fido standards for mobile financial transactions...– uaf (universal authentication framework) –...

INTERNAL COMPANY CONFIDENTIALINTERNAL COMPANY CONFIDENTIAL

FIDO standards for mobile financial transactions

Reinier van der DriftBusiness Development Director Strong Authentication Solutions

November 2015

INTERNAL COMPANY CONFIDENTIAL

Vision StatementAbout Authasas (acquired in July)

• Dutch company • Development started in 2009 • HQ at The Hague Security Delta, The Netherlands (Europe’s largest security

cluster)• Holds patents on authentication fundamentals and federative authentication• Focused on product design, development, support, alliances and marketing &

sales • Worldwide network specialized partners• Chairman Dutch initiative innovation digital identity (part of NIAV-agenda)


Micro Focus enables customers to:

Exploit technology advances

in infrastructure, cloud, and

mobile without the cost and risk of starting again

Protect prior investmentsin data and

business logic, whilst securing

valuable intellectual property

Optimizehow business

applications and infrastructure

components are built, tested,

deployed and secured

Execute with a balance of cost, speed and risk, that

fits the current and future

business need

Exploit Protect Optimize Execute


By the Numbers

$1.3bn90+Offices Worldwide

20,000+Customers

Annual Revenue

4,500+Employees

5,000+Partners


In Good Company


• Over 200+ members besides technology vendors lot’s of financials

• 2 standards published– UAF (universal authentication framework)– U2F (universal 2 factor)

• Still missing important technology vendors like;– Apple– HID Global – Entrust

• Not a real open standard• FIDO is only BYOauthentication Not BYOid!!

6

Current state of FIDO


• Over 200+ members besides technology vendors lot’s of financials

• 2 standards published– UAF (universal authentication framework)– U2F (universal 2 factor)

• Still missing important technology vendors like;– Apple– HID Global – RSA– Entrust, etc

• Not a real open standard• FIDO is only BYOauthentication Not BYOid!!

7

Current state of FIDO

INTERNAL COMPANY CONFIDENTIAL8

FIDO beyond the hype?

• Gartner November 2014: “beyond PayPal Samsung s5 no significant implementations yet”

• 2015– Over 70 FIDO certified products


TWO STANDARDS; UAF & U2F. WHAT’S THE DIFFERENCE?


• Less passwords• Possibility of selecting own authenticator at

registration• Use of embedded technology like fingerprint

readers

10

Advantages FIDO from a user perspective


• Easy integration• Allow the use of wide variety of authenticator• No biometric data stored on premise• Less cost and user-friction on implementing 2-

factor• No authentication vendor lock-in

11

Advantages FIDO from a relying party perspective


• Not all browsers and smartphones supported• Although UAF supports MFA, often only 1 factor

implemented• Lacks context based authentication• No attributes based authentication• No BYOid

12

Adoption seems to accelerate but still problems to overcome


• Oath is only OTP• FIDO provides authentication with a keyhandle

thus providing more security (man in the middle attacks etc)

13

What differs FIDO from open standards like Oath


• Paypal & ING on iPhone; only factor, website doesn’t leverage the app still passwords fuzzy user experience.

• Yubico across platform; seamless experience, not all mobile platforms supported yet. NFC on Android works flawless

14

My own observations on UAF/U2F


• Version 1 spec ready and published– https://fidoalliance.org/specifications/download/

• Version 1.1 expected to be published shortly• Version 2.0 integration of UAF & U2F

• Strive to become a real open standard

15

FIDO roadmap


Final sheet: our solution

INTERNAL COMPANY CONFIDENTIALINTERNAL COMPANY CONFIDENTIAL

FIDO UPDATE

Reinier van der DriftBusiness Development Director Strong Authentication Solutions

November 2015

fido standards for mobile financial transactions...– uaf (universal authentication framework) –...

Documents