Upload
fido-alliance
View
3.668
Download
0
Embed Size (px)
Citation preview
All Rights Reserved | FIDO Alliance | 2016 1
THE VALUE OF MEMBERSHIPBrett McDowell, Executive Director
All Rights Reserved | FIDO Alliance | 2016 2
WHY FIDO ALLIANCE?
All Rights Reserved | FIDO Alliance | 2016 3
Solving the Password Problem
63% of data breaches in 2015 involved weak,
default, or stolen
passwords-Verizon Data Breach
Report
Data breaches expected to reach
1,000 in 2016 up 22% from 2015
-Identity Theft Resource Center
Each data breach costs
$3.8 million on average
up 23% from 2013-Ponemon Institute
All Rights Reserved | FIDO Alliance | 2016 4
WHO IS FIDO ALLIANCE?
All Rights Reserved | FIDO Alliance | 2016 5
The FIDO Alliance is an open industry association of over 250 organizations with a focused mission: authentication standards
All Rights Reserved | FIDO Alliance | 2016 6
Board Members
All Rights Reserved | FIDO Alliance | 2016 7
WHAT IS FIDO AUTHENTICATION?
All Rights Reserved | FIDO Alliance | 2016 8
HOW “Shared Secrets” WORK
ONLINE
The user authenticates themselves online by presenting a human-
readable “shared secret”
All Rights Reserved | FIDO Alliance | 2016 9
HOW FIDO WORKS
AUTHENTICATOR
LOCAL ONLINE
The user authenticates
“locally” to their device (by various
means)
The device authenticates the user online using
public key cryptography
All Rights Reserved | FIDO Alliance | 2016 10
Support for Two Authentication Experiences
ENABLES MANY AUTHENTICATION OPTIONS | EACH SERVICE PROVIDER REGISTERS UNIQUE FIDO CREDENTIALS
All Rights Reserved | FIDO Alliance | 2016 11
USABILITY, SECURITY, R.O.I. and
PRIVACY
All Rights Reserved | FIDO Alliance | 2016 12
No 3rd Party in the Protocol
No Secrets on the Server Side
Biometric Data (if used) Never Leaves Device
No (*new*) Link-ability Between Services
No (*new*) Link-ability Between Accounts
All Rights Reserved | FIDO Alliance | 2016 13
MARKET ADOPTION
All Rights Reserved | FIDO Alliance | 2016 14
FIDO Development History
FIDO 1.0 FINALFirst
Deployments UAF & U2FSpecification
Review DraftFIDO Ready
ProgramAlliance Announced
FEB
2013
DEC 2013
FEB 2014
FEB-OCT 2014
DEC 92014
MAY 2015
FEB2016
Formal Standardization
JUNE 2015
Certification Program
New U2F Transports
DEC2016
FIDO 1.1
All Rights Reserved | FIDO Alliance | 2016
Sample FIDO Adoption/Announcements
15
16
Certification Growth
All Rights Reserved | FIDO Alliance | 2016
An open competitive market Ensures interoperability Sign of mature FIDO
ecosystem
250+
FIDO® Certified products available today
Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16
152
6432
62 74108
162
216
253 TOTAL
Leading OEMs Shipping FIDO Certified Devices
S5, Mini Alpha Note 4,5 Note Edge Tab S, Tab S2
S6, S6 Edge
S7, S7 Edge Vernee Thor
Aquos Zeta Xperia Z5
Xperia Z5 Compact
Xperia Z5 Premium
Mate 8
V10 G5
Phab2 Pro
Phab2 Plus
Z2, Z2 Pro
Arrows NX
Arrows Fit
Arrows Tab
All Rights Reserved | FIDO Alliance | 2016 17
All Rights Reserved | FIDO Alliance | 2016 18
FIDO in Windows & Web EcosystemsWindows Platforms
Yoga 910
Web
All Rights Reserved | FIDO Alliance | 2016 19
Summary: FIDO Authentication Delivers
Better securityfor online services
Reduced costfor the enterprise
Simpler and saferfor users
All Rights Reserved | FIDO Alliance | 2016 20
GETTING ENGAGED
21All Rights Reserved | FIDO Alliance | 2016
How FIDO Works
MembershipLevels
TechnicalWorkstreams
Marketing & AdoptionWorkstreams
22All Rights Reserved | FIDO Alliance | 2016
Membership Levels
BoardSets strategy and overall direction for Alliance
SponsorLeads development through FIDO working groups & in
marketplace
AssociateAnnual networking opportunity, participate in broader
ecosystem
23All Rights Reserved | FIDO Alliance | 2016
Technical Working Groups
Security Requirements
“FIDO 2.0” Technology
Universal Authentication
Framework Technology
Universal 2nd Factor
Technology
24All Rights Reserved | FIDO Alliance | 2016
Membership Value: Technology• Influence FIDO’s specifications and
technical output• Gain early visibility into specs to help
guide your product development and/or deployments • Benefit from the “IPR Promise”• Network with technical peers across
industry segments
25All Rights Reserved | FIDO Alliance | 2016
“The IPR Promise” Process - 6.2.1.1
“For each Working Group in which one or more Bound Entities participates, Signatory, on behalf of itself, all its Related Entities and its and their successors in interest and assigns, promises not to assert its or its Related Entity’s Granted Claims against any Participant in such Working Group for its Public Permitted Uses or Working Group Permitted Uses, subject to the terms and conditions of this Agreement. [...]”
• A reciprocal promise to not assert patents against the normative requirements in FIDO specification
• Enables unencumbered growth of FIDO ecosystemhttp://fidoalliance.org/membership/details
26All Rights Reserved | FIDO Alliance | 2016
Technical Working Groups
Security Requirements
FIDO 2.0 Technology
Universal Authentication
Framework Technology
Universal 2nd Factor
Technology
Influence Early Visibility
Peer-based
Networking
27All Rights Reserved | FIDO Alliance | 2016
Adoption Working Groups
Certification Marketing Deploymen
t-at-Scale
Regional (China,
India, etc.)
Privacy & Public Policy
28All Rights Reserved | FIDO Alliance | 2016
Membership Value: Marketing & Adoption• Tap into FIDO’s ecosystem marketing activities
• Reduced fees for certification testing & logo usage• Take part in FIDO Pavilions at leading industry
events (turnkey, discounted presence)• Gain insights from Market Research programs • Engage with experts to drive regional adoption
• Understand and establish deployment best practices (benefit from early adopter experience)• Influence, understand and engage on emerging policy issues
29All Rights Reserved | FIDO Alliance | 2016
The Road AheadWeb
Authentication Specification
Brings FIDO to the Platform
Standards Effort with EMVCo
Client-to-Authenticator
Protocol (CTAP)
FIDO Gold Server + New
Certification Programs
30All Rights Reserved | FIDO Alliance | 2016
What Our Members Say
All Rights Reserved | FIDO Alliance | 2016 31
NEXT STEPS
All Rights Reserved | FIDO Alliance | 2016 32
Membership Application Procedures
• Ready to join? • Visit https://fidoalliance.org/membership/
• Have more questions (even after our Q&A)? • Email [email protected]• Follow us @fidoalliance• Meet us at upcoming Industry events
• https://fidoalliance.org/upcoming-events/
All Rights Reserved | FIDO Alliance | 2016 33
JOIN THE FIDO ALLIANCE
All Rights Reserved | FIDO Alliance | 2016 34
THANK YOU!QUESTIONS?