forced entry. If we want to reign in on these cybercriminals, it's hig...
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will w...
"ElasticBox is an enterprise company that makes it very easy for developers and IT ops to collaborate to develop, build and deploy applications on any cloud - private, public or hybrid," stated Monish Sharma, VP of Customer Success at ElasticBox, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The term culture has had a polarizing effect among DevOps supporters. Some propose that culture change is critical for success with DevOps, but are remiss to define culture. Some talk about a DevOps culture but then reference activities that could lead to culture change and there are those that talk about culture change as a set of behaviors that need to be adopted by those in IT. There is no question that businesses successful in adopting a DevOps mindset have seen departmental culture change, ...
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Ar...
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete...
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from ha...
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, a...
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective ...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using ...
"SAP had made a big transition into the cloud as we believe it has significant value for our customers, drives innovation and is easy to consume. When you look at the SAP portfolio, SAP HANA is the underlying platform and it powers all of our platforms and all of our analytics," explained Thorsten Leiduck, VP ISVs & Digital Commerce at SAP, in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.