New FIDO Alliance pushing 'fast-identity' strong authentication protocol

A new industry group called the Fast IDentity Online Alliance, or FIDO Alliance for short, makes its debut Tuesday to promote adoption in e-commerce and websites an innovative authentication protocol that's intended to bring a higher level of security for online users.

The Online Security Transaction Protocol (OSTP), and its client/server components, work by gleaning information gained about the user's device, such as whether it has the Trusted Platform Module chip, or a webcam, or a fingerprint device or other biometrics, or two-factor authentication, and combine that though a cryptographic process to create a shared secret between the back-end server and the device. This OSTP-based type of multi-factor authentication process would be selectively invoked voluntarily by the user for security purposes in transactions, for instance, to assure the identity of the user, beyond simple login and password, to prevent fraud.

[ IN DEPTH: Hybrid clouds pose new security strategies 

RELATED: Startup Nok Nok Labs pitches strong new authentication process ]

One of the driving forces behind the FIDO Alliance is PayPal's chief information security officer, Michael Barrett, and that raises the question of whether PayPal plans to adopt the fast-identity authentication system.

Though Barrett didn't respond to this directly, another of the group's founders, Ramesh Kesanupalli, FIDO Alliance vice president, says "We expect that." Barrett is president of the FIDO Alliance.

However, the alliance doesn't expect to be able to publish its specification until the second half of the year. And the group's aspirations are certain to face some skeptics who will question whether it can succeed in getting the necessary client software both onto the user's computer or mobile device and get the server-side support in place across the Web for widespread use of OSTP. The type of flexible mass-market multi-factor authentication envisioned using multi-factor OSTP for sensitive transactions has never been done before, and any success it has would be ground-breaking.

Kesanupalli is also chief alliance officer at the startup Nok Nok Labs, which also officially launched today to implement OSTP in software. Palo Alto, Calif.-based Nok Nok Labs, backed by a $15 million investment, will have software available later this year that's expected to be the first implementation of the protocol. Barrett is also a founder of Nok Nok Labs.

Besides PayPal and Nok Nok Labs, the four other founding members of FIDO Alliance are Lenovo, Validity Sensors, Agnitio and Infineon. Clain Anderson, director of software at Lenovo, says the hope is that the FIDO protocol could eventually be added as an inexpensive piece of code to all manner of computers and smartphones. "We need something that can work across everything," he says.

The FIDO Alliance indicated that to influence the OSTP protocol, a company has to join the organization. But the group, set up as a 501(c) nonprofit organization, intends to make the specification it completes public in the future.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags Nok Nok LabsFIDO AlliancePayPal authenticationsecuritypaypalauthentication

More about IDGInfineonLenovoPayPal

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place