EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

1 Data Breaches are out of control

2 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach 3 We have a PASSWORD PROBLEM

4 TOO MANY TO REMEMBER, DIFFICULT TO TYPE, AND TOO VULNERABLE

Re-used Phished Keylogged

5 Adding more authentication has largely been rejected by users

6 ONE-TIME PASSCODES Improve security but aren’t easy enough

SMS Token Poor User Still Reliability Necklace Experience Phishable

7 WE NEED A NEW MODEL Fast IDentity Online 8 THE OLD PARADIGM OTP Passwords PINs 2FA

SECURITY USABILITY

9 ™ SECURITY Strong OTP THE FIDO 2FA PARADIGM

Passwords PINs Weak

Poor Good USABILITY

10 Single Sign-On MODERN AUTHENTICATION Federation

Passwords Strong Risk-Based Authentication

User Management

Physical-to-digital identity

11

10 HOW DOES FIDO WORK?

USER VERIFICATION FIDO AUTHENTICATION

AUTHENTICATOR

12 Passwordless Experience (FIDO UAF Standards) Success 1 2 3

$10,000

Transfer Now

Transaction Detail User Authentication Done

Second Factor Experience (FIDO U2F Standards) Success 1 2 3

Login & Password Insert dongle Done Press Button

13 Fido Registration

1 2 3

User Approval New Key Created

Registration Begins

4

Key Registered using Public Key Cryptography

14 Fido Login

1 2 3

Login Challenge Key Selected

Login User Approval

4

Login Complete Login Response using Public Key Cryptography

15 online authentication using public key cryptography

16 THE BUILDING BLOCKS

FIDO USER DEVICE RELYING PARTY

BROWSER/APP WEB SERVER

TLS Server Key FIDO CLIENT FIDO SERVER

FIDO UPDATE

ASM

FIDO AUTHENTICATOR Cryptographic Authenticator authentication Metadata key & attestation reference DB trust store

Authentication Attestation keys keys METADATA SERVICE

17 ATTESTATION & METADATA

Verify using Signed trust anchor Attestation Included in Object Metadata

FIDO FIDO Server Metadata Authenticator

Understand Authenticator security characteristic by looking into Metadata (and potentially other sources)

18 FIDO UNIVERSAL 2ND FACTOR

Is a user present?

USER VERIFICATION FIDO AUTHENTICATION

AUTHENTICATOR

Same authenticator as registered before?

19 Step 1 U2F AUTHENTICATION DEMO EXAMPLE

20 Step 2 U2F AUTHENTICATION DEMO EXAMPLE

21 Step 3 U2F AUTHENTICATION DEMO EXAMPLE

22 Step 4 U2F AUTHENTICATION DEMO EXAMPLE

+Bob

23 FIDO UNIVERSAL AUTHENTICATION FRAMEWORK UAF

Same User Same as enrolled Authenticator before? as registered before?

USER VERIFICATION FIDO AUTHENTICATION

AUTHENTICATOR

24 STEP 1 UAF AUTHENTICATION DEMO EXAMPLE

25 STEP 2 UAF AUTHENTICATION DEMO EXAMPLE

26 STEP 3 UAF AUTHENTICATION DEMO EXAMPLE

27 STEP 4 UAF AUTHENTICATION DEMO EXAMPLE

28 USABILITY, SECURITY and PRIVACY

29 No 3rd Party in the Protocol

No Secrets on the Server side

Biometric data (if used) never leaves device

No link-ability between Services or Accounts

30 Better Security for online services Reduced cost for the enterprise Simple & Safe for consumers

31 The FIDO Alliance is an open association of more than 180 diverse member organizations

32  Online Services  Chip Providers  Device Providers  Biometrics Vendors  Enterprise Servers  Platform Providers

Board Members

33 FIDO TIMELINE

FIDO 1.0 FINAL Specification First UAF & U2F Deployments Specification FIDO Ready Review Draft Program Alliance Announced

FEB DEC FEB FEB-OCT DEC 9 2013 2013 2014 2014 2014 (6 Members) (59 Members) (84 Members) (129 Members) (152 Members)

34 News from the front

The significance of early 2015 announcements

35  Windows used by 1.5 billion users  Windows 10 in 190 countries by Q3  Free upgrade

FIDO in Windows 10

36  First healthcare deployment  Physician access to health records  up to 50 million Healthcare users

FIDO in Healthcare

37  PayPal continues FIDO enablement in improved mobile wallet app.  Google has FIDO in Chrome and 2-Step Verification.  Samsung adds touch to Galaxy® S6 and ships FIDO on all Galaxy® devices

2014 Deployments

38 A range of FIDO PRODUCTS is now available

39 Online Services

Chip Providers

Device Providers

Biometrics Technology Providers

Implementing 1.0 Specifications (this is only a subset of active implementations)

Enterprise Servers

Open Source

Mobile Apps/Clients

WWW Browsers

40 JOIN THE FIDO ALLIANCE

41 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

42