Industry standards have always provided a foundation upon which developers can build proprietary value. Rather than having to reinvent the wheel, standards enable developers to leverage common underlying technologies so they can spend more time concentrating on and creating differentiating value for their offerings. Standards also make it easy for individual products to interoperate with other products in the ecosystem. From the customer’s perspective, standards guard against vendor lock-in and maximize the opportunity to take advantage of industry innovations.
The FIDO (Fast Identity Online) Alliance has developed technical specifications that define an open scalable, interoperable set of mechanisms that make strong biometric authentication easy to deploy and use. The nature of FIDO’s remit requires broad participation and collaboration -- channeling authentication requirements from banks, telcos and a variety of service providers into FIDO’s specifications.
Since the FIDO Alliance standards were finalized and published in December of 2014, more than 200 FIDO(R) Certified products have become available on the market. In addition, many leading banks, telcos, governments and other service providers in Europe, North America and Asia have created or deployed a variety of solutions that take advantage of FIDO authentication.
Two of the key areas where the industry has seen third-party innovations around FIDO have been in second factor/biometric authentication methods, the form factors of which the FIDO specifications do not define, and in the user experience (UX).
Innovative Biometric or Second Factor Authentication Types
Many companies in the FIDO ecosystem have leveraged the FIDO Universal Authentication Framework (UAF) specifications to introduce new biometric authentication solutions. These solutions incorporate palm and thumbprint recognition, voice and face, retinal scan, and even unique pulse. These are typically available as SDKs from companies such as Daon, Nok Nok Labs and Samsung SDS or as sensor packages from companies such as Egis, Sensory, or Synaptics. Ultimately these FIDO biometric authentication capabilities are realized in dozens of consumer handset models from manufacturers such as Samsung (across their range of Galaxy devices), LG, Sony, Huawei, and Lenovo.
Additionally, we’ve seen a variety of implementations on top of the FIDO Universal 2nd Factor (U2F) open authentication standard, which allows internet users to securely access any number of online services with a single device instantly and without special drivers or client software. These implementations include new form factors that are leveraging new Bluetooth Low Energy (BLE) and NFC capabilities – enabling second factor authentication without leveraging a USB port, which is handy for tablets and other mobile hardware.
Freedom of User Experience
Similarly, because FIDO doesn’t define the user experience, service providers are stepping in to implement the most suitable UXs for their customers. For example, in Korea and Japan, banks and network operators are deploying FIDO-enabled services that allow users to authenticate through a variety of mechanisms depending on their device and preference.
Today, we’re seeing a surge of innovation in biometrics and second factor authentication types. By providing standards, FIDO fosters that innovation and lays the groundwork for widespread adoption of these new technologies. Similar to how Bluetooth enabled a thriving ecosystem of devices, apps and value-added services that couldn’t have been envisioned when the standard was established, it makes sense to anticipate a fascinating future with a wide array of FIDO Certified products that will only be possible due to industry-wide collaboration and standardization.
Shankar Saibabu is the lead Solutions Architect and FIDO Standard Specialist for the Financial Services Team at Samsung SDS America. Shankar has various experiences in regulated industries when it comes to software solutions and services, including the healthcare industry.