Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/13/2014
12:57 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Nok Nok Labs Delivers On Vision For Modern Authentication

NNLM S3 Authentication Suite provides risk-appropriate authentication capabilities for a wide range of applications

PALO ALTO, Calif., Feb. 13, 2014 /PRNewswire/ -- Nok Nok Labs, an innovator in modern authentication and founding member of the Fast IDentity Alliance (FIDO), today announced the availability of the NNL(TM) S3 Authentication Suite, the first centralized platform that will enable the usage of a broad range of FIDO Ready(TM) devices. Nok Nok Labs, founded by Ramesh Kesanupalli, the visionary behind the FIDO Alliance, has launched the S3 Suite to enable organizations to support a broad variety of authentication technologies from a single, unified infrastructure.

With recent, high-profile data breaches at Target, CNN, Neiman Marcus, Adobe and others, it is clear that current online authentication is failing the needs of both online services and their customers. The need in the market for a unified and simple solution to allow for a more secure yet simpler experience is growing with every new security incident. It is in response to this that Nok Nok Labs has created the S3 Suite, meeting the need for an authentication infrastructure that allows users to leverage the different capabilities they possess on the devices in their hands, but also providing the assurances around security required by online services such as payments, healthcare and banking.

"What we're providing now meets the needs of the modern computing ecosystem," said Phillip Dunkelberger, President and CEO of Nok Nok Labs. "For the first time, Internet Services are able to deliver cost-effective strong authentication leveraging any device their customers may have."

The need for a more modern authentication infrastructure was recognized by a group of six companies, including Nok Nok Labs, back in February 2013 when the FIDO Alliance was launched. Over the past year, the FIDO Alliance has seen incredible momentum, growing to nearly 100 members including some of the most significant players in technology, IT security and financial services such as Google, MasterCard, Microsoft, PayPal and many more. Earlier this week, the FIDO Alliance announced the first public review of their specifications. Over the next 18 months, Nok Nok Labs expects to see between 200 and 400 million FIDO-enabled devices in the market.

The S3 Suite enables the next generation of authentication for Internet-scale applications and services. While improving the user experience and unifying authentication silos, the S3 Suite reduces the cost and complexity of authentication infrastructure. With a flexible and extensible architecture, the S3 Suite provides risk-appropriate authentication capabilities for a wide range of applications.

The S3 Suite consists of:

-- The NNL(TM) Multifactor Authentication Server (MFAS), which provides a unified, flexible authentication infrastructure that enables user-friendly strong authentication for any device, any authenticator and any application.

-- The NNL(TM) Multifactor Authentication Client (MFAC) Mobile Edition with support for Android and iOS devices, which enables users to authenticate to any application using the existing security capabilities of their mobile devices. Also includes the Mobile App SDK and Authenticator Specific Module (ASM) SDK.

-- The NNL(TM) Multifactor Authentication Client (MFAC) Desktop Edition, with support for Windows 7 and Windows 8, provides user-friendly strong authentication to any application by unleashing the existing security capabilities of billions of desktops and mobile devices.

MFAS is the world's first FIDO Ready server to support FIDO's passwordless mode (using the Universal Authentication Framework protocol). MFAS is also the only server in the market to support both passwordless (using the Universal Authentication Framework protocol) and password augmentation (using the Universal Second Factor protocol) modes.

With MFAC, Nok Nok Labs has taken an innovative approach to authentication rooted in secure hardware. MFAC takes advantage of the embedded secure hardware capabilities on available on devices to protect cryptographic key material, cryptographic operations and other client functions. This approach fortifies the client against malware.

By deploying the S3 Suite, Relying Parties, such as mobile payments apps or e-commerce websites will be able to seamlessly add support for new and innovative methods of authentication, while ensuring that aged or broken authenticators can be quickly removed from circulation. The extensible Server framework also means that the Nok Nok(TM) solution will integrate into the existing IT architecture, so that existing investment in Authentication, Identity & Access Management (IAM) and Federation solutions can be leveraged to reduce operational cost and complexity.

"Truly effective authentication technologies must be designed for strong security and ease-of-use," says Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group. "Balancing these two design objectives has been difficult in the past so solutions were skewed toward highly secure complex authentication or simple insecure authentication - a lose-lose proposition. The solution that Nok Nok Labs has developed on top of FIDO finally bridges this gap, offering a secure yet easy-to-use authentication method. Given today's threat landscape, this is exactly what's needed."

In addition to the significant product development work that has taken place to release the S3 Suite, Nok Nok Labs has also been focused on driving technology partnerships to ensure that FIDO Ready(TM) capability will be available throughout the device ecosystem. These partnerships include Agnitio, CrucialTec, FingerPrint Cards, GoTrust, Infineon, Lenovo, NXP Semiconductors, PlugUp, Synaptics and Trustonic.

For more information on the S3 suite, register at for our upcoming webinar on February 20th at 08:30 PST / 11:30 EST / 16:30 GMT at http://go.noknok.com/webinar-s3-introduction.html

About Nok Nok Labs

Nok Nok Labs, Inc., based in Palo Alto, CA, was founded to transform online authentication for modern computing. The company is backed by a team of security industry veterans from PGP, Netscape, Oracle, PayPal and Phoenix that have deep experience in building Internet scale security protocols and products. The company's ambition is to enable end-to-end trust across the web using authentication methods that are natural to end-users and provide strong proof of identity. For more information, visit www.noknok.com.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.