Last updateTue, 20 Oct 2020 8pm

Simplifying Authentication: Giesecke & Devrient Joins the FIDO Alliance

The faster the increase in the number of digital processes, the greater the demand for security. This development means that the issue of straightforward, yet secure authentication is becoming increasingly important. Studies show that more than two thirds of all users worldwide use just one password to protect their digital identities, surf the net or buy online. This is often detrimental to security. The FIDO Alliance (Fast IDentity Online) has set itself the task of revolutionizing online authentication and establishing uniform global standards for it. The Munich-based technology group Giesecke & Devrient (G&D), a specialist in secure communication and identity management, has now joined the FIDO Alliance.

The more processes take place on the Internet and the more personal content is saved on mobile devices, the greater the need that personal and business users have for straightforward, but secure authentication.
This is the objective of the FIDO Alliance. The international industrial consortium aims to simplify online authentication and make it more convenient for users while maintaining the highest standards of security. The collective development of open, scalable, and interoperable mechanisms is expected to reduce dependence on passwords and allow secure authentication for online services. Websites or cloud applications can use the unified standard to connect easily to a range of FIDO-compatible devices.
This simplifies a large number of processes, such as those in m-commerce or mobile payments. For example, consumers only have to register with PayPal once. A key pair is then generated on the device, ideally on a smart card. The private key remains on the device, while the public key is sent to the service provider. By means of a special "challenge–response" process, authentication can take place simply and securely without the need for a username or password. This approach rules out two major attack scenarios by cybercriminals, namely phishing and server-side attacks. For each additional service provider that the user registers with, a separate key pair is generated.
It is important to note that authentication always takes place from the end device to the service provider, never through a central FIDO server used by multiple providers. The best way of handling the private keys securely on the device is with a smart card.
Axel Deininger, Head of the Enterprise Security/OEM division at Giesecke & Devrient, comments: "G&D is the expert in authentication services and management, a leader in the field of secure elements, supplies smart cards and SIMs, and takes on its customers' full life cycle management in the security sector. We bring our expertise as a recognized authentication expert to FIDO's work. We will make use of our smart card know-how to benefit the consortium and drive forward the use of open standards in our customers' interests in environments where security is critical. This will also further solidify our position as a global player in the authentication market."


Related articles

  • Latest Post

  • Most Read

  • Twitter

Who's Online

We have 2146 guests and no members online

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.