Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

9/9/2013
11:17 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SecureKey To Add Fido Specification Support To Its Cloud-Based briidge.net Authentication Service Inbox

With the addition of FIDO specification support, briidge.net customers will have the option of employing briidge.net DNA-enabled devices, as well as any FIDO-enabled authenticator,

TORONTO, Canada, September 9, 2013 – SecureKey, the leading provider of trusted identity networks, today announced it is adding FIDO specification support to its briidge.net&trade cloud-based authentication platform to expand the range of hardware-based authenticators that can be used with the service. With the addition of FIDO specification support, briidge.net customers will have the option of employing briidge.net DNA-enabled devices, as well as any FIDO-enabled authenticator, including biometrics and secure USB devices. SecureKey also announced that it has joined the FIDO Alliance as a Sponsor Level member.

"Adding FIDO specification support to our cloud-based service will enable us to provide additional value to our customers by offering more choice of hardware authenticators supported across multiple channels and use cases with our authentication platform," said Andre Boysen, executive vice president of marketing for SecureKey. "By extending our current key management infrastructure based on the Global Platform standard to support FIDO-specified server key management, we can enable a broader range of identity and authentication solutions combining multiple authentication factors.

"Additionally, we believe FIDO-enabled credentials will provide another source of strong what-you-have factors to be federated over an open network of trusted identity providers and relying parties, using the briidge.net Exchange platform. We are optimistic that FIDO specifications can help accelerate the movement away from users having many weak credentials to fewer, stronger, and more convenient credentials."

According to Boysen, SecureKey's FIDO-enabled solution will provide the additional benefit of being cloud-based, eliminating the need for many web sites to purchase and operate their own individual FIDO-enabled servers.

SecureKey's participation in the alliance ties directly with its values and philosophy concerning user privacy. The company has already taken an active role in the FIDO Alliance, establishing itself in a Leadership Position in the FIDO Privacy Working Group, and lending its expertise in ensuring identity privacy by design to help ensure that user privacy is maintained within the context of the FIDO protocol.

"The FIDO Alliance and SecureKey share a vision of strong authentication for a broad range of identity and payment applications – in fact, better authentication that is at once more secure, private and easy-to-use," said Michael Barrett, president of the FIDO Alliance. "We welcome SecureKey to the FIDO Alliance as a Sponsor member and look to SecureKey for its expertise in protecting user identity information. SecureKey is dedicated to user privacy and confidentiality, and contributing to a core value and characteristic of the FIDO specifications: ensuring user privacy."

The FIDO (Fast IDentity Online) Alliance was formed in July 2012 to address the lack of interoperability among strong authentication devices as well as the problems users face with creating and remembering multiple usernames and passwords. The alliance seeks to change the nature of authentication by developing specifications that define an open, scalable and interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug-ins will allow any web site or cloud application to utilize a variety of existing and future FIDO-enabled devices that the user has for online security.

"SecureKey's proven experience in the payment industry infrastructure is essential to accelerate FIDO adoption by service providers. With briidge.net robustness and multiple certifications, SecureKey will bring a key element to the FIDO Alliance," said Sebastien Taveau, CTO at Validity Inc., a founding member of the FIDO Alliance. "SecureKey has been recognized as a privacy leader in identity and authentication, and will play a key role in the Privacy Working Group to gather user trust and adoption. Coupled with strong local authentication such as fingerprints, service providers can now provide new experiences to their users while increasing the security of the whole ecosystem."

About SecureKey Technologies Inc.

SecureKey is the leading provider of cloud-based, trusted identity networks that eliminate the burden, cost, and risks associated with user authentication. The company's federated authentication solutions ensure that users are properly authenticated regardless of the service, device or credential they prefer to use. Organizations can quickly and easily deliver high-value online services to millions of consumers and citizens with improved transaction privacy, simplicity, and convenience. SecureKey is headquartered in Toronto, with offices in Boston, Washington D.C., and San Francisco. The company is backed by a world-class group of venture and corporate investors. For additional information, please visit www.securekey.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.
CVE-2020-25157
PUBLISHED: 2020-10-20
The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.
CVE-2020-25648
PUBLISHED: 2020-10-20
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw...