What’s going on in APAC with FIDO? A whole lot.
Over the course of three days from Dec. 8 – 10, FIDO Alliance hosted the Authenticate Virtual Summit: APAC Innovation providing content, insight and user stories from across the Asia Pacific region. Each day provided different blocks of content, including region specific sections for China, India, Korea, Japan, Taiwan and ASEAN / ANZ.
The first day of the APAC Innovation virtual event got started with a keynote from Andrew Shikiar, Executive Director of the FIDO Alliance, who outlined the challenges and opportunities that FIDO provides.
“Asia Pacific has long been a hub of innovation for the FIDO Alliance,” Shikiar said. “Some of our longest members, some of our earliest deployments, and some of our most exciting futures, come deployments throughout Asia Pacific.”
Shikiar noted that the key drivers for FIDO adoption in Asia Pacific are largely the same as they are for FIDO adoption around the world. The first key driver is government recognition of FIDO and the need for strong authentication. The second driver is market demand, which is particularly strong in APAC. Finally a common driver around the world is the ongoing threats against user identity and authentication.
“We’re seeing enterprises and companies throughout Asia Pacific and globally deploy FIDO, to help combat these threats,” Shikiar said. “To summarize, FIDO is very much the future of user and device authentication.”
India is an active area for FIDO Alliance members and adoption. During the APAC Innovation event speakers outlined multiple use cases where FIDO is making a difference in India.
“We have been making meaningful strides in India, whether it be adoption or be in policy change,” commented Deb Joyti Ghosh, FIDO Alliance India Working Group Chair / Director, Data Product Development at Visa.
In a session, Shankar Ramaswamy, FIDO Alliance India Working Group Co-Vice Chair, explained how Aadhaar and FIDO Authentication can co-exist, which is a big topic in India. Aadhar provides a 12-digit unique identity number that is issued by the Unique Identification Authority of India (UIDAI) to citizens and residents. One of the challenges with Aadhaar is the need for authentication, which is where FIDO could well play a strong role. One of the ways Aadhaar authentication is enabled today is with SMS based 2FA, which can be spoofed and isn’t always delivered reliably.
“FIDO offers a very fast and convenient form of authentication and it reduces the reliance on the passwords,” Ramaswamy said.
In a user case study session, Srikanth Appana, Executive Vice President Technology at Bharat Financial Inclusion Limited, noted that his organization had a business requirement for an application that requires strong authentication and tried out FIDO.
“I can definitely say the FIDO experience was fantastic, we have lab tested it and we are looking forward to a large rollout across our enterprise,” Appana said.
Amit Mathur, FIDO Alliance India Working Group Co-Vice Chair and COO at Ensurity, also outlined his experiences helping his organization’s clients move to FIDO. For Mathur, the FIDO experience has been very positive.
“One of the learnings is that everyone out there is wanting to remove passwords, so they are all sick and tired of passwords and they are looking for an opportunity and a good solution which is scalable to remove the passwords,” Mathur said. “That is where the FIDO authentication plays a very very important role.”
FIDO is also very active in China. During the regional spotlight on China Henry (Haixin) Chai, FCWG Co-Chair/CEO of Uni-ID Technology at Lenovo, provided an overview of FIDO deployment and opportunities in China.
Adding to the China block of content, Nick Hu, FIDO Product Manager at FEITIAN Technologies, outlined the opportunities in the region. Rounding out the China block, Yi Chen, Country Manager for China at FIME, detailed how FIDO helps to enable biometric authentication in payment systems.
Day 2: Overview
Stephen Wilson, Managing Director for Lockstep Technologies, delivered the opening keynote for the second day of APAC Innovation providing some insights into the state of digital identity in APAC.
While there are some holdouts around APAC, he emphasized that 100% of Southeast South Asian nations have digital IDs and national IDs. Wilson said that the key trend in identity that he has been speaking about for several years is the global trend from “who?” to “what?”
Defining who you are as identity is relative and vague in Wilson’s view. By looking for the “what,” it’s possible to be more precise.
For example, What are you? Are you a citizen of Korea? Are you a licensed driver? Are you over 21 years of age?
“The precise facts and figures that we need to know about people is the strongest trend and FIDO has been a huge part of this trend,” Wilson said. “FIDO at many levels has legitimized the transition from who to what as FIDO has prioritized one to one authentication over general purpose identification.”
FIDO is also seeing strong adoption in Korea.
In the Korea block, Stephen Oh, CEO of TrustKey Solutions, explained that the Korean National Institute of Security (NIS) released national security requirements in September 2021 which strongly recommends the use of FIDO for multi-factor authentication.
“The Korean Government has now recognized the importance of FIDO authentication,” Oh said.
Beyond just recognition, Oh outlined how his organization has been able to help Korean government agencies as well as private corporations with a FIDO based solution for strong authentication.
Region: ASEAN / ANZ
During the ASEAN / ANZ block of content, Chong Seak Sea, Chief Technology Officer at Signing Cloud Shd Bhd, outlined the Malaysian government’s efforts to create a simpler and stronger online authentication ecosystem. At the end of his presentation he was joined by Muhammad Fendi Osman from the Ministry of Finance Malaysia who emphasized his Ministry’s confidence in FIDO as an approach to enable strong authentication.
Khanit Phatong from the Electronic Transactions Development Agency (ETDA) provided insight in his session into the Digital ID Outlook in Thailand. Phatong noted that the FIDO UAF standard is now being used as part of a national digital ID framework, with plans to move to FIDO2 in the future.
Rounding out the case studies for ASEAN / ANZ was a session on FIDO in Australia, that was delivered by Chris Hockings CTO Security, IBM A/NZ and Shane Weeden Senior Technical Staff Member, IBM. Hockings noted that FIDO adoption has been recommended by multiple agencies in Australia including the Australian Signals Directorate (ASD/ACSC) for strong authentication.
Day 3 / Region Japan
The final day of the APAC Innovation virtual summit included regional sessions for Japan and Taiwan.
Among the users presenting in the Japan block of content was Yuya Ito, Vice President, ID Solution Division at Yahoo! JAPAN. During his session, Ito detailed the implementation and Expansion of Passwordless options powered by FIDO that are running in Yahoo! JAPAN.
Another interesting use case was presented by Osamu Sugimoto, Professor, Faculty of Management at Josai University. Sugimoto used his session to detail an implementation of a FIDO2 server and passwordless network using campus ID type security keys.
In Taiwan, FIDO is set to play a starring role in a major development effort to enable a national identity system for financial services.
Brenda Hu, Director General of the Financial Supervisory Commission in Taiwan, explained that her organization is the sole regulator for financial markets and services in Taiwan and it’s taking a big step forward with FIDO.
Hu observed that usually people have many bank accounts, ATM cards, electronic payment accounts and other financial service accounts.
“In other words, people have to spend time and effort to remember and keep their account names and passwords secure,” Hu said. “As friends of the FIDO Alliance, you know the negative side of passwords and usernames, this is a time consuming process not only for customers, but also for financial institutions.”
To help improve the experience for both consumers and financial institutions, Hu’s agency in Taiwan is leading an effort that aims to help provide an interoperable and unified approach for user identity and authentication for financial services.
“The standard mechanism for mobile ID verification includes many aspects, but incorporating FIDO authentication is our first and a critical part in the mechanism,” Hu said.
The Authenticate APAC Innovation virtual summit was the last Authenticate event for 2021 and capped off a year of insightful content on strong authentication and identity.
In March, the Authenticate Virtual Summit: Modern Authentication for Financial Services event brought experts and users from the financial community together to talk about FIDO. In June, the Authenticate Virtual Summit Focus on Europe was hosted by the FIDO Alliance,providing visibility into how strong authentication and identity is being deployed in Europe.
Then in September, the FIDO Alliance hosted an Authenticate Virtual Summit on the Imperative for Strong Authentication for Government Services where details on government deployments were detailed. More recently, in October, Authenticate 2021 provided a live and online event with three days of sessions (catch the Day 1, Day 2 and Day 3 recaps here).
There’s much more to come from the FIDO Alliance in 2022!