FIDO Alliance Osaka Seminar: Overview.pdf
FIDOAlliance
675 views
17 slides
May 31, 2024
Slide 1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
About This Presentation
FIDO Alliance Osaka Seminar
Slide Content
© FIDO Alliance 2024 Confidential1 © FIDO Alliance 2024 Confidential1
FIDO
Overview
May 20
th
, 2024
Osaka, Japan
FIDO Alliance
David Turner, Senior Technical Director
FIDO
Overview
May 20
th
, 2024
Osaka, Japan
FIDO Alliance
David Turner, Senior Technical Director
© FIDO Alliance 2024 Confidential2
Passkeys
Passkeys
© FIDO Alliance 20243
Security
Usability
Poor Easy
Weak
Strong
=
Single Gesture
Possession-based
Phishing-resistant
Authentication
Open standards for simpler,
stronger authentication using
public key cryptography
FIDO since 2013: Simpler and stronger
Security
Usability
Poor Easy
Weak
Strong
=
Single Gesture
Possession-based
Phishing-resistant
Authentication
Open standards for simpler,
stronger authentication using
public key cryptography
FIDO since 2013: Simpler and stronger
© FIDO Alliance 20244
2
1
3
Provide great alternative to traditional smart card deployments in
high-risk environments
Offer phishing-resistant multi-factor authentication in a single
authenticator
Increase the security of consumer two-factor authentication
The very positives …
2
1
3
Provide great alternative to traditional smart card deployments in
high-risk environments
Offer phishing-resistant multi-factor authentication in a single
authenticator
Increase the security of consumer two-factor authentication
The very positives …
© FIDO Alliance 20245
Focus on fixing the foundation
What if we could replace the outdated legacy model of
“password + something else” and could replace it with a single
factor that was much more secure – and easier to use?”
If phishing is now the primary threat - a single phishing-
resistant authenticator is more valuable (in most cases) than
two factors which are both easily phished.
Focus on fixing the foundation
What if we could replace the outdated legacy model of
“password + something else” and could replace it with a single
factor that was much more secure – and easier to use?”
If phishing is now the primary threat - a single phishing-
resistant authenticator is more valuable (in most cases) than
two factors which are both easily phished.
© FIDO Alliance 20246
Enter: Synced passkeys
Passkey
/’pas, kē/
noun
A FIDO Authentication credential that provides passwordless sign-ins
to online services.
A passkey may be synced across a secure cloud so that it’s readily
available on all of a user’s devices, or it can be bound to a dedicated
device such as a FIDO security key.
Enter: Synced passkeys
Passkey
/’pas, kē/
noun
A FIDO Authentication credential that provides passwordless sign-ins
to online services.
A passkey may be synced across a secure cloud so that it’s readily
available on all of a user’s devices, or it can be bound to a dedicated
device such as a FIDO security key.
© FIDO Alliance 20247
A bit deeper on new(er) terminology
A passkey is any passwordless FIDO credential
Raises the bar for both security and UX
Is most commonly synchronized across a user’s devices – but doesn’t have to be
A passkey provider might be a platform/OS vendor, or 3rd-party software
such as a password manager.
Facilitates new device bootstrapping and simplifies account recovery
Security of synced passkeys is the responsibility of the passkey provider
Live passkey providers include Apple, Google, Dashlane, 1Password
A bit deeper on new(er) terminology
A passkey is any passwordless FIDO credential
Raises the bar for both security and UX
Is most commonly synchronized across a user’s devices – but doesn’t have to be
A passkey provider might be a platform/OS vendor, or 3rd-party software
such as a password manager.
Facilitates new device bootstrapping and simplifies account recovery
Security of synced passkeys is the responsibility of the passkey provider
Live passkey providers include Apple, Google, Dashlane, 1Password
© FIDO Alliance 20248
Same standards-based approach, new capabilities
(Signed)Response
User verification
Require user gesture before
private key can be used
Authenticator
FIDO
Authentication
Private key
dedicated to one app
Public key stored
at service provider
Challenge
Private key can be securely
stored in cloud for
synchronization across devices
Same standards-based approach, new capabilities
(Signed)Response
User verification
Require user gesture before
private key can be used
Authenticator
FIDO
Authentication
Private key
dedicated to one app
Public key stored
at service provider
Challenge
Private key can be securely
stored in cloud for
synchronization across devices
© FIDO Alliance 20249
Cross-device authentication
Enables passkeys to be
used to sign-on to
services not only on
their device, but on
nearby devices, too.
Image Credit: Google
Cross-device authentication
Enables passkeys to be
used to sign-on to
services not only on
their device, but on
nearby devices, too.
Image Credit: Google
© FIDO Alliance 202410
Stronger, More Usable – Now More Scalable
Security
Weak
Strong
Usability
Stronger, More Usable – Now More Scalable
Security
Weak
Strong
Usability
© FIDO Alliance 202411
Some commonly needed clarifications
Are passkeys a new specification or standard from FIDO Alliance?
The same standards, commonly known as FIDO2 (WebAuthn and CTAP), are leveraged to deploy FIDO with
passkeys for sign-in. The WebAuthn standard covers the browser API that manages passkeys.
Are passkeys vendor-specific?
Vendors support passkeys, but the passkey sign-ins are enabled by open standards.
Are all passkeys synced?
A FIDO security key can house a device-bound passkey
Can passkeys only be used to sign-in on phones?
Passkeys can sync to multiple form factors – phone to PC, to your TV, gaming console, etc.
Some commonly needed clarifications
Are passkeys a new specification or standard from FIDO Alliance?
The same standards, commonly known as FIDO2 (WebAuthn and CTAP), are leveraged to deploy FIDO with
passkeys for sign-in. The WebAuthn standard covers the browser API that manages passkeys.
Are passkeys vendor-specific?
Vendors support passkeys, but the passkey sign-ins are enabled by open standards.
Are all passkeys synced?
A FIDO security key can house a device-bound passkey
Can passkeys only be used to sign-in on phones?
Passkeys can sync to multiple form factors – phone to PC, to your TV, gaming console, etc.
© FIDO Alliance 202412
Takeaways
Passkeys are…
Phishing-resistant FIDOWebAuthncredentials
Add features to reduce with account recovery the need for password
resets
A superior alternative to passwords and legacy MFA, and a path
towardpasswordless
Able to drop in and ready for browsers (especially if you’re already
usingWebAuthn)
Already being used at scale!
Takeaways
Passkeys are…
Phishing-resistant FIDOWebAuthncredentials
Add features to reduce with account recovery the need for password
resets
A superior alternative to passwords and legacy MFA, and a path
towardpasswordless
Able to drop in and ready for browsers (especially if you’re already
usingWebAuthn)
Already being used at scale!
© FIDO Alliance 202413
Takeaways
Passkeys are…
Phishing-resistant FIDOWebAuthncredentials
Add features to reduce with account recovery the need for password
resets
A superior alternative to passwords and legacy MFA, and a path
towardspasswordless
Able to drop in and ready for browsers (especially if you’re already
usingWebAuthn)
Already being used at scale! (Watch Andrew’s session to see the state
ofpasswordlessadoption)
FIDO Device Onboard
Takeaways
Passkeys are…
Phishing-resistant FIDOWebAuthncredentials
Add features to reduce with account recovery the need for password
resets
A superior alternative to passwords and legacy MFA, and a path
towardspasswordless
Able to drop in and ready for browsers (especially if you’re already
usingWebAuthn)
Already being used at scale! (Watch Andrew’s session to see the state
ofpasswordlessadoption)
FIDO Device Onboard
© FIDO Alliance 202414
•When a new enterprise, edge or IOT solution is being
installed in a facility (store, warehouse, factory, hospital,
car, etc.), the device must be “onboarded” to its
management platform (on-premise or cloud)
•FDO provides secure “plug and play” onboarding for
almost any device/network.
What problem does FDO solve?
•When a new enterprise, edge or IOT solution is being
installed in a facility (store, warehouse, factory, hospital,
car, etc.), the device must be “onboarded” to its
management platform (on-premise or cloud)
•FDO provides secure “plug and play” onboarding for
almost any device/network.
What problem does FDO solve?
© FIDO Alliance 202415
1.Zero touch onboarding – integrates with existing zero touch solutions
2.Fast & more secure – ~1 minute, no passwords to be hacked
3.Hardware flexibility – any hardware - ARM MCU to Intel
®
Xeon
®
4.Any cloud – internet, intranet & closed network, multi-tenant
5.Late binding – reduces number of product SKUs needed
6.Multiple implementations – 5 implementations in various programming languages
7.Certification program – Mix and match FDO products with confidence
1. Drop ship device to
installation location
2. Power-up & connect to
Network
3. Auto-provisions, Onboards
to Device Management Service
1. No product or component can be absolutely secure
FDO: Fast, Scalable Device Provisioning,
Onboarding & Activation
1.Zero touch onboarding – integrates with existing zero touch solutions
2.Fast & more secure – ~1 minute, no passwords to be hacked
3.Hardware flexibility – any hardware - ARM MCU to Intel
®
Xeon
®
4.Any cloud – internet, intranet & closed network, multi-tenant
5.Late binding – reduces number of product SKUs needed
6.Multiple implementations – 5 implementations in various programming languages
7.Certification program – Mix and match FDO products with confidence
1. Drop ship device to
installation location
2. Power-up & connect to
Network
3. Auto-provisions, Onboards
to Device Management Service
1. No product or component can be absolutely secure
FDO: Fast, Scalable Device Provisioning,
Onboarding & Activation
© FIDO Alliance 202416
How FDO works (simplified)
Device
Manufacturer
3
Load Ownership
Voucher to Cloud
Device in box
shipped to
installation location
1
Ownership
Voucher (OV)
a.FDO software & FDO
credentials placed in Device.
b.Ownership Voucher created
(digital proof of ownership
of the Device) 7
a.Mutual cryptographic
authentication takes
place
b.Device is onboarded to
cloud
c.FDO “shuts down”
Device given network
connectivity and
powered up
Target Cloud
FDO owner
5
Device contacts
RV to find its
Owner and is re-
directed to target
Cloud
6
Rendezvous
server (RV)
4
Ownership
Voucher
registered
with
Rendezvous
Server
FDO Client &
credentials
2
Device onboarded
IoT/Edge
Device
How FDO works (simplified)
Device
Manufacturer
3
Load Ownership
Voucher to Cloud
Device in box
shipped to
installation location
1
Ownership
Voucher (OV)
a.FDO software & FDO
credentials placed in Device.
b.Ownership Voucher created
(digital proof of ownership
of the Device) 7
a.Mutual cryptographic
authentication takes
place
b.Device is onboarded to
cloud
c.FDO “shuts down”
Device given network
connectivity and
powered up
Target Cloud
FDO owner
5
Device contacts
RV to find its
Owner and is re-
directed to target
Cloud
6
Rendezvous
server (RV)
4
Ownership
Voucher
registered
with
Rendezvous
Server
FDO Client &
credentials
2
Device onboarded
IoT/Edge
Device
© FIDO Alliance 2024 Confidential17 © FIDO Alliance 2024 Confidential17
Thank You
Thank You
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 675
- Slides 17
- Age 569 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
45 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
47 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
42 views
14
Fertility awareness methods for women in the society
Isaiah47
41 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
39 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
41 views