FIDO is…
Despite security weaknesses, password-based user authentication
has been widely used because of low cost and convenience.
In order to improve security of password-based authentication,
a number of efforts have been made by using biometric verification or two-factor authentication.
However, it has been difficult to apply some technologies to online application services
due to decreasing user convenience or high cost arising from extensive installation.
The FIDO(Fast IDentity Online) technology separates authentication protocols and user verification means,
thereby cutting costs for establishing the system and improving security through online authentication protocols using public keys.
FIDO is currently receiving worldwide attention as user authentication technology optimized to FinTech services replacing passwords.
Trends for Related Technology
With growing interest in FinTech security technology, demand for simple yet
strong user verification technology is also rapidly increasing in recent years.
For instance, the FIDO-based simple authentication technology developed by ETRI has already been connected
to the fingerprint recognition devices of Samsung Pay services as a means to identify credit card users.
In Japan, NTT DoCoMo has applied FIDO to its various services and some businesses in the United States
such as Google, Dropbox, GitHub, and Bank of America introduced services using FIDO technology.
ETRI’s FIDO technology was first used in December 2014 for ZEP(Zero Effort Payment), an offline easy payment pilot program for BC Card.
In May 2015, it became the world’s first technology to pass the interoperability test conducted by FIDO Alliance with its authentication
servers, clients and authentication devices. Up to now, the technology has been transferred to a total of thirteen businesses.
ETRI’s Upcoming Research Plans
Currently, ETRI is supporting commercialization by transferring core technology required
for establishing FIDO-based authentication services to businesses in demand and
by developing wide range of authentication technology to allow the existing FIDO authentication services to wider application areas.
For instance, ETRI is focusing on securing more FIDO enabled authenticator in addition to biometric means
such as recognition of voice, face, or fingerprint, by strengthening authentication levels through NFC security cards or
providing verification means with enhanced user convenience based on connection with smart watches.
In addition, in an effort to apply FIDO technology to a wider range of areas including entry restrictions and
IoT-based convergent services, research efforts are being made to develop component technologies
necessary for O2O(Online to Offline) verification and authentication of IoT devices.
FIDO technology will continue to evolve and be applied to increasingly more areas.
Therefore, the easier authentication and payment functions partially available
on smartphones are expected to become widely available on a number of platforms in coming years.
In order to respond to rapidly changing environment for user verification and payment services, businesses
in Korea need to swiftly prepare themselves for an era of FIDO 2.0 and against international competitors.
ETRI will also concentrate on developing FIDO 2.0 technology at an early stage
so as to help Korean security companies keep up with international competition.
In addition, it is planning to support businesses in diverse industries in Korea to use FIDO technology
and provide differentiated technology that will improve their competitiveness in global markets.
