1

FIDO and beyond -

where authentication

meets identification Dr. Kim Nguyen, Fellow (Bundesdruckerei),

Managing Director (D-Trust)

CA Day, Berlin, 2016-09-19

2

Agenda

What is FIDO?

News from the FIDO Alliance

Projects in Germany

3

THE TWO FLAVOURS OF FIDO: UAF / U2F

Login with device and biometrics

Advantage: No specific PIN/Password Quelle: https://fidoalliance.org/specifications/overview/

4

THE TWO FLAVOURS OF FIDO: UAF / U2F

Login with Password and second factor

Advantage: Login with „easy“ password and second factor

Quelle: https://fidoalliance.org/specifications/overview/

5

TECHNICAL REALIZATION(REGISTRATION): UAF

Quelle: https://fidoalliance.org/specifications/overview/

6

TECHNICAL REALIZATION (LOGIN): UAF

Quelle: https://fidoalliance.org/specifications/overview/

7

Agenda

What is FIDO?

News from the FIDO Alliance

Projects in Germany

8

Status Update

EMVCO Liasion established

EBAY joined FIDO and provides open source FIDO authentication server

Strong liasion with W3C to integrate FIDO 2.0 spec

FIDO U2F transport spec expanded to BLE and ISO 14443/NFC

Microsoft announced deep integration of FIDO 2.0 in Windows 10

Mozilla prepares for FIDO U2F integration in Q3/2016

9

Google paper on usage of U2F

10

Google paper on usage of U2F

11

Agenda

What is FIDO?

News from the FIDO Alliance

Projects in Germany

12

NFC-INITIATIVE OF THE FEDERAL GOVERNMENT

NFC-Initiative for kick-off and coordination of all lines of action for an open eco system

− Founded 2013 based on a proposal by BSI and VDV ETS

− Strategic project to establish open eco systems

Steering Group at Ministerial level BMI

•Hr. Hildebrandt

BMWi Hr. Dr. Sandl

BSI Hr. Kowalski

BMVI Hr. Hartwig

VDV ETS Hr. Janssen

Marketing

•Use Cases, Proof-of-concept

Standardization

NFC-Forum NFC interface

CEN TC278, ISO TC204 Public Transport Infrastructure

Interop, Security

G&D, TUD,

BSI

PT System

VDV ETS, VU

2FA / FIDO

•BDR

Promotion of open eco systems (“IT-Gipfel”, “Digitale Agenda”) Support the introduction into regular PT operation

GSMA •Mobile Applications & Test

FIDO Alliance Open AUthentication

Open eID / PA

•BDr, BSI

Evaluation, Plugfest

Requirements Analysis

Research and Development

13

Stakeholders

Definition of an open eco system requires cooperation of all relevant stakeholders:

eID-Service

Provider D-Trust,

Governikus National PT system

VDV ETS

Public Transport

Associations VBB/BVG, Rheinbahn

Mobile device manufacturers

Samsung, Sony

Research Partners

Technical university Dresden

•eID Technology

•Provider Bundesdruckerei,

Giesecke & Devrient, Governikus,

Infineon Technologies, NXP Semiconductors

MNOs Deutsche Telekom, Vodafone, Telefonica

System Vendors

Service platform German Federal print,

T-Systems, Giesecke & Devrient

KAPRION

•Standardization, Certification BSI, NFC Forum

•All relevant groups of stakeholders on board

14

Focus on the entire life cycle

Creation / maintenance personal

account

Mobile identity management

The customer expects the entire “Mobile service life cycle”

15

Hierarchical concept for ID-management

A combination of the German eID-card and FIDO

16

Examples from Germany

© Bernd Kowalski, BSI, 2016

17

Examples from Germany

© Bernd Kowalski, BSI, 2016

18

BRIDGING THE WORLDS

FIDO

Governmental eID Solutions With officially

verified ID

Bridging the world offers advantages for both users and relying parties

e.g. German eID

19

BRIDGING THE WORLDS

FIDO

Governmental eID Solutions With officially

verified ID

Bridging the world offers advantages for both users and relying parties

eIDAS notified eIDs

20

SUMMARY

FIDO offers a new userfriendly approach to authentication – FIDO is the future

FIDO can be combined easily with (ID based) identification mechanisms – bridging two worlds

eIDAS offers an eco system of (notified) eIDs within Europe, FIDO would be an ideal complementary offer to this in terms of derived IDs

21

Thank you very much for your attention!