Welcome!

Cloud Expo Authors: Elizabeth White, Pat Romanski, Trevor Parsons, Lori MacVittie, Cynthia Dunlop

News Feed Item

Lenovo, Nok Nok Labs, PayPal, and Validity Lead an Open Industry Alliance to Revolutionize Online Authentication

The FIDO Alliance (Fast Identity Online) Standards Will Allow Users the Option to Replace Passwords With Authentication Methods That Are More Secure and Easier to Use

PALO ALTO, CA -- (Marketwire) -- 02/12/13 -- Leading Internet companies, system integrators and security providers have formed the FIDO Alliance (Fast Identity Online) to revolutionize online authentication with an industry supported standards-based open protocol. FIDO Alliance founding member organizations Agnitio, Infineon Technologies, Lenovo, Nok Nok Labs, PayPal, and Validity are developing the specification and FIDO-compliant products. The Internet requires users to confirm their identity to logon and access many online accounts and services. Current password authentication is weak due to reuse, malware and phishing, and leaves enterprises and end-users vulnerable to financial and identity theft. FIDO's standards-based approach automatically detects when a FIDO-enabled device is present, and offers users the option to replace passwords with authentication methods that are more secure and easier to use. The FIDO Alliance encourages and invites participation from all companies and organizations that want simpler, stronger authentication.

The FIDO standard will support a full range of technologies, including biometrics such as fingerprint scanners, voice and facial recognition, as well as existing authentication solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, Near Field Communication (NFC), One Time Passwords (OTP) and many other existing and future technology options. The open protocol is designed to be extensible and to accommodate future innovation, as well as protect existing investments. The FIDO protocol allows the interaction of technologies within a single infrastructure, enabling security options to be tailored to the distinct needs of each user and organization. As more organizations join the FIDO Alliance, more use cases and technologies will become part of the solution.

"The Internet -- especially with recent rapid mobile and cloud expansion -- exposes users and enterprises, more than ever before, to fraud. It's critical to know who you're dealing with on the Internet. The FIDO Alliance is a private sector and industry-driven collaboration to combat the very real challenge of confirming every user's identity online," said Michael Barrett, FIDO Alliance president and PayPal Chief Information Security Officer. "By giving users choice in the way they authenticate and taking an open-based approach to standards, we can make universal online authentication a reality. We want every company, vendor, and organization that needs to verify user identity to join us in making online authentication easier and safer for users everywhere."

"At the core of National Strategy for Trusted Identities in Cyberspace (NSTIC) is a call for the private sector to lead in developing open technology standards that will enable a more trusted and secure Identity Ecosystem. The new FIDO Alliance has pledged to do just that," said Jeremy Grant, who is leading the implementation of NSTIC as Senior Executive Advisor for Identity Management at the National Institute for Standards and Technology (NIST).
"I am excited to see what the FIDO Alliance's members can do to deliver the kind of usable, cost-effective, privacy-enhancing, interoperable strong authentication innovations envisioned in the NSTIC."

"IDC forecasts the strong authentication market to realize more than $2.2 billion in revenues alone by 2016. This demand is driven by social networking, internet, cloud and mobile, all of which will require higher and higher levels of authentication by governments, corporations and consumers," said Sally Hudson, IDC Research Director, Security Products and Services. "We believe that standards based, automated solutions such as those advocated by FIDO will contribute greatly toward making this a reality."

Why FIDO? Why Now?

The FIDO Alliance is a revolution in authentication methods that today's markets demand. Though many authentication systems and point solutions existed before the FIDO Alliance, they have been proprietary, difficult and costly to manage, and/or insufficient to scale. The FIDO Alliance's objective is to be all-inclusive, embracing both existing and new authentication methods and hardware with the FIDO open protocol. FIDO-compliant smartphones, tablets, PCs and laptops can replace password dependency and exposure of sensitive user information by automatically and transparently providing user credentials when they're required.

50 billion internet-connected devices are predicted to be in the marketplace by 2020, according to Cisco Systems. The FIDO protocol approach inherently supports consumerization trends, by allowing end users any choice of authentication method. At the same time, FIDO shifts control to providers, who can make authentication user-transparent and limit the risk of fraud. Any site will be able to effect stronger account and transaction security, and improve their users' experience with more convenience, better privacy and fortified protection of persons and assets.

Today, users are often required to remember a selection of security questions, enter a unique ID with a main password, and potentially use a software or hardware token, as well. Most users have a handful of slightly varied passwords they use to access multiple sites and accounts. This cross-use of passwords poses serious risks if one account is compromised and user credentials are exposed to potential fraud across the range of a user's accounts. Providers are invariably implicated when data is breached and personal information is exposed at a site or within an application. Repeated attempts to outline better security practices and change user behaviors haven't succeeded.

The FIDO Alliance is committed to overcoming prevailing limitations by developing an authentication ecosystem with a standardized, global protocol and necessary interfaces. With users free to select any FIDO-compliant token type, even devices previously considered proprietary can be adapted for use, and new vendors with new protocol-compliant devices easily become part of the marketplace.

The FIDO Alliance and standards create the open, non-proprietary and flexible authentication protocol framework that lowers costs to deploy and improve returns on investment by using devices and systems already in the marketplace to authenticate users. Today, more and improved security options have become available and at better prices. Considering new market dynamics and the risk problem FIDO solves for users and providers, broad market adoption of secure authentication is now set up to succeed.

The FIDO Alliance invites all companies and organizations to become active members. Members will define the market requirements and contribute to the FIDO specification. Interested organizations are encouraged to go to www.fidoalliance.org to find out more and to join the FIDO Alliance.

About The FIDO Alliance
The FIDO (Fast IDentity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The Alliance plans to change the nature of authentication by developing standards-based specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to easily and securely authenticate users of online services.

Quotes from FIDO Alliance Founding Members:

Biometrics

Biometrics -- finger, hand/palm, face, voice, iris -- represent something everyone has with them at all times. The FIDO Alliance calls attention anew to the range of biometric options that identify who a user is. By enabling dynamic discovery of FIDO-compliant biometric devices, the FIDO Alliance manifests remarkable advantages to biometric users and manufacturers of biometric devices and systems, as well as device manufacturers who want to incorporate biometric recognition technology into their systems and devices to enable FIDO-compliance.

Agnitio, http://www.agnitio-corp.com/

"Agnitio is committed and passionate about fighting for Internet citizens worldwide against identity fraud and criminal activity. The FIDO Alliance facilitates our global opportunity to equip users with the convenience of using their voice to automatically authenticate instead of having to remember and enter passwords, especially when they're on the go," said Agnitio CEO Emilio Martinez. "What is more natural for Agnitio users than authenticating while speaking to their FIDO-compliant mobile devices? Voice Biometrics is the most natural way to ease and secure the authentication process anytime and anywhere, using a mobile phone or any FIDO-enabled device."

Validity, http://www.validityinc.com/

"As device and digital consumption continues to grow exponentially, so does the challenge of maintaining privacy and ease of use," said Sebastien Taveau, FIDO Alliance Board Member and CTO for Validity Sensors. "PC manufacturers have already recognized the power of leveraging a fingerprint for authentication, and with the upcoming release of fingerprint sensors in mobile devices, now is the time for the FIDO Alliance to bring together the hardware, software and applications that create a seamless user experience with a much needed new approach to security."

Relying Parties -- Those who must authenticate and secure users against identity theft, financial fraud and abuse

All FIDO Alliance members have a stake in making online authentication work, but none moreso than those who must authenticate and secure the billions of online and mobile users who rely on their services and risk exposure every time they logon or access sites and services. These FIDO Alliance members -- the Relying Parties are at risk along with their users, until user authentication is made secure with FIDO standards.

PayPal, https://www.paypal.com/

"PayPal authenticates 7.5 million transactions every day and we take our customers' security very seriously," said Bill Leddy, Principal Security Strategist, PayPal. "We recognize that user authentication must go beyond passwords. With FIDO, PayPal's customers will have more choice and stronger methods of authentication including biometrics, USB security tokens and one-time passwords. By collaborating with the industry to create open authentication standards such as FIDO, we can make authentication simpler and stronger for Internet users everywhere."

Server and ValidationVendors

The FIDO Alliance establishes the standards that make online authentication open to all to compete in every market with FIDO-compliant hardware and software products. FIDO-compliant servers and processors enable inherent features and functions of FIDO authentication and automate delivery of secure credentials throughout the FIDO ecosystem.

Nok Nok Labs, http://www.noknok.com

"The formation of the FIDO Alliance addresses a longtime, critical need for technology providers and their users: stronger security that is easier to use," said Phillip Dunkelberger, CEO of Nok Nok Labs, a founding member of the FIDO Alliance. "From day one, through our Unified Authentication Infrastructure, we are developing solutions that will deliver on the vision of the FIDO Alliance. We are excited to see the launch and expansion of the Alliance."

Systems and Device Manufacturers

FIDO Alliance membership enhances opportunities for PC, mobile and other systems and device manufacturers to influence the FIDO standard. As these manufacturers incorporate FIDO-compliance, the market opportunities expand for their products, as widespread adoption of standards-based FIDO authentication ensues.

Lenovo, http://lenovo.com/us/en/

"Lenovo products have earned a reputation for outstanding security features and designs," said Mark Cohen, Vice President and General Manager, Ecosystem and Monetization, Lenovo. "Recognizing that our customers wanted more than just passwords for authentication, we began shipping ThinkPad PCs with integrated fingerprint readers nearly a decade ago. We are excited about the new FIDO standard because it enhances both security and convenience, enabling biometric and other forms of authentication to take place directly between the user and the service that he or she is trying to use."

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for FIDO Alliance
suzanne [at] matick.net
831-479-1888 Pacific time zone

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@CloudExpo Stories
Compute virtualization has been transformational, yet security policy implementation and enforcement has lagged behind in agility and automation. There are a number of key considerations when implementing policy in private and hybrid clouds. In his session at 15th Cloud Expo, Holland Barry, VP of Technology at Catbird, will discuss the impact of this new paradigm and what organizations can do today to safely move to software-defined network and compute architectures, including: How normal ope...
Can we look to the paradigm of cloud computing from a completely different perspective? In his General Session at 15th Cloud Expo, Gundars Kulups, Sales Director at DEAC, will discuss what we can learn from our dining habits when choosing a cloud solution. Gundars Kulups is Sales Director at DEAC, full service data center operator. An IT expert, he specializes in European countries and has worked in the IT industry since 1992. He graduated from Riga Technical University (RTU) in Latvia and com...
SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accel...
As cloud gives an opportunity to businesses to buy services externally - how is cloud impacting your customers? In his General Session at 15th Cloud Expo, Fabio Gori, Director of Worldwide Cloud Marketing at Cisco, will provide answers to big questions: Do you see hybrid cloud as where the world is going? What benefits does it bring? And how does Cisco connect all of these clouds? He will also tell us everything about Intercloud and Cisco investment on it.
SYS-CON Events announced today that TMCnet has been named “Media Sponsor” of SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Technology Marketing Corporation (TMC) is the world's leading business to business and integrated marketing media company, servicing niche markets within the communications and technology industries.
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue bu...
SYS-CON Events announced today that Parasoft will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. For 27 years, Parasoft has researched and developed software solutions that help organizations deliver defect-free software efficiently. By integrating Development Testing, API/cloud/SOA/composite app testing, and service virtualization, we reduce the time, effort, and cost of delivering secur...
The Internet of Things (IoT) promises to evolve the way the world does business; however, understanding how to apply it to your company can be a mystery. Most people struggle with understanding the potential business uses or tend to get caught up in the technology, resulting in solutions that fail to meet even minimum business goals. In his session at Internet of @ThingsExpo, Jesse Shiah, CEO / President / Co-Founder of AgilePoint Inc., will show what is needed to leverage the IoT to transform...
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customiz...
One of the biggest challenges when developing connected devices is identifying user value and delivering it through successful user experiences. In his session at Internet of @ThingsExpo, Mike Kuniavsky, Principal Scientist, Innovation Services at PARC, will describe an IoT-specific approach to user experience design that combines approaches from interaction design, industrial design and service design to create experiences that go beyond simple connected gadgets to create lasting, multi-devic...
Until recently, many organizations required specialized departments to perform mapping and geospatial analysis, and they used Esri on-premise solutions for that work. In his session at 15th Cloud Expo, Dave Peters, author of the Esri Press book Building a GIS, System Architecture Design Strategies for Managers, will discuss how Esri has successfully included the cloud as a fully integrated SaaS expansion of the ArcGIS mapping platform. Organizations that have incorporated Esri cloud-based appl...
Dyn solutions are at the core of Internet Performance. Through traffic management, message management and performance assurance, Dyn is connecting people through the Internet and ensuring information gets where it needs to go, faster and more reliably than ever before. Founded in 2001 at WPI, Dyn’s global presence services more than four million enterprise, small business and personal customers.
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT tranformation? In his session at 15th Cloud Expo, John Hatem, head of V...
IBM and Tencent Cloud signed a business cooperation memorandum to collaborate on providing public cloud with Software-as-a-Service solutions for industries. Both parties agreed to focus on emerging small and medium enterprises in the smarter cities and smarter healthcare industries as well as other fields. This will enable these industries to utilize mobile, cloud computing and big data tools to transform internal processes and operations, thus achieving cloud transformation in the era of mobili...
SimpleECM is the only platform to offer a powerful combination of enterprise content management (ECM) services, capture solutions, and third-party business services providing simplified integrations and workflow development for solution providers. SimpleECM is opening the market to businesses of all sizes by reinventing the delivery of ECM services. Our APIs make the development of ECM services simple with the use of familiar technologies for a frictionless integration directly into web applicat...
European data center operator DEAC is the largest in the Baltics. The activities are orientated to provide data center services and IT outsourcing on Eurasia and America scale in order to create the primary or backup or additional data center for customer in the EU, to protect its business and, most importantly, reduce costs up to 40% within 3-5 years. DEAC is an IT outsourcing services and solutions company whose highly experienced and qualified employees offer various groups of services and...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: ...
Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: S...
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo, moderated by Ashar Baig, Research ...
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, will address the big issues involving these technologies and, more important, the results they will achieve. How important are public, private, and hybrid cloud to the enterprise? How does one define Big Data? And how is the IoT tying all this together?