Welcome!

Containers Expo Blog Authors: Elizabeth White, Pat Romanski, Carmen Gonzalez, Roger Strukhoff, XebiaLabs Blog

News Feed Item

Lenovo, Nok Nok Labs, PayPal, and Validity Lead an Open Industry Alliance to Revolutionize Online Authentication

The FIDO Alliance (Fast Identity Online) Standards Will Allow Users the Option to Replace Passwords With Authentication Methods That Are More Secure and Easier to Use

PALO ALTO, CA -- (Marketwire) -- 02/12/13 -- Leading Internet companies, system integrators and security providers have formed the FIDO Alliance (Fast Identity Online) to revolutionize online authentication with an industry supported standards-based open protocol. FIDO Alliance founding member organizations Agnitio, Infineon Technologies, Lenovo, Nok Nok Labs, PayPal, and Validity are developing the specification and FIDO-compliant products. The Internet requires users to confirm their identity to logon and access many online accounts and services. Current password authentication is weak due to reuse, malware and phishing, and leaves enterprises and end-users vulnerable to financial and identity theft. FIDO's standards-based approach automatically detects when a FIDO-enabled device is present, and offers users the option to replace passwords with authentication methods that are more secure and easier to use. The FIDO Alliance encourages and invites participation from all companies and organizations that want simpler, stronger authentication.

The FIDO standard will support a full range of technologies, including biometrics such as fingerprint scanners, voice and facial recognition, as well as existing authentication solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, Near Field Communication (NFC), One Time Passwords (OTP) and many other existing and future technology options. The open protocol is designed to be extensible and to accommodate future innovation, as well as protect existing investments. The FIDO protocol allows the interaction of technologies within a single infrastructure, enabling security options to be tailored to the distinct needs of each user and organization. As more organizations join the FIDO Alliance, more use cases and technologies will become part of the solution.

"The Internet -- especially with recent rapid mobile and cloud expansion -- exposes users and enterprises, more than ever before, to fraud. It's critical to know who you're dealing with on the Internet. The FIDO Alliance is a private sector and industry-driven collaboration to combat the very real challenge of confirming every user's identity online," said Michael Barrett, FIDO Alliance president and PayPal Chief Information Security Officer. "By giving users choice in the way they authenticate and taking an open-based approach to standards, we can make universal online authentication a reality. We want every company, vendor, and organization that needs to verify user identity to join us in making online authentication easier and safer for users everywhere."

"At the core of National Strategy for Trusted Identities in Cyberspace (NSTIC) is a call for the private sector to lead in developing open technology standards that will enable a more trusted and secure Identity Ecosystem. The new FIDO Alliance has pledged to do just that," said Jeremy Grant, who is leading the implementation of NSTIC as Senior Executive Advisor for Identity Management at the National Institute for Standards and Technology (NIST).
"I am excited to see what the FIDO Alliance's members can do to deliver the kind of usable, cost-effective, privacy-enhancing, interoperable strong authentication innovations envisioned in the NSTIC."

"IDC forecasts the strong authentication market to realize more than $2.2 billion in revenues alone by 2016. This demand is driven by social networking, internet, cloud and mobile, all of which will require higher and higher levels of authentication by governments, corporations and consumers," said Sally Hudson, IDC Research Director, Security Products and Services. "We believe that standards based, automated solutions such as those advocated by FIDO will contribute greatly toward making this a reality."

Why FIDO? Why Now?

The FIDO Alliance is a revolution in authentication methods that today's markets demand. Though many authentication systems and point solutions existed before the FIDO Alliance, they have been proprietary, difficult and costly to manage, and/or insufficient to scale. The FIDO Alliance's objective is to be all-inclusive, embracing both existing and new authentication methods and hardware with the FIDO open protocol. FIDO-compliant smartphones, tablets, PCs and laptops can replace password dependency and exposure of sensitive user information by automatically and transparently providing user credentials when they're required.

50 billion internet-connected devices are predicted to be in the marketplace by 2020, according to Cisco Systems. The FIDO protocol approach inherently supports consumerization trends, by allowing end users any choice of authentication method. At the same time, FIDO shifts control to providers, who can make authentication user-transparent and limit the risk of fraud. Any site will be able to effect stronger account and transaction security, and improve their users' experience with more convenience, better privacy and fortified protection of persons and assets.

Today, users are often required to remember a selection of security questions, enter a unique ID with a main password, and potentially use a software or hardware token, as well. Most users have a handful of slightly varied passwords they use to access multiple sites and accounts. This cross-use of passwords poses serious risks if one account is compromised and user credentials are exposed to potential fraud across the range of a user's accounts. Providers are invariably implicated when data is breached and personal information is exposed at a site or within an application. Repeated attempts to outline better security practices and change user behaviors haven't succeeded.

The FIDO Alliance is committed to overcoming prevailing limitations by developing an authentication ecosystem with a standardized, global protocol and necessary interfaces. With users free to select any FIDO-compliant token type, even devices previously considered proprietary can be adapted for use, and new vendors with new protocol-compliant devices easily become part of the marketplace.

The FIDO Alliance and standards create the open, non-proprietary and flexible authentication protocol framework that lowers costs to deploy and improve returns on investment by using devices and systems already in the marketplace to authenticate users. Today, more and improved security options have become available and at better prices. Considering new market dynamics and the risk problem FIDO solves for users and providers, broad market adoption of secure authentication is now set up to succeed.

The FIDO Alliance invites all companies and organizations to become active members. Members will define the market requirements and contribute to the FIDO specification. Interested organizations are encouraged to go to www.fidoalliance.org to find out more and to join the FIDO Alliance.

About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to easily and securely authenticate users of online services.

Quotes from FIDO Alliance Founding Members:

Biometrics

Biometrics -- finger, hand/palm, face, voice, iris -- represent something everyone has with them at all times. The FIDO Alliance calls attention anew to the range of biometric options that identify who a user is. By enabling dynamic discovery of FIDO-compliant biometric devices, the FIDO Alliance manifests remarkable advantages to biometric users and manufacturers of biometric devices and systems, as well as device manufacturers who want to incorporate biometric recognition technology into their systems and devices to enable FIDO-compliance.

Agnitio, http://www.agnitio-corp.com/

"Agnitio is committed and passionate about fighting for Internet citizens worldwide against identity fraud and criminal activity. The FIDO Alliance facilitates our global opportunity to equip users with the convenience of using their voice to automatically authenticate instead of having to remember and enter passwords, especially when they're on the go," said Agnitio CEO Emilio Martinez. "What is more natural for Agnitio users than authenticating while speaking to their FIDO-compliant mobile devices? Voice Biometrics is the most natural way to ease and secure the authentication process anytime and anywhere, using a mobile phone or any FIDO-enabled device."

Validity, http://www.validityinc.com/

"As device and digital consumption continues to grow exponentially, so does the challenge of maintaining privacy and ease of use," said Sebastien Taveau, FIDO Alliance Board Member and CTO for Validity Sensors. "PC manufacturers have already recognized the power of leveraging a fingerprint for authentication, and with the upcoming release of fingerprint sensors in mobile devices, now is the time for the FIDO Alliance to bring together the hardware, software and applications that create a seamless user experience with a much needed new approach to security."

Relying Parties -- Those who must authenticate and secure users against identity theft, financial fraud and abuse

All FIDO Alliance members have a stake in making online authentication work, but none moreso than those who must authenticate and secure the billions of online and mobile users who rely on their services and risk exposure every time they logon or access sites and services. These FIDO Alliance members -- the Relying Parties are at risk along with their users, until user authentication is made secure with FIDO standards.

PayPal, https://www.paypal.com/

"PayPal authenticates 7.5 million transactions every day and we take our customers' security very seriously," said Bill Leddy, Principal Security Strategist, PayPal. "We recognize that user authentication must go beyond passwords. With FIDO, PayPal's customers will have more choice and stronger methods of authentication including biometrics, USB security tokens and one-time passwords. By collaborating with the industry to create open authentication standards such as FIDO, we can make authentication simpler and stronger for Internet users everywhere."

Server and ValidationVendors

The FIDO Alliance establishes the standards that make online authentication open to all to compete in every market with FIDO-compliant hardware and software products. FIDO-compliant servers and processors enable inherent features and functions of FIDO authentication and automate delivery of secure credentials throughout the FIDO ecosystem.

Nok Nok Labs, http://www.noknok.com

"The formation of the FIDO Alliance addresses a longtime, critical need for technology providers and their users: stronger security that is easier to use," said Phillip Dunkelberger, CEO of Nok Nok Labs, a founding member of the FIDO Alliance. "From day one, through our Unified Authentication Infrastructure, we are developing solutions that will deliver on the vision of the FIDO Alliance. We are excited to see the launch and expansion of the Alliance."

Systems and Device Manufacturers

FIDO Alliance membership enhances opportunities for PC, mobile and other systems and device manufacturers to influence the FIDO standard. As these manufacturers incorporate FIDO-compliance, the market opportunities expand for their products, as widespread adoption of standards-based FIDO authentication ensues.

Lenovo, http://lenovo.com/us/en/

"Lenovo products have earned a reputation for outstanding security features and designs," said Mark Cohen, Vice President and General Manager, Ecosystem and Monetization, Lenovo. "Recognizing that our customers wanted more than just passwords for authentication, we began shipping ThinkPad PCs with integrated fingerprint readers nearly a decade ago. We are excited about the new FIDO standard because it enhances both security and convenience, enabling biometric and other forms of authentication to take place directly between the user and the service that he or she is trying to use."

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for FIDO Alliance
suzanne [at] matick.net
831-479-1888 Pacific time zone

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, will share examples from a wide range of industries – includin...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Onalytica. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
"IoT is going to be a huge industry with a lot of value for end users, for industries, for consumers, for manufacturers. How can we use cloud to effectively manage IoT applications," stated Ian Khan, Innovation & Marketing Manager at Solgeniakhela, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...