New working groups formed to secure adjacent technologies that are critical for end-to-end identity lifecycle management
IDENTIVERSE, WASHINGTON, D.C., June 26, 2019 — The FIDO Alliance today announced two new standards and certification initiatives in identity verification and the Internet of Things (IoT). These initiatives build upon the Alliance’s ongoing focus on driving the efficacy and market adoption of FIDO Authentication by addressing adjacent technology areas that leave security vulnerabilities on the web.
Specifically, the Alliance aims to strengthen identity verification assurance to support better account recovery, and automate secure device onboarding to remove password use from IoT. The Alliance has formed two new working groups: the Identity Verification and Binding Working Group (IDWG) and the IoT Technical Working Group (IoT TWG) to establish guidelines and certification criteria in these areas. The FIDO Alliance will continue to focus on development and adoption of its user authentication standards and related programs and use them as a foundation for this expanded work, featuring contributions from current members and new industry participants.
“The FIDO Alliance has catalyzed a diverse set of stakeholders who have collaborated to answer the industry’s password problem through the standardization of FIDO Authentication – which has grown from concept to global web standard supported in leading browsers and platforms in just seven years,” said Andrew Shikiar, executive director and chief marketing officer of the FIDO Alliance. “As we look at the threat vectors in the marketplace, however, it has become apparent that there’s a gap between the high assurance provided by FIDO Authentication standards and the lower assurance methods used in identity verification for account recovery and IoT authentication. This gap can be most effectively addressed through industry collaboration and standardization rather than siloed, proprietary approaches.”
Identity Verification & Binding Working Group Overview
For accounts protected from phishing and other credential-based attacks with FIDO Authentication, the account recovery process when a FIDO device is lost or stolen becomes critical to maintaining the integrity of the user’s account. Validating a user’s identity with high assurance is an important aspect of this process, as well as for account onboarding processes, meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.
The FIDO Alliance has identified newer remote, possession-based techniques including biometric “selfie” matching and government-issued identity document authentication as having the potential to greatly improve the quality of identity assurance for new account onboarding and account recovery. The Alliance has also determined a market need for authoritative guidance, performance evaluation and certifications for their use.
The FIDO Alliance has created the IDWG to fill this need. The IDWG will define criteria for remote identity verification and develop a certification program and educational materials to support the adoption of that criteria.
The IDWG is led by co-chairs Rob Carter, Mastercard and Parker Crockford, Onfido Ltd. Other participating organizations include Aetna, Google, Idemia, Lenovo, Microsoft, Nok Nok Labs, NTT DOCOMO, OneSpan, Phoenix Technologies Ltd., Visa Inc., Yahoo! JAPAN, Yubico and the UK Cabinet Office.
IoT Technical Working Group Overview
Gartner forecasts that 20.4 billion connected things will be in use by 2020, opening up opportunities for increased efficiencies and innovation across industries. Yet, lack of IoT security standards and typical processes such as shipping with default password credentials and manual onboarding leave devices, and the networks they operate on, open to large-scale attack.
The IoT TWG aims to tackle this issue by providing a comprehensive authentication framework for IoT devices in keeping with the fundamental mission of the Alliance – passwordless authentication.
The working group will develop use cases, target architectures and specifications covering:
- IoT device attestation/authentication profiles to enable interoperability between service providers and IoT devices
- Automated onboarding, and binding of applications and/or users to IoT devices
- IoT device authentication and provisioning via smart routers and IoT hubs
The IoT TWG is led by co-chairs Marc Canel, ARM Holdings and Giridhar Mandyam, Qualcomm, Inc. Other participating organizations include Google, Idemia, Infineon Technologies, Intel Corporation, Lenovo, Microsoft, Nok Nok Labs, OneSpan, Phoenix Technologies Ltd., Yahoo! JAPAN and Yubico.
The IDWG and IoT TWG are now open to industry participants. Participation in FIDO Alliance working groups is open to all board and sponsor level members of the FIDO Alliance. For more information on joining the Alliance, visit https://fidoalliance.org/members/membership-benefits/.
About the FIDO Alliance
The FIDO (Fast IDentity Online) Alliance, www.fidoalliance.org, was formed in July 2012 to address the lack of interoperability among strong authentication technologies, and remedy the problems users face with creating and remembering multiple usernames and passwords. The FIDO Alliance is changing the nature of authentication with standards for simpler, stronger authentication that define an open, scalable, interoperable set of mechanisms that reduce reliance on passwords. FIDO Authentication is stronger, private, and easier to use when authenticating to online services.
FIDO Alliance PR Contact
Montner Tech PR
FIDO Alliance Announces Authenticate 2023 Conference
Premier authentication conference returns for fourth year; call-for-speakers open CARLSBAD,...February 23, 2023
FIDO Alliance Awards Winner and Top Finalists of Developer Challenge – India
By Joon Hyuk Lee, APAC Market Development Director, FIDO Alliance...February 6, 2023
Videos: FIDO Alliance Public Seminar in Korea
On December 6, 2022, the FIDO Alliance Public Seminar in...December 19, 2022
Momentum for FIDO in Japan Grows as Major Companies Commit to Passwordless Sign-ins with Passkeys
Yahoo! JAPAN, KDDI and NTT DOCOMO have adopted or committed...December 8, 2022