Interview with Rajiv Dholakia, Vice President, Products, Nok Nok Labs
The biggest authentication news of the month hit earlier this week with the announcement that NTT DOCOMO, a Japanese mobile network operator, signed on to the FIDO Alliance board of directors. The move signaled many firsts for the Alliance, DOCOMO and the industry as a whole, with the mobile operator’s 65 million customers now able to ditch passwords with strong online authentication.
Peter O’Neill, president of Mobile ID World, had a chance to get an inside look at the major news with an interview with Rajiv Dholakia, vice president of products at Nok Nok Labs – a founding member of FIDO and the company powering DOCOMO’s authentication system.
Peter O’Neill, President & CEO, Mobile ID World (MIDW): There is certainly some very big news from FIDO and Nok Nok and NTT DOCOMO, please tell our readers about this breaking news story this week.
Rajiv Dholakia,Vice President, Products, Nok Nok Labs (NNL): I think what is significant here is that NTT DOCOMO, who is generally considered to be a leader and first mover historically with respect to innovative mobile network services, announced a number of different things. One is that they are launching a set of biometrically-enabled services on their network based on the FIDO-UAF standard, and on a number of partner mobile devices, that are intended to allow their end users to authenticate strongly and simply to a set of services that DOCOMO runs.
The specific announcement that DOCOMO made was related to DOCOMO-ID, which is a federated identity mechanism where users of DOCOMO services can enroll for an ID and then use a single method of authentication to navigate a number of services that DOCOMO has enabled for them such as playing games, buying books or a number of other services. What they announced today was that they are enabling FIDO based authentication on services such as gaming, buying books etc. where an end user can authenticate, either using a fingerprint sensor on one of their partner devices or iris-based recognition, the first major launch of device-based iris recognition.
The second piece of news here is that they have done this based on the FIDO UAF standard, which was developed by the FIDO Alliance. The reason they did that was because this is a to big a problem for any one company to solve on their own and they saw the benefits of working with an open standard that allows them to work with multiple parties in an interoperable way. They chose Nok Nok Labs as their key partner to do this with, in addition to QUALCOMM and a few others. The solution was developed and delivered, and it is going live this week. So those are the first two major pieces of news.
The third piece of news is that DOCOMO believes sufficiently in this approach and the open standards that the FIDO Alliance has developed that they are joining the FIDO Alliance’s Board of Directors and expect to bring not only their presence as a major player in the Asia Pacific market, but also their worldwide reputation for being an innovator in network services, and they expect to bring some of that wisdom and their connections to help the FIDO Alliance develop its value proposition alongside being the first Mobile Network Operator (MNO) that is joining the FIDO Board as well.
MIDW: I have a ton of questions. There are a lot of industry firsts with this news, can you please review some of these; you mentioned the use of iris technology as one, what other firsts are involved with this?
NNL: NTT DOCOMO is the first mobile network operator to go live with FIDO, the first to use biometric solutions at scale, the first to use Iris as a biometric in addition to fingerprint, the first usage of a federated Identity system (DOMOCO-ID) with FIDO at scale, the first carrier-billing system using biometrics.
We have seen some fingerprint sensor based payment services launched before, but this is really the first time that we have seen a non-fingerprint scenario. It is the same underlying standard that covers both the fingerprint and iris as well. That shows you the flexibility of the FIDO-UAF standard in that nothing on the wire changes, nothing at the server changes, you can simply bring a new device with a new authentication mechanism and just plug that into the existing network. So that is another first.
Historically we have seen one device at a time launch in the past, but this is the first time that we have had not one but four different devices from three different manufacturers. Finally, a very significant development here is the linkage of the biometric authentication to DOCOMO-ID. I described DOCOMO-ID from the user perspective which is that a user can enroll to use multiple online services, but the more significant thing is that DOCOMO-ID is a a federated ID service within DOCOMO which can be used for any service. For example, it is the same iris or fingerprint-based authentication that takes you into the games area or the billing area or the books area, etc. The achievement here is to link biometric authentication through FIDO to a federated Identity service and then very quickly be able to enable a host of other services over a period of time.
MIDW: Now, this is a very large deployment with the potential to reach 65 million of the DOCOMO base. How will this be rolled out, and what are some of the challenges involved?
NNL: Some of the roll out process for DOCOMO is that they are taking this live to their entire user base so that there is no restriction on the user base as to who can use this. It is obviously enabled today with the new devices they have taken to market. DOCOMO will continue to expand both the number the devices that are enabled with biometrics. They may look at other methods of authentication both biometric and non-biometric to expand the number of devices in their network
MIDW: Do you think that given the highly competitive nature of the mobile world right now, more carriers will follow suit?
NNL: I think that this is a big wake-up call for many carriers who have been unclear about their role in the identity process. There have been many experiments that have been looking at this in the pilot form for the better part of a decade. What DOCOMO’s launch shows is that the timing is now, the tools to do this are available; you don’t have to invent them, and the benefit is that it can catapult an MNO to being a significant player in the strong identity ecosystem and play whatever role they wish to play. Whether they choose to monetize identity directly or whether they choose to leverage strong identity for doing better transactions within their network or to open up their network; I think those are all choices that an MNO has and we know a number of them are looking very hard at FIDO as a building block for their identity strategy so stay tuned.
MIDW: I know that FIDO’s new standards include several major benefits that have been talked about quite extensively – which include privacy, security, convenience, cost – you would think that the carrier industry would really be taking note.
NNL: Yes, I think one of the things that has prevented it, as you probably know Peter, is that biometrics can be server side or they can be client side. We believe there are too many perils in handling server-side biometrics from a consumer liability perspective. One of the basic principles of FIDO is that the biometric is performed on the client device and the templates are stored and managed under the end users’ control on their device, this is a foundational principle of FIDO. The important thing here is that it allows non-linkability and privacy elements that were designed into the FIDO protocol. This has been one of the many barriers for MNO’s in the usage of biometrics and identity, and this certainly gives them some set of tools to achieve privacy and security for the end-user.
Lastly, we have all had these other methods of authentication with us for the better part of two decades almost, but bringing the economics into the right zone to allow them to be deployed into a mass market was very difficult. I think the other significant signal that you are seeing in the market right now is that the incorporation of these kinds of methods of authentication, that are both strong and simple, is now at the right inflection point. The economics, ease of adoption and deployment, privacy and security characteristics are all coming into alignment so we are seeing a rush to experiment and deploy these technologies in the next 12 months.
MIDW: Well Rajiv it is quite a big day for the FIDO Alliance, Nok Nok and the NTT DOCOMO. Thank you very much for sharing your thoughts on this really significant development for our industry and I really look forward to chatting with you further as this continues to evolve.
NNL: Very good, thank you Peter.