Identity Theft Solutions
In The Boardroom With...
Mr. Ramesh Kesanupalli
Founder of Nok Nok Labs
SecuritySolutionsWatch.com: Thank you for joining us today, Ramesh. It’s an honor to speak with the founder of Nok Nok Labs and the visionary behind the creation of the FIDO Alliance. Before we discuss FIDO Alliance and Nok Nok Labs in greater detail, please tell us about your background.
Ramesh Kesanupalli: Sure. Before founding Nok Nok Labs, and as the FIDO Alliance was forming, I was the CTO of Validity Sensors, which is now part of Synaptics. Prior to that, I was the Senior Vice President at Phoenix Technologies, running Engineering, Marketing and Business Development. I was part of the team that founded Network24 Communications, a video Streaming company acquired by Akamai. I founded and served as CEO at both a Services company and a Middle tier carrier software company, which went through various incarnations before ultimately merging with Harris; and early in my career, I worked as a consultant with IBM Labs on the East Coast.
SecuritySolutionsWatch.com: We enjoyed “The FIDO Alliance Video: How It All Began” a great deal. Please share with us a brief history of the FIDO Alliance.
Ramesh Kesanupalli: Some of the thinking at the core of the Fido Alliance dates
back to 2004, but the prime move occurred in 2009 when as CTO of Validity Sensors (now Synaptics), I met with Michael Barrett, who is currently the FIDO Alliance president and was then PayPal CISO. I was looking for ways to bring fingerprint technology into main stream consumer authentication, and Barrett was trying to fix consumer authentication for PayPal. That first conversation between me, Taher Elgamal, Inventor of SSL and now CTO of Salesforce.comsecurity, and Michael Barrett established a working group to address the authentication problem. What started out as an exploration of how to engage PayPal in using Validity fingerprint sensors, expanded when Barrett said that PayPal would want to consider the whole field of authentication options to passwords, and the range of competitors to Validity, including more than fingerprint sensors alone. That stated interest was, and is, a driver in the development of FIDO authentication. Basically, PayPal was first to ask for what everyone wants: unlimited choice, limited liability, complete interoperability, low cost, and lots of flexibility to accommodate unpredictable change. The FIDO authentication model today embraces the full range of local authentication and authenticators, makes all methods interoperable and enables them to communicate with the network to authenticate users without ever sharing passwords or credentials – NEVER! That first meeting, and the working group that emerged from it, are the basis of the FIDO Alliance, which we launched publicly in February 2013 with six founding members. So compelling is the FIDO authentication model and so urgent is the need, that today— only 16 months later—we have 135+ FIDO Alliance members, and our ranks increase weekly. Global leaders in Technology, Financial Services, Healthcare, and Enterprise have joined the FIDO Alliance in our mission to move beyond passwords with universal strong authentication that is more secure, private, and easier-to-use.
SecuritySolutionsWatch.com: We read with great interest regarding the mission of the FIDO Alliance which is to change the nature of online authentication and your interview with Bloomberg Businessweek where you discussed that “passwords had to go”. Care to elaborate?
Ramesh Kesanupalli: Yes. Happy to. Prevailing password authentication has proven to be insecure and risky amidst a world of escalating security threats, cyber crime and targeted attacks, not to mention increasing vulnerability associated with so many more vectors of attack coming through the Internet of Things (IoT). Right now, we are moving from informational access to a major life style change where we can access everything digitally. We’re at the threshold of using authentication to pay at retail stores with our phones, to open and start our cars, to manage home networks, appliances, and security systems all through connected devices. Authentication is the FIRST step we must perform to begin to effectively use IoT. Even basic usability of passwords is challenged when typing/entering credentials on various devices or using touch screens is neither simple nor fast. As we make this lifestyle change, authentication must be based on universal FIDO standards, not the prevailing password infrastructure. Otherwise, there will be chaos and a scale of cyber disruption we have not yet experienced. Our FIDO Alliance members understand the full scope of the authentication problem and are determined to change the world with authentication that is more secure, private and much easier to use. FIDO standards promise to open new spheres of services with accommodations that potentially change the personal experience in ways we haven’t even imagined yet. The impediments of prevailing password systems and the importance of solving the authentication problem cannot be overstated; once FIDO authentication predominates, the ensuing years of digital development will prove the importance of what the FIDO Alliance has accomplished.
Let me layout the scope of the password problem, so you can clearly recognize the urgency at hand, and the elegant solution that FIDO authentication presents. We are in an interesting and fast evolving world that requires access everywhere -- from PC-centric computations to mobile phones with buttons, to touch screens, tablets and various forms of computing − taken altogether, we dub this the Internet of Things (IoT). Our digital and online identity is only as strong as the weakest service that we use; as we extend to an evolving world of IoT, the authentication issues become virtually unmanageable without a disruptive change−that disruption is FIDO authentication.
The public is acutely aware of online and point of sale (POS) attacks and rampant identity theft. Headlines about breaches and scaled attacks on Evernote, EBay, LinkedIn, Yahoo, Target and many other major consumer destinations, point to a dire need to move authentication beyond passwords. The rapid growth of the FIDO Alliance is incomparable and illustrates a consolidated determination across industry, technology, and the world to fix the password problem. The marketplace has been trying to address the password problem for some years, and there are some very strong scaleable solutions, but until now these have been proprietary, too expensive, difficult to deploy, or add complexity and friction to the user experience. Moreover, ALL options have been based on password infrastructure, which we know must go. More