In The Boardroom™ Let's Talk™ Press Room About Us Research Reports Contact Us
In the Boardroom™
Nok Nok Labs

HP Banner


Mr. Ramesh Kesanupalli
Founder - Nok Nok Labs
Co-Founder - The FidoAlliance Thank you for joining us again today, Ramesh, at this momentous time in the adoption of FIDO.  Please update us on the most recent developments.

Ramesh Kesanupalli: Thank you.  Coming into 2017, there are over 3B+ devices that are FIDO capable in the market around the world.  As on today FIDO is in daily use securing billions of logins and some of the largest, most respected brands in the world. 

We’re thrilled that the ideas and inventions Nok Nok Labs started with in 2012 have seen adoption by the world’s largest banks, payments and ecommerce players, largest healthcare company and the world’s leading mobile operators.

There are three big developments to focus on:

  • First - FIDO has increasingly become the defacto standard for user and device authentication.  It is referred to by regulators, standards bodies and governments as the effective way to do authentication.  This trend is already continuing in 2018 with more specific references to FIDO popping up in corporate and government RFPs.
  • Second - The Alliance has continued to expand to include the largest and most significant players around the world from every vertical and every geography.  Recently Amazon joined the Alliance board and we have a very significant player to be announced soon.
  • Third - W3C And FIDO Alliance have announced on April 10th 2018, the FIDO for  browsers using the WebAuthn specification, which Nok Nok Labs, Google, Microsoft & others have been working on for over 2 years to bring FIDO to the browsers.  During RSA Microsoft, Google, Nok Nok Labs and Mozilla have successfully demoes the interoperable FIDO based authentication using WebAuthn.

With these developments, FIDO can be deployed on pretty much any platform (Android, Windows 10, iOS etc), most major browsers and with any method of authentication through the use of the FIDO protocols. Bill Gates had it right in 2004 when he predicted the death of the password.  Please summarize for us how FIDO works and what are the key differentiators?

Ramesh Kesanupalli: Good point, Bill did spot the problem, but I believe he was optimistic on the timeframe.  There are two fundamental problems - there is no single method of authentication (e.g. tokens, fingerprint sensors, Facial, IRIS etc..) that will replace passwords.  The second problem is that no single company, however large, smart, or powerful can solve the problem on their own as the world has evolved in to a very heterogeneous market.

Nok Nok Labs was started with those insights and knew that our designs and ideas needed wider support from the  industry ecosystem which is why we created the FIDO Alliance with some key partners and recruited the industry’s largest players to join us.

FIDO’s focus is on getting agreement on the common framework for authentication.  The basic idea is that a person authenticates to a device using a token, biometric or other method of authentication.  The device completes that local verification and then issues proof of that to the server.  Biometrics if used, stay on the user’s device so you don’t have to worry about server-side collections of biometric templates getting hacked and the user gets privacy.  Tokens are required to use public private key pair so there is no fear of a master key getting breached/stolen.  The protocol is designed to mitigate phishing, malware and Man-in-the Middle attacks that authenticators like passwords, SMS and OTPs are vulnerable to today.  All this is based on public-private key pair design to eliminate scalable attacks on our companies and on our computing infrastructures.

The benefit to an end-user is the choice of a natural and simple method of authentication - whether its biometrics, tokens, wearables or a combination of those.  The benefit to  developers is that they no longer needs to understand each authentication method and code for it individually, nor do they need to know the intricacies of the security mechanism.  Those are all abstracted behind a simple API that remains the same across methods.  The benefit to IT is that they get a single server to map onto hundreds of use cases and future-proofs them while eliminating scalable attacks like phishing, server side attacks.

The core concepts are so powerful that at Nok Nok Labs, we have helped our customers deploy it to protect cloud, mobile and IoT applications as well some advanced environments  in areas like blockchain related applications, national ID schemes, self-sovereign identity systems etc. What are the benefits of FIDO Alliance Membership?

Ramesh Kesanupalli: We influenced the FIDO Alliance to create  a balance between vendors and users of the standard.  That’s why we have Google sitting next to Bank of America and Microsoft next to Paypal and DOCOMO.  The feedback and input of relying parties who use the standard is vital to making sure we get it right.  And it’s not just the largest companies - some of our best insights come from small but knowledgeable and committed members who are giving  a hand to shape the standard - remember the Alliance is a volunteer-led entity with a very small staff.

A membership in the alliance allows you direct input into the standards, access to best practices, knowledge of certification and interoperability that can help in selecting a vendor or in implementing your own application.  We are seeing  huge adoptions  in Japan, Korea, China and India as massive deployments across Asia roll out.  Members also have access to the FIDO plenary meetings  where we gather to work on the standards and the ecosystem and preview the work for the rest of the membership. Can we drill down a bit into FIDO Certified Products? What are the metrics?

Ramesh Kesanupalli: Currently, there are over 400 products that are certified by the FIDO Alliance.  They break down into authenticators (e.g. Fingerprint sensors, Face, tokens etc.), servers, devices, and solutions.  Many of the solution providers like my company Nok Nok Labs specialize in web-scale and carrier-grade implementations that are battle tested by the largest companies in the world.  Some others may specialize in offering software-as-service around FIDO etc.  The function of the Alliance interop and certification is to ensure that these products work with each other.

To ensure coverage across platforms, operating systems and use cases we have a family of protocols.  To make adoption easy - Nok Nok Labs supports the full family of protocols for access to the widest set of use cases. Any updates regarding the FIDO Board you would like to mention?

Ramesh Kesanupalli: We were excited to have Amazon join the Board of Directors in late 2017.  Amazon brings with it one of the world’s largest transaction platforms servicing over 200 million active users. As you can imagine Amazon wants to ensure users can transact where and when they want with any device, but more importantly Amazon wants that done securely. Amazon  joining the Alliance is further validation that the FIDO Standard is the best possible way of building an authentication framework for the future.  

The important part is that the board realizes that 2018 will be FIDO’s SSL moment - the moment when a standard goes from being a niche, techy thing to being the foundation for how we do things and every member is committed to ensuring that we can deliver.

It is a very exciting time to be part of the FIDO Alliance and there are very interesting things afoot.



HP Banner