Tactical Advice

FIDO Alliance Strives to Set Up Biometric Security Standards

Technology to replace passwords and PINs received a lot of attention when Apple released the iPhone 5s, with its Touch ID fingerprint sensor, earlier this fall.
FIDO Alliance Strives to Set Up Biometric Security Standards
Credit: vectomart/iStock/ThinkStockPhotos

Biometrics have been deemed by some to be the ultimate alternative to passwords and PINs. The technology received a high-profile boost when Apple introduced the iPhone 5s back in September, and the timing couldn’t have been better. Earlier this year, the FIDO Alliance was created with the sole purpose of aiding in the development of a common set of standards to simplify, secure and encourage the adoption of biometric technology.

Apple’s latest top-of-the-line iPhone features a fingerprint scanner, called Touch ID, which is ingeniously integrated into the smartphone’s home button. Word of mouth as well as reviews indicate that Touch ID, which is directly linked to iOS 7 for unlocking and purchasing purposes, is the user-friendliest application of biometrics thus far. However, since there’s currently no API, employers and third parties, for example, cannot yet take advantage of the sensor’s functionality.

In order for biometric security to gain widespread adoption, however, all stakeholders (e.g., hardware, software and security vendors; financial institutions; retailers) must agree on a common set of standards for the implementation and support of the technology.

Enter the FIDO Alliance.

An Authentication Guard Dog

Founded last February and led by such companies as MasterCard, CrucialTec, Google, Lenovo, Nok Nok Labs, NXP Semiconductors, PayPal and Yubico, FIDO Alliance membership has swelled to more than 50 from an initial half dozen.

“The rapid growth of the FIDO Alliance and the quality of our membership reflect a thriving awareness of the demands for better authentication,” said Michael Barrett, FIDO Alliance president, in a statement. “We welcome our new members, and we continue to invite all who recognize the value of enabling the broad range of strong authentication methods and devices to join the Alliance and explore this emerging technology.”

In addition to biometrics such as fingerprint and iris scanners, FIDO Alliance specifications will support additional authentication technologies, including voice and facial recognition. Existing security solutions and communications standards, such as trusted platform modules, USB security tokens, embedded secure elements, smart cards and near field communication, will also be compatible with the biometric standard, according to the organization. Furthermore, the specifications are being designed to be extensible and futureproof and to protect existing investments.

FIDO Alliance’s plan is to provide what it calls Relying Parties with a variety of choices to realize better authentication methods that overcome today’s prevailing reliance on passwords. The specifications will also emphasize a device-centric model, where authentication over the wire happens using public-key cryptography.

One of the chief goals of the biometric standard is to enable a person to use the same biometric sensor to unlock any account or access a website, for example, while keeping an end user’s biometric data private. It works by registering a user’s device on a server via a public key. Authentication happens when the device, which could be biometric or gesture-based (even), meets a challenge from the server with the private key it holds. For privacy purposes, the key issued by a user’s device to each account on each server is unique in order to avoid linkability between accounts.

Security and Convenience, Balanced

Fingerprinting is no longer the sole domain of law enforcement agencies, explained Cross Match Technologies senior vice president for standards and architecture Greg Cannon, in an interview with USA Today. Cross Match specializes in certified fingerprint capture technology and software.

“The adoption of the fingerprint swipe to log on to your laptop or Apple's latest iPhone 5s biometric security feature will continue to demonstrate the advantages of biometrics in our lives,” said Cannon. “The right combination of security and convenience supports overcoming the public perception that fingerprinting is only done for criminal applications.”

Furthermore, the idea of having a single identification method that users can never forget has become attractive to consumers and security experts alike, especially in light of how much fraud there has been of late. And the adoption of a common biometric standard, as pushed by the likes of the FIDO Alliance, would go a long way toward enabling the widespread use of biometric and gesture-based security solutions.

Also featured in the USA Today article was Shahar Blekin, chief technology officer at FST21, another biometric systems vendor. “The FIDO Alliance can help push the market forward into accepting the technology as a standard,” he said. “Eventually, biometrics and the industry as a whole will be standardized. Whether it's by groups like the FIDO Alliance or by governments, or even as a de-facto standard implemented by the technology providers, it's a necessary next step.”

Sign up for our e-newsletter

About the Author

James Alan Miller

James is a veteran technology journalist with many years’ experience creating and developing magazine and online content. He is passionate about mobile tech, music and running — when the stars align.  Follow him on Google+ and Twitter:

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.