A look at how businesses can leverage multi-factor strong authentication to transform their business.

1. BUSINESS CONSIDERATIONS
FOR DEPLOYING FIDO
JANUARY 2018
RajivDholakia,VPProducts &BusinessDevelopment
1

2. LeveragingModernAuthenticationcanbeTransformativetoyourBusiness
USABILITYDRIVESUSAGE
2
ReducedCosts
✓ ImprovedCustomerExperience
✓ Highercustomerretentionand
satisfaction
✓ Enhancedbrandloyalty–
“stickiness”
✓ Increasedrevenuefromuseof
servicesandtransactions
✓ Reducedcostassociatedwith
physicalvisits
✓ Reducedcostofpasswordresets
✓ Reductioninfraudandidentity
theft
✓ Increasedprivacy
✓ Reducedcallcentercoststo
verifyusers
IncreaseRevenues

3. WHY FIDO?
3NOK NOK LABS
GettingExecutiveSupportforAuthentication

4. Cloud Services,
Ecommerce, IoT,
Distributed Ledgers…
NOACTIONABLEVALUETODATAORINTERACTIONSWITHOUTTRUST
4Nok Nok Labs
USER ON PC/MOBILE
CLOUD SERVERS
CONNECTED OBJECTS
INDUSTRIAL SENSORS
CAN I POST THIS TX? SHOULD I TAKE
THIS COMMAND?
RIGHT USER? RIGHT DEVICE?
RIGHT CONTEXT?
CAN I POST THIS DATA?

5. TRUST IN DIGITALINTERACTIONS
AUTHENTICATIONISAKEYBUILDINGBLOCK–
BUT…ISCURRENTLYAMISH-MASHOFPASSWORDS&WEAKRISKSIGNALSTHATAREEASILYDEFEATED
5NOK NOK LABS
Right
User
Right
Device
Right
Context
THE VALUE OF
How could this assurance transform your business?

6. LEARNING FROM CUSTOMER ENGAGEMENTS
MOTIVATIONS,SOLUTIONS,PROCESSES
6NOK NOK LABS

7. Cost Effectiveness Cost to develop and maintain?
Ease of Deployment Effort to implement and support?
Risk
Biometric information storing and
protection?
Security
Fraud reduction, e.g. man-in-the-middle
and phishing attacks?
Future Proofing
Effort to incorporate additional
modalities?
Scalability
Support for millions of users and diverse
use cases?
Customer Experience Seamless and frictionless experience?
DECISIONSABOUTSECURITYARENOTALWAYSRATIONAL
COMPLEXITYPARALYSIS,EMOTIONALDRIVERS,FEARHAZARDS
7NOK NOK LABS
Considerations
$

8. THEFIDOJOURNEY
• DevelopanAuthenticationStrategy&Foundation
-3-5yearroadmap
• IntegrateFIDOintotheidentitysystem
-Architecture,Scale,Exceptions,Security
• Launch&Adoption
-Customer,ServiceandPartnerfacingcommunication
• Marketing&Monetization
-UsingFIDOasastrategic/competitiveweapon
• AdvancedInitiatives
-Doesframeworkorplanaddressyourupcomingusecasese.g.IoT
PRIVATE & CONFIDENTIAL 8NOK NOK LABS

9. MASTERINGAUTHENTICATION:BESTPRACTICES
9NOK NOK LABS
Recognition or Authentication?
What’s at stake? Consent?
Active or Passive? Single or
Multi-Modal?
Recovery? Lifecycle model?
Documented Threat Model?
How are templates &
matcher protected? Attack
vectors?
Failure modes, Predictability,
Operational variations?
Is there PII? Who
owns the biometric?
Operating multiple
authentication silos
or standards-based
approach?
ü Run a POC
ü Develop a framework for use (beware shiny objects)
ü Build a 3-5 year roadmap
ü Consider a standards-based approach with FIDO

10. KEY THINGS TO KNOW ABOUT FIDO
…whatmanygetwrong
10NOK NOK LABS

11. FIDOISAPLATFORMBUILDINGBLOCK
PRIVATE & CONFIDENTIAL
Passwords
Identity Proofing
User Management
Authentication
Federation
Single
Sign-On
Risk-BasedStrong
MODERN
AUTHENTICATION
Risk-Based
Identity System
11

12. THE BENEFITS OF FIDO- ANANALOGY
StandardsforElectricity
(Cabling-Interconnects-Voltage)
StandardsforAuthentication
(Protocols-APIs-Abstractions)
© 2017 Nok Nok Labs 12
FIDO IS A FRAMEWORK

13. HOWTOYOTABENEFITSFROMTHEK-PLATFORM
13
Toyota Sienna
Lexus RX350Toyota Highlander
Toyota Avalon
The Toyota K platform, is a front-wheel drive automobile platform (also adaptable to four-wheel drive) that has
underpinned various Toyota and Lexus models from the mid-size category upwards[1] since November 2000

14. WHATABOUTAUTHENTICATORS?
• Nosingleauthenticatormodalitywillreplacepasswords
• NoperfectAuthenticator
-Allauthenticatorscanbeattacked,allauthenticatorsaresubjecttocompromise
• Howdoyouchoose?
-Usability
-Security
-Cost
• Thepointoftheframeworkistodeploytherightauthenticator(s)toraise
thecostofattackandmakeitnotworthwhile
14NOK NOK LABS

15. BENEFITOFAFIDOFRAMEWORK
ENABLINGMULTIFACTORAUTHENTICATION
EASYFORDEVELOPER,IT&END-USER
RIGHTLEVELOFABSTRACTION
15NOK NOK LABS
Something
I Know
Something
I Have
Something I Have
+
Something I Know
Or
Something I Have,
Who I am
…
Or
[Something I
Have, Who I am]
x2
…
TapTouch
SAME DEVELOPER API, SAME BACKEND, DIFFERENT POLICY

16. AGEOFUBIQUITOUSAUTHENTICATION2012-2022
16NOK NOK LABS
Server Side
Biometric Match
Border/Perimeter Control
Applications, Surveillance
Systems
Client Side Uni-Modal
Biometrics for Device
Unlock
Client Side Uni-Modal
Biometrics for Device
& Cloud Service
Access on Mobile
Client Side Multi-
Modal, Mobile,
Wearable & Card
based for Physical, IoT
& Cloud Services
Client & Server Side
Multi-Modal, Mobile,
Wearable & Card
based for Physical &
Cloud Services, Sensor
Surround for
Continuous
Authentication
Recognition to Authentication
ü This is the curve we are riding
ü Use Cases & Complexity Expanding Rapidly
ü FIDO is preferred framework to tie both biometrics
& non-biometric authenticators together

17. STANDARDS: WHAT ARE THEY GOOD FOR?
17NOK NOK LABS

18. PROJECTED PATH OF EVOLUTION
PHASES TO UBIQUITY– THE NNLPERSPECTIVE
18NOK NOK LABS
OEMs, Security Chip and SOC vendors include FIDO Security
profiles vary by vendor, Interop & Conformance Testing
Phase
22014-15
Operating Systems include “scaffolding” for FIDO Converging
security profiles in hardware, Security Certification Testing, GOLD
Server (all protocol versions supported)
Phase
32015-18
Phase 4 Operating Systems, Browsers ship native FIDO support - Ubiquitous
security, EMVCo, Global Platform, NIST/NCCOE, UK, Germany,
Korean Citizen ID Initiatives other reference architectures
2017-2022
2013
FIDO delivered “over the top” in software
Whitebox security
Phase
1
Referenced by Regulators & Policy-Makers, Adopted by Industry Bodies

19. AUTHENTICATION HAS TO DELIVER INTEGRITY END TO END
HASTOSCALEFROMSILICONTOTHECLOUDWITHOUTDEVELOPER,USER,ITCOMPLEXITY
19
Hardware Integrity
OS Integrity
App Integrity
Network Integrity
User Integrity & Consent
Easy for Users, Easy for Developers, Easy for IT Operators
Completing
The
Chain of Trust
NOK NOK LABS

20. INFLUENCINGFIDO
FIDOUNIQUEINBALANCINGTECHVENDORSWITHRELYINGPARTIES
•More than buying membership – you have to vote with
your presence and persistence for what you care about
•Volunteer organization
-Asgoodasparticipation
-RPsneedtocontinueparticipationattechnicalandbusinesslevelto
balancevendorinterest
-Standardsareaboutcreatingconstituencies,lininguptheactivity&the
votestomovethingsforward
•WelcometojointheFIDOAlliance
20NOK NOK LABS

21. STATEOFTRUST&SECURITY
NOK NOK LABS 21
Would you take pills for every waterborne disease
every time you took a drink of water or would you
rather chlorinate the water?
Current state of security: Its like drinking water from the tap in 1800s

22. FIN
22NOK NOK LABS