(Strong) Authentication Trends

  • TYPE: Combined Session DATE: Thursday, May 17, 2018 TIME: 11:00-12:00 LOCATION: CHIEMSEE

The future of Strong Authentication

So far, most applications still rely on passwords, but there is a growing need for strong authentication to protect against identity theft. As of January 13th, 2018, the Second Payment Services Directive (PSD2) requires every payment service provider to implement strong customer authentication (SCA) based on two or more elements which are categorised as knowledge, possession and inherence and shall result in the generation of an authentication code (PSD2, Article 4).

In the area of two-factor authentication, mobile TAN (mTAN) is facing growing opposition and will eventually lose its predominant position to a plethora of Challenge-and-Response Apps. But actually, we are facing a more fundamental architectural shift: Passwords (including mobile TAN) will be replaced not by just another mechanism but by a 3-tier architecture model. In this presentation, we will look at current standards, trends and initiatives for each of these tiers using the NIST Digital Identity Guidelines (SP 800-63-3) as a conceptual base:

We will start with the user’s authenticator implemented on a mobile device according to a standard such as FIDO or the W3C Web Authentication API. We will investigate various approaches how an authenticator may be isolated from the OS (and its vulnerabilities) and how a user may activate her private key based on a PIN, biometrics, or wearables. Related to biometrics, the NIST SOFA-B initiative may be of special relevance.

Second, we will look at the functionality of an Identity Provider (IdP) and the SAML and OpenID Connect federation protocols used to integrate with Relying Parties. We will also address the SwissID initiative where major Swiss banks and public sector companies cooperate to provide a Digital Identity for Switzerland.

We will conclude with some strategic advice to Identity Providers and Service Providers on how to migrate to the future 3-tier model of strong authentication.

Key Takeaways:

  • Passwords (including mobile TAN) will be replaced not by just another mechanism but by a 3-tier architecture model.
  • Identity Providers (IdP) will be at the heart of the future authentication model.
  • Standard interfaces are used to connect an authenticator to an IdP (FIDO and W3C Authn API) and to connect an IdP to Relying Parties (SAML and OIDC).

Log in to download presentations:  


Thomas Kessler is founding partner of TEMET AG ( www.temet.ch ), a privately owned information and IT security consultancy located in Zurich, Switzerland. Ever since finishing his studies in physics at ETH Zurich in 1991, Thomas Kessler worked in information security for Swiss financial...


Session Links

Munich, Germany


European Identity & Cloud Conference 2018

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 15 - 18, 2018 Munich, Germany