mobile security, identity & authentication reasons for optimism 20150607 v2
TRANSCRIPT
1!
TPM
FINGERPRINTSECURE
USB
FACE
BIOMETRIC
PIN
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURE
ELEMENT
NFC
USB
FACE
BIOMETRIC
PIN TOKEN
RBA
ACTIVE
SILENT
TPM
FINGERPRINT
VOICEELEMENT
NFC
USB
FACE
BIOMETRIC
TOKEN
RBA
PASSIVE
ACTIVE
SILENT TPM
VOICE
SECURE
ELEMENT
NFC
USB
FACE
PIN
TOKEN
RBA
PASSIVEACTIVE
SILENT
TPM
FINGERPRINT
VOICE
NFC
USB
FACE
BIOMETRIC
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURENFC
USB
FACE
PIN
PASSIVE
ACTIVE
TPM
FINGERPRINT
VOICE
ELEMENT
NFC
USB
FACE
BIOMETRIC
TOKEN
RBA
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURENFC
FACE
PIN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURE
ELEMENT
NFC
USB
FACE
PINACTIVE
SILENT
TPM
ELEMENT
NFC
USB
FACE
BIOMETRIC
PIN
PASSIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURE
ELEMENT
NFC
USB
FACE
PIN
TOKEN
PASSIVE
ACTIVE
FINGERPRINT
VOICE
SECURE
ELEMENT
USB
BIOMETRIC
PIN
TOKEN
RBA PASSIVE
ACTIVE
VOICE
SECURE
NFC
FACE
TOKEN
PASSIVEACTIVE
TPM
ELEMENT
NFC
USB
FACE
PIN
TOKEN
RBA
TPM
FINGERPRINT
SECURE
NFC
USB
FACE
PIN
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
NFC
FACE
BIOMETRIC
PIN
PASSIVE
SILENT
ELEMENT
NFC
USB
TOKEN
RBA
PASSIVE
TPM
VOICE
SECURE
ELEMENT
NFC
FACE
BIOMETRIC
PIN
ACTIVE
TPM
FINGERPRINT
SECURE
USB
TOKEN
ACTIVE SILENT
TPM
FINGERPRINT
VOICENFC
USB
FACE
PIN
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
SECURE
ELEMENT
USB
FACE
PIN
TOKEN
RBA
SILENT
TPMELEMENT
NFC
USB
FACE
PIN
TOKEN
RBA
PASSIVE
SILENT
TPM
ELEMENT
NFC
USB
PIN
TOKEN
RBA
ACTIVE
FINGERPRINT
ELEMENT
USB
TPM
VOICE
ELEMENT
USB
PIN
RBA
PASSIVE
ACTIVE
TPM
VOICE
SECURE
ELEMENT
USB
FACE
ACTIVE
FINGERPRINT
VOICE
PIN
RBA
PASSIVE
ACTIVE
TPM
FINGERPRINT
ELEMENT
FACE
TOKEN
RBA
ACTIVE
TPM
ELEMENT
NFC
USB
FACE
BIOMETRIC
RBA
ACTIVE
SILENT
TPM
FINGERPRINT
SECURE
ELEMENT
USB
FACE
PIN
TOKEN
PASSIVE
SILENT
VOICE
USB
FACE
BIOMETRIC
RBA
ACTIVE
SECURE
NFC
USB
BIOMETRIC
PIN
SILENT
TPM
VOICE
NFC
USB
FACE
PIN
USB
FACE
BIOMETRIC
PIN
RBA
ACTIVE
FINGERPRINT
NFC
TOKEN
RBA
VOICE
ELEMENT
USB
FACE
PIN
RBA
SILENT
VOICE
SECURE
FACE
PIN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
RBA
ACTIVE
TPM
FACE
TOKEN
RBA
ACTIVE SILENT
VOICE
ELEMENT
USB
FACE
PIN
RBA
ACTIVE
SILENT
PIN
TOKEN
RBA
VOICE
SECURE
NFC
USB
TOKEN
PASSIVE
ACTIVE
TPM
FACE
BIOMETRIC
TOKEN
ACTIVE
TPM
FACE
NFC
USB
FACE
BIOMETRIC
TOKEN
PASSIVE
PIN
ACTIVE
TPM
VOICE
ELEMENT
NFC
TPM
VOICE
NFC
USB
FACE
TOKEN
RBA
TPM USB
FACE
BIOMETRIC
RBA
PASSIVE
SILENT
USB
BIOMETRIC
TPM
SECURE
NFC
PIN
RBA
PASSIVE
SILENT
VOICE
SILENT
VOICE
ELEMENT
USB
PIN
TOKEN
RBA
PASSIVE
NFC
FACE
BIOMETRIC
TOKEN
RBA
SILENT
TPM
SECURE
SILENT
VOICE
USB
RBA
USB
FACE
RBA
VOICE
RBA
SILENT
SECURE
USB
PIN
RBA
SILENT
TPM
ELEMENT
USB
FACE
VOICE
NFC
USB
TOKEN
RBA
SECURE
FACE
TPM
FACE
PIN
FINGERPRINT
NFC
RBA
SILENT
USB
FACE
PIN
ACTIVE
SILENT
PIN
RBA
NFC
USB
BIOMETRIC
TPM
VOICE
USB
FACE
PASSIVE
ELEMENT
TOKEN
TPM
VOICE
SILENT
NFC
USB
PIN
RBA
SILENT
TPM
VOICE
NFC
USB
FACE
PASSIVE
TPM
VOICE
TPM
NFC
PIN
TOKEN
ACTIVE
SECURE
USB
RBA
PASSIVE
NFC
USB
FACE
RBA
TPM
TOKEN
PASSIVE
SECURE
USB
FACE
ACTIVE
TPM
FACE
PIN
RBA
VOICE
USB
PASSIVE
TOKEN
RBA
NFC
USB
SILENT
USB
RBA
FACE
PIN
ACTIVE
NFC
USB
USB
PIN
RBA
NFC
SILENT
TPM
VOICE
FACE
PIN
TPM
NFC
USB
TPM
RBA
PASSIVE
NFC
USB
PIN
TPM
PIN
PASSIVE
PIN
USB
TPM
NFC
USB
FACE
FACE
RBA
SILENT
FINGERPRINT
USB
NFC
USB
ACTIVE
VOICE
USB
TPM
PIN
RBA
FACE
TPM
TPM
USB
PIN
TPM
NFC
FACE
TOKEN
RBA
USB
PASSIVE
VOICE
NFC
PIN
USB
FACE
USB
RBA
TPM
PIN
NFC
FACE
RBA
ACTIVE
TPM
USB
USB
TPM
PIN
FACE
NFC
USB
PIN
RBA
FACE
USB
USB
RBA
NFC
NFC
TPM
NFC
RBA
USB
PIN
NFC
USB
PIN
USB
ELEMENT
PIN
PIN
TPM
USB
USB
TPM
VOICE
NFC
RBA
USB
RBA
RBA
PIN
USB
USB
USB
USB
NFC
USB
NFC
USB
TPM
FACE
USB
PIN
USB
USB
PIN
NFC
VOICE
NFC
USB
USB
USB
USB
FACE
TPM
USB
TPM
USB
USB
TPM
USB
FACE
NFC
RBA
USB
USB
USB
FACE
USB
USB
RBA
PIN
VOICE
USB
PIN
USB
USB
RBA
USB
TPM
RBA
RBA
PIN
NFC
NFC
USB
TPM
USB
TPM
USB
USB
USB
USB
NFC
TPM
NFC
FACE
USB
FACE
USB
USB
TPM
USB
USB
USB
USB
USB
FACE
USB
USB
USB
USBRBA
USB
USB
USB
USB
USB
USB
USB
RBA
USB
USB
USB
NFC
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
MOBILE SECURITY, IDENTITY & AUTHENTICATION!REASONS FOR OPTIMISM!!!RAJIV DHOLAKIA!VP PRODUCTS [email protected]!!
SECURITY IN PERSPECTIVE: Its like drinking water from the tap in 1800s !
NOK NOK LABS! 2!
Pills, Potions & Spells vs. Chlorination!
PURPOSE OF SECURITY!
Device Integrity ! Network Integrity !
OS & App Integrity ! User Integrity !
Data & Transaction Integrity!
(and Privacy where appropriate) !
3!
SECURITY NEEDS TO SPAN LINKS!
4!
Integrity User! Hardware! OS/App! Network! Service!
NOK NOK LABS!
USER INTEGRITY: THE GLOBAL AUTHENTICATION PROBLEM!
5!
Fear! Frustration and Friction!
40#million#credit#cards##Cost:#$148M#USD#
The problem continues to get BIGGER and more EXPENSIVE!
Fraud!Stolen / hacked passwords
leading cause of identity theft !Passwords DO NOT
WORK, especially on Mobile Devices!
!Too many accounts and
passwords to remember!!
Significant commerce abandonment by users!
Personal and Corporate Damage!
$#
56#million#credit#cards##
Nok Nok Labs!
IDENTITY SERVICES AUTHENTICATION IN CONTEXT!
NOK NOK LABS! 6!
Physical>to>digital#iden@ty##
User#Management##
Authen@ca@on#
Federa@on#
##Single Sign-On
E>Gov# Payments# Security#
Passwords# Risk>Based#Strong#
MODERN!AUTHENTICATION!
Personaliza@on#
Mobile Security Stacks!
7!
Device&Integrity&&&&&&
LAYERED SECURITY MODELS!
NOK NOK LABS! 8!Device#Keys#&#Cer@ficates#Crypto#Engines#
Trusted#Execu@on#Environments##Ç√#
Secure#Elements#
Trustlet# Trustlet# Trustlet#
Rich&Opera2ng&System&(e.g.&Android)&#######OS#Par@@on#
User#Par@@on####
App#Sandbox#
User#Par@@on#
###
App#Sandbox#
App#Sandbox#
Overlay&Services&######
App#Stores#
OS#Integrity#Services#(e.g.#Android#Safety#Net)#
Site#and#App##Reputa@on/Integrity#
Device#and#Cloud#Data#Managers#
Filter#what#gets#on#the#device…#
Isolate#the#apps…#
Harden#the#device…##
INTEGRITY MECHANISMS – I !
• TPMs!• Backwards compatibility requirements !
• SEs!• Limited due to operator controls!
• TEEs (Trusted Execution Environments)!• Third time is a charm?!
• Secure boot !- Verification of image!• Virtualization!- Hardware assisted isolation!• Anti-virus !• Device Theft Response!- Standard on mobile devices !
9!
TEE! SE! TPM!
Hardware OS
NOK NOK LABS!
INTEGRITY MECHANISMS – II !
10!
App User
• App verification!- Rise Of The App Store!• App Isolation!- App containers !- Restricted IPC !• Protecting Data & Content!- On-device data encryption !- DRM !
• Identity Proofing!- Know your customer!• Strong Authentication!- Explicit & implicit!- First mile & Second mile!
NOK NOK LABS!
ISOLATION ARCHITECTURE ARM TRUSTZONE !
11!
Secure OS Boot!
FP Sensor!
Touchscreen!
Storage !
1.7 B ARM Cortex
SoCs Shipped!!!18 Month
Phone Refresh Rate!
NOK NOK LABS!
SECURITY NEEDS TO SPAN LINKS!
12!
Integrity Hardware! OS! App! Network! User!
NOK NOK LABS!
So how are doing?!
13!
SOME EXAMPLES FROM 2014!
NOK NOK LABS! 14!
Infrastructure/Relying#Party#(Payments#or#other)#
Opera@ng#System#
Hardware#
HOW FIDO WORKS TO SIMPLIFY AND SCALE AUTHENTICATION user authenticates to device, device authenticates to network
15!
Standardized Protocols!
Local authentication unlocks app specific key!
Key used to authenticate to server (unique key per site)!
Nok Nok Labs!
server&client&
Decoupled&User&Verifica2on&from&Authen2ca2on&Protocol&
ATTACKS MITIGATED!
Remotely#a_acking#central#servers##steal&data#for#impersona@on#
1#
Physically#a_acking#user#devices##misuse&them#for#impersona@on#
6#
Physically#a_acking#user#devices#steal&data#for#impersona@on#
5#
Remotely#a_acking#lots#of#user#devices#
&steal&data#for#impersona@on#
Remotely#a_acking#lots#of#user#devices#
&misuse&them#for#impersona@on#
Remotely#a_acking#lots#of#user#devices#
&misuse&
authen-cated&sessions!
2# 3# 4#Scalable#a_a
cks#
Physical#a_acks##possible#on#lost#or#stolen#devices#(≈3%#in#the#US#in#2013)#
User&Coercion#
Not#Scalable#
With#hardening#of#FIDO##Authen@cator##Implementa@ons#–#mi@gate#remote/scalable#a_acks#
NOK NOK LABS!
SECURITY PROFILES FOR AUTHENTICATION!
17!
Strong Stronger
Security Hardware Integration Spectrum!
Software Only!ID!
TPM/SE!ID!
TEE + SE!ID!
Protects Keys!
Protects Keys!Protects Crypto !
Protects Keys!Protects Crypto!Protects Code !Protects Display !
Strongest NOK NOK LABS!
BUILDING AUTHENTICATORS: THREE PROFILES!
18!
RichOS#
Trusted#Execu@on#
Environment#
Secure#Element#Soeware#and#Tamper>Resistant#Hardware#
Cost#to#Acquire#and#Manage#Tokens# Stronger#
Soeware#&#Hardware#
Cost#to#Acquire#and#Manage#Mobile#Device# Stronger#
Soeware#Only#
No#extra#cost# Strong#
NOK NOK LABS!
A UNIQUE OPPORTUNITY !
19!
Hardware Integrity!OS Integrity!
App Integrity!
Network Integrity!
User Integrity!
Re-Architect Computing Using Hardware-Based Trust !
Chain of Trust!
Trusted Platform for Authentication!NOK NOK LABS!
SUPPORT IN THE FABRIC!
• Qualcomm shipping FIDO support in SnapDragon chipsets starting Dec 2014!• Microsoft declares in Feb 2015 FIDO support coming
to Windows 10 and affiliated services!• Google intends to bring biometric APIs & system
keychain to Android M – June 2015!• Apple continuing to support TouchID & system
keychain in iOS – 2014-2015!
NOK NOK LABS! 20!
FIDO-CAPABLE MOBILE, TABLET + PC FORECAST!Non-FIDO FIDO iOS FIDO Android FIDO Windows
35#Million,#Aug.#2014#
2.5&Billion,&Dec.&2019&User#Growth#of
#70.43%#over#5#
Years#
2016! 2019!2018!2017!
86.73%! 93.43%! 96.98%! 98.61%!
6.57%! 3.02%! 1.39%!
2.6BTotal Devices 2.5B Fido Capable
331M iOS Devices 1.1B Android Devices 1.16B Windows Devices
2.08B Total Devices 1.8B Fido Capable
281M iOS Devices 793M Android Devices 724M Windows Devices
2.19B Total Devices 2.05B Fido Capable
298M iOS Devices 945M Android Devices 805M Windows Devices
2.36B Total Devices 2.29B Fido Capable
315M iOS Devices 942M Android Devices 1.04B Windows Devices
13.27%!
NOK NOK LABS!
PULLING IT ALL TOGETHER: NTT DOCOMO LIVE WITH FIDO AUTHENTICATION: May 2015!
22!
Many FIDO Ecosystem Firsts: First Carrier, Multiple OEM Launch at Same Time, First Federated Identity Solution, First Carrier Billing System, First Iris Sensor, First Chipset
Support!
NOK NOK LABS!
ONLINE AUTHENTICATION FOR DOCOMO SERVICES�
Biometric Authentication from DOCOMO, May 26, 2015����
Online#authen@ca@on#using#biometric#informa@on:#�
Authen@ca@on#for#docomo#ID#and#carrier#billing#payments�
Password>less#biometric#authen@ca@on�
Iris� Fingerprint� login�Unlock#devices#
payments#
24
Everything Authenticates
50 Billion Connected Devices by 2020:!
Internet of Things
People! Devices! Ecosystems!+! +!
Corporate Networks!Mobile Commerce!Mobile Payments!Social Networks!
eHealth!!
Consumer Use Cases!Enterprise Use Cases !
HOPE FOR SCALING A HIGHLY CONNECTED WORLD!
NOK NOK LABS!
Any Device.!Any Application.!Any Authenticator. !
25!
TPM
FINGERPRINTSECURE
USB
FACE
BIOMETRIC
PIN
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURE
ELEMENT
NFC
USB
FACE
BIOMETRIC
PIN TOKEN
RBA
ACTIVE
SILENT
TPM
FINGERPRINT
VOICEELEMENT
NFC
USB
FACE
BIOMETRIC
TOKEN
RBA
PASSIVE
ACTIVE
SILENT TPM
VOICE
SECURE
ELEMENT
NFC
USB
FACE
PIN
TOKEN
RBA
PASSIVEACTIVE
SILENT
TPM
FINGERPRINT
VOICE
NFC
USB
FACE
BIOMETRIC
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURENFC
USB
FACE
PIN
PASSIVE
ACTIVE
TPM
FINGERPRINT
VOICE
ELEMENT
NFC
USB
FACE
BIOMETRIC
TOKEN
RBA
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURENFC
FACE
PIN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURE
ELEMENT
NFC
USB
FACE
PINACTIVE
SILENT
TPM
ELEMENT
NFC
USB
FACE
BIOMETRIC
PIN
PASSIVE
SILENT
TPM
FINGERPRINT
VOICE
SECURE
ELEMENT
NFC
USB
FACE
PIN
TOKEN
PASSIVE
ACTIVE
FINGERPRINT
VOICE
SECURE
ELEMENT
USB
BIOMETRIC
PIN
TOKEN
RBA PASSIVE
ACTIVE
VOICE
SECURE
NFC
FACE
TOKEN
PASSIVEACTIVE
TPM
ELEMENT
NFC
USB
FACE
PIN
TOKEN
RBA
TPM
FINGERPRINT
SECURE
NFC
USB
FACE
PIN
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
NFC
FACE
BIOMETRIC
PIN
PASSIVE
SILENT
ELEMENT
NFC
USB
TOKEN
RBA
PASSIVE
TPM
VOICE
SECURE
ELEMENT
NFC
FACE
BIOMETRIC
PIN
ACTIVE
TPM
FINGERPRINT
SECURE
USB
TOKEN
ACTIVE SILENT
TPM
FINGERPRINT
VOICENFC
USB
FACE
PIN
TOKEN
RBA
PASSIVE
ACTIVE
SILENT
TPM
SECURE
ELEMENT
USB
FACE
PIN
TOKEN
RBA
SILENT
TPMELEMENT
NFC
USB
FACE
PIN
TOKEN
RBA
PASSIVE
SILENT
TPM
ELEMENT
NFC
USB
PIN
TOKEN
RBA
ACTIVE
FINGERPRINT
ELEMENT
USB
TPM
VOICE
ELEMENT
USB
PIN
RBA
PASSIVE
ACTIVE
TPM
VOICE
SECURE
ELEMENT
USB
FACE
ACTIVE
FINGERPRINT
VOICE
PIN
RBA
PASSIVE
ACTIVE
TPM
FINGERPRINT
ELEMENT
FACE
TOKEN
RBA
ACTIVE
TPM
ELEMENT
NFC
USB
FACE
BIOMETRIC
RBA
ACTIVE
SILENT
TPM
FINGERPRINT
SECURE
ELEMENT
USB
FACE
PIN
TOKEN
PASSIVE
SILENT
VOICE
USB
FACE
BIOMETRIC
RBA
ACTIVE
SECURE
NFC
USB
BIOMETRIC
PIN
SILENT
TPM
VOICE
NFC
USB
FACE
PIN
USB
FACE
BIOMETRIC
PIN
RBA
ACTIVE
FINGERPRINT
NFC
TOKEN
RBA
VOICE
ELEMENT
USB
FACE
PIN
RBA
SILENT
VOICE
SECURE
FACE
PIN
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
VOICE
RBA
ACTIVE
TPM
FACE
TOKEN
RBA
ACTIVE SILENT
VOICE
ELEMENT
USB
FACE
PIN
RBA
ACTIVE
SILENT
PIN
TOKEN
RBA
VOICE
SECURE
NFC
USB
TOKEN
PASSIVE
ACTIVE
TPM
FACE
BIOMETRIC
TOKEN
ACTIVE
TPM
FACE
NFC
USB
FACE
BIOMETRIC
TOKEN
PASSIVE
PIN
ACTIVE
TPM
VOICE
ELEMENT
NFC
TPM
VOICE
NFC
USB
FACE
TOKEN
RBA
TPM USB
FACE
BIOMETRIC
RBA
PASSIVE
SILENT
USB
BIOMETRIC
TPM
SECURE
NFC
PIN
RBA
PASSIVE
SILENT
VOICE
SILENT
VOICE
ELEMENT
USB
PIN
TOKEN
RBA
PASSIVE
NFC
FACE
BIOMETRIC
TOKEN
RBA
SILENT
TPM
SECURE
SILENT
VOICE
USB
RBA
USB
FACE
RBA
VOICE
RBA
SILENT
SECURE
USB
PIN
RBA
SILENT
TPM
ELEMENT
USB
FACE
VOICE
NFC
USB
TOKEN
RBA
SECURE
FACE
TPM
FACE
PIN
FINGERPRINT
NFC
RBA
SILENT
USB
FACE
PIN
ACTIVE
SILENT
PIN
RBA
NFC
USB
BIOMETRIC
TPM
VOICE
USB
FACE
PASSIVE
ELEMENT
TOKEN
TPM
VOICE
SILENT
NFC
USB
PIN
RBA
SILENT
TPM
VOICE
NFC
USB
FACE
PASSIVE
TPM
VOICE
TPM
NFC
PIN
TOKEN
ACTIVE
SECURE
USB
RBA
PASSIVE
NFC
USB
FACE
RBA
TPM
TOKEN
PASSIVE
SECURE
USB
FACE
ACTIVE
TPM
FACE
PIN
RBA
VOICE
USB
PASSIVE
TOKEN
RBA
NFC
USB
SILENT
USB
RBA
FACE
PIN
ACTIVE
NFC
USB
USB
PIN
RBA
NFC
SILENT
TPM
VOICE
FACE
PIN
TPM
NFC
USB
TPM
RBA
PASSIVE
NFC
USB
PIN
TPM
PIN
PASSIVE
PIN
USB
TPM
NFC
USB
FACE
FACE
RBA
SILENT
FINGERPRINT
USB
NFC
USB
ACTIVE
VOICE
USB
TPM
PIN
RBA
FACE
TPM
TPM
USB
PIN
TPM
NFC
FACE
TOKEN
RBA
USB
PASSIVE
VOICE
NFC
PIN
USB
FACE
USB
RBA
TPM
PIN
NFC
FACE
RBA
ACTIVE
TPM
USB
USB
TPM
PIN
FACE
NFC
USB
PIN
RBA
FACE
USB
USB
RBA
NFC
NFC
TPM
NFC
RBA
USB
PIN
NFC
USB
PIN
USB
ELEMENT
PIN
PIN
TPM
USB
USB
TPM
VOICE
NFC
RBA
USB
RBA
RBA
PIN
USB
USB
USB
USB
NFC
USB
NFC
USB
TPM
FACE
USB
PIN
USB
USB
PIN
NFC
VOICE
NFC
USB
USB
USB
USB
FACE
TPM
USB
TPM
USB
USB
TPM
USB
FACE
NFC
RBA
USB
USB
USB
FACE
USB
USB
RBA
PIN
VOICE
USB
PIN
USB
USB
RBA
USB
TPM
RBA
RBA
PIN
NFC
NFC
USB
TPM
USB
TPM
USB
USB
USB
USB
NFC
TPM
NFC
FACE
USB
FACE
USB
USB
TPM
USB
USB
USB
USB
USB
FACE
USB
USB
USB
USBRBA
USB
USB
USB
USB
USB
USB
USB
RBA
USB
USB
USB
NFC
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
Appendix!
26!NOK NOK LABS!
BENEFITS OF THE FIDO APPROACH!
27!
Privacy!Security!User Experience!
Authenticate Authenticate
Requirements for next generation authentication!
Public/private keys !instead of passwords!
!Fraud Reduction!
!Unified Auth
Infrastructure#
Natural and faster authentication!
!Use authentication method
of choice !
User& Device& Service&
User information stays on device!
!Not stored on servers
that can be compromised!
!
Cost!Standards -Based !
!Adaptable infrastructure!
!Future-proofed and
flexible!!
Scalability!
NOK NOK LABS!