(Strong) Authentication Trends

  • TYPE: Combined Session DATE: Thursday, May 17, 2018 TIME: 11:00-12:00


So far, most applications still rely on passwords, but there is a growing need for strong authentication to protect against identity theft. As of January 13th, 2018, the Second Payment Services Directive (PSD2) requires every payment service provider to implement strong customer authentication (SCA) based on two or more elements which are categorised as knowledge, possession and inherence and shall result in the generation of an authentication code (PSD2, Article 4).

In the area of two-factor authentication, mobile TAN (mTAN) is facing growing opposition and will eventually lose its predominant position to a plethora of Challenge-and-Response Apps. But actually, we are facing a more fundamental architectural shift: Passwords (including mobile TAN) will be replaced not by just another mechanism but by a 3-tier architecture model. In this presentation, we will look at current standards, trends and initiatives for each of these tiers using the NIST Digital Identity Guidelines (SP 800-63-3) as a conceptual base:

We will start with the user’s authenticator implemented on a mobile device according to a standard such as FIDO or the W3C Web Authentication API. We will investigate various approaches how an authenticator may be isolated from the OS (and its vulnerabilities) and how a user may activate her private key based on a PIN, biometrics, or wearables. Related to biometrics, the NIST SOFA-B initiative may be of special relevance.

Second, we will look at the functionality of an Identity Provider (IdP) and the SAML and OpenID Connect federation protocols used to integrate with Relying Parties. We will also address the SwissID initiative where major Swiss banks and public sector companies cooperate to provide a Digital Identity for Switzerland.

We will conclude with some strategic advice to Identity Providers and Service Providers on how to migrate to the future 3-tier model of strong authentication.

Key Takeaways:

  • Passwords (including mobile TAN) will be replaced not by just another mechanism but by a 3-tier architecture model.
  • Identity Providers (IdP) will be at the heart of the future authentication model.
  • Standard interfaces are used to connect an authenticator to an IdP (FIDO and W3C Authn API) and to connect an IdP to Relying Parties (SAML and OIDC).


Thomas Kessler is founding partner of TEMET AG ( www.temet.ch ), a privately owned information and IT security consultancy located in Zurich, Switzerland. Ever since finishing his studies in physics at ETH Zurich in 1991, Thomas Kessler worked in information security for Swiss financial...

Faced with mounting threats associated with consumer healthcare fraud, Aetna embarked on a journey to transform consumer authentication built upon FIDO standards and risk-based consumer authentication. During this talk we will discuss:

  • Pitfalls of binary authentication & American healthcare consumer fraud trends
  • Risk-based authentication
  • Biometric-based authentication leveraging FIDO
  • Using security to improve user experience and access to care


Brian Heemsoth is the Senior Director of Information Security, within Aetna’s Global Security organization. In this role, Brian leads Aetna’s 24x7 Security Operations Center, as well as the healthcare organization’s Cyber Incident Response Team. Brian also leads Aetna’s...


Quick Links

Register now!

And get your early bird discount

Stay Connected


Munich, Germany


European Identity & Cloud Conference 2018

Registration fee:
€1490.00 till 17.04.2018
$1862.50 till 17.04.2018
S$2384.00 till 17.04.2018
Mastercard Visa PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 15 - 18, 2018 Munich, Germany
Register now!


The European Identity & Cloud Conference 2018 is proud to present a large number of partners
Learn more

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00