NOK NOK LABS AUTHENTICATION & OTT SERVICES RAJIV DHOLAKIA VP PRODUCTS & BUSINESS DEVELOPMENT 1
NOK NOK LABS The authentication challenge
A DILEMMA UNTIL WE CAN TRULY RECOGNIZE PEOPLE ONLINE, IN REAL TIME... NOK NOK LABS 3
A DILEMMA...WE CANNOT REALIZE THE FULL POTENTIAL OF THE CLOUD, MOBILITY OR E-COMMERCE. NOK NOK LABS 4
IDENTITY & AUTHENTICATION Single Sign-On Federa-on Authen-ca-on User Management Physical- to- Digital Iden-ty NOK NOK LABS Iden-ty Services 5
THE HUMBLE IGNITION KEY NOK NOK LABS 6
THINGS ARE CHANGING Convenience, Security, Personalization Attacks First Steps Next Steps Sony 77 M Evernote 60 M Rockyou 32 M LinkedIn Yahoo Twitter 6.5 M 450 K 56 K Apple Evernote Facebook Twitter Google? NOK NOK LABS 7
NOK NOK LABS Reality Check
HOW ARE WE DOING? USERS FRUSTRATED 25 ACCOUNTS 8 LOGINS / DAY 6.5 PASSWORDS ORGANIZATIONS OVERWHELMED $7.2M / DATA BREACH $15 / PASSWORD RESET $50-120+ / TOKEN ECOSYSTEMS INHIBITED FRAGMENTED INFLEXIBLE FRICTION EVERYWHERE NOK NOK LABS 9
THE AUTHENTICATION TOWER OF BABEL? Silos, proprietary, privacy, reliance on 3 rd party, tolls NOK NOK LABS 10
NOK NOK LABS Towards a Solution
AUTHENTICATION: MISSING PIECE OF THE CLOUD, MOBILE & INTERNET OF THINGS 75% OF THE DIGITAL UNIVERSE CREATED, CAPTURED OR REPLICATED IN THE CLOUD INCREASING USE OF INTERNET OF THINGS US ECOMMERCE PROJECTED AT $325BN BY 2015 5BN MOBILE DEVICES MORE THAN THE EARTH S POPULATION 3.1 TRILLION HARD DRIVES WORTH OF DATA CONSUMED DAILY IN THE US EXPLOSION OF ONLINE DATA ABOUT PEOPLE & THEIR ACTIONS = MORE KNOWLEDGE OF WHAT MAKES US UNIQUE NOK NOK LABS 12
WHAT IS NEEDED COMMON AUTHENTICATION PLUMBING Usable Authentication Users Open Standard Plug-In Approach Interoperable Ecosystem Devices Cloud/ Enterprise Federation 13
IMPLEMENTATION CHALLENGE A PLUMBING PROBLEM: SHADES OF RUBE GOLDBERG Organizations Applications Authentication Methods RP 1 RP 1 App 1 Silo 1 Silo 2 App 2 New App Silo 3 Silo N?? NOK NOK LABS 14
UNIFIED STANDARDS & AUTHENTICATION AGILITY ANY DEVICE. ANY APPLICATION. ANY AUTHENTICATOR. Organizations Applications Authentication Methods RP 1 RP 1 App 1 FIDO UNIFIED STANDARDS App 2 New App? NOK NOK LABS 15
ADDRESS USABILITY & DIVERSITY Usability Drives Usage No passwords Existing devices Flexible authentication Engagement Completed transactions Security compliance NOK NOK LABS 16
THE OTHER HALF OF THE EQUATION PASSWORDS SSO/FEDERATION SAML STRONG AUTH OpenID Recreated PMS First Mile Second Mile NOK NOK LABS 17
MULTIPLE IMPLEMENTATIONS AVAILABLE No Secure HW FIDO SDK Secure Crypto + Storage Secure Execution Environment User Space UX Layer Input, Display Crypto Layer FIDO SDK UX Layer Input, Display FIDO SDK Secure Hardware Crypto Layer UX Layer Input, Display Crypto Layer NOK NOK LABS
A PEEK INTO MODERN AUTHENTICATION EXPLICIT AUTHENTICATION IMPLICIT AUTHENTICATION NOK NOK LABS 19
IDENTITY SOLUTION PATTERNS WHICH WILL PREVAIL? User-Centric Relationship-Centric Trust-Me-Me-Me Regulation-Centric 20
ONE-SWIPE, ONE-PHRASE, ONE-LOOK AUTHENTICATION ARE YOU READY? Select Authenticate Purchase Nok Nok Labs 21
NOK NOK LABS The FIDO Alliance
GOAL: SIMPLER STRONGER AUTH INTERNET SERVICES COMPONENT & DEVICE VENDORS SOFTWARE & STACKS
FIDO EXPERIENCES ONLINE AUTH REQUEST LOCAL DEVICE AUTH SUCCESS PASSWORDLESS EXPERIENCE (UAF STANDARDS) Transac2on Detail Show a biometric Done SECOND FACTOR EXPERIENCE (U2F STANDARDS) Login & Password Insert Dongle, Press bu=on Done
OPTIONS FOR SERVICES Passwordless UX = UAF: Universal Auth Framework User carries client device with UAF stack installed User presents a local biometric or PIN Website can choose whether to retain password Second Factor UX = U2F: Universal Second Factor User carries U2F device with built-in support in web browsers User presents U2F device Website can simplify password (e.g, 4 digit PIN) Simpler Stronger Authentication
WHAT'S THE BENEFIT? For Users Easy to use No more worrying about passwords Be safer on the Internet For Internet Services Greatly improved PKI based security Increased user engagement User brings own device Build server once: Leverage any auth method For Vendors Standardization ignites market Move past fragmented custom solutions
FIDO TODAY Technical Working Groups active o Public Spec Drafts early 2014 o Pilots in progress o Complement to existing standards & efforts! e.g., Federation, OpenID, SAML etc Actively adding to FIDO membership o Targeting Internet Services, Client Platform Owners, Device & Component Vendors, System Integrators Simpler Stronger Authentication JOIN US!! info@fidoalliance.org rajiv@noknok.com
AUTHENTICATION IS THE GATEWAY SERVICES, REVENUE STREAMS, DIFFERENTIATION Mobile Payments M-Commerce Authenticate Movies Stores Books Music Internet of Things Cloud Services 28
THE ECOSYSTEM INTERNET SERVICES COMPONENT & DEVICE VENDORS SOFTWARE & STACKS
Any Device. Any Application. Any Authenticator.