FIDO Alliance, an international authentication standards organization, hosted its first Member Plenary in Taiwan in February 2023. As part of the event, the FIDO Taipei Seminar was held on February 6 under the theme of "Authentication as the Cornerstone of Security for Smart Countries and Digital Industries." More than 300 guests from Taiwan and abroad attended the event, marking the first wave of international conference attendees after the reopening of Taiwan's borders.
FIDO Alliance, an international authentication standards organization, held its first Member Plenary in Taiwan in February 2023. Christina Hulka, Executive Director and COO of FIDO Alliance (front row, third from right), Andrew Shikiar, Executive Director and CMO of FIDO Alliance (front row, first from left), and Karen Chang, Chair of FIDO Taiwan Engagement Forum (front row, fifth from left) attended the conference and invited speakers and guests from Taiwan and abroad to the event.
Photo: DIGITIMES
Brenda Hu, Executive Secretary of the FinTech Innovation Center of the Financial Supervisory Commission (FSC), pointed out in her speech at the FIDO Taipei Seminar, "On August 27, 2020, FSC included in its FinTech Development Roadmap 'the research and development of a standardized mobile identity authentication mechanism for financial services (Financial FIDO)' and outlined a plan to adopt the FIDO authentication standards, so that in the future, users of financial services will no longer need to tediously authenticate themselves with physical cards or account passwords."
Horn-Jiunn Sheen, Deputy Executive Secretary of the Office of Science and Technology Policy of the National Science and Technology Council, said, "With the increasing importance of information security issues, passwordless authentication has become an important technology for strengthening the security of identity authentication. We hope to maintain a close working relationship with FIDO and utilize the FIDO authentication standards to reinforce the overall security of Taiwan's digital environment."
The FIDO Alliance illustrates, "The global outbreak of data breaches is expected to cost the world US$343 billion in online payment fraud over the next five years, primarily due to weak or stolen passwords. In the post-pandemic era, using the Internet for shopping, online payments, social interactions, and access to various business and government services have become a new norm for the majority of people.
In recent years, hackers have been using techniques such as social engineering and phishing to steal personal information and trade secrets on a massive scale. This poses an unprecedented challenge to corporate sustainability, government trust, and the peace of mind of the general public.
As a result, the zero-trust security model has taken hold in the marketplace, and identity verification is another step toward its further implementation. Various government agencies and enterprises are playing an active role in understanding the purpose of the FIDO Alliance and joining this comprehensive digital industry and government ecosystem that encompass chips, devices, software, services, and more to create a more secure and convenient service experience for users."
FIDO Authentication Standards Mechanisms Are Recognized as the Best Solution for Passwordless Authentication
Minister of Digital Affairs Audrey Tang said, "As the engine of Taiwan's digital development, the Ministry of Digital Affairs (moda) is committed not only to developing ideas on how to respond to rapidly-changing digital technology but also to keeping up with the times and building a more comprehensive digital trust infrastructure environment. In addition, as a member of the FIDO Alliance, the moda will participate in the development of standards that meet the needs of Taiwan and its like-minded global partners. The moda will be instrumental in introducing them to government agencies, civil society, and various industries to realize the plurality of 'interoperable co-presence.' The moda will accelerate digital transformation across sectors and safeguard national information security to promote the development of digital resilience for all."
Andrew Shikiar, Executive Director and CMO at the FIDO Alliance summarized the morning session by saying, "Digital services should not be decoupled from personal information security. As data breaches continue to rise, fundamental changes are needed to prevent these incidents. FIDO authentication uses public-key cryptography, which enables simpler and more powerful authentication methods to develop the relevant standards." Furthermore, as the number of Internet of Things (IoT) devices grows worldwide, so does the range of applications for FIDO authentication. In the absence of IoT security standards, devices, and network services are vulnerable to various attacks. Therefore, the FDO Authentication promulgated in April 2021 is expected to be promoted in 2023 to protect the security of IoT devices and services.
Influence and Impact of FIDO on Global Policies
Ki-Eun Shin, SK Telecom Principal Software Development Engineer
Photo: DIGITIMES
"Since accounts and passwords can be easily copied and backed up by hackers, leading to various information security incidents." Ki-Eun Shin, Principal Software Development Engineer at SK Telecom, said, "FIDO technology provides passwordless authentication methods that help improve the security of various web application services. The application of passkey certified method recently allows users to access websites at anytime and anywhere by binding a private key to the synchronization mechanism of a device or platform, thereby ushering in a passwordless era."
Paul Heim, FIDO Alliance Director of Certification
Photo: DIGITIMES
Paul Heim, Director of Certification at the FIDO Alliance, pointed out, "The successive adoption of FIDO authentication standards by various industries and government organizations also shows that the market demand for FIDO identity verification is growing rapidly. Manufacturers of equipment or components seek to get FIDO functional certification as soon as possible in the hope of differentiating themselves from their competitors. This allows them to up their competitiveness and take advantage of rare market opportunities. The FIDO Alliance has comprehensive authentication schemes and experts, which can help companies pass certification one step at a time."
Jeremy Grant, Advisor of Public Policy at the FIDO Alliance; Teresa Wu, Co-Chair of the FIDO Government Deployment Working Group and Vice President of IDEMIA North America; and Wei-Chung Hwang, Deputy General Director of the Information and Communications Laboratories of the Industrial Technology Research Institute (From left to right)
Photo: DIGITIMES
Jeremy Grant, Advisor of Public Policy at the FIDO Alliance, admitted, "Identity authentication is critical to the ability of governments in promoting various services and helps protect their digital assets. This will provide higher-value services to the public, and secure critical assets and infrastructure. FIDO identity authentication mechanism offers a newer and better option for governments. However, the prerequisite is that some policies need to be adjusted and revised in response to the characteristics of the technology."
Teresa Wu, Co-Chair of the FIDO Government Deployment Working Group and Vice President of IDEMIA North America said, "To accelerate the adoption of FIDO in global enterprises, the FIDO Alliance will work hard to build a modern identity authentication ecosystem. The Government Deployment Working Group (GDWG) will act as a subject matter expert and internal advisor in the FIDO Alliance to help governments, enterprises, and others accelerate the adoption of FIDO solutions."
Wei-Chung Hwang, Deputy General Director of the Information and Communications Laboratories of the Industrial Technology Research Institute, said, "With the rapid development of digital technology and increasing awareness of the importance of information security, Asian countries such as Taiwan, Korea, Japan, India, and Thailand have adopted FIDO standards in government, business, and consumer applications to improve service security and user experience. However, from a broader perspective, FIDO standards can be extended to manufacturing, supply chain, healthcare, and other sectors so that more people and industries can reap its benefits."
FIDO Authentication Standards and Technology Gains Recognition and Attracts Attention of Governments and Enterprises
Han-Chieh Sun, Chunghwa Telecom Laboratories Manager
Photo: DIGITIMES
In the face of various hacking techniques, governments of the United Kingdom, Canada, France, Taiwan, Korea, Australia, and other countries have adopted FIDO authentication technologies to develop numerous government applications and provide secure services to the public. The Ministry of the Interior (MOI), for example, has been promoting the Citizen Digital Certificate for many years. Despite its benefit of high security, the main drawback is that it must be used with a card reader, which many people find inconvenient.
As such, MOI has launched the TW FidO app, with FIDO authentication at its core. The security of TW FidO meets international standards. After downloading the app and completing registration on their mobile devices, users can use biometric authentication methods such as fingerprint or facial recognition for authentication or online signature, and then apply for government services such as filing tax returns without having to use cards or account passwords. This makes the app very practical.
Chunghwa Telecom Laboratories Manager, Han-Chieh Sun pointed out, "The latest TW FidO app not only brings the Citizen Digital Certificate to your mobile phone, but also integrates authentication functions of its older versions, eliminates limitations imposed by physical IC cards, card readers, and desktop computers. In addition, the TW FidO app has passed the Mobile Application Basic Security Level 3 of the Industrial Development Bureau, Ministry of Economic Affairs (MOEA), and the FIDO2 international standard. It also meets the Digital Identity Level of Assurance 3 (LoA3). The app takes into account usability, security, and next-generation mobile authentication and signature mechanisms."
Masao Kubo, NTT DOCOMO Product Design Department Manager
Photo: DIGITIMES
"NTT DOCOMO has been changing the world with FIDO authentication technology, replacing traditional account password mechanisms. On May 27, 2015, we launched the first phase of our project, introducing FIDO UAF to provide members with simpler and more secure usage mechanisms." Masao Kubo, Manager of Product Design Department at NTT DOCOMO, further explained, "In the second phase, iris and fingerprint recognition technologies were introduced to provide members with a more diverse user experience. In the third phase in 2020, NTT DOCOMO d Account members were provided with a passwordless authentication service."
Zake Huang, AuthenTrend Vice President
Photo: DIGITIMES
Zake Huang, Vice President of AuthenTrend, pointed out, "According to a well-known international research report, more than 25% of multi-factor authentication (MFA) will be performed by FIDO authentication mechanisms by 2025, which is a testament to their stability and reliability. FIDO technology can be used not only in web applications but also in the internal environment of enterprises to prevent unfortunate breaches of important data due to password theft by hackers."
FIDO in IoT: FIDO Device Onboard
David Turner, Director of Standards Development at the FIDO Alliance, pointed out, "Today, the number of IoT devices in use around the world has grown to more than tens of billions. Yet, most devices lack adequate information security protection mechanisms. Applying traditional methods to strengthen the protection capabilities of IoT devices would not only take several years or more, but also gives rise to concerns about the effectiveness of information security protection. Therefore, FIDO Alliance has promulgated the FDO standard, launched the FDO authentication program, and conducted functional and security tests in the hope of improving the security of IoT devices."
During panels at the 2023 FIDO Taipei Seminar, such as "The Imperative for a More Secure IoT" or "Global Perspectives on Passwordless Authentication," experts also pointed out that FIDO devices will be an important element in improving the security of the IoT, offering the best solution for implementing passwordless authentication in the post-pandemic era.
David Turner, Director of Standards Development at the FIDO Alliance; Simon Trac, CEO and Founder of VinCSS; Giri Mandyam, Chief Security Architect-IoT and Automotive at Qualcomm; and Rolf Lindemann, Vice President Products of Nok Nok Labs (From right to left)
Photo: DIGITIMES
Christina Hulka, Executive Director and COO of the FIDO Alliance; Koichi Moriyama, Chief Security Architect, Corporate Evangelist, and H Head of Security Innovations Management, Corporate Strategy and Planning Department of NTT DOCOMO; Pamela Dingle, Director of Identity Standards at Microsoft; Nat Sakimura, Chairman of OpenID Foundation; Vittorio Bertocci, Principal Architect at Okta; and Paul Grassi, Principal Security - Identity at Amazon Web Services (From right to left)
Photo: DIGITIMES
Karen Chang, Chair of FIDO Taiwan Engagement Forum said "Like other advanced countries, Taiwan attaches great importance to authentication security. In addition to corporate members, many government agencies around the world have also joined the FIDO Alliance. The moda, for example, applied for membership in FIDO the same year it was established to create a highly secure application environment using FIDO authentication.
Moreover, the TW FidO app, developed many years ago by MOI, has successfully connected to the Ministry of Finance's tax payment query system." Given Taiwan's key global position in the semiconductor, and information and communications industries, the FIDO Taiwan Engagement Forum was established in 2021 under the leadership of Egis Technology to more closely support and interact with the domestic community.
In addition to keynote speeches, several FIDO members and partners presented various FIDO certified-based demos, such as Zero-Trust Strategy Solution by ITRI, FIDO Mobile Public-Key Solution by TWCA, Keypasco FIDO Multi-Factor Authentication Solution by Lydsec Digital Technology, FIDO Passwordless Zero-Trust Approach Solution by WebComm, FIDO Security Authentication Platform by GoTrustID, FIDO Product Series by WiSECURE Technologies, and FIDO Biometrics Solution by FIME Asia. The demos showcased the relevant application solutions, attracting much attention and offering first-hand experience to guests.
