FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs

FIDO & THE MOBILE NETWORK OPERATOR

Alan Goode, Managing Director, Goode Intelligence Jamie Cowper, Senior Director, Nok Nok Labs

THE AUTHENTICATION CHALLENGE: HOW DO WE KNOW WHO YOU ARE?

2

?

MODERN AUTHENTICATION NEEDS

3

COST PRIVACY

SECURITY USABILITY

INFRASTRUCTURE: EXISTING

TECHNOLOGY

AUTHENTICATION LEGACY

LATEST RESEARCH

4

•  What is the current Standard landscape for Authentication & identity?

•  What are the integration points

between Identity & Authentication

•  How can MNO’s take advantage of the new opportunities in Authentication

THE MOBILE NETWORK OPERATORS AND THE FUTURE OF AUTHENTICATION

11 November 2014 Alan Goode - Goode Intelligence

1

•  Two inter-connected megatrends: •  The rise of mobile computing •  Cloud and SaaS

•  Mobile & Cloud – legacy authentication not fit for purpose

•  Failure of traditional of monolithic authentication solutions: •  Passwords •  Siloed 2FA

•  The need to support legacy IT

2

•  Putting the mobile at the heart of authentication and identity

•  Industry standards and initiatives facilitating emergence of intelligent mobile-based authentication •  OpenID Connect •  SAML •  GSMA Mobile Connect •  FIDO

•  Leverage the security of the SIM and built-in features of mobile for authentication

3

•  The first mile = using a mobile device as an authenticator •  Leveraging native capabilities including

biometrics •  The second mile = connections to wider risk and

fraud management and authorisation services •  Importance of Identity Federation services

•  Authenticate once & then access multiple services

•  Vital to smoothly connect first and second miles •  Seamless user experience

4

•  GSMA Mobile Connect provides a framework for MNOs to deliver mobile-based authentication services

•  Opportunity to become a central part of modern authentication ecosystem

•  MNOs are logical owners of mobile authentication and can leverage existing components and infrastructure: •  SIM •  Subscriber Data

5

•  First-to-market for FIDO Ready™ Authentication with S3 Authentication Suite

•  Powers fingerprint biometric authentication for Alipay and Paypal

•  Reference model for mobile-based authentication using FIDO standards

•  Leverages mobile device secure hardware

Thank you. [email protected] www.goodeintelligence.com Twitter: @goodeintel

THE FIDO APPROACH ANY DEVICE. ANY APPLICATION. ANY AUTHENTICATOR.

12

Standardized Protocols

Local authentication unlocks app specific key

Key used to authenticate to server

FIDO ECOSYSTEM MOMENTUM

13

MARKET DRIVERS FOR FIDO

• Reduce transaction abandonment - Lower friction

• Reduce transaction time

• Reduce fraud •  Increase trust in

provider •  Increase adoption

of stronger adoption

• Risk appropriate

• Unified framework - Any device - Any

authenticator • Future-proof

architecture

14

Usability Security Cost

BROAD UTILITY FOR BETTER AUTHENTICATION

15

Enables innovation and revenue across B2C, B2B, B2B2C Ecosystems

eHealth

Home Automation

Mobile / Retail Commerce and Payments

New Cloud Services The Internet of Things

Federated Identity Services

Strong FIDO Authentication is the gateway to…

Much, much more ...

Ecosystems

FINGERPRINT SENSOR UPTAKE

16

iPhone 5s

Galaxy S5 & Mini

Galaxy Tab S

“By 2017 there will over 990 million mobile devices (smart phones, phablets and tablets) with fingerprint sensors. This number is set to increase further by the following year when there will be well over one billion mobile devices – making fingerprint sensors a common feature in mobile devices.” Goode Intelligence, December 2013

iPhone 6

MANY AUTHENTICATORS, MANY DEVICES…

17

AUTHENTICATION IS THE GATEWAY TO USER EXPERIENCE

Benefits •  Service & Product Differentiation •  Increased Brand Loyalty •  Expanded Customer Revenue •  New Partnership Opportunities

Current Innovation Examples •  Google – Personal Unlocking •  Apple – TouchID + iTunes •  PayPal – “Swipe to Pay” on Samsung S5, Tab S

Lessons Learned •  NFC + Softcard Wallet

18

Simpler, Faster, and Contextual Authentication Increases User Engagement and Satisfaction

NOK NOK’S S3 SUITE ARCHITECTURE

19

NOK NOK LABS 3RD PARTY

DEPLOYED TODAY

20

Customers Devices

S5 & Mini Tab S [email protected]  Pat  Johnson  

Note 4

PARTNERS

21

Device

Authenticator

Secure Hardware

GSMA ‘MOBILE CONNECT’

HOW FIDO FITS INTO MOBILE CONNECT

FIDO client in a TEE/SIM based config

FIDO server hosted by MNO

NNL server

Web Browser

MNO DEPLOYMENT

24

FEDERATION INTEGRATION MODEL

USER’S DEVICE RELYING PARTY’S INFRASTRUCTURE

Browser Extension

HTML

Javascript

NNL client

Web Application

Session Management Infrastructure

Relying Party FIDO 3rd party

Federation Gateway (SAML, OpenID, etc.)

IDP Adapter Plugin

MNO/IDP INFRASTRUCTURE

Authen4ca4on  

Registra4on  

SECURE AUTHENTICATOR IMPLEMENTATION MODELS

Trusted Execution Environment (TEE)

FIDO Authenticator as Trusted Application (TA)

User Verification /

Presence

Trusted UI

eSE/SIM Attestation Key

Authentication Key(s)

Biometric Template(s)

Implemented with NXP, Infineon & Oberthur

Implemented with Trustonic

EXTENSIBLE AND FUTURE PROOF ARCHITECTURE

New Authenticators New Devices New Use Cases

Internet of Things Home Automation

and more…

CONSUMER PREFERENCES

PRIVATE & CONFIDENTIAL 27

Q&A

28