SlideShare une entreprise Scribd logo

Global Regulatory Landscape for Strong Authentication

Télécharger en tant que PPTX, PDF
FIDO Alliance
FIDO Alliance

Developments in policy, regulations and guidance around the world.

Technologie
1  sur  25
All Rights Reserved | FIDO Alliance | Copyright 20181 GLOBAL REGULATORY LANDSCAPE FOR STRONG AUTHENTICATION DEVELOPMENTS IN POLICY, REGULATION AND GUIDANCE AROUND THE WORLD
All Rights Reserved | FIDO Alliance | Copyright 20182 AUTHENTICATION IS IMPORTANT TO GOVERNMENTS 1. Protects access to government assets 2. Enables more high-value citizen-facing services 3. Empowers private sector to provide a wider range of high value services to consumers 4. Secures critical assets and infrastructure Governments seek identity solutions that can deliver not just improved Security – but also Privacy, Interoperability, and better Customer Experiences The right policies and standards are needed to enable this.
FIDO IS IMPACTING HOW GOVERNMENTS THINK ABOUT AUTHENTICATION Priorities: • Ensuring that future online products and services coming into use are “secure by default” • Empowering consumers to “choose products and services that have built-in security as a default setting.” “[We will] invest in technologies like Trusted Platform Modules (TPM) and emerging industry standards such as Fast IDentity Online (FIDO), which do not rely on passwords for user authentication, but use the machine and other devices in the user’s possession to authenticate. The Government will test innovative authentication mechanisms to demonstrate what they can offer, both in terms of security and overall user experience.” All Rights Reserved | FIDO Alliance | Copyright 20183 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/ national_cyber_security_strategy_2016.pdf
FIDO IS IMPACTING HOW GOVERNMENTS THINK ABOUT AUTHENTICATION U.S. Commission on Enhancing National Cybersecurity: • Bipartisan commission established by the White House in April – charged with crafting recommendations for the next President • Major focus on Authentication All Rights Reserved | FIDO Alliance | Copyright 20184
US COMMISSION ON ENHANCING NATIONAL CYBERSECURITY “Other important work that must be undertaken to overcome identity authentication challenges includes the development of open-source standards and specifications like those developed by the Fast IDentity Online (FIDO) Alliance. FIDO specifications are focused largely on the mobile smartphone platform to deliver multifactor authentication to the masses, all based on industry standard public key cryptography. Windows 10 has deployed FIDO specifications (known as Windows Hello), and numerous financial institutions have adopted FIDO for consumer banking. Today, organizations complying with FIDO specifications are able to deliver secure authentication technology on a wide range of devices, including mobile phones, USB keys, and near- field communications (NFC) and Bluetooth low energy (BLE) devices and wearables. This work, other standards activities, and new tools that support continuous authentication provide a strong foundation for opt-in identity management for the digital infrastructure.” All Rights Reserved | FIDO Alliance | Copyright 20185 https://www.nist.gov/sites/default/files/documents/2016/12/02/cybersecurity-commission-report-final-post.pdf
US – TREASURY SECRETARY MNUCHIN HIGHLIGHTS IMPORTANCE OF FIDO “Many of you have been working toward these goals for years now – the 2011 National Strategy for Trusted Identities in Cyberspace (NSTIC) charted a path for government to work with the private sector, developing an identity ecosystem that embraced these important principles – security, privacy, ease of use, and interoperability. “Out of NSTIC, we’ve seen great innovations through public-private partnerships. These include the emergence of FIDO authentication, where major firms in IT, software, device manufacturers, banking, health care and security have partnered with government - the National Institute of Standards and Technology in particular - to deliver on this vision. This has been done by creating new standards like FIDO and OpenID Connect that are being used today to enable more robust and secure authentication. “With these commitments from industry, we’re at the point where it will be hard for a consumer to buy a device or launch a browser that doesn’t support strong authentication out of the box. It’s an innovation – driven by industry and supported by government – that is improving security and transforming digital commerce.” All Rights Reserved | FIDO Alliance | Copyright 20186
All Rights Reserved | FIDO Alliance | Copyright 20187 IDEA: AUTHENTICATION AS REGTECH
WHAT IS REGTECH? RegTech: Technology that helps businesses comply with regulations efficiently and inexpensively. - A u s t r a l i a n S e c u r i t i e s a n d I n v e s t m e n t s C o m m i s s i o n ( A S I C ) -Or- RegTech: technology that seeks to provide “nimble, configurable, easy to integrate, reliable, secure and cost - effective” compliance solutions - D e l o i t t e 8 All Rights Reserved | FIDO Alliance | Copyright 2018
AUTHN IS REGTECH…RIGHT? Nimble? Configurable? Easy to integrate? Cost effective?Secure? Reliable? 9 All Rights Reserved | FIDO Alliance | Copyright 2018
All Rights Reserved | FIDO Alliance | Copyright 201810 OLD AUTHENTICATION - OTPS Old strong authentication required a separate channel or device… ONE-TIME PASSCODES Improve security but aren’t easy enough to use STILL PHISHABLE USER CONFUSION TOKEN NECKLACE SMS RELIABILITY1 1NIST SP800-63-3: “Out-of-band authentication using the [public switched telephone network] (SMS or voice) is discouraged and is being considered for removal in future editions of this guideline.”
All Rights Reserved | FIDO Alliance | Copyright 201711 OLD AUTHENTICATION – SMART CARDS INCONVENIENT SMART CARDS OFFER STRONG CRYTOGRAPHIC SECURITY BUT… SMART CARDS Offer strong cryptographic security but are: COSTLY Old strong authentication required a separate channel or device… POOR BYOD SUPPORT
THE AUTHN CHALLENGE Nimble Configurable Easy to integrate Cost effectiveSecure Reliable We need authentication solutions that can meet the “RegTech” definition - allowing better business models and customer experiences to flourish - without concerns about security, privacy and other compliance requirements 12 All Rights Reserved | FIDO Alliance | Copyright 2018
All Rights Reserved | FIDO Alliance | Copyright 201813 AREAS OF INNOVATION + REGULATION •Digital Government •National IDs •eIDAS • GDPR • Stop 81% of breaches • EHR • Patient Access • Doctor Access • Payments + FinTech • PSD2 • KYC Financial Services Health Care eGov/ Citizen Services Privacy & Security
All Rights Reserved | FIDO Alliance | Copyright 201814 AREAS OF INNOVATION + REGULATION • Digital Government • National IDs • eIDAS • GDPR • Stop 81% breaches • EHR • Patient Access • Doctor Access • Payments + FinTech • PSD2 • KYC Financial Services Health Care eGov/ Citizen Services Privacy & Security Compliance is driv ing a need for better authentication
Security Privacy Interoperability Usability All Rights Reserved | FIDO Alliance | Copyright 201815 FIDO AS REGTECH FIDO delivers on key priorities
All Rights Reserved | FIDO Alliance | Copyright 201816 FIDO IMPACT ON POLICY FIDO specifications offer governments newer, better options for strong authentication – but governments may need to update some policies to support the ways in which FIDO is different. As technology evolves, policy needs to evolve with it.
AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT. • While this statement was true of most “old” MFA technology, FIDO specifically addresses these cost and usability issues • FIDO enables simpler, stronger authentication capabilities that governments, businesses and consumers can easily adopt at scale 1) Recognize that two-factor authentication no longer brings higher burdens or costs All Rights Reserved | FIDO Alliance | Copyright 201817
All Rights Reserved | FIDO Alliance | Copyright 201818 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT. • First recognized by the U.S. government (NIST) in 2014 • “OMB (White House) to update guidance on remote electronic authentication” to remove requirements that one factor be separate from the device accessing the resource • The evolution of mobile devices – in particular, hardware architectures that offer highly robust and isolated execution environments (such as TEE, SE and TPM) – has allowed these devices to achieve high-grade security without the need for a physically distinct token 2) Recognize technology is now mature enough to enable two secure, distinct authn factors in a single device
All Rights Reserved | FIDO Alliance | Copyright 201819 TECHNOLOGY IS NOW MATURE ENOUGH TO ENABLE TWO SECURE, DISTINCT AUTHENTICATION FACTORS IN A SINGLE DEVICE Europe and Payment Services Directive 2 (PSD2) • Original guidance (December 2015) from the European Banking Authority (EBA) was heavily weighted toward OTP, considered prohibition of two authentication factors delivered on the same device. • The emergence of FIDO prompted EBA to revise its guidance – the final version (November 2017) references FIDO’s architecture for protecting the independence of authentication factors on multi-purpose devices such as smart phones. http://ec.europa.eu/finance/docs/level-2-measures/psd2-rts-2017- 7782_en.pdf
All Rights Reserved | FIDO Alliance | Copyright 201820 TECHNOLOGY IS NOW MATURE ENOUGH TO ENABLE TWO SECURE, DISTINCT AUTHENTICATION FACTORS IN A SINGLE DEVICE FIDO recognized at the highest Authenticator Assurance Level (AAL3) by NIST • NIST published a 2017 update to its digital identity standards that reflects the emergence of new standards like FIDO • Both Universal 2 Factor (U2F) and passwordless/UAF solutions were recognized as being at the highest level of assurance for authenticators. https://pages.nist.gov/800-63-3/
All Rights Reserved | FIDO Alliance | Copyright 201821 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT. • The market is in the midst of a burst of innovation around authentication technology— some solutions are better than others. Don’t build rules focused on old authentication technology • Old authentication technologies impose significant costs and burdens on the user— which decreases adoption • Old authentication technologies have security (i.e., phishable) and privacy issues— putting both users and online service providers at risk 3) As governments promote or require strong authentication, make sure it is the “right” authentication
All Rights Reserved | FIDO Alliance | Copyright 201822 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT Example: Taiwan • Taiwan’s Financial Supervisory Commission (FSC) in December 2016 changed its e-Banking Security Control regulations to make clear: Client-side biometrics are appropriate to use for e-Banking applications • Previous version: Pointed only to server-side biometric match; emergence of FIDO prompted a change 3) As governments promote or require strong authentication, make sure it is the “right” authentication
All Rights Reserved | FIDO Alliance | Copyright 201823 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT Example: US • US Department of Veterans Affairs (VA) ▸ First US government citizen-facing application (vets.gov) to support FIDO (September 2017) • US Department of Defense (DoD) ▸ DoD CIO declares that U2F allowed as an alternative to PKI – where PKI integration is not feasible (April 2017) • US Senate ▸ Requests US Social Security Administration protect citizen accounts with FIDO - instead of SMS or OTP 3) As governments promote or require strong authentication, make sure it is the “right” authentication
Security Privacy Interoperability Usability All Rights Reserved | FIDO Alliance | Copyright 201824 FIDO DELIVERS ON KEY POLICY PRIORITIES
All Rights Reserved | FIDO Alliance | Copyright 201825 QUESTIONS? THANK YOU!

Recommandé

FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO MasterclassFIDO Alliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationFIDO Alliance
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsFIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationFIDO Alliance
 

Recommandé

FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO MasterclassFIDO Alliance
 
Business Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationBusiness Considerations for Deploying FIDO Authentication
Business Considerations for Deploying FIDO AuthenticationFIDO Alliance
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsFIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationFIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO Alliance
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Alliance
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APACFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDOFIDO Alliance
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressFIDO Alliance
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
FIDO as Regtech - Addressing Government Requirements
FIDO as Regtech - Addressing Government RequirementsFIDO as Regtech - Addressing Government Requirements
FIDO as Regtech - Addressing Government RequirementsFIDO Alliance
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance
 
Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Alliance
 

Contenu connexe

Tendances

Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO Alliance
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Alliance
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APACFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO Alliance
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO AllianceFIDO Alliance
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO Alliance
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressFIDO Alliance
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
FIDO as Regtech - Addressing Government Requirements
FIDO as Regtech - Addressing Government RequirementsFIDO as Regtech - Addressing Government Requirements
FIDO as Regtech - Addressing Government RequirementsFIDO Alliance
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance
 

Tendances (20)

Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
FIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong KongFIDO UAF Adoption in Hong Kong
FIDO UAF Adoption in Hong Kong
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APAC
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong AuthenticationFIDO's Role in the Global Regulatory Landscape for Strong Authentication
FIDO's Role in the Global Regulatory Landscape for Strong Authentication
 
Introduction to the FIDO Alliance
Introduction to the FIDO AllianceIntroduction to the FIDO Alliance
Introduction to the FIDO Alliance
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
FIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - PresentationFIDO® for Government & Enterprise - Presentation
FIDO® for Government & Enterprise - Presentation
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and News
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome Address
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the Enterprise
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
FIDO as Regtech - Addressing Government Requirements
FIDO as Regtech - Addressing Government RequirementsFIDO as Regtech - Addressing Government Requirements
FIDO as Regtech - Addressing Government Requirements
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
 

Similaire à Global Regulatory Landscape for Strong Authentication

Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in GovernmentFIDO Alliance
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Alliance
 
BigData and Cybersecurity for Digital Finance and conclusions
BigData and Cybersecurity for Digital Finance and conclusionsBigData and Cybersecurity for Digital Finance and conclusions
BigData and Cybersecurity for Digital Finance and conclusionsBig Data Value Association
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationFIDO Alliance
 
apidays New York 2022 - Discussing the significance of API standardization, D...
apidays New York 2022 - Discussing the significance of API standardization, D...apidays New York 2022 - Discussing the significance of API standardization, D...
apidays New York 2022 - Discussing the significance of API standardization, D...apidays
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...ForgeRock
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
How Technology Impacts the Insurance Sector - Raymond Kairouz
How Technology Impacts the Insurance Sector - Raymond KairouzHow Technology Impacts the Insurance Sector - Raymond Kairouz
How Technology Impacts the Insurance Sector - Raymond Kairouzsigortatatbikatcilari
 
FIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Alliance
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Alliance
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptxssuserc1c6091
 
8 trends of IoT in 2018
8 trends of IoT in 20188 trends of IoT in 2018
8 trends of IoT in 2018Ahmed Banafa
 
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachSLA-Ready Network
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...OKsystem
 
The State of Strong Authentication
The State of Strong AuthenticationThe State of Strong Authentication
The State of Strong AuthenticationFIDO Alliance
 

Similaire à Global Regulatory Landscape for Strong Authentication (20)

Strong Authentication Trends in Government
Strong Authentication Trends in GovernmentStrong Authentication Trends in Government
Strong Authentication Trends in Government
 
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
FIDO Webinar – A New Model for Online Authentication: Implications for Policy...
 
FIDO in Government
FIDO in GovernmentFIDO in Government
FIDO in Government
 
BigData and Cybersecurity for Digital Finance and conclusions
BigData and Cybersecurity for Digital Finance and conclusionsBigData and Cybersecurity for Digital Finance and conclusions
BigData and Cybersecurity for Digital Finance and conclusions
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric Authentication
 
apidays New York 2022 - Discussing the significance of API standardization, D...
apidays New York 2022 - Discussing the significance of API standardization, D...apidays New York 2022 - Discussing the significance of API standardization, D...
apidays New York 2022 - Discussing the significance of API standardization, D...
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
How Technology Impacts the Insurance Sector - Raymond Kairouz
How Technology Impacts the Insurance Sector - Raymond KairouzHow Technology Impacts the Insurance Sector - Raymond Kairouz
How Technology Impacts the Insurance Sector - Raymond Kairouz
 
FIDO Authentication in Hong Kong
FIDO Authentication in Hong KongFIDO Authentication in Hong Kong
FIDO Authentication in Hong Kong
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid InnovationFIDO Authentication in Korea: Early Adoption & Rapid Innovation
FIDO Authentication in Korea: Early Adoption & Rapid Innovation
 
1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx1ID2-KeyBank-CapitalOne.pptx
1ID2-KeyBank-CapitalOne.pptx
 
Barcelona presentationv6
Barcelona presentationv6Barcelona presentationv6
Barcelona presentationv6
 
8 trends of IoT in 2018
8 trends of IoT in 20188 trends of IoT in 2018
8 trends of IoT in 2018
 
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...
 
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
Smart Cards & Devices Forum 2013 - Protecting enterprise sensitive informatio...
 
The State of Strong Authentication
The State of Strong AuthenticationThe State of Strong Authentication
The State of Strong Authentication
 

Plus de FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポートFIDO Alliance
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
 

Plus de FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 

Dernier

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 

Dernier (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

Global Regulatory Landscape for Strong Authentication

  • 1. All Rights Reserved | FIDO Alliance | Copyright 20181 GLOBAL REGULATORY LANDSCAPE FOR STRONG AUTHENTICATION DEVELOPMENTS IN POLICY, REGULATION AND GUIDANCE AROUND THE WORLD
  • 2. All Rights Reserved | FIDO Alliance | Copyright 20182 AUTHENTICATION IS IMPORTANT TO GOVERNMENTS 1. Protects access to government assets 2. Enables more high-value citizen-facing services 3. Empowers private sector to provide a wider range of high value services to consumers 4. Secures critical assets and infrastructure Governments seek identity solutions that can deliver not just improved Security – but also Privacy, Interoperability, and better Customer Experiences The right policies and standards are needed to enable this.
  • 3. FIDO IS IMPACTING HOW GOVERNMENTS THINK ABOUT AUTHENTICATION Priorities: • Ensuring that future online products and services coming into use are “secure by default” • Empowering consumers to “choose products and services that have built-in security as a default setting.” “[We will] invest in technologies like Trusted Platform Modules (TPM) and emerging industry standards such as Fast IDentity Online (FIDO), which do not rely on passwords for user authentication, but use the machine and other devices in the user’s possession to authenticate. The Government will test innovative authentication mechanisms to demonstrate what they can offer, both in terms of security and overall user experience.” All Rights Reserved | FIDO Alliance | Copyright 20183 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/567242/ national_cyber_security_strategy_2016.pdf
  • 4. FIDO IS IMPACTING HOW GOVERNMENTS THINK ABOUT AUTHENTICATION U.S. Commission on Enhancing National Cybersecurity: • Bipartisan commission established by the White House in April – charged with crafting recommendations for the next President • Major focus on Authentication All Rights Reserved | FIDO Alliance | Copyright 20184
  • 5. US COMMISSION ON ENHANCING NATIONAL CYBERSECURITY “Other important work that must be undertaken to overcome identity authentication challenges includes the development of open-source standards and specifications like those developed by the Fast IDentity Online (FIDO) Alliance. FIDO specifications are focused largely on the mobile smartphone platform to deliver multifactor authentication to the masses, all based on industry standard public key cryptography. Windows 10 has deployed FIDO specifications (known as Windows Hello), and numerous financial institutions have adopted FIDO for consumer banking. Today, organizations complying with FIDO specifications are able to deliver secure authentication technology on a wide range of devices, including mobile phones, USB keys, and near- field communications (NFC) and Bluetooth low energy (BLE) devices and wearables. This work, other standards activities, and new tools that support continuous authentication provide a strong foundation for opt-in identity management for the digital infrastructure.” All Rights Reserved | FIDO Alliance | Copyright 20185 https://www.nist.gov/sites/default/files/documents/2016/12/02/cybersecurity-commission-report-final-post.pdf
  • 6. US – TREASURY SECRETARY MNUCHIN HIGHLIGHTS IMPORTANCE OF FIDO “Many of you have been working toward these goals for years now – the 2011 National Strategy for Trusted Identities in Cyberspace (NSTIC) charted a path for government to work with the private sector, developing an identity ecosystem that embraced these important principles – security, privacy, ease of use, and interoperability. “Out of NSTIC, we’ve seen great innovations through public-private partnerships. These include the emergence of FIDO authentication, where major firms in IT, software, device manufacturers, banking, health care and security have partnered with government - the National Institute of Standards and Technology in particular - to deliver on this vision. This has been done by creating new standards like FIDO and OpenID Connect that are being used today to enable more robust and secure authentication. “With these commitments from industry, we’re at the point where it will be hard for a consumer to buy a device or launch a browser that doesn’t support strong authentication out of the box. It’s an innovation – driven by industry and supported by government – that is improving security and transforming digital commerce.” All Rights Reserved | FIDO Alliance | Copyright 20186
  • 7. All Rights Reserved | FIDO Alliance | Copyright 20187 IDEA: AUTHENTICATION AS REGTECH
  • 8. WHAT IS REGTECH? RegTech: Technology that helps businesses comply with regulations efficiently and inexpensively. - A u s t r a l i a n S e c u r i t i e s a n d I n v e s t m e n t s C o m m i s s i o n ( A S I C ) -Or- RegTech: technology that seeks to provide “nimble, configurable, easy to integrate, reliable, secure and cost - effective” compliance solutions - D e l o i t t e 8 All Rights Reserved | FIDO Alliance | Copyright 2018
  • 9. AUTHN IS REGTECH…RIGHT? Nimble? Configurable? Easy to integrate? Cost effective?Secure? Reliable? 9 All Rights Reserved | FIDO Alliance | Copyright 2018
  • 10. All Rights Reserved | FIDO Alliance | Copyright 201810 OLD AUTHENTICATION - OTPS Old strong authentication required a separate channel or device… ONE-TIME PASSCODES Improve security but aren’t easy enough to use STILL PHISHABLE USER CONFUSION TOKEN NECKLACE SMS RELIABILITY1 1NIST SP800-63-3: “Out-of-band authentication using the [public switched telephone network] (SMS or voice) is discouraged and is being considered for removal in future editions of this guideline.”
  • 11. All Rights Reserved | FIDO Alliance | Copyright 201711 OLD AUTHENTICATION – SMART CARDS INCONVENIENT SMART CARDS OFFER STRONG CRYTOGRAPHIC SECURITY BUT… SMART CARDS Offer strong cryptographic security but are: COSTLY Old strong authentication required a separate channel or device… POOR BYOD SUPPORT
  • 12. THE AUTHN CHALLENGE Nimble Configurable Easy to integrate Cost effectiveSecure Reliable We need authentication solutions that can meet the “RegTech” definition - allowing better business models and customer experiences to flourish - without concerns about security, privacy and other compliance requirements 12 All Rights Reserved | FIDO Alliance | Copyright 2018
  • 13. All Rights Reserved | FIDO Alliance | Copyright 201813 AREAS OF INNOVATION + REGULATION •Digital Government •National IDs •eIDAS • GDPR • Stop 81% of breaches • EHR • Patient Access • Doctor Access • Payments + FinTech • PSD2 • KYC Financial Services Health Care eGov/ Citizen Services Privacy & Security
  • 14. All Rights Reserved | FIDO Alliance | Copyright 201814 AREAS OF INNOVATION + REGULATION • Digital Government • National IDs • eIDAS • GDPR • Stop 81% breaches • EHR • Patient Access • Doctor Access • Payments + FinTech • PSD2 • KYC Financial Services Health Care eGov/ Citizen Services Privacy & Security Compliance is driv ing a need for better authentication
  • 15. Security Privacy Interoperability Usability All Rights Reserved | FIDO Alliance | Copyright 201815 FIDO AS REGTECH FIDO delivers on key priorities
  • 16. All Rights Reserved | FIDO Alliance | Copyright 201816 FIDO IMPACT ON POLICY FIDO specifications offer governments newer, better options for strong authentication – but governments may need to update some policies to support the ways in which FIDO is different. As technology evolves, policy needs to evolve with it.
  • 17. AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT. • While this statement was true of most “old” MFA technology, FIDO specifically addresses these cost and usability issues • FIDO enables simpler, stronger authentication capabilities that governments, businesses and consumers can easily adopt at scale 1) Recognize that two-factor authentication no longer brings higher burdens or costs All Rights Reserved | FIDO Alliance | Copyright 201817
  • 18. All Rights Reserved | FIDO Alliance | Copyright 201818 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT. • First recognized by the U.S. government (NIST) in 2014 • “OMB (White House) to update guidance on remote electronic authentication” to remove requirements that one factor be separate from the device accessing the resource • The evolution of mobile devices – in particular, hardware architectures that offer highly robust and isolated execution environments (such as TEE, SE and TPM) – has allowed these devices to achieve high-grade security without the need for a physically distinct token 2) Recognize technology is now mature enough to enable two secure, distinct authn factors in a single device
  • 19. All Rights Reserved | FIDO Alliance | Copyright 201819 TECHNOLOGY IS NOW MATURE ENOUGH TO ENABLE TWO SECURE, DISTINCT AUTHENTICATION FACTORS IN A SINGLE DEVICE Europe and Payment Services Directive 2 (PSD2) • Original guidance (December 2015) from the European Banking Authority (EBA) was heavily weighted toward OTP, considered prohibition of two authentication factors delivered on the same device. • The emergence of FIDO prompted EBA to revise its guidance – the final version (November 2017) references FIDO’s architecture for protecting the independence of authentication factors on multi-purpose devices such as smart phones. http://ec.europa.eu/finance/docs/level-2-measures/psd2-rts-2017- 7782_en.pdf
  • 20. All Rights Reserved | FIDO Alliance | Copyright 201820 TECHNOLOGY IS NOW MATURE ENOUGH TO ENABLE TWO SECURE, DISTINCT AUTHENTICATION FACTORS IN A SINGLE DEVICE FIDO recognized at the highest Authenticator Assurance Level (AAL3) by NIST • NIST published a 2017 update to its digital identity standards that reflects the emergence of new standards like FIDO • Both Universal 2 Factor (U2F) and passwordless/UAF solutions were recognized as being at the highest level of assurance for authenticators. https://pages.nist.gov/800-63-3/
  • 21. All Rights Reserved | FIDO Alliance | Copyright 201821 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT. • The market is in the midst of a burst of innovation around authentication technology— some solutions are better than others. Don’t build rules focused on old authentication technology • Old authentication technologies impose significant costs and burdens on the user— which decreases adoption • Old authentication technologies have security (i.e., phishable) and privacy issues— putting both users and online service providers at risk 3) As governments promote or require strong authentication, make sure it is the “right” authentication
  • 22. All Rights Reserved | FIDO Alliance | Copyright 201822 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT Example: Taiwan • Taiwan’s Financial Supervisory Commission (FSC) in December 2016 changed its e-Banking Security Control regulations to make clear: Client-side biometrics are appropriate to use for e-Banking applications • Previous version: Pointed only to server-side biometric match; emergence of FIDO prompted a change 3) As governments promote or require strong authentication, make sure it is the “right” authentication
  • 23. All Rights Reserved | FIDO Alliance | Copyright 201823 AS TECHNOLOGY EVOLVES, POLICY NEEDS TO EVOLVE WITH IT Example: US • US Department of Veterans Affairs (VA) ▸ First US government citizen-facing application (vets.gov) to support FIDO (September 2017) • US Department of Defense (DoD) ▸ DoD CIO declares that U2F allowed as an alternative to PKI – where PKI integration is not feasible (April 2017) • US Senate ▸ Requests US Social Security Administration protect citizen accounts with FIDO - instead of SMS or OTP 3) As governments promote or require strong authentication, make sure it is the “right” authentication
  • 24. Security Privacy Interoperability Usability All Rights Reserved | FIDO Alliance | Copyright 201824 FIDO DELIVERS ON KEY POLICY PRIORITIES
  • 25. All Rights Reserved | FIDO Alliance | Copyright 201825 QUESTIONS? THANK YOU!

Notes de l'éditeur

  1. “thumbs down is a stand-in icon
  2. To sum up, FIDO delivers on all of these key priorities: security, usability, privacy and interoperability. Some additional points on privacy: There’s no 3rd party in the protocol so you don’t have to worry about correlation handles or any third-party watching where users are authenticating. It’s direct from the device to the application. There are no shared secrets stored on the server, which saves you in the case of a data breach of that server. If used, biometric data must never leave the device, which is privacy preserving. That’s a requirement of FIDO certification. One of the biggest benefits of the FIDO design is that there’s no new link-ability or identifier in a FIDO device – no new way to track a user or link their behavior across applications. There isn’t even a way to link that user across different accounts on the same system. Cookie methods still exist, but nothing new that’s being delivered by FIDO.