FIDO & THE MOBILE NETWORK OPERATOR Alan Goode, Managing Director, Goode Intelligence Jamie Cowper, Senior Director, Nok Nok Labs
Jul 13, 2015
FIDO & THE MOBILE NETWORK OPERATOR
Alan Goode, Managing Director, Goode Intelligence Jamie Cowper, Senior Director, Nok Nok Labs
MODERN AUTHENTICATION NEEDS
3
COST PRIVACY
SECURITY USABILITY
INFRASTRUCTURE: EXISTING
TECHNOLOGY
AUTHENTICATION LEGACY
LATEST RESEARCH
4
• What is the current Standard landscape for Authentication & identity?
• What are the integration points
between Identity & Authentication
• How can MNO’s take advantage of the new opportunities in Authentication
THE MOBILE NETWORK OPERATORS AND THE FUTURE OF AUTHENTICATION
11 November 2014 Alan Goode - Goode Intelligence
1
• Two inter-connected megatrends: • The rise of mobile computing • Cloud and SaaS
• Mobile & Cloud – legacy authentication not fit for purpose
• Failure of traditional of monolithic authentication solutions: • Passwords • Siloed 2FA
• The need to support legacy IT
2
• Putting the mobile at the heart of authentication and identity
• Industry standards and initiatives facilitating emergence of intelligent mobile-based authentication • OpenID Connect • SAML • GSMA Mobile Connect • FIDO
• Leverage the security of the SIM and built-in features of mobile for authentication
3
• The first mile = using a mobile device as an authenticator • Leveraging native capabilities including
biometrics • The second mile = connections to wider risk and
fraud management and authorisation services • Importance of Identity Federation services
• Authenticate once & then access multiple services
• Vital to smoothly connect first and second miles • Seamless user experience
4
• GSMA Mobile Connect provides a framework for MNOs to deliver mobile-based authentication services
• Opportunity to become a central part of modern authentication ecosystem
• MNOs are logical owners of mobile authentication and can leverage existing components and infrastructure: • SIM • Subscriber Data
5
• First-to-market for FIDO Ready™ Authentication with S3 Authentication Suite
• Powers fingerprint biometric authentication for Alipay and Paypal
• Reference model for mobile-based authentication using FIDO standards
• Leverages mobile device secure hardware
Thank you. [email protected] www.goodeintelligence.com Twitter: @goodeintel
THE FIDO APPROACH ANY DEVICE. ANY APPLICATION. ANY AUTHENTICATOR.
12
Standardized Protocols
Local authentication unlocks app specific key
Key used to authenticate to server
MARKET DRIVERS FOR FIDO
• Reduce transaction abandonment - Lower friction
• Reduce transaction time
• Reduce fraud • Increase trust in
provider • Increase adoption
of stronger adoption
• Risk appropriate
• Unified framework - Any device - Any
authenticator • Future-proof
architecture
14
Usability Security Cost
BROAD UTILITY FOR BETTER AUTHENTICATION
15
Enables innovation and revenue across B2C, B2B, B2B2C Ecosystems
eHealth
Home Automation
Mobile / Retail Commerce and Payments
New Cloud Services The Internet of Things
Federated Identity Services
Strong FIDO Authentication is the gateway to…
Much, much more ...
Ecosystems
FINGERPRINT SENSOR UPTAKE
16
iPhone 5s
Galaxy S5 & Mini
Galaxy Tab S
“By 2017 there will over 990 million mobile devices (smart phones, phablets and tablets) with fingerprint sensors. This number is set to increase further by the following year when there will be well over one billion mobile devices – making fingerprint sensors a common feature in mobile devices.” Goode Intelligence, December 2013
iPhone 6
AUTHENTICATION IS THE GATEWAY TO USER EXPERIENCE
Benefits • Service & Product Differentiation • Increased Brand Loyalty • Expanded Customer Revenue • New Partnership Opportunities
Current Innovation Examples • Google – Personal Unlocking • Apple – TouchID + iTunes • PayPal – “Swipe to Pay” on Samsung S5, Tab S
Lessons Learned • NFC + Softcard Wallet
18
Simpler, Faster, and Contextual Authentication Increases User Engagement and Satisfaction
NNL server
Web Browser
MNO DEPLOYMENT
24
FEDERATION INTEGRATION MODEL
USER’S DEVICE RELYING PARTY’S INFRASTRUCTURE
Browser Extension
HTML
Javascript
NNL client
Web Application
Session Management Infrastructure
Relying Party FIDO 3rd party
Federation Gateway (SAML, OpenID, etc.)
IDP Adapter Plugin
MNO/IDP INFRASTRUCTURE
Authen4ca4on
Registra4on
SECURE AUTHENTICATOR IMPLEMENTATION MODELS
Trusted Execution Environment (TEE)
FIDO Authenticator as Trusted Application (TA)
User Verification /
Presence
Trusted UI
eSE/SIM Attestation Key
Authentication Key(s)
Biometric Template(s)
Implemented with NXP, Infineon & Oberthur
Implemented with Trustonic
EXTENSIBLE AND FUTURE PROOF ARCHITECTURE
New Authenticators New Devices New Use Cases
Internet of Things Home Automation
and more…