In just over one year, the FIDO Certified Program has tested and certified more than 200 implementations of the FIDO specifications. There is strong interest and momentum in the market for FIDO Certified products — including FIDO’s new BLE certification, which for the first time brings FIDO technology to wearables and other emerging form factors.
These slides include information about:
- An overview of the program, including updates on newly available certification methodologies,
- Some of the latest and greatest FIDO Certified solutions on the marketplace, and gain an understanding of how products get started through the FIDO Certification process, and also will understand the benefits of deploying FIDO Certified authentication solutions.
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
FIDO Certification
1. FIDO CERTIFICATION:
VALIDATING THE NEXT GENERATION OF
STRONGER, SIMPLER AUTHENTICATION
Steve Wilson, Ramesh Kesanupalli, Adam Powers
All Rights Reserved | FIDO Alliance | Copyright 2016
2. Agenda
• Welcome
• The Importance of Interoperability
• FIDO Certification Program Overview
• Highlights from Year One
• What’s New with the Program
• Implementation Highlights
• Getting Certified
• Q & A
2All Rights Reserved | FIDO Alliance | Copyright 2016
3. The Importance of Interoperability
3All Rights Reserved | FIDO Alliance | Copyright 2016
STEVE WILSON
Vice President and Principal Analyst,
Constellation Research
6. Certification Goals
• Enable implementations to be identified as
officially FIDO certified
• Ensure interoperability between FIDO
officially recognized implementations
• Promote the adoption of the FIDO
ecosystem
6All Rights Reserved | FIDO Alliance | Copyright 2016
7. Certification Overview
• Available to both members and non-members
• Four steps to certification
7All Rights Reserved | FIDO Alliance | Copyright 2016
8. 8All Rights Reserved | FIDO Alliance | Copyright 2016
Deployments are enabled by
150+ 200+ FIDO® Certified products
available today
11. OEMs Now Shipping FIDO Certified Devices
S5, Mini Alpha Note 4,5 Note Edge Tab S,
Tab S2
S6,
S6 Edge
S7,
S7 Edge
Vernee
Thor
Aquos Zeta
Xperia Z5 Xperia Z5
Compact
Xperia Z5
Premium
Mate 8
V10 G5
Phab2
Pro
Phab2
Plus
Z2, Z2 ProArrows
NX
Arrows
Fit
Arrows
Tab
All Rights Reserved | FIDO Alliance | Copyright 2016
12. FIDO Applications Now Run on iOS 9
12All Rights Reserved | FIDO Alliance | Copyright 2016
iPhone 5s iPhone 6, 6+
iPad Air 2, Mini 3
iPhone 6s, 6s+
iPad Mini 4 iPad Pro
Supported iOS Fingerprint Devices
13. WHAT’S NEW WITH THE
CERTIFICATION PROGRAM
Adam Powers, Director of Technology, FIDO Alliance
13All Rights Reserved | FIDO Alliance | Copyright 2016
14. BLE
• 2014: USB
• 2015: NFC
• 2016: BLE
• Bluetooth Smart authenticators, based on new U2F BLE specification
• One-click authentication
• U2F support for iOS
14
+
All Rights Reserved | FIDO Alliance | Copyright 2016
15. On Demand Testing Overview
On
Demand
Testing
Virtual
Shipped
In-
Person
Confidential
FIDO Alliance | Confidential | All Rights Reserved | Copyright 2016 15
• Existing Process – Interop Testing
• Interop every 90 days
• Plan ahead! May impact product schedules…
• New Process – On Demand Testing
• Pick your testing date from a calendar
• Servers: remote / virtual testing
• Authenticators: ship device or in-person testing
• Convenience and fast turn-around
16. Upcoming Certification Programs
• Security Certification
• Third-party lab security testing
• Ensure authenticators are secure against at-scale and
targeted attacks
• Biometric Certification
• Biometric neutral third-party biometric testing
• Ensure levels of False Accept Rate (FAR) and resistance to
predefined presentation attacks
• New Specification Releases
• Stay tuned for more details…
16All Rights Reserved | FIDO Alliance | Copyright 2016
18. Korean Market Growth
• Most markets seeing
healthy growth…
• Huge spike in Korean
certifications in 2016
18All Rights Reserved | FIDO Alliance | Copyright 2016
3
16
55
73
Sept-15 Dec-15 Mar-16 May-16
19. BLE & NFC
All Rights Reserved | FIDO Alliance | Copyright 2016
20. BLE / NFC Implementations
21All Rights Reserved | FIDO Alliance | Copyright 2016
21. Cool Authentication
22
Voice + FacePalm Recognition
Iris Recognition PIN + Mini jack
All Rights Reserved | FIDO Alliance | Copyright 2016
22. TIPS FOR RELYING PARTIES
23All Rights Reserved | FIDO Alliance | Copyright 2016
23. Key Considerations
• FIDO® Certified
• Out-of-the-box interoperability
• Broad ecosystem of authenticators and devices
• Open Source Implementations
• Exist for both UAF and U2F
• Great for prototyping and small deployments
• Include FIDO in your RFP
• The simple way to ask for secure authentication
24All Rights Reserved | FIDO Alliance | Copyright 2016
24. Deploying: Authentication
25
phone / app
FIDO Client
FIDO
Authenticator(s)
Web
Server
Relying Party Applications
FIDO Components
FIDO Client API
All Rights Reserved | FIDO Alliance | Copyright 2016
25. Deploying: Second Factor
Original DB
Original Database
user_id Password#
JohnDoe
4^hfd;`gpo
U2F Database
U2F DB
Relation
Relying Party
user_id Meta U2F Data
JohnDoe
Yubico, Security
Key, USB
key handle, public
key, certificate
JohnDoe
Yubico, YubiKey
NEO, USB + NFC
key handle, public
key, certificate
John Doe Yubico, Mobile app
key handle, public
key, certificatediagram provided by:
• Average time to integrate: < 1
week
• Stats from Google Deployment:
• 4x faster login
• Significant fraud reduction
• 40% support reduction
All Rights Reserved | FIDO Alliance | Copyright 2016
26. TIPS FOR PRODUCT IMPLEMENTERS
27All Rights Reserved | FIDO Alliance | Copyright 2016
27. The Value of Ecosystem
28All Rights Reserved | FIDO Alliance | Copyright 2016
28. The Value of Certification
29All Rights Reserved | FIDO Alliance | Copyright 2016
Higher Quality
Deployment Ready
Interoperability
Market Ready
29. Getting the Most from Certification
• Remember to use your FIDO Certified logo!
• Tradeshows, websites, product briefs, etc.
• Being a member has its privileges
• Connect with RPs at plenaries, networking events, etc.
• Certification discounts
• Early access to specifications = first mover advantage
30All Rights Reserved | FIDO Alliance | Copyright 2016
30. Getting Started
• Register for Self-Conformance Test Tool Access : https://fidoalliance.org/test-tool-
access-request/
• For UAF, you will need to complete both automated and manual testing
• UAF Authenticators only will need a Vendor ID: http://fidoalliance.org/vendor-id-request/
• Complete Self-Conformance Testing at least two weeks prior to interoperability event.
• Elect to Participate in Pre-Testing in the two weeks prior to the interoperability event
(recommended)
• Register for the next interoperability event to be held in Korea :
https://fidoalliance.org/interop-registration/
• Next Interoperability Event Host: CrucialTec (Korea)
• August 30 – 31, 2016: UAF
• September 1, 2016: U2F
31All Rights Reserved | FIDO Alliance | Copyright 2016
31. Next Steps
32All Rights Reserved | FIDO Alliance | Copyright 2016
https://fidoalliance.org/certification/
Before moving on, it’s important to understand FIDO’s scope – looking at the “identity” pyramid you’ll see where FIDO resides.
While FIDO is complementary to Federation and the other components, we don’t explicity consider them in our specifications. From a technical perspective we’re focused solely on Authentication– and specifically, stronger, simpler authentication.
We support a growing number of fingerprint enabled Android devices that have in-built UAF capabilities
Most of the new Samsung high devices with FPSs support UAF
Newer devices from Fujitsu, Sharp and Sony increasingly include UAF support out of the box
Fujitsu Arrows NX supports UAF-enabled iris authentication.
We will see other types of authenticators also appear in coming devices
We support the Android M fingerprint API
Apart from these devices with native FIDO UAF support, we also support virtually any non-FPS Android device running Kit Kat or newer
using an embedded UAF PIN authenticator.