FIDO (Fast IDentity Online) Alliance Formed: Announces First Open Industry Standard for Online Authentication

By Peter Bernstein February 13, 2013

One of the great sticking points for creating trust, the foundation of all online activities be they for business or personal reasons and particularly in regard to transactions, is the complexity of authenticating. This means making sure you are who you say you are, the device you are using is yours, and that it is OK for you to interact.

Not only is it complicated, but it is also cumbersome and creates frustrations for the user and IT department alike. In an effort to cut through the clutter and come up with a solution that provides strong authentication, leading Internet companies, systems integrators and security providers have formed the FIDO (Fast IDentity Online) Alliance.  This is one to bookmark. It is a potential game-changer in the truest sense of the word.


Image via Shutterstock

Initial members of the group include, Agnitio, Infineon, Lenovo, Nok Nok Labs, PayPal and Validity. And, this is one organization that is not letting the grass grow under its feet. FIDO is actively soliciting membership and is already out with an interesting authentication protocol framework which it hopes to be out with a formal specification by the second half of this year. It is called the Online Security Transaction Protocol (OSTP) which will come with client/server components. It is an ambition to accomplish the vision at work here.

The problem being addressed

As noted in the announcement of the organization and OSTP, the issued being addressed is non-trivial. In essence, this is a path to make multi-factor authentication stronger and transparent to the user that eliminates passwords. Indeed, FIDO is claiming that, “Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

How OSTP will work is as follows. Information about the device and its authentication capabilities—if it has the Trusted Platform Module chip, webcam, fingerprint reader or other biometrics, or two-factor authentication— is combined with a cryptographic process to create a shared secret between the back-end server and the device. This OSTP-based multi-factor authentication will selectively be invoked voluntarily by the user for security during transactions.

PayPal has been the driving force behind this for obvious reasons, e.g., taking the hassle out of mobile payments. The goal as stated is that, “In an open FIDO world, all authentication methods and devices become compatible and interoperable with each other and with methods and devices to come...Strong authentication solutions in the marketplace which are used today for secure access and logon to company sites, computing services, intranets, corporate and private networks- devices and trust methods and standards that include biometrics of all types, tokens, webcams, TCP, SAML, Oath, OpenID -- all soon can authenticate users everywhere online and in mobile and enterprise applications, using the open FIDO protocol.”

Answering your questions The Alliance has good cause to look at their efforts as a dramatic shift from authentication capabilities that in many instances have been around for years. For those interested, check out their FAQ section, and the demos of FIDO in action.  The FIDO Alliance is literally and figuratively banking on this being a case of seeing is believing. They are advising that, “you'll be anxious to bury your passwords and PINs.” I for one certainly would enjoy not having to try and keep all of my passwords up-dated, yet know that I have strong authentication.

The history of our industry is that there have been lots of organizations with great intentions which fall by the wayside as corporate interests dictate whether to go along with the crowd or not. One can only hope that this organization draws a crowd from the industry because there is a much larger crowd that sure could stand a solution to the problem FIDO seems ready to solve.




Edited by Brooke Neuman
SHARE THIS ARTICLE
Related Articles

Microsoft Research Project Allows for Inexpensive 3D Scanning from a Smartphone

By: Christopher Mohr    8/27/2015

It is now possible to perform 3D scanning from a smartphone, without additional hardware or an Internet connection, thanks to a new Microsoft Research…

Read More

Amazon's Scaled Back Consumer Device Efforts, Dash Button, and More

By: Paula Bernier    8/27/2015

Word is that Amazon is scaling way back on its consumer devices efforts, having let go of dozens of Lab126 engineers who worked on its Fire phone, acc…

Read More

The 4K War is Brewing, but Don't Expect a Crowned Winner

By: Special Guest    8/27/2015

The hype around 4K Ultra HD video is growing and we're seeing it gain traction in real ways. From the NFL Network and CBS using 4K cameras to capture …

Read More

Wallet Wars Part 2: Thanks to EMV, the Force is with Mobile Wallets

By: Special Guest    8/26/2015

In December 2015, when "Star Wars: The Force Awakens" hits movie theatres across the U.S., a very different type of force will 'awaken' the mobile wal…

Read More

Major Automakers Forge Alliance to Combat Cyberattackers

By: Joe Rizzo    8/25/2015

If you take a few minutes to think about what hackers go after, you'll realize that it is anything that has an Internet connection. Thanks to the Inte…

Read More