Tuesday 11 March 2014

Improving the first mile of authentication – how the FIDO Alliance and Nok Nok Labs are helping to create the building blocks of trusted identity

There has been a lot of media attention attracted by the FIDO Alliance, an organisation that is attempting to change the nature of online authentication through standards and I have been following the developments with interest.

FIDO has had a successful start to its history with some of the largest names in technology, PayPal, Google, Microsoft, Synaptics (Validity Sensors), Lenovo, RSA and MasterCard to name a few, playing a role in developing the standards that were recently made public.

A number of the FIDO members have already showcased FIDO Ready™ devices at this year’s trade shows including CES, MWC and RSA Conference 2014. Solutions from AGNITiO, GO-Trust, Infineon, Fingerprint Cards, Yubico, Synaptics (Validity Sensors) and Nok Nok Labs have all been shown to demonstrate how FIDO can be implemented at the endpoint.

And with Samsung announcing its new flagship S5 smartphone at MWC 2014 with an integrated fingerprint sensor linked to PayPal’s FIDO Ready™ mobile payments app we will soon see how the FIDO standards operate in the real world.

Samsung is also planning to open up the fingerprint sensor to third parties using its new Pass API and there is a possibility that the FIDO components will be available for developers to build mobile-based multi-factor authentication enabled applications; a very promising move.

I expect to see more clients and devices being launched throughout 2014 that are FIDO Ready™. These FIDO enabled devices will run a Multifactor Authentication Client (MFAC) that supports FIDO’s Universal Authentication Framework Protocol (UAF) and interfaces with a FIDO server.

Currently, Nok Nok Labs is the only provider of both the FIDO Ready™ client and server components with its S3 Authentication Suite.

The device OEM (could be a smartphone, a tablet or a Windows PC) would pre-install the MFAC and then a service provider, the Relying Party, (could be a financial services provider or a mobile network operator running it on an Authentication as a Service basis) would run the MFAS.

The MFAS has the capability of interfacing with policy and risk engines (including Risk Based Authentication) and also federated identity providers to link the client identity with multiple online services – brokering identity using strong mobile based MFA.

Over the past five years, we have witnessed a lot of development in the ‘last mile’ of authentication and identity assurance; standards such as SAML and OpenID have introduced a framework in which user identities can be shared amongst online services.

The FIDO Alliance and Nok Nok Labs are attempting to standardise the ‘first mile’ of authentication – an event at the beginning of the authentication process proving that an authorised person is allowed access to a digital service or to authorise a transaction.

These are early days for FIDO and Nok Nok Labs but I firmly believe that they are establishing the building blocks for agile omni-channel authentication and identity verification that will have an important part to play in improving the levels of trust in an open connected world.