![Page 1: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/1.jpg)
FIDO CERTIFICATION2015-06-24 WEBINAR
Certification Program Overview and Status
Brett McDowell, David Rivera, Adam Powers
![Page 2: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/2.jpg)
AGENDA
2
Why FIDO
What is FIDO
Who is FIDO
What’s New (Certification)
![Page 3: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/3.jpg)
783 data breaches in 2014
Data Breaches…
>1 billion records since 2012
3
$3.5 million cost/breach
![Page 4: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/4.jpg)
“76% of 2012 network
intrusions exploited weak
or stolen credentials”2013 Data Breach Investigations Report4
![Page 5: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/5.jpg)
The world has a PASSWORD PROBLEM
5
![Page 6: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/6.jpg)
WE NEED A NEW MODEL
6
![Page 7: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/7.jpg)
WE CALL OURNEW MODEL
Fast IDentity Onlineonline authentication using
public key cryptography
7
![Page 8: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/8.jpg)
8
AGENDA
Why FIDO
What is FIDO
Who is FIDO
What’s New (Certification)
![Page 9: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/9.jpg)
9
HOW THE OLD AUTHN WORKS
ONLINE
The user authenticates themselves online by presenting
a human-readable secret
![Page 10: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/10.jpg)
10
HOW FIDO AUTHN WORKS
AUTHENTICATOR
LOCAL ONLINE
The user authenticates “locally” to their device
by various means
The device authenticates the user online using
public key cryptography
![Page 11: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/11.jpg)
Passwordless Experience (UAF Standards)
Second Factor Experience (U2F Standards)
11*There are other types of authenticators
Second Factor Challenge
1
Authenticated Online
3
Insert Dongle* / Press Button
2
Biometric Verification*
2
Authentication Challenge
1
?
Authenticated Online
3
![Page 12: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/12.jpg)
online authentication usingpublic key cryptography
12
![Page 13: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/13.jpg)
13
No 3rd Party in the Protocol
No Secrets on the Server side
Biometric Data (if used) Never Leaves Device
No Link-ability Between Services
No Link-ability Between Accounts
![Page 14: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/14.jpg)
Better Security for online services
Reduced cost for the enterprise
Simpler and Safer for consumers14
![Page 15: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/15.jpg)
15
AGENDA
Why FIDO
What is FIDO
Who is FIDO
What’s New (Certification)
![Page 16: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/16.jpg)
The Fast IDentity Online (FIDO)
Alliance is an open industry
association of over 200 global
member organizations
16
![Page 17: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/17.jpg)
Board Members
17
Services/Networks
Devices/Platforms
Vendors/Enablers
17 1717
![Page 18: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/18.jpg)
FIDO Alliance Mission
DevelopSpecifications
OperateAdoption Programs
Pursue Formal Standardization
18
1 2 3
![Page 19: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/19.jpg)
19
AGENDA
Why FIDO
What is FIDO
Who is FIDO
What’s New (Certification)
![Page 20: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/20.jpg)
20
“PayPal and Samsung Enable Consumer Payments with Fingerprint Authentication on New Samsung Galaxy S5”, Feb 24, 2014
“Secure Consumer Payments Enabled for Alipay Customers with Easy-to-Use Fingerprint Sensors on Recently-Launched Samsung Galaxy S5”, September 17, 2014
“Google Launches Security Key, World’s First Deployment of Fast Identity Online Universal Second Factor (FIDO U2F) Authentication”,October 21, 2014
2014 FIDO ADOPTION
![Page 21: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/21.jpg)
21
“Microsoft Announces FIDO Support Coming to Windows 10”, Feb 23, 2015
“Qualcomm launches Snapdragon fingerprint scanning technology”, March 2, 2015
“Google for Work announced Enterprise admin support for FIDO® U2F “Security Key”,April 21, 2015
DOCOMO announced *many* FIDO Ecosystem “firsts” on May 26, 2015…
2015 FIDO ADOPTION
![Page 22: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/22.jpg)
Deployments are enabled by
FIDO Certified™ Productsavailable today
22
![Page 23: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/23.jpg)
• Ensure interoperability between FIDO officially recognized implementations
Certification Goals
• Enable implementations to be identified as officially FIDO certified
• Promote the adoption of the FIDO ecosystem
![Page 24: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/24.jpg)
Certification Overview
• Available to both members and non-members
• Four steps to certification:1. Conformance Self-Validation
2. Interoperability Testing
3. Certification Request
4. Certification Mark Usage (optional)
![Page 25: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/25.jpg)
Getting Ready
• Standards: UAF and U2F• UAF & U2F 1.0 implementations certified and
in market now
• Strongly encourage servers to supportboth UAF & U2F
• Prep note to UAF Authenticators• Get a Vendor ID• Register your metadata• Only required for UAF Authenticators!
![Page 26: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/26.jpg)
Self-Conformance
• Goal: test implementations using online tools to ensure conformance with specifications• Both positive and negative testing• Check corner-cases that might occur only rarely in the real world
• Self-Conformance Validation Process• Request access to test tools• Review online help• Run tests – as many as you would like• Perform official test and submit results
• Next step: interop interoperability testing
• Pro tip:• UTHS – code development required• UTHS - Requires registration with gmail account: create one for your team• UAF – partners required for generating messages
![Page 27: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/27.jpg)
Interoperability Testing
• Goals: implementations work together, no problems in the “real world”
• Separate events for UAF and U2F, same format
• Interop Logistics• Registration open ~4-6 weeks ahead of time
• Registration closes 14 days ahead of event
• Must pass self-conformance validation first
• In-person attendance preferred, remote attendance if necessary
![Page 28: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/28.jpg)
Interop Criteria
• What happens at interoperability event• Test with every other implementer at the event
(interoperability)• Perform normal, real-world actions: register,
authenticate, etc.
• How to pass• Show that each action with every other
implementer works• Should issues arise: adjust and retest
• After passing interop: Certification registration
• Pro-tip:• Pre-testing is the key to success – don’t wait for the interop to start testing
• Pre-testing opt-in available during registration and begins 14 days ahead of event
![Page 29: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/29.jpg)
Certification
• Requires passing the test tool and attending an interop
• Certificate will be granted ASAP, pending documentation verification; plan on 10 business days to be conservative
• All certifications will be public (on FIDO website) unless confidentiality is requested
![Page 30: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/30.jpg)
Derivatives
• Same implementation, different product• Reasonable caveats apply: bug fixes, etc.
• Designed to lower cost and effort in FIDO certification• Hundreds of SKUs; not hundreds of interops
• Lower registration fee for derivatives (next slide)
• Self-Validation and Interop not required• Uses “derivative test plan” instead
• Must reference original certificate
![Page 31: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/31.jpg)
Certification Fees
• Non-Member Resource Access Fee: $3,000 (annual)
• Offset test tool costs, management, interop, etc.!
• Certification:• Member: $5,000• Non-Member: $6,500• Per certification
• Derivatives:• Member: $500• Non-Member: $750• Per Derivative
• Vendor ID : $3,000 (one-time)
• Credited towards first certification
• Interop: Free!
• Test Tools: Free!
CERTIFICATION FEES OTHER FEES
![Page 32: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/32.jpg)
Certification Mark Usage
• Authenticators / Clients• Execute Trademark Licensing Agreement (TMLA)
• Relying parties• “Clickless” license for logo usage (based on node.js / OpenID)
• Enables millions of logo users without the logistical overhead
• One logo, two badges:
![Page 33: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/33.jpg)
What to with your FIDO logos
• Put FIDO logos on your website
• Write a press release
• Put FIDO in your apps
• Put FIDO on your product briefs
• Put FIDO in your tradeshow booth
![Page 34: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/34.jpg)
CERTIFICATION STATISTICS
![Page 35: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/35.jpg)
35
![Page 36: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/36.jpg)
By The Numbers:
Number of Companies
11
20
FID
O
Re
ad
y
FID
O C
ert
ifie
d
![Page 37: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/37.jpg)
By The Numbers:
Number of Implementations
5
10 10
23
FID
O
Re
ad
y FID
O
Ce
rtifie
d
FID
O C
ert
ifie
d
FID
O
Re
ad
y
![Page 38: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/38.jpg)
By The Numbers:
Implementation Types
0
2
4
6
8
10
Client
Authenticator
Server
![Page 39: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/39.jpg)
Call To Action
• Get certified now!
• Get started with specifications at:https://fidoalliance.org/specifications/download/
• Register for Test Tool access:http://fidoalliance.org/test-tool-access-request/
• Next interops:• UAF, July 14-16th, Silicon Valley (venue TBD)• U2F, July 29th, Silicon Valley (venue TBD)• Registration open now: https://fidoalliance.org/interop-registration/
• Contact us for help and answers:[email protected]
![Page 40: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/40.jpg)
FAQ
• Do I need a Vendor ID?• Only if you are a UAF Authenticator• U2F implementers and UAF Servers / Clients do not require a Vendor ID
• Where do I find the form for…?• https://fidoalliance.org/certification/
• What is the cost for…?• Test Tools: free (non-member access: $3,000)• Interop Events: free• Certification: $5,000 member, $6,500 non-member• Derivative Certification: $500 member, $750 non-member• Trademark License Agreement: free
• Where do I start?• Register for test tool access here:
https://fidoalliance.org/test-tool-access-request/
![Page 41: FIDO CERTIFICATION · 2019-11-16 · 2015-06-24 WEBINAR Certification Program Overview and Status Brett McDowell, ... WE CALL OUR NEW MODEL Fast IDentity Online online authentication](https://reader034.vdocument.in/reader034/viewer/2022050103/5f4221110300b86f963dabd1/html5/thumbnails/41.jpg)
Questions?41