fido and beyond - where authentication meets identification … · introduction into regular pt...
TRANSCRIPT
![Page 1: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/1.jpg)
1
FIDO and beyond -
where authentication
meets identification Dr. Kim Nguyen, Fellow (Bundesdruckerei),
Managing Director (D-Trust)
CA Day, Berlin, 2016-09-19
![Page 2: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/2.jpg)
2
Agenda
What is FIDO?
News from the FIDO Alliance
Projects in Germany
![Page 3: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/3.jpg)
3
THE TWO FLAVOURS OF FIDO: UAF / U2F
Login with device and biometrics
Advantage: No specific PIN/Password Quelle: https://fidoalliance.org/specifications/overview/
![Page 4: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/4.jpg)
4
THE TWO FLAVOURS OF FIDO: UAF / U2F
Login with Password and second factor
Advantage: Login with „easy“ password and second factor
Quelle: https://fidoalliance.org/specifications/overview/
![Page 5: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/5.jpg)
5
TECHNICAL REALIZATION(REGISTRATION): UAF
Quelle: https://fidoalliance.org/specifications/overview/
![Page 6: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/6.jpg)
6
TECHNICAL REALIZATION (LOGIN): UAF
Quelle: https://fidoalliance.org/specifications/overview/
![Page 7: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/7.jpg)
7
Agenda
What is FIDO?
News from the FIDO Alliance
Projects in Germany
![Page 8: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/8.jpg)
8
Status Update
EMVCO Liasion established
EBAY joined FIDO and provides open source FIDO authentication server
Strong liasion with W3C to integrate FIDO 2.0 spec
FIDO U2F transport spec expanded to BLE and ISO 14443/NFC
Microsoft announced deep integration of FIDO 2.0 in Windows 10
Mozilla prepares for FIDO U2F integration in Q3/2016
![Page 9: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/9.jpg)
9
Google paper on usage of U2F
![Page 10: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/10.jpg)
10
Google paper on usage of U2F
![Page 11: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/11.jpg)
11
Agenda
What is FIDO?
News from the FIDO Alliance
Projects in Germany
![Page 12: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/12.jpg)
12
NFC-INITIATIVE OF THE FEDERAL GOVERNMENT
NFC-Initiative for kick-off and coordination of all lines of action for an open eco system
− Founded 2013 based on a proposal by BSI and VDV ETS
− Strategic project to establish open eco systems
Steering Group at Ministerial level BMI
•Hr. Hildebrandt
BMWi Hr. Dr. Sandl
BSI Hr. Kowalski
BMVI Hr. Hartwig
VDV ETS Hr. Janssen
Marketing
•Use Cases, Proof-of-concept
Standardization
NFC-Forum NFC interface
CEN TC278, ISO TC204 Public Transport Infrastructure
Interop, Security
G&D, TUD,
BSI
PT System
VDV ETS, VU
2FA / FIDO
•BDR
Promotion of open eco systems (“IT-Gipfel”, “Digitale Agenda”) Support the introduction into regular PT operation
GSMA •Mobile Applications & Test
FIDO Alliance Open AUthentication
Open eID / PA
•BDr, BSI
Evaluation, Plugfest
Requirements Analysis
Research and Development
![Page 13: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/13.jpg)
13
Stakeholders
Definition of an open eco system requires cooperation of all relevant stakeholders:
eID-Service
Provider D-Trust,
Governikus National PT system
VDV ETS
Public Transport
Associations VBB/BVG, Rheinbahn
Mobile device manufacturers
Samsung, Sony
Research Partners
Technical university Dresden
•eID Technology
•Provider Bundesdruckerei,
Giesecke & Devrient, Governikus,
Infineon Technologies, NXP Semiconductors
MNOs Deutsche Telekom, Vodafone, Telefonica
System Vendors
Service platform German Federal print,
T-Systems, Giesecke & Devrient
KAPRION
•Standardization, Certification BSI, NFC Forum
•All relevant groups of stakeholders on board
![Page 14: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/14.jpg)
14
Focus on the entire life cycle
Creation / maintenance personal
account
Mobile identity management
The customer expects the entire “Mobile service life cycle”
![Page 15: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/15.jpg)
15
Hierarchical concept for ID-management
A combination of the German eID-card and FIDO
![Page 16: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/16.jpg)
16
Examples from Germany
© Bernd Kowalski, BSI, 2016
![Page 17: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/17.jpg)
17
Examples from Germany
© Bernd Kowalski, BSI, 2016
![Page 18: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/18.jpg)
18
BRIDGING THE WORLDS
FIDO
Governmental eID Solutions With officially
verified ID
Bridging the world offers advantages for both users and relying parties
e.g. German eID
![Page 19: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/19.jpg)
19
BRIDGING THE WORLDS
FIDO
Governmental eID Solutions With officially
verified ID
Bridging the world offers advantages for both users and relying parties
eIDAS notified eIDs
![Page 20: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/20.jpg)
20
SUMMARY
FIDO offers a new userfriendly approach to authentication – FIDO is the future
FIDO can be combined easily with (ID based) identification mechanisms – bridging two worlds
eIDAS offers an eco system of (notified) eIDs within Europe, FIDO would be an ideal complementary offer to this in terms of derived IDs
![Page 21: FIDO and beyond - where authentication meets identification … · introduction into regular PT operation •Mobile Applications & Test FIDO Alliance. AUthentication Open eID / PA](https://reader031.vdocuments.us/reader031/viewer/2022011920/6028132c4a405672887b888e/html5/thumbnails/21.jpg)
21
Thank you very much for your attention!