FIDO Alliance: creating a new security protocol

Contributed Photo

by Sudhir Ahluwalia | |

Most of us are frequent recipient of mail spam and fraudulent messages. Hackers are able to get hold of the password and with it access a computer, mobile phone or any other device and application. Protecting information, money and data from online theft is a challenge that most of us are forced to contend with today’s increasingly online world.

As more and more devices get connected, we are forced to keep track of multiple passwords, one for each device and application. Remembering many passwords is quite a challenge.  Passwords, PINs, OTPs (One Time Passcodes) are some of the mechanisms that have been introduced to authenticate identity of a user. These are aimed at securing customer and individual data.

At the heart of cyber theft lie the ability to tamper and get access to user authentication information. With that, access becomes possible and cyber theft objectives can be accomplished. In 2012 six companies got together to explore and devise a set of common standards and security protocols. A not for profit entity – FIDO (Fast Identify Online) Alliance was created.

To understand the issue of cyber security better, I got around having a mail conversation with one of the founding members of this Alliance. Nok Nok Labs is a Palo Alto California based company. It has a management team that is composed of the world’s top notch system security engineers. I connected with one of the Founders, the CEO and their senior executive team members.

FIDO alliance members have worked towards creating a new security protocol that makes helps people to not need a unique password for each device and application. They also developed strategies that would help seamless incorporation of new authentication technologies like biometrics, iris scans, face and voice recognition and other methods that are under development into the new set of security standards and protocols.

Simply put the new mechanisms now make it possible for a person to use identification information like a password, biometrics like fingerprint, voice, facial data etc to be entered at the time of logging in. Once logged in, this authentication data would automatically generate a private key. The private key is stored in the device and never leaves it. Simultaneously a corresponding public key is generated. It is this public key that is stored on the cloud. Authentication would happen when the two match. As the private key never leaves the device hacking becomes difficult. To do so a hacker will need not just physical access to the device but also the biometric information.

The security architecture defined by FIDO Alliance can become effective when device manufacturers, application builders and major users agree to adopt them. Additionally devices and systems are required to be re-configured to enable the new security architecture.

The technology industry has given a thumps up to the new FIDO Alliance defined standards. From a 6 member FIDO Alliance in 2012 today 260 corporations have joined the body. These include major companies like Google, Microsoft, PayPal, Bank of America, Visa, American Express, Google, Samsung, Alipay, NTT DOCOMO to name a few.

Before we start celebrating, let us be aware that somewhere in the world, there are hackers at work. They will be trying to find a way to crack the new secure, user friendly identity authentication system. Thieves do not like to stay out of business for long. They will be hard at work to steal our data, money and privacy.

sudhir caricatureAbout Sudhir

Sudhir Ahluwalia is a business consultant. He has been management consulting head of Asia’s largest IT outsourcing company Tata Consultancy Services, business advisor to multiple companies, columnist and author of upcoming book on herbs-Holy Herbs. He has been a member of the Indian Forest Service. His webpage is:

(Visited 16 times, 1 visits today)