fido standards for mobile financial transactions...– uaf (universal authentication framework) –...
TRANSCRIPT
INTERNAL COMPANY CONFIDENTIALINTERNAL COMPANY CONFIDENTIAL
FIDO standards for mobile financial transactions
Reinier van der DriftBusiness Development Director Strong Authentication Solutions
November 2015
INTERNAL COMPANY CONFIDENTIAL
Vision StatementAbout Authasas (acquired in July)
• Dutch company • Development started in 2009 • HQ at The Hague Security Delta, The Netherlands (Europe’s largest security
cluster)• Holds patents on authentication fundamentals and federative authentication• Focused on product design, development, support, alliances and marketing &
sales • Worldwide network specialized partners• Chairman Dutch initiative innovation digital identity (part of NIAV-agenda)
INTERNAL COMPANY CONFIDENTIAL
Micro Focus enables customers to:
Exploit technology advances
in infrastructure, cloud, and
mobile without the cost and risk of starting again
Protect prior investmentsin data and
business logic, whilst securing
valuable intellectual property
Optimizehow business
applications and infrastructure
components are built, tested,
deployed and secured
Execute with a balance of cost, speed and risk, that
fits the current and future
business need
Exploit Protect Optimize Execute
INTERNAL COMPANY CONFIDENTIAL
By the Numbers
$1.3bn90+Offices Worldwide
20,000+Customers
Annual Revenue
4,500+Employees
5,000+Partners
INTERNAL COMPANY CONFIDENTIAL
In Good Company
INTERNAL COMPANY CONFIDENTIAL
• Over 200+ members besides technology vendors lot’s of financials
• 2 standards published– UAF (universal authentication framework)– U2F (universal 2 factor)
• Still missing important technology vendors like;– Apple– HID Global – Entrust
• Not a real open standard• FIDO is only BYOauthentication Not BYOid!!
6
Current state of FIDO
INTERNAL COMPANY CONFIDENTIAL
• Over 200+ members besides technology vendors lot’s of financials
• 2 standards published– UAF (universal authentication framework)– U2F (universal 2 factor)
• Still missing important technology vendors like;– Apple– HID Global – RSA– Entrust, etc
• Not a real open standard• FIDO is only BYOauthentication Not BYOid!!
7
Current state of FIDO
INTERNAL COMPANY CONFIDENTIAL8
FIDO beyond the hype?
• Gartner November 2014: “beyond PayPal Samsung s5 no significant implementations yet”
• 2015– Over 70 FIDO certified products
INTERNAL COMPANY CONFIDENTIAL9
TWO STANDARDS; UAF & U2F. WHAT’S THE DIFFERENCE?
INTERNAL COMPANY CONFIDENTIAL
• Less passwords• Possibility of selecting own authenticator at
registration• Use of embedded technology like fingerprint
readers
10
Advantages FIDO from a user perspective
INTERNAL COMPANY CONFIDENTIAL
• Easy integration• Allow the use of wide variety of authenticator• No biometric data stored on premise• Less cost and user-friction on implementing 2-
factor• No authentication vendor lock-in
11
Advantages FIDO from a relying party perspective
INTERNAL COMPANY CONFIDENTIAL
• Not all browsers and smartphones supported• Although UAF supports MFA, often only 1 factor
implemented• Lacks context based authentication• No attributes based authentication• No BYOid
12
Adoption seems to accelerate but still problems to overcome
INTERNAL COMPANY CONFIDENTIAL
• Oath is only OTP• FIDO provides authentication with a keyhandle
thus providing more security (man in the middle attacks etc)
13
What differs FIDO from open standards like Oath
INTERNAL COMPANY CONFIDENTIAL
• Paypal & ING on iPhone; only factor, website doesn’t leverage the app still passwords fuzzy user experience.
• Yubico across platform; seamless experience, not all mobile platforms supported yet. NFC on Android works flawless
14
My own observations on UAF/U2F
INTERNAL COMPANY CONFIDENTIAL
• Version 1 spec ready and published– https://fidoalliance.org/specifications/download/
• Version 1.1 expected to be published shortly• Version 2.0 integration of UAF & U2F
• Strive to become a real open standard
15
FIDO roadmap
INTERNAL COMPANY CONFIDENTIAL16
Final sheet: our solution
INTERNAL COMPANY CONFIDENTIALINTERNAL COMPANY CONFIDENTIAL
FIDO UPDATE
Reinier van der DriftBusiness Development Director Strong Authentication Solutions
November 2015