The FIDO Alliance has launched of the FIDO Device Onboard (FDO) protocol, a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms. Through this standard, the FIDO Alliance addresses challenges of security, cost and complexity tied to IoT device deployment at scale. FIDO Device Onboard furthers the fundamental vision of the Alliance, which has brought together 250+ of the most influential and innovative companies and government agencies from around the world to address cyber security in order to eliminate data breaches, and enable secure online experiences.

1. © FIDO Alliance 2021
1
Introducing
FIDO Device Onboard (FDO)
May 7, 2021

2. © FIDO Alliance 2021
2

3. © FIDO Alliance 2021
Today’s Speakers
Giri Mandyam
Senior Director for Technology
Qualcomm
Co-Chair, IoT TWG
Andrew Shikiar
Executive Director & CMO
FIDO Alliance
Richard Kerslake
General Manager Industrial
Controls and Robotics, IOT
Business Unit,
Intel
Co-Chair, IoT TWG

4. © FIDO Alliance 2021
4
How the FIDO Alliance is
Solving the IoT Onboarding
Challenge

5. © FIDO Alliance 2021
The FIDO Alliance brings together the world’s leading
technology companies to develop and promote the adoption
of a standardized, simpler, and more secure online experience
that installs trust and confidence in a digital world.
5

6. © FIDO Alliance 2021
+ Sponsor members + Associate members + Liaison members
6

7. © FIDO Alliance 2021
Track record of successful collaboration
7
Growing Platform Support
Hello
3 Sets of Specs Released
Increasing Market Adoption

8. © FIDO Alliance 2021
8
How long does it take
to manually onboard1 10,000
Gateways, Devices, Sensors?
Answer:
Over 2-man years2
1. Assumes out-of-box to securely streaming data to an IoT Platform
2. Kaiser Associates Research and Analysis, IoT study, August 2017

9. © FIDO Alliance 2021
The Onboarding Challenge
9
• Wide variety of IOT devices – hardware and Operating Systems
• Most devices headless (i.e. don’t have displays)
• Different connectivity – wired / wireless
• Manual installation adds cost and time to IOT deployments, impacting program ROI
• Manual installation requires trusted and skilled staff

10. © FIDO Alliance 2021
Onboarding solutions exist today, but don’t fully meet the needs of the industry
• Manual onboarding
• Slow
• Insecure
• Expensive
• Proprietary ‘zero touch’
• Linked to one cloud/platform
• Only one silicon provider
• Require programming of target platform/cloud/user at manufacture
Onboarding solutions today
10

11. © FIDO Alliance 2021
The FIDO Alliance launched
the IoT Technical Working
Group (IoT TWG) in June
2019 - members include
leading Cloud Service
Providers, semiconductor
manufacturers, security
specialists and OEMs.
The IoT TWG analyzed
multiple use cases, target
architectures and
specifications to develop as
clear set of requirements.
Intel contributed their
Secure Device Onboard
specification, which served
as the starting point for
FIDO’s IoT work - the TWG
modified and extended the
initial specification to meet
the defined requirements.
FIDO’s Approach to Secure IoT
11
NEWS - The FIDO Device Onboard specification is now available:
https://fidoalliance.org/specs/FDO/fido-device-onboard-v1.0-ps-20210323/fido-device-onboard-v1.0-ps-20210323.html

12. © FIDO Alliance 2021
Fast, Scalable Device Provisioning, Onboarding &
Activation
12
Drop ship device to
installation location
Power-up & connect
to Network
Auto-provisions, Onboards
to Cloud
BENEFITS1
• Zero touch onboarding – integrates readily with existing zero touch solutions
• Fast & more secure1 – ~1 minute
• Hardware flexibility – any hardware (from ARM MCU to Intel® Xeon® processors)
• Any cloud – internet & on-premise
• Late binding - of device to cloud greatly reduces number of SKUs vs. other zero touch
offerings
• Open - LF-Edge SDO project up and running, code now on GitHub
12
1. No product or component can be absolutely secure

13. © FIDO Alliance 2021
FIDO Device Onboard: Late Binding in Supply Chain
13
IoT Device Supply Chain
Device SKU 2
Device SKU 2
Device SKU 2
Device SKU 2
Device SKU 2
Device SKU 2
Device SKU
Customer 1
Custom SKUs
Custom SKUs
Custom SKUs
FDO Late Binding
Device Identity
Build-to-order
Manufacturing
Infrastructure
Build-to-plan
Manufacturing
Infrastructure
Binding info
Binding info
Devices
Customer 2
Devices
Customer n
Devices
Customer 1
Devices
Customer 2
Devices
Customer n
Devices
Zero Touch without FDO
IoT device software and security
customization happens during
manufacturing
Result:
Complicated build-to-order
manufacturing infrastructure,
many SKUs, small lot sizes, long
lead times, higher cost
Zero Touch with FDO
IoT device software and
security customization
happens at the end of the
supply chain
Benefits:
Simplified build-to-plan
manufacturing infrastructure,
fewer SKUs, large lot sizes,
enable stocking distributors,
low customization cost
Result: Increased supply chain
volume and velocity
IoT Device Supply Chain
Single SKU
Late binding reduces costs & complexity in supply chain – a single device SKU for all customers

14. © FIDO Alliance 2021
Aligning FIDO IOT to Use Case and Ecosystem
14
CSP & On-prem
Support
IoT Platform
ISV Suite
Silicon/device
Ecosystem
SI Ready
Connectivity
Support
Use cases where FIDO IOT delivers maximum value
• Industrial and Enterprise devices:
Gateways, servers, sensors, actuators, control systems, medical, etc.
• Multi-ecosystem applications and services:
not tied to specific cloud/platform framework
• Distributor sales:
deliver from stock, specify binding info after sale to customer
• Device resale / redeploy:
reset to factory conditions repeat onboarding process with new credentials

15. © FIDO Alliance 2021
How FDO Works
15
Build and Ship FDO
Enabled Devices
1
Register Ownership
to Target Platform
2
Register Device to
Rendezvous Service
3
Devices use FDO to
find owner location
4
Devices Authenticated
and Provisioned
5
Devices send sensor
data to IoT Platform
6
Device Recipient
3
Load Owner Voucher
at Procurement
Supply Chain
5
Late Binding Provisioning
1
Single SKU for Multiple
Target clouds
Registration
4
Target Cloud
(Device Management
System) with integrated
FDO Owner
Rendezvous
service
IoT Device
Device Manufacturer
2
6

16. © FIDO Alliance 2021
Processor
e.g. Intel, Arm
VARs
Distribution SI
Manufacturing Tool
(includes supply chain
tools)
Client for Arm, Intel,
other processors and
TPM
FDO Owner
(IoT Platform SDK)
Rendezvous server
(runs on Cloud or customer
premise)
FDO – Major Software Components
IOT Device
Reseller tool
IN
T
E
L
®
S
E
C
U
R
E
D
E
V
IC
E
O
N
B
O
A
R
D
FDO
Rendezvous
Server
Target Cloud
(Internet or on-premise)
2
1
5
3
4

17. © FIDO Alliance 2021
FDO/SDO: LF-Edge project & Open Source
17
The LF Edge Project is an open source implementation of the FDO
onboarding specification as a reference/gold implementation.
https://www.lfedge.org/projects/securedeviceonboard/
 Status
• LF Edge accepted Secure Device Onboard as a Phase 1 (At Large) project
• Project now active on LF-Edge web site.
• Code now Open Source https://github.com/secure-device-onboard
• Protocol testing release of FDO RD01; production release of FDO 1.0 2H21

18. © FIDO Alliance 2021
Drive industry adoption by building broad industry support across End
users, OEMs, ODMs, silicon partners, etc.
Launch FDO certification programs later this year.
• Functional certification testing
• Security certification testing
Continue work on v.next based on implementation feedback and to
address additional requirements
Goals for 2021
18

19. © FIDO Alliance 2021
o FIDO has an established security certification program for existing FIDO
authenticator specifications (UAF, U2F, FIDO 2.0/Webauthn)
o Levels that correspond to achievable security assurance
o L1 – Based on vendor questionnaire
o SW authenticators, e.g. from an app store
o L2 – Design documentation submitted by vendor and assessed by 3rd-party certification lab
o Authenticators developed in a trusted SW environment
o L3 – Sample device submitted to 3rd-party lab for verification of design and additional
penetration testing
o Authenticators instantiated in a secure element
Certification and Security
19

20. © FIDO Alliance 2021
o Multiple security certification levels also appropriate for IoT devices, given
large scope of achievable levels of security assurance
o Simple devices with
o Limited crypto capabilities
o No isolation of HW/SW required for security functionality
o More complex devices
o Advanced crypto capabilities (comparable to smartphones or PC’s)
o Isolation of security-impacting SW
o Special purpose HW for all secure operations related to onboarding
Certification (cont.)
20

21. © FIDO Alliance 2021
o FIDO is developing interoperability and security certification programs
o Anticipated rollout before end of year, 2021
o FIDO security certification will be assessed against regional regulatory
requirements
o Existing FIDO security certification leverages ‘companion’ programs
o e.g Common Criteria Protection Profiles
o FIDO expects to leverage existing IoT security certification programs as potential companion
programs
Certification (cont.)
21

22. © FIDO Alliance 2021
• The FIDO Alliance has a successful track record of bringing standards to market.
• FDO addresses the challenge of secure device onboarding – key to IoT growth
• FDO has been driven by Cloud, Semiconductor and Security leaders.
• FDO open-source software on LF-Edge; alpha code today, full release mid-21.
• You can download the specification and the software today to start using and
applying FDO.
• Interested in driving the evolution of FDO? Join FIDO Alliance today!
Summary
22

23. © FIDO Alliance 2021
Questions?
23