The Fido Alliance is a consortium of IT, internet and financial services firms, working together to develop specifications that define an open, scalable, interoperable set of protocols and mechanisms.
Members of the alliance include industry heavyweights such as Google, PayPal, Microsoft, Dell and the Alibaba Group.
The announcement of the final versions for the first open specifications for universal strong authentication is expected to lead to a wave of product announcements in the coming months.
The Fido 1.0 specifications, including the Universal Authentication Framework (UAF) protocol and Universal Second Factor (U2F) protocol, are aimed at eliminating passwords by enabling interoperability between authentication devices.
Security needs standards
Publication of the final specification comes after public consultation and an intellectual property review by alliance members.
“With authentication failures resulting in massive, costly breaches such as Target and Home Depot, the need for these new Fido standards is clear,” said Phil Dunkelberger, chief of Nok Nok Labs.
READ MORE ON FIDO
- Google launches first Fido-compliant 2FA key
- Password-free online authentication a step closer
- Microsoft takes aim at passwords
- PayPal CISO Michael Barrett bullish on password alternative standard
- IT industry group releases password-killing standard
- Is Fido authentication the future of online authentication products?
- Figuring out Fido as the first products emerge
- In dog days of enterprise authentication, can Fido Alliance help?
- Get up to speed on Fido Alliance efforts to secure online authentication
- Forgot your password? Fido Alliance works on authentication alternatives
“As a founding member of Fido Alliance, Nok Nok Labs recognises the demand in the market for a unified solution to allow for a more secure, yet simpler experience.
“This announcement is about the industry coming together to solve a major problem and showing that a 50-year-old convention has outlived its usefulness,” he said.
The Fido Alliance was launched in February 2013 with six founding members – Nok Nok Labs, Lenovo, Infineon, PayPal, Agnitio and Validity.
The non-profit corporation now has more than 150 members worldwide in the areas of mobile devices, banking, operating systems, authentication technology, healthcare and many more.
Fido specification benefits
According to Dunkelberger, the new standards bring four key benefits: lower implementation costs, strong consumer privacy, end-to-end security enhancements and reduced user friction.
In October, he told Computer Weekly that he was confident the publication of the final spec would grow Fido Alliance membership and support at an even faster rate and enable a raft of new secure ways for internet users to authenticate themselves online.
“Secure authentication online is a key problem to solve. It is vital for the continued growth of the online industry. Fido Alliance members have a keen interest in finding a solution, and they believe they have found it,” he said.
Software development kits
Nok Nok Labs has upgraded its S3 Authentication Suite to support the finalised Universal Authentication Framework (UAF) standard.
The company has also released software development kits (SDKs) to simplify the process of Fido-enabling third-party authenticators, web applications and mobile applications.
An Android SDK is available for qualified early access customers, with SDKs for other platforms, including iOS, to follow in early 2015.
The S3 Authentication Suite has already seen deployments at PayPal and Alipay. Both online payment firms have been processing payments using fingerprint sensor-enabled authentication based on Nok Nok technology.
Further pilots are in progress at banks, mobile network operators, healthcare solution integrators and trading networks.
Nok Nok’s NNL Multifactor Authentication Server (MFAS) deployed at these customers uses the Fido-compliant Multifactor Authentication Client (MFAC) on the latest Samsung Galaxy smartphones and tablets.
“From the incubation of the idea behind the Fido Alliance in 2012, it’s very satisfying to see solutions hit the market that adhere to our standards,” said Michael Barrett, president of the Fido Alliance.
“Nok Nok Labs’ solution is putting into practice the framework we’ve architected, and it’s paving the way towards a vastly improved authentication ecosystem,” he said.