What ever happened to the "FIDO Alliance," that industry group that first showed up a year ago saying it was going to revolutionise e-commerce online authentication by promoting a new multi-factor authentication protocol? Turns out the revolution in security is slow in coming but they're making some progress.
The Fast IDentity Online Alliance, as it's officially known started with six founding members, including PayPal chief information security officer Michael Barrett and the start-up Nok Nok Labs, founded by Ramesh Kesanupalli, as a core technology provider. Nok Nok Labs is building prototype code to support the new authentication specification called the Online Security Transaction Protocol (OSTP).
The idea behind OSTP is it would add a way to let the user with a FIDO-enabled device to voluntarily go beyond simple passwords and logins to evoke a wide range of additional device information, ranging from the trusted platform module to a webcam or biometrics, in a cryptographic process to share that secret as part of a back-end authentication process. The value is creating a multi-factor process on the fly is it could make e-commerce transactions, in particular, much safer.
Today, the FIDO Alliance, based in Palo Alto, Calif., has grown to be about 100 members, including heavyweights such as Google and MasterCard. But progress has been slow on the technology front.
Rolling out the technology spec for such an ambitious project is taking longer than expected. A draft was just released for public review this week, and Phillip Dunkelberger, president and CEO of Nok Nok Labs, says it will probably be another 60 to 90 days before a final first version of the spec can be called ready.
He acknowledges things are over six months behind schedule in that regard, and as of yet, there is no big news related to how it would be commercialised by PayPal or anyone else. "There's nothing on the end user side yet," he admits.
But vendors are joining the FIDO Alliance left and right, with semi-conductor manufacturer ARM getting on board just this week.
And today Nok Nok Labs made available what it calls its NLL S3 Suite for authentication of Internet-scale applications and services. It includes components such as the Multifactor Authentication Server, with an Apple iOS and Android client piece, and a Windows 7 and 8 desktop edition. These components represent products based on the FIDO Alliance spec, and they can be licensed based on numbers of users.
Although it's slow going, there's momentum behind the scenes, and Nok Nok Labs, ever optimistic, goes so far as to predict that over the next 18 months, there could be between 200 million and 400 million FIDO-enabled devices in the market.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: [email protected]