FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO manages functional certification programs for its core specifications (UAF, U2F and FIDO2) to ensure product interoperability, and more recently has introduced programs to delineate security capabilities of FIDO Certified Authenticators, and also to test and validate the efficacy of biometric components.
These slides explain how to:
- Learn how to take part in the FIDO Certified program and/or what to consider when licensing FIDO Certified solutions
- Understand how FIDO’s new biometric certification program (a first of its kind in the industry) will help inform the marketplace on the accuracy of various biometric authentication components
- See how FIDO’s Certified Authenticator Levels will help deploying organizations specify and support specific security capabilities and requirements for their end users
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
This document summarizes a talk on FIDO2/WebAuthn standards for strong authentication. It provides a history of the FIDO Alliance and their specifications. It describes the key aspects of FIDO2, including bound authenticators that can only be used on a single device. It outlines how WebAuthn allows strong authentication through public/private key cryptography without credentials leaving the authenticator device. The benefits are strong authentication on many platforms, ease of integration for developers, and a better security and user experience compared to passwords. Diagrams demonstrate the registration and authentication flows using public/private key techniques.
Use this presentation to learn about FIDO's certification process.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
This document discusses the FIDO Alliance's approach to privacy in authentication. It outlines the history of privacy by design principles and how FIDO implemented them. Key points include that FIDO aims to keep user verification and biometric data local to the authenticator, prevents linkability between accounts, and allows de-registration at any time in accordance with privacy principles. The document also maps FIDO's approach to relevant regulatory requirements around privacy.
FIDO and the Future of User AuthenticationFIDO Alliance
The document discusses the problems with password-based authentication and introduces FIDO authentication as a solution. It summarizes that FIDO authentication uses public key cryptography to allow users to authenticate with a single gesture on their device, without needing shared secrets or passwords. FIDO authentication is being adopted by major companies and specifications are standardized, with over 500 authenticators certified for compatibility and security. The presentation promotes FIDO as the future of secure, usable authentication.
The document discusses IPv6 and its adoption. It provides an agenda for an IPv6 overview presentation, covering topics like IPv6 opportunities and risks, adoption trends, and enterprise preparation. HP is presented as a leader in IPv6 support and implementation across its products. The need to plan for IPv6 adoption and potential triggers for transition are also addressed.
Lifecycle Consideration for Security Key DeploymentsFIDO Alliance
This document discusses lifecycle considerations for security key deployments. It covers account registration, device registration, and account recovery. For account recovery, it recommends using multiple security keys to allow for self-recovery. It also recommends expanding existing identity proofing mechanisms used during initial registration to be used during account recovery. The document discusses both self-service and assisted account recovery options.
Technical Principles of FIDO AuthenticationFIDO Alliance
The document discusses technical principles of FIDO authentication. It provides an overview of how FIDO works, including the FIDO ecosystem with authenticators, clients, servers and relying parties. It also summarizes the FIDO registration and authentication processes, which separate user verification from authentication through the use of public and private keys.
This document discusses navigating NIST SP 800-63-3 authentication and identity assurance levels. It provides cheat sheets comparing identity, authentication, and federation assurance levels between different standards and frameworks. Examples of evidence types for different identity assurance levels are also presented. Finally, a taxonomy for levels of verification of trust is proposed.
FIDO Authentication Account Recovery Framework at Yahoo JapanFIDO Alliance
This document discusses an account recovery framework for FIDO deployments. It proposes a generic account recovery model that covers a wide variety of recovery methods and addresses requirements for service providers. The framework defines recovery claims as abstractions of any types of data used for account recovery. It also describes recovery claim management involving credentials, attributes, and assertions bound to user accounts. Finally, the document outlines several example account recovery methods that could be implemented using this framework, including methods using multiple authenticators, collaborative recovery tokens, or a trusted person's authenticator.
FIDO UAF and PKI in Asia - Case Study and RecommendationsFIDO Alliance
FIDO UAF and PKI in Asia - Case Study and Recommendations by Karen Chang and Wei-Chung Hwang, APKIC
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
Answering all of your questions about FIDO Certification, including: what is FIDO certification?, types of certification, meta data service, security certification and the value of deploying certified solutions.
Strong Authentication and US Federal Digital ServicesFIDO Alliance
The document discusses strong authentication and the US Federal Digital Services. It describes Authenticator Assurance Levels (AAL), with AAL3 providing the highest level of remote network authentication by requiring proof of possession of a hardware cryptographic key. AAL3 authenticators must be validated at FIPS 140 Level 2 or higher, with single-factor ones at Level 1. The document raises implementing AAL3 and a new interoperability target as issues and provides contact information for further discussion.
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators.
2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices.
3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.
In just over one year, the FIDO Certified Program has tested and certified more than 200 implementations of the FIDO specifications. There is strong interest and momentum in the market for FIDO Certified products — including FIDO’s new BLE certification, which for the first time brings FIDO technology to wearables and other emerging form factors.
These slides include information about:
- An overview of the program, including updates on newly available certification methodologies,
- Some of the latest and greatest FIDO Certified solutions on the marketplace, and gain an understanding of how products get started through the FIDO Certification process, and also will understand the benefits of deploying FIDO Certified authentication solutions.
This document provides an introduction to FIDO (Fast IDentity Online), a standardized authentication framework that enables scalable and faster access to web resources without requiring users to remember complicated passwords. It discusses problems with traditional password-based authentication and outlines FIDO's two main specifications: UAF (Universal Authentication Framework), which supports passwordless authentication using built-in authenticators, and U2F (Universal Second Factor), which adds a second factor of authentication to password login. The document explains FIDO components, protocols, and architecture in detail and provides examples of how FIDO enables secure authentication flows. It also discusses next steps for further standardization and adoption of FIDO.
Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
The document discusses FIDO Alliance's efforts to create simpler and stronger authentication standards to replace passwords. It provides an overview of FIDO authentication, including how it works, adoption rates, and certification programs. It also summarizes the Alliance's work in identity verification, binding, and FIDO Device Onboarding to fill gaps and further the passwordless vision.
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
This document summarizes the FIDO Alliance's vision and status. It discusses how authentication has become a major problem and how over 250 organizations are working together through the FIDO Alliance to solve this problem by developing open standards for simpler and stronger authentication using public key cryptography. The FIDO Alliance aims to deliver security, privacy, interoperability and usability through specifications such as FIDO UAF, FIDO U2F and the upcoming FIDO2/WebAuthn specifications. The Alliance has seen strong growth in functional certifications and aims to also offer security and biometric certifications to validate authenticator safety and accurate user identification.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
This presentation provides information on Inflectra, our product suite and our partnership programs, including sales affiliate, solution provider, reseller, and hosting partner.
Identifies security authentication issues and explains how FIDO works to resolve these issues. Gives an overview of how FIDO separates user verification from authentication, supports scalable convenience & security and complements federation.
David Gerendas, Group Product Manager, Intel Security
Ray Potter, CEO of SafeLogic
With the advent of the cloud and the explosion of mobile endpoints, enterprises have increased their focus on maintaining data integrity and confidentiality from growing threats. As a result, the Federal Risk and Authorization Management Program, a.k.a. FedRAMP, has taken on greater significance outside of federal deployments. By standardizing requirements and expectations, the program has set a strong benchmark for the entire cloud industry. In response to repeated security breaches that have damaged brands’ credibility, corporate mandates are now matching and even exceeding their government counterparts. If you are not FedRAMP compliant, enterprises demand to know why not.
The use of encryption is integral to FedRAMP and has become ubiquitous in the effort to protect information assets. But while certain crypto algorithms are often installed alone and unverified, customer expectations have risen in recent years. Enterprises certainly no longer accept homegrown cryptography from vendors, strongly preferring to rely upon solutions that have been vetted by third-party labs and validated by the government. Federal Information Processing Standard (FIPS) 140-2 is the leading international standard for encryption and the Cryptographic Module Validation Program (CMVP) was established to certify solutions that meet the stringent benchmark. In tandem, FedRAMP and FIPS offer the highest level of assurance for cloud buyers, but both are still generally misunderstood.
You will learn:
• What FedRAMP compliance entails
• Advantages of using a validated cryptographic module in the cloud
• How encryption modules become validated and the pitfalls of the process
• Meaning of FedRAMP compliance claims and how to confirm
• Right questions to ask vendors about their encryption and FedRAMP compliance
This presentation provides information on Inflectra, our product suite and our partnership programs, including solution partners, implementation partners, and technology partners.
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
This document provides an overview of the FIDO UAF (Universal Authentication Framework) protocol. It describes common password and one-time password issues like phishing, theft, and inconvenience. It then explains how FIDO UAF works by using a cryptographic authenticator device to verify the user and sign authentication responses. The document outlines the registration and authentication flows and describes how metadata is used to understand the authenticator's security characteristics. It also discusses various implementation options for the authenticator including hardware-based devices, software authenticators, and leveraging trusted execution environments.
FIDO And the Future of User AuthenticationFIDO Alliance
The document discusses the problems with passwords and introduces FIDO as a solution. It notes that consumers have many online accounts but reuse few passwords, while businesses lose over $1 billion to credential theft annually. FIDO uses public key cryptography and requires a second factor, like a fingerprint, to log in securely. It has seen growing adoption with hundreds of implementations and support from governments and companies around the world working to replace passwords with stronger FIDO authentication.
Generating and Closing of Sales Opportunities with 4ipnet Demo Equipment
Access to demo equipment provides partners with the opportunity to showcase 4ipnet products to customers. The 4ipnet Not-for-Resale (NFR) Program provides one-time specially discounted demo equipment for marketing, demonstration labs, testing or showroom facilities, and customer settings for evaluation purposes.
Cybersecurity Implementation and Certification in Practice for IoT EquipmentOnward Security
This document discusses implementing and certifying IoT equipment for security standards. It begins by outlining five notices for adopting IoT security standards, including explicitly defining relevant standards, determining which standards are needed, investments required, cooperation needed, and benefits of certification. It then provides FAQs and suggestions about adopting standards. Use cases of adopting standards for IoT devices and industrial IoT development processes are presented. The conclusion suggests that adopting standards can help conform to customer requirements, enhance competitiveness, build corporate image, and increase revenue. It invites any remaining questions.
Similar to FIDO Certification Program Updates (20)
How Social Media Hackers Help You to See Your Wife's Message.pdfHackersList
In the modern digital era, social media platforms have become integral to our daily lives. These platforms, including Facebook, Instagram, WhatsApp, and Snapchat, offer countless ways to connect, share, and communicate.
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
Blockchain technology is transforming industries and reshaping the way we conduct business, manage data, and secure transactions. Whether you're new to blockchain or looking to deepen your knowledge, our guidebook, "Blockchain for Dummies", is your ultimate resource.
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk.
What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year?
Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year.
This webinar will review:
- Key changes to privacy regulations in 2024
- Key themes in privacy and data governance in 2024
- How to maximize your privacy program in the second half of 2024
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
1. All Rights Reserved | FIDO Alliance | Copyright 2018
FIDO Certified
Program Updates
Authenticators, Biometrics
& FIDO2
2. All Rights Reserved | FIDO Alliance | Copyright 2018
2
Agenda
• The Value of FIDO Certification + Program Updates
• FIDO Authenticator Certification Program
• FIDO Biometric Certification Program
• Getting Started with Your Certification
• Q & A
3. All Rights Reserved | FIDO Alliance | Copyright 20183
CERTIFICATION GOALS
• Enable implementations to be identified as officially
FIDO certified
• Ensure interoperability between FIDO officially
recognized implementations
• Promote the adoption of the FIDO ecosystem
• Provide RPs with the ability to assess performance
requirements for user authenticators
• Provide the industry at large with a testing baseline
for biometric component performance
5. All Rights Reserved | FIDO Alliance | Copyright 20185
LATEST CERTIFICATION UPDATES
• Formal FIDO2 Interop occurred 20-23 August 2018
• Authenticator Certification Program Level 3 and 3+
• Utilizes the Companion Program for Certification
• Biometric Certification Program
• False Accept Rate
• False Reject Rate
• Presentation Attack Detection
6. 6
AGENDA
• The Value of FIDO Certification + Program Updates
• FIDO Authenticator Certification Program
• FIDO Biometric Certification Program
• Getting Started with Your Certification
• Q & A
7. All Rights Reserved | FIDO Alliance | Copyright 20187
FIDO AUTHENTICATOR CERTIFICATION
• The FIDO Authenticator Certification
Program validates that Authenticators
conform to the FIDO specifications
(UAF/U2F/FIDO2) and allows vendors to
certify the security characteristics of their
implementations
• After completing certification, vendors may
use the FIDO logo on their products
8. All Rights Reserved | FIDO Alliance | Copyright 20188
LEVELS PICTORIAL
NOTE: For Authenticators that use a biometric the Biometric Certification is required at L2+ and higher.
10. All Rights Reserved | FIDO Alliance | Copyright 201810
SECURITY EVALUATION
Level 3rd Party Lab Work Required Evaluation Style
L1 None – evaluation is solely by FIDO
Alliance Security Secretariat
• System design review
L1+
(preliminary)
Vendor must hire a FIDO-approved lab • System design review
• Code review
• SW penetration test / attack potential calculation
L2 Vendor must hire a FIDO-approved lab • System design review
L2+
(preliminary)
Vendor must hire a FIDO-approved lab1 • System design review
• Code review
• SW penetration test / attack potential calculation
L3 Vendor must hire a FIDO-approved lab1 • System design review
• Code review
• HW penetration test / attack potential calculation
L3+ Vendor must hire a FIDO-approved lab1 • System design review
�� Code review
• HW penetration test / attack potential calculation
1 At level L2+ and higher, it should usually be the case that the platform HW and SW have already been certified and the FIDO
vendor will only need to certify the FIDO-specific requirements (e.g. the authenticator is running on an already-certified TEE,
Secure Element…)
11. All Rights Reserved | FIDO Alliance | Copyright 201811
NEW COMPANION PROGRAM
• Companion Programs are independent testing programs which FIDO
partners with to lessen the certification burden
• Example: Common Criteria or ISO/IEC 15408
• The vendor uses a FIDO created mapping document that maps program
requirements from companion program to FIDO security requirements
• The authenticator is evaluated on the delta requirements only
• Companion Programs are currently required for Authenticator Security
levels 3 and 3+
More information can be found on the FIDO Alliance website:
https://fidoalliance.org/fido-authenticator-certification-companion-
program/
12. FIDO Alliance | All Rights Reserved | Copyright 201812
CHANGES AFTER INITIAL CERTIFICATION
Delta Certification is a process to verify that a Certified
implementation still meets requirements for the following
cases:
• Product upgrades
• Version upgrade
• Level downgrades
• Security vulnerability
• Post suspension
13. All Rights Reserved | FIDO Alliance | Copyright 201813
CHANGES AFTER INITIAL CERTIFICATION
Derivative Certification:
• Products or services that rely upon existing Certified
implementations for conformance with FIDO specifications
• A Derivative implementation may not modify, expand, or
remove FIDO functionality from the Certified
implementation on which it is based
14. 14
AGENDA
• The Value of FIDO Certification + Program Updates
• FIDO Authenticator Certification Program
• FIDO Biometric Certification Program
• Getting Started with Your Certification
• Q & A
15. FIDO Alliance | All Rights Reserved | Copyright 201815
FIDO CERTIFICATION PURPOSE
The FIDO Biometric Certification
Program is intended to certify biometric
components and/or subsystems and is
independent from Authenticator
Certification Program
16. All Rights Reserved | FIDO Alliance | Copyright 201816
TESTING STEP 1: BIOMETRIC SUBCOMPONENT
17. FIDO Alliance | All Rights Reserved | Copyright 201817
ALLOWED INTEGRATION DOCUMENT
• Developed by vendor and submitted to lab
• Used to document changes necessary to accommodate integration with
authenticator
• Must include explanation of possible software and hardware changes
18. All Rights Reserved | FIDO Alliance | Copyright 201818
TESTING STEP 2: AUTHENTICATOR
19. All Rights Reserved | FIDO Alliance | Copyright 201819
AUTHENTICATOR CERTIFICATION
Using a Certified Biometric Subcomponent:
• Optional for Authenticators using a Biometric at L1-L2.
• The Security Requirements enforce Biometric Certification of the
biometric at L3 and higher when a biometric is used in the
authenticator.
• Once L2+ is finalized Biometric Certification will also be required
• Results in a “FIDO Certified” Authenticator
20. FIDO Alliance | All Rights Reserved | Copyright 201820
BIOMETRIC DEFINITIONS
• False Accept Rate (FAR): The proportion of verification transactions with
wrongful claims of identity that are incorrectly confirmed
• False Reject Rate (FRR): The proportion of verification transactions with
truthful claims of identity that are incorrectly denied
• Impostor Attack Presentation Match Rate (IAPMR): Proportion of
presentation attacks in which the target reference is matched
21. FIDO Alliance | All Rights Reserved | Copyright 201821
BIOMETRIC PERFORMANCE LEVELS
• Biometric Requirements:
• False Accept Rate (FAR): SHALL meet the requirement of less than 1:10,000 for the
upper bound of a 80% confidence interval. FAR is measured at the transaction
level.
• False Reject Rate (FRR): SHALL meet the requirement of less than 3:100 for the
upper bound of a 80% confidence interval. FRR is measured at the transaction
level.
• Presentation Attack Detection: SHALL be performed by the FIDO-accredited
independent testing laboratory on the TOE provided by vendor. The evaluation
measures the Impostor Attack Presentation Match Rate for each presentation
attack type, as defined in ISO 30107 Part 3.
NOTE: FIDO-accredited independent testing laboratory performs live subject scenario testing on the TOE provided by vendor
using a combination of on-line/off-line testing, as well as presentation attack testing, based on ISO 19795-1 and ISO 30107-3.
22. FIDO Alliance | All Rights Reserved | Copyright 201822
SELF-ATTESTATION - OPTIONAL
• Biometric Requirements:
• False Accept Rate (FAR): The vendor SHALL attest to an FAR of [1:25,000 or
1:50,000 or 1:75,000 or 1:100,000] at an FRR of 3% or less.
• False Reject Rate (FRR): The vendor SHALL attest to an FRR at no greater than 3%
as measured when determining the self-attested FAR. In other words, self
attestation for FRR is only possible when self attesting for FAR.
NOTE: Self-attestation for FAR and FRR shall be supported by test data and
documented in a report submitted to lab from vendor.
23. 23
AGENDA
• The Value of FIDO Certification + Program Updates
• FIDO Authenticator Certification Program
• FIDO Biometric Certification Program
• Getting Started with Your Certification
• Q & A
24. FIDO Alliance | All Rights Reserved | Copyright 201824
ROLES AND RESPONSIBILITIES
Working Groups Secretariats
Security Review
Team
Certification
Trouble
Shooting
Accredited Labs Vendors
Partner
Programs OEMs
25. All Rights Reserved | FIDO Alliance | Copyright 201625
GETTING STARTED: FUNCTIONAL CERTIFICATION
Register for Self-Conformance Test Tool Access :
https://fidoalliance.org/test-tool-access-request/
• For UAF, you will need to complete both automated and manual testing
• UAF Authenticators only will need a Vendor ID:
http://fidoalliance.org/vendor-id-request/
Complete Self-Conformance Testing at least two weeks prior to
interoperability event.
Elect to Participate in Pre-Testing in the two weeks prior to the
interoperability event (recommended)
Register for and attend the next interoperability event:
https://fidoalliance.org/interop-registration/
Next Interoperability Event Host: Seoul, S. Korea, 12-15 November 2018
(Location TBD). Registration opening soon.
26. All Rights Reserved | FIDO Alliance | Copyright 201826
INTEROP TESTING OVERVIEW
• Existing Process – Interop Testing
• Interop every 90 days
• Plan ahead! May impact product schedules…
• New Process – On Demand Testing
• Pick your testing date from a calendar
• Servers: remote / virtual testing
• Authenticators: ship device or in-person testing
• Convenience and fast turn-around
On
Demand
Testing
Virtual
Shipped
In-Person
28. All Rights Reserved | FIDO Alliance | Copyright 201828
GETTING STARTED – BIOMETRIC CERTIFICATION
Apply for Biometric component certification
• Request an account: https://fidoalliance.org/certification/certification-
account-request/
Select an Accredited Biometric Lab and agree to terms for testing
• Biometric Accredited Lab list:
https://fidoalliance.org/fido-accredited-biometric-laboratories/