Welcome!

News Feed Item

FIDO Alliance Opens Technology for First Public Review to an Industry Desperate for Simpler, Stronger Authentication

The FIDO Alliance Marks 1st Anniversary by Publishing Review Draft Specifications as Membership Nears 100

MOUNTAIN VIEW, CA -- (Marketwired) -- 02/11/14 -- The FIDO (Fast IDentity Online) Alliance (http://www.fidoalliance.org/), an open industry consortium delivering standards for simpler, stronger authentication, achieved a historic milestone today by releasing its first public review draft technology specifications. These open technologies have been collaboratively developed by a rapidly increasing number of the most innovative companies in the world to enable simpler, stronger authentication to scale in the market.

The Q1 2013 Forrester Wave™: Enterprise Fraud Management asserts the online services industry is seeing upwards of $200B in annual losses from password breaches and related hacks that exploit the vulnerabilities inherent in single-factor password systems. According to the Verizon 2013 Network Investigations Data Breach Report, 76 percent of network intrusions exploit weak or stolen credentials. According to Gartner, 20 to 50 percent of all help desk calls are for password resets. Forrester Research estimates help desk labor cost at $70 per password reset*. In Mobile Consumer Insights, Jumio reports that 68 percent of smartphone and tablet owners have attempted to make purchases on their device. Due to problems during the payment process, 66 percent of that group abandon transactions, and 47 percent of these said they abandoned transactions that took too long. Upon its first-year anniversary, the FIDO Alliance demonstrates momentum that attests to pent-up demand for simpler, stronger authentication that must scale, as only open industry standards can deliver.

"It is with pride that the FIDO Alliance releases the review draft specifications to the public today, before our first anniversary of starting the long overdue revolution in authentication. Congratulations to our members for their insights, expertise, and tireless dedication to delivering better authentication that is more secure, private and easier-to-use than prevailing password schemas," said FIDO Alliance president, Michael Barrett. "With today's public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises. Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies."

The FIDO Alliance also announces that its membership is approaching 100 strong, with Aetna, ARM, Dell, Discretix, IdentityX, Netflix, Next Biometrics, Oesterreichische Staatsdruckerei GmbH, Salesforce, SafeNet, Sonavation, STMicroelectronics, and Wave Systems being among the most recent companies to join as Sponsor members of the Alliance. Launched in February 2013 with six founding members, the alliance has grown rapidly with representation from every continent and every industry.

"When I first started discussing the need for a strong authentication protocol with Michael Barrett, Taher Elgamal and others many years ago, we knew we had something big on our hands," said Ramesh Kesanupalli, founder of Nok Nok Labs and FIDO visionary, "and the progress we've seen in a single year in attracting membership and delivering draft specifications signifies the need for a drastic change in the marketplace and a collective determination to accomplish it. As a founding member, Nok Nok Labs is proud to be delivering FIDO Ready solutions based on these new specifications."

FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to today's prevailing reliance on single-factor passwords.

"It is incumbent upon Enterprise IT to begin moving away from the world of basic username/password authentication, and we are excited to join the FIDO Alliance in shaping the future of strong authentication," said Mike D. Kail, VP of IT Operations, Netflix. "We look forward to collaborating with various sectors and industry experts and contributing experience and guidance on best security and authentication practices for Enterprise IT."

The FIDO specifications emphasize a device-centric model that reflects the Alliance's thoughtful dedication to usability, privacy and security. FIDO specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as further enable existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (eSE), Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC). The open specifications are being designed to be extensible and to accommodate future innovation, as well as protect existing investments. FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO specifications complement and add value to identity federation. The improved user authentication enabled by FIDO specifications can be federated using existing industry standards such as OpenID and SAML. Committed to core privacy principles, the FIDO Alliance today published a reference whitepaper. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real-world deployment experience.

"Increased awareness of identity protection and the associated complexities of securely authenticating users across diverse devices and environments underscore the need for a universal authentication framework," commented Andrew Young, VP Product Management, Authentication at SafeNet. "To this end, one of the clear advantages of the FIDO approach is that it offers users a consistent experience across multiple services and user devices, a range of multi-factor schemes, and maintains privacy by using distinct authentication keys for different services. The FIDO Alliance, by helping to standardize multi-factor practices, will contribute to the formation of a broader identity framework based on greater trust and better security in both consumer and enterprise environments."

"As a leading provider of trusted identity and authentication networks and sponsor member of FIDO Alliance, SecureKey enthusiastically supports the principles of interoperable, simple and strong authentication for consumer-scale deployments, said Stu Vaeth, VP of Products, SecureKey. We look forward to delivering FIDO Ready solutions based on this specification to our customers and partners, leveraging our briidge.net™ Connect cloud-based authentication service."

"At PayPal the security of our customer's personal and financial information is our top priority, which is why we co-founded the FIDO Alliance," said Brett McDowell, FIDO Alliance vice president, and eBay Inc. Head of Ecosystem Security. "The open standards and best practices we develop in collaboration with other members of the Alliance provide our industry with an interoperable, scalable framework for delivering simpler, stronger authentication to our customers."

FIDO specifications allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. The FIDO Alliance will continue to develop and mature the specifications with additional features and refinements based on interoperability testing and real world deployment experience.

"IDC Financial Insights believes that most successful financial institutions in 2014 will be those that can deliver an engaging, omnichannel experience for their customers and prospects. Simple, convenient, and strong authentication is the foundation to convenience, and contributes to a channel-less experience for the end-user. The finalization and adoption of the FIDO Alliance draft specifications, shared today, can play an important role in delivering convenience," said Michael Versace, Global Research Director at IDC Financial Insights.

FIDO Alliance members are already developing FIDO Ready™ products and services based on early draft FIDO specifications. In October 2013, The FIDO Alliance began a certification program with FIDO Ready™ branding for implementations passing conformance and interoperability testing to early draft specifications. The 2014 Consumer Electronics Show (CES) revealed the first demonstrations of FIDO Ready products. Members are shaping the marketplace with FIDO specifications already in play in products like FingerQ with FIDO Ready™ components from Synaptics and FIDO Ready products from AGNITiO, Go-Trust, Nok Nok Labs, and Yubico.

FIDO members are featuring FIDO Ready products at this month's Mobile World Congress 2014 (MWC 2014), RSA Security Conference and FIDO Public Forum Event in Palo Alto California. Online Service providers who want to assess FIDO technologies are encouraged to look for the FIDO Ready(tm) certification on vendor implementations. The FIDO Certification program will continue to advance in scope and depth as the specifications mature, while adhering to a core principal of backward compatibility of FIDO infrastructure to ensure ongoing interoperability with all FIDO certified authenticators in the market.

Rob Coombs, Director of Security Marketing, ARM said: "Last year, our partners shipped over ten billion ARM-based microprocessors, the vast majority in internet-enabled devices. With the growing need to connect people and products securely to cloud services it is clear that we need to move beyond passwords for authentication. The FIDO alliance provides an excellent forum for industry to work together to provide a scalable verification architecture that can make the lives of consumers more convenient and help cloud-based services manage risk."

"Discretix' Passwordless and Second Factor User Authentication solutions are hardware-assisted and utilize the device's Trusted Execution Environment. These solutions leverage our expertise in deploying field-proven, mass-market solutions for mobile, particularly on Android devices," said Roni Sasson, Director Product Marketing at Discretix. "Simple and strong authentication is a key enabler for premium mobile services, and Discretix fully endorses the FIDO Alliance's specification and certification initiatives, and we are pleased to be an active contributor."

"As a long-time leader in semiconductors for trust and data security, STMicroelectronics recognizes the value and fully endorses the FIDO Alliance's efforts to develop an open and standardized solution for strong authentication," said Laurent Degauque, Embedded Security Marketing Director. "ST is committed to bringing its security expertise, products and solutions to bear to help the deployment of FIDO-enabled devices."

"FIDO specifications establish an authentication perimeter, so only content by consent can be accessed. As more 'things' proliferate in the Internet of Things (IoT), an authentication perimeter becomes very important to managing our world. Beyond addressing the need for password and PIN alternatives, FIDO authentication flips the model and increases both security and convenience, while ensuring privacy by placing local authentication controls entirely in the hands of the true owner. This control is essential to managing increasingly connected devices as they demand access to our data and personal content," said Tim Bajarin, president, Creative Strategies. "Generating a local signature understood by a remote service that protects both consumer and service provider from unauthorized access to owners and their data is unique. FIDO specifications flip the authentication model from user subjugation to user control with this truly revolutionary capability."

The FIDO Alliance invites all interested organizations to join and contribute their use cases and expertise to these open industry standards that will enable the next generation of authentication to online and cloud services.

About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was launched in February 2013 to address the lack of interoperability amongstrong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO authentication is stronger, private, and easier to use when authenticating to online services.

The FIDO Alliance Board of Directors includes leading global organizations: Blackberry®; CrucialTec (KRX: 114120); Discover Financial Services (NYSE: DFS); Google; Lenovo; MasterCard (NYSE: MA); Microsoft (NASDAQ: MSFT); Nok Nok Labs, Inc.; NXP Semiconductors N.V. (NASDAQ: NXPI); Oberthur Technologies OT; PayPal (NASDAQ: EBAY); RSA®; Synaptics (NASDAQ: SYNA); Yubico

*Note: These are widely published, referenced statements. Citations: http://static.helpsystems.com/safestone/pdfs/WP_PasswordSelfHelp.pdf and http://www.mandylionlabs.com/PRCCalc/PRCCalc.htm

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for FIDO Alliance
831-479-1888
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
We are always online. We access our data, our finances, work, and various services on the Internet. But we live in a congested world of information in which the roads were built two decades ago. The quest for better, faster Internet routing has been around for a decade, but nobody solved this problem. We’ve seen band aid approaches like CDNs that attack a niche's slice of static content part of the Internet, but that’s it. It does not address the dynamic services-based Internet of today. It doe...
SYS-CON Events announced today that Numerex Corp, a leading provider of managed enterprise solutions enabling the Internet of Things (IoT), will exhibit at the 19th International Cloud Expo | @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Numerex Corp. (NASDAQ:NMRX) is a leading provider of managed enterprise solutions enabling the Internet of Things (IoT). The Company's solutions produce new revenue streams or create operating...
Qosmos has announced new milestones in the detection of encrypted traffic and in protocol signature coverage. Qosmos latest software can accurately classify traffic encrypted with SSL/TLS (e.g., Google, Facebook, WhatsApp), P2P traffic (e.g., BitTorrent, MuTorrent, Vuze), and Skype, while preserving the privacy of communication content. These new classification techniques mean that traffic optimization, policy enforcement, and user experience are largely unaffected by encryption. In respect wit...
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports. The session will include a working demo and a technical d...
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
Although it has gained significant traction in the consumer space, IoT is still in the early stages of adoption in enterprises environments. However, many companies are working on initiatives like Industry 4.0 that includes IoT as one of the key disruptive technologies expected to reshape businesses of tomorrow. The key challenges will be availability, robustness and reliability of networks that connect devices in a business environment. Software Defined Wide Area Network (SD-WAN) is expected to...
Between the mockups and specs produced by analysts, and resulting applications built by developers, there exists a gulf where projects fail, costs spiral, and applications disappoint. Methodologies like Agile attempt to address this with intensified communication, with partial success but many limitations. In his session at @DevOpsSummit at 19th Cloud Expo, Charles Kendrick, CTO at Isomorphic Software, will present a revolutionary model enabled by new technologies. Learn how business and deve...
Developing software for the Internet of Things (IoT) comes with its own set of challenges. Security, privacy, and unified standards are a few key issues. In addition, each IoT product is comprised of (at least) three separate application components: the software embedded in the device, the back-end service, and the mobile application for the end user’s controls. Each component is developed by a different team, using different technologies and practices, and deployed to a different stack/target –...
SYS-CON Events announced today that Hitrons Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Hitrons Solutions Inc. is distributor in the North American market for unique products and services of small and medium-size businesses, including cloud services and solutions, SEO marketing platforms, and mobile applications.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
Enterprises have forever faced challenges surrounding the sharing of their intellectual property. Emerging cloud adoption has made it more compelling for enterprises to digitize their content, making them available over a wide variety of devices across the Internet. In his session at 19th Cloud Expo, Santosh Ahuja, Director of Architecture at Impiger Technologies, will introduce various mechanisms provided by cloud service providers today to manage and share digital content in a secure manner....