Simplifying Authentication: Giesecke & Devrient Joins the FIDO Alliance

Munich, November 4, 2014 – The faster the increase in the number of digital processes, the greater the demand for security. This development means that the issue of straightforward, yet secure authentication is becoming increasingly important. Studies show that more than two thirds of all users worldwide use just one password to protect their digital identities, surf the net or buy online. This is often detrimental to security. The FIDO Alliance (Fast IDentity Online) has set itself the task of revolutionizing online authentication and establishing uniform global standards for it. The Munich-based technology group Giesecke & Devrient (G&D), a specialist in secure communication and identity management, has now joined the FIDO Alliance.

The more processes take place on the Internet and the more personal content is saved on mobile devices, the greater the need that personal and business users have for straightforward, but secure authentication.

This is the objective of the FIDO Alliance. The international industrial consortium aims to simplify online authentication and make it more convenient for users while maintaining the highest standards of security. The collective development of open, scalable, and interoperable mechanisms is expected to reduce dependence on passwords and allow secure authentication for online services. Websites or cloud applications can use the unified standard to connect easily to a range of FIDO-compatible devices.

This simplifies a large number of processes, such as those in m-commerce or mobile payments. For example, consumers only have to register with PayPal once. A key pair is then generated on the device, ideally on a smart card. The private key remains on the device, while the public key is sent to the service provider. By means of a special “challenge–response” process, authentication can take place simply and securely without the need for a username or password. This approach rules out two major attack scenarios by cybercriminals, namely phishing and server-side attacks. For each additional service provider that the user registers with, a separate key pair is generated.

It is important to note that authentication always takes place from the end device to the service provider, never through a central FIDO server used by multiple providers. The best way of handling the private keys securely on the device is with a smart card.

Axel Deininger, Head of the Enterprise Security/OEM division at Giesecke & Devrient, comments: “G&D is the expert in authentication services and management, a leader in the field of secure elements, supplies smart cards and SIMs, and takes on its customers’ full life cycle management in the security sector. We bring our expertise as a recognized authentication expert to FIDO’s work. We will make use of our smart card know-how to benefit the consortium and drive forward the use of open standards in our customers’ interests in environments where security is critical. This will also further solidify our position as a global player in the authentication market.”

About the FIDO Alliance:

The FIDO Alliance (Fast IDentity Online) www.fidoalliance.org was founded in July 2012. Its objective is to promote interoperability between available authentication technologies while also eliminating the problems facing users today owing to the need to use different usernames and passwords for online applications. The alliance aims to change the shape of authentication as it exists today and provide simpler, yet more secure authentication in the future using standards-based specifications. Simple, scalable, and interoperable mechanisms reduce dependence on passwords.FIDO authentications for online services are more secure, more personal, and easier to use.

The FIDO Alliance is composed of many global leaders, including Alibaba Holdings, ARM Holdings, Bank of America Corporation, BlackBerry, CrucialTec, Discover Financial Services, Giesecke & Devrient, Google, IdentityX, Lenovo, MasterCard, Microsoft, Nok Nok Labs, NXP Semiconductors, Oberthur Technologies, PayPal, Qualcomm, RSA, Samsung Electronics, Synaptics, Visa, and Yubico.

About Giesecke & Devrient

Giesecke & Devrient (G&D) is a leading international technology provider headquartered in Munich, Germany. Founded in 1852, the Group has a workforce of over 11,660 employees and generated sales of approximately EUR 1.75 billion in the 2013 fiscal year. 58 subsidiaries and joint ventures in 32 countries ensure customer proximity worldwide.

G&D develops, produces, and distributes products and solutions in the payment, secure communication, and identity management sectors. G&D is a technology leader in these markets and holds a strong competitive position. The Group’s customer base mainly comprises central and commercial banks, mobile network operators, business enterprises, governments, and public authorities. For more information, please visit: www.gi-de.com