FIDO | Claims and Calculations | Nok Nok Labs and ThreatMetrix

September 18, 2017 Nok Nok News 0 comments

When we started Nok Nok Labs, I often said that our vision for Modern Authentication was that it was a “Game of Signals” – one that consisted of claims & calculations.

Users and devices provide a signal through an authentication claim (e.g. a password, a smart-card, a biometric etc). The relying party would process that claim and then often look at other signals (e.g. location, device integrity signals etc.) and the resulting calculation determined the final result.

Back in 2011 user authentication events were weak signals (e.g. passwords or phishable OTPs or strong authentication that was easily defeated by malware) with no alternatives. As a result, relying parties had to invest deeply in the calculation and amass many more signals to determine the result of the authentication claim. Weak signals create uncertainty and doubt that can cripple the business with excessive friction or create an opportunity for compromising credentials. Indeed, the Verizon Data Breach study reports credential compromise as the leading cause of data breaches. Fully 80% of hacking-related breaches leveraged either stolen passwords and/or weak or guessable passwords.

Existing strong authentication did not help a lot. It remains shocking to see how much of our deployed “strong authentication” is really vulnerable to phishing, MiTM and malware attacks. Gone are the days when authentication was supposed to be about a magic credential – a complex password, OTP token/smart-cards or assorted fanciful authenticators – that gave you keys to the kingdom.

Our vision led us to create the FIDO Alliance with our partners and seed it with our inventions leading to the first FIDO protocol aimed at strengthening the user-claim so that it could be strong signal. The standards allow the use of ANY method of authentication (e.g. tokens, biometrics, wearables etc.) while maintaining a simple consistent developer API and without changing the backend. It also provides the strong assurance that this was indeed the right user. It also characterizes the authentication environment and resists or eliminates phishing and MiTM attacks because of way we designed the cryptographic protocol.

In a recent speech, Treasury Secretary Steve Mnuchin hailed the FIDO Authentication standards and the FIDO Alliance’s work with NIST as an exemplary innovation in public-private partnerships and vital to enabling financial inclusion and banking the unbanked. We are proud to have contributed in a key role to that partnership with NIST. We continue to be the innovation leader at the FIDO Alliance and a key author/editor of its most widely deployed standards as well its upcoming standards.

Our NNL S3 Authentication platform is the industry’s leading standards-based way to deliver assurance that the business is dealing with the right user, right device and right context for cloud, mobile and IoT applications. The strong signals delivered by our platform can be transformative to risk platforms allowing the business to deliver frictionless user interaction, meet emerging regulations for authentication and data privacy and to personalize user interactions with confidence.

This announcement today by ThreatMetrix validates our vision of Modern Authentication – watch this space for more to come.

08 Sep

3 Min read

Nok Nok Labs and GSMA’s Mobile Connect @ MWC:A

September 8, 2017 Nok Nok News 0 comments

As we have written in our blog before – NNL has partnered with the GSMA on their product – Mobile Connect. Mobile Connect is a secure universal log-in solution in which the GSMA aims to provide a worldwide login service. This project enables interoperability and aims to leverage ubiquity to ease the global deployment of federated identity.

With this partnership we will help Mobile Network Operators deliver a biometric-enabled, FIDO Certified™ customer authentication experience that increases revenue and customer loyalty as well as opening the door to additional commerce services and partnerships.

GSMA Innovation City makes its debut at Mobile World Congress Americas 2017 and promises to deliver a diverse showcase of innovative, topical, and cutting edge products and services.

Some of the use cases that will be showcased at the Innovation City:

Interbev
Using a Smart Vending Machine to deliver beverages with age-based authentication is an example of NNL partnering with GSMA. Today, all age-based verification is done by human scrutiny which is expensive and prone to error. Using the biometric identity provided by the MobileConnect App on your mobile device and authenticated by NNL Authentication Server, the vending machine delivers a beverage based on the age and user’s choice.

Visa
In this world of digital commerce, Card Not Present transactions are increasing at a breathtaking pace. Card Not Present fraudulent transaction charges are also on the rise. To protect and aid customers, Visa and GSMA, using the NNL Authentication Server, have created mobile device transaction notification and authentications. The owner of the card receives a notification on their mobile device and can then approve or deny the charges by either tapping cancel or authenticating with their biometrics. This confirmation reduces millions in fraudulent charges that are accepted as the industry norm today.

San Diego Healthcare
Electronic Health Records need to be protected more than ever before. Privacy and accessibility are at loggerheads, and the industry has ended up at a crossroads where compromise seems inevitable. Emergency medical responders who are specially trained to provide out-of-hospital care in medical emergencies have to treat patients in unplanned and unexpected situations. This makes it tough to implement authentication and privacy policies while the focus is on providing the best medical care. NNL with GSMA will be providing biometric authentication to save precious time for first responders. In some scenarios, fingerprint may not be an option, so NNL enables Facial Recognition for smooth authentication.

Innovation City will be in the South Hall during Mobile World Congress: Americas. The show starts on Tuesday, September 12th and ends Thursday, September 14th in the Moscone Center in San Francisco, California. We hope to see you there.

If you can’t make it to Innovation City – Nok Nok Labs will also have a booth at the FIDO Pavilion located in the North Hall during exposition hours. We invite you to meet us there as well.