This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
Keycloak supports WebAuthn and FAPI by implementing their features and passing conformance tests. Hitachi contributed WebAuthn support and worked with NRI to add FAPI compliance, addressing issues like supporting newer signature algorithms and the PKCE protocol. Further contributions are welcomed to resolve remaining FAPI test issues.
The document discusses the FIDO2 authentication process for creating and using passkeys across multiple devices. It describes creating a passkey for a banking app on Android, then signing into the same banking app on Windows and macOS using the passkey from Android. This involves scanning a QR code to link devices, performing user verification on each device, and having the passkey detected and stored locally on each new platform using the respective authentication method (Windows Hello, macOS, etc).
The document describes the FIDO2 specification which includes WebAuthn and CTAP. WebAuthn introduces a new JavaScript API for browser-based authentication and CTAP introduces a new API for platform-based authentication. It provides an overview of the registration and authentication flows including the use of public key credentials on servers to authenticate users. It also describes extensions, attestations, credential management and the goals of convenience and strong security in the FIDO standards.
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
This document provides a summary of a presentation on passwordless authentication and the role of the FIDO Alliance. It begins with statistics showing the increasing costs and impacts of cyberattacks targeting financial services. The presentation then discusses predictions that phishing attacks and MFA bypass attacks will continue to grow. However, it also predicts that enterprise passwordless deployments and consumer-ready solutions will increase rapidly. The rest of the presentation focuses on the FIDO Alliance's work to develop open standards for simpler and stronger authentication using public key cryptography and possession-based credentials like "passkeys." It discusses growing browser, platform and government support for FIDO and the Alliance's initiatives to further improve usability while maintaining security, such as new guidelines
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience. From FIDO Alliance Seminar in Tokyo, Japan, November, 2015.
FIDO and the Future of User AuthenticationFIDO Alliance
The document discusses the problems with password-based authentication and introduces FIDO authentication as a solution. It summarizes that FIDO authentication uses public key cryptography to allow users to authenticate with a single gesture on their device, without needing shared secrets or passwords. FIDO authentication is being adopted by major companies and specifications are standardized, with over 500 authenticators certified for compatibility and security. The presentation promotes FIDO as the future of secure, usable authentication.
Google has deployed FIDO U2F security keys for two-factor authentication at scale within their organization. They found security keys to be faster and cause fewer support incidents than one-time passwords. Google has also made security keys available to consumers as an optional second factor for their accounts. Other companies like Dropbox, GitHub, and Facebook have also adopted FIDO security keys. Google's experience shows that security keys can provide stronger authentication that is also more usable for users and enterprises.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
This document discusses the growing adoption of FIDO authentication standards for passwordless, phishing-resistant multi-factor authentication. It predicts that in 2022, enterprise passwordless deployments will grow rapidly as mobile platforms provide consumer-ready solutions at scale. The document outlines how FIDO specifications offer simpler and stronger authentication using public key cryptography backed by major technology companies. It notes that over 5 billion devices now support FIDO and more than 150 million people are using passwordless methods each month. Government policies are evolving to recognize FIDO authentication as the preferred choice and gold standard for phishing-resistant multi-factor authentication.
What is a Verifiable Credential, and Why Does it Matter?
https://identiverse.com/idv2022/session/841421/
"A verifiable credential (VC) is an assertion with a secret weapon – called a verifiable presentation (VP). VCs and VPs are unique in that they enable users to directly hold and present claims about themselves, issued by many different authorities. This is an important addition to the domain-relative credentials that are presented today as part of federated sign-in or SSO contexts. You may ask – why is that direct presentation important? Kristina Yasuda will talk through how VCs and VPs work, what makes VCs different from common federated credentials, and what VCs could change about how we interact with data in the future."
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators.
2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices.
3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.
FIDO Certified Program: The Value of Certification FIDO Alliance
A look at FIDO Certification program, including functional, authenticator and biometric; the value of certification for relaying parties and vendors, and how to get started.
FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO manages functional certification programs for its core specifications (UAF, U2F and FIDO2) to ensure product interoperability, and more recently has introduced programs to delineate security capabilities of FIDO Certified Authenticators, and also to test and validate the efficacy of biometric components.
These slides explain how to:
- Learn how to take part in the FIDO Certified program and/or what to consider when licensing FIDO Certified solutions
- Understand how FIDO’s new biometric certification program (a first of its kind in the industry) will help inform the marketplace on the accuracy of various biometric authentication components
- See how FIDO’s Certified Authenticator Levels will help deploying organizations specify and support specific security capabilities and requirements for their end users
The document outlines the FIDO Alliance's Biometric Certification Program. It aims to certify biometric components and subsystems to ensure interoperability, promote adoption of FIDO standards, and provide performance benchmarks. The certification process involves two steps - first testing the biometric subcomponent, then full authenticator testing. It defines biometric performance metrics like false accept and reject rates, and requires components to meet specified thresholds or allow self-attestation with test data. The certification is independent of the Authenticator Certification Program and helps identify solutions as officially FIDO certified.
This document discusses FIDO certification programs which provide standardized testing to validate that products meet specifications and are interoperable. It outlines different certification programs for authenticators, IoT devices, and digital identity. Functional certification tests conformance to specifications while interoperability testing validates implementability. Authenticator certification has three security levels which add increased security requirements and assurances. Certification provides benefits like regulatory compliance, consumer protection, and confidence in product quality.
Using FIDO Authenticator for IoT DevicesFIDO Alliance
The document discusses using FIDO authenticators for IoT devices. It presents eWBM's biometric external FIDO authenticator and its security features. Potential applications of FIDO authentication for IoT are then described, including for device authentication over LoRa networks, drone control, and public WiFi access. The use of a BLE FIDO authenticator for personalized smart speaker services is also proposed. The conclusion recommends slimming down the FIDO client for embedded systems and achieving at least Security Level 2 certification for IoT authenticators.
The document discusses FIDO Alliance's efforts to create simpler and stronger authentication standards to replace passwords. It provides an overview of FIDO authentication, including how it works, adoption rates, and certification programs. It also summarizes the Alliance's work in identity verification, binding, and FIDO Device Onboarding to fill gaps and further the passwordless vision.
Answering all of your questions about FIDO Certification, including: what is FIDO certification?, types of certification, meta data service, security certification and the value of deploying certified solutions.
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
Technical Principles of FIDO AuthenticationFIDO Alliance
The document discusses technical principles of FIDO authentication. It provides an overview of how FIDO works, including the FIDO ecosystem with authenticators, clients, servers and relying parties. It also summarizes the FIDO registration and authentication processes, which separate user verification from authentication through the use of public and private keys.
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
Explore how FIDO UAF works, how to perform FIDO registration, and how FIDO is used in the world today, as well as the process from start to finish of UAF authentication.
From FIDO Alliance Seminar in Washington, D.C., October, 2015.
This document provides an introduction to FIDO (Fast IDentity Online), a standardized authentication framework that enables scalable and faster access to web resources without requiring users to remember complicated passwords. It discusses problems with traditional password-based authentication and outlines FIDO's two main specifications: UAF (Universal Authentication Framework), which supports passwordless authentication using built-in authenticators, and U2F (Universal Second Factor), which adds a second factor of authentication to password login. The document explains FIDO components, protocols, and architecture in detail and provides examples of how FIDO enables secure authentication flows. It also discusses next steps for further standardization and adoption of FIDO.
This document summarizes a presentation on FIDO specifications and authentication. It discusses password issues like passwords being stolen from servers or entered into untrusted sites. It also classifies threats to authentication like remotely or physically attacking user devices. The document explains how FIDO works using authenticators, user verification, and public/private keys. It covers registration, attestation, metadata, and how authenticators work with platforms. It compares password and FIDO authentication in terms of convenience and security.
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
This document provides an overview of the FIDO UAF (Universal Authentication Framework) protocol. It describes common password and one-time password issues like phishing, theft, and inconvenience. It then explains how FIDO UAF works by using a cryptographic authenticator device to verify the user and sign authentication responses. The document outlines the registration and authentication flows and describes how metadata is used to understand the authenticator's security characteristics. It also discusses various implementation options for the authenticator including hardware-based devices, software authenticators, and leveraging trusted execution environments.
The FIDO Alliance has launched of the FIDO Device Onboard (FDO) protocol, a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms. Through this standard, the FIDO Alliance addresses challenges of security, cost and complexity tied to IoT device deployment at scale. FIDO Device Onboard furthers the fundamental vision of the Alliance, which has brought together 250+ of the most influential and innovative companies and government agencies from around the world to address cyber security in order to eliminate data breaches, and enable secure online experiences.
FIDO Technical Overview at FIDO KWG HackathonKi-Eun Shin
FIDO is an authentication standard that provides a more secure alternative to passwords. It uses public-key cryptography where a private key is stored securely on a user's device and never leaves it. During registration, a public key and attestation are stored on the server and associated with a user account. Authentication involves the device signing a challenge with the private key in a way that can be verified with the public key. This allows for strong, passwordless authentication that is compatible across platforms and browsers. Popular companies like Microsoft and Google have implemented FIDO to improve security.
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
Measuring the Impact of Network Latency at TwitterScyllaDB
Widya Salim and Victor Ma will outline the causal impact analysis, framework, and key learnings used to quantify the impact of reducing Twitter's network latency.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk.
What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year?
Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year.
This webinar will review:
- Key changes to privacy regulations in 2024
- Key themes in privacy and data governance in 2024
- How to maximize your privacy program in the second half of 2024
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
Support en anglais diffusé lors de l'événement 100% IA organisé dans les locaux parisiens d'Iguane Solutions, le mardi 2 juillet 2024 :
- Présentation de notre plateforme IA plug and play : ses fonctionnalités avancées, telles que son interface utilisateur intuitive, son copilot puissant et des outils de monitoring performants.
- REX client : Cyril Janssens, CTO d’ easybourse, partage son expérience d’utilisation de notre plateforme IA plug & play.
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionBert Blevins
Cybersecurity is a major concern in today's connected digital world. Threats to organizations are constantly evolving and have the potential to compromise sensitive information, disrupt operations, and lead to significant financial losses. Traditional cybersecurity techniques often fall short against modern attackers. Therefore, advanced techniques for cyber security analysis and anomaly detection are essential for protecting digital assets. This blog explores these cutting-edge methods, providing a comprehensive overview of their application and importance.
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Best Programming Language for Civil EngineersAwais Yaseen
The integration of programming into civil engineering is transforming the industry. We can design complex infrastructure projects and analyse large datasets. Imagine revolutionizing the way we build our cities and infrastructure, all by the power of coding. Programming skills are no longer just a bonus—they’re a game changer in this era.
Technology is revolutionizing civil engineering by integrating advanced tools and techniques. Programming allows for the automation of repetitive tasks, enhancing the accuracy of designs, simulations, and analyses. With the advent of artificial intelligence and machine learning, engineers can now predict structural behaviors under various conditions, optimize material usage, and improve project planning.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
1. All Rights Reserved | FIDO Alliance | Copyright 2018
FIDO Certification
Programs
2. 2
AGENDA
• The Value of FIDO Certification
• FIDO Certification Programs
• Functional
• Authenticator
• Biometric
• Getting Started
Dr. Rae Hayward,
Certification Director,
FIDO Alliance
3. All Rights Reserved | FIDO Alliance | Copyright 20183
BENEFITS TO CERTIFICATION
Validation Interoperability Rigorous testing
Trust
Competitive
edge
Market
expansion
4. All Rights Reserved | FIDO Alliance | Copyright 20184
FIDO CERTIFIED ECOSYSTEM (SAMPLE)
PHONES & PCs
Over 525 FIDO Certified Solutions Available Today
SECURITY KEYS CLOUD/SERVER SOLUTIONS
5. 5
FIDO METADATA SERVICE
• Web-based tool where FIDO authenticator vendors can publish metadata
statements for FIDO servers to download
• Provides organizations deploying FIDO servers with a centralized and
trusted source of information about FIDO authenticators
• Validate the integrity of a device population by periodically
downloading a digitally signed metadata to verify individual metadata
statements
All Rights Reserved | FIDO Alliance | Copyright 2018
7. 7
AGENDA
• The Value of FIDO Certification
• FIDO Certification Programs
• Functional
• Authenticator
• Biometric
• Getting Started
8. FUNCTIONAL CERTIFICATION
• Available to members and non-members
• Measures compliance among products and services
that support FIDO specifications
• Validates interoperability within the ecosystem
• Certify products such as authenticators, servers,
clients, and combos
All Rights Reserved | FIDO Alliance | Copyright 2018
9. All Rights Reserved | FIDO Alliance | Copyright 2018
9
INTEROP TESTING OVERVIEW
• Existing Process – Interop Testing Events
• Interop every 90 days
• Plan ahead! May impact product schedules…
• New Process – On Demand Testing
• Pick your testing date from a calendar
• Servers: remote / virtual testing
• Authenticators: ship device or in-person testing
• Convenience and fast turn-around
FIOD
Testing
Virtual
Shipped
In-Person
Interop Events
10. All Rights Reserved | FIDO Alliance | Copyright 2018
10
FIDO AUTHENTICATOR CERTIFICATION
• The FIDO Authenticator Certification
Program validates that Authenticators
conform to the FIDO specifications
(UAF/U2F/FIDO2) and allows vendors to
certify the security characteristics of their
implementations
• After completing certification, vendors may
use the FIDO logo on their products
11. 11
A COMPREHENSIVE SET OF LEVELS FOR ALL USES CASES
SAMPLE DEVICE HARDWARE &
SOFTWARE REQUIREMENTS
DEFENDS AGAINST
Protection against chip fault injection,
invasive attacks… L3+
Captured devices
(chip-level attacks)
Circuit board potting, package on
package memory, encrypted RAM… L3
Captured devices
(circuit board level attacks)
Restricted Operating Environment (ROE)
(e.g., TEE or Secure Element in a phone,
USB token or Smart Card which are
intrinsically ROEs, other…)
L2+
Device OS compromise
(defended by ROE)
L2
Any device HW or SW
L1+
Device OS compromise
(defended by white-box cryptography)
L1
Phishing, server credential
breaches & MiTM attacks
(better than passwords)
12. All Rights Reserved | FIDO Alliance | Copyright 201812
LEVEL 1
Examples
• Android or IoS applications
• Platform built-in authenticators
• Level 2- or Level 3-capable
authenticators that yet been certified
at Level 2 or Level 3
Certification Process
Vendor documents their design in detail
L1+ only: Evaluation by FIDO-accredited lab,
penetration testing (L1+ program still in development)
Evaluation by FIDO Alliance Security Secretariat
• Better than passwords
• FIDO is unfishable and biometrics are
more convenient
• Keys and biometric templates are
protected similar to passwords
stored by a browser or password
manager app
• Requires best facilities offered by
hosting OS
• L1+ adds white-box cryptography
(obfuscation and other techniques)
to defend against compromise of
hosting OS
13. All Rights Reserved | FIDO Alliance | Copyright 201813
LEVEL 2
In addition to L1
• A restricted operating
environment like a TEE gives
security even if OS is
compromised.
• Separate USB, BLE and NFC
authenticators are considered
to use a restricted operating
environment
• Gives defense against larger
scale attacks
• Additional assurance at L2+
Certification Process
Vendor documents their design in detail
L2+ only: Vendor submits source code (L2+ program
still in development)
Evaluation by a FIDO-accredited lab
L2+ only: Attack potential calculation, pen testing
Examples
• Android apps using FIDO Level 2 certified
phone (there aren’t any yet)
• USB, BLE and NFC Security Keys
• Level 3-capable authenticators that
haven’t yet been certified at Level 3
14. All Rights Reserved | FIDO Alliance | Copyright 201814
LEVEL 3
In addition to L2
• Defends against physically
captured authenticators
• Defenses against disassembling,
probing, glitch and other such
physical attacks
• L3+ adds defense against chip-level
physical attacks, such as decapping
and probing the chip
Certification Process
Vendor documents their design in detail
Vendor submits source code
Evaluation by a FIDO-accredited lab (L3, L3+)
Attack potential calculation and penetration testing
L3+ only: Higher attack potential requirements
Examples
• USB, BLE and NFC Security Keys using
Secure Elements or other means of
defending HW attacks
• In some case phone or platform
authenticators may achieve L3, but is
difficult
15. All Rights Reserved | FIDO Alliance | Copyright 201815
COMPANION PROGRAMS
Re use as much as possible from other programs like
Common Criteria
• Reduces time, effort and cost of certification for authenticator
vendors, sometimes by quite a lot
Companion programs never cover all FIDO requirements;
they were not developed specifically for authenticators
• Even with advanced companion programs, vendors will have to
go through additional certification with the FIDO Alliance
Companion Program FIDO Security Level Program Status
Common Criteria AVA_VAN 3 L3 Operating
Common Criteria AVA_VAN 4 L3+ Operating
FIPS L2+, L3 In development
Global Platform TEE Protection Profile L2+ In development
Authentication-
specific
Companion program
AllFIDOSecurityRequirements
End-device
configuration
Cryptographic
algorithms
FIDOSpecific
16. All Rights Reserved | FIDO Alliance | Copyright 201816
FIDO ACCREDITED LABS
L2 L3, L3+
All labs that do FIDO certification must pass accreditation by the FIDO Alliance
Biometric
17. All Rights Reserved | FIDO Alliance | Copyright 201817
EXPIRATION, DERIVATIVE & DELTA CERTIFICATION
xPhone Asteroid1 32GB
Authenticator v1
xPhone Asteroid1 64GB
Authenticator v1
xPhone Asteroid2 32GB
Authenticator v1
xPhone Asteroid3 32GB
Authenticator v2
Security Requirements 1.2 Security Requirements 1.3
xPhone Asteroid1 64GB
Authenticator v1
Delta Certification
• When the FIDO functionality changes
• Recertification against new requirements
• After fix to close a vulnerability
• Reevaluation of security is required
Derivative certification
• No change to FIDO functionality allowed
• Surrounding functionality may change
• Packaging & product name may change
• No re evaluation of security
No Expiration
• Certification of a given product never
expires
• Recertification against new versions of
the requirements is optional
Derivative
Delta
Derivative
Delta
xPhone Asteroid1 64GB
Authenticator v1.1 (fixed)
Delta
18. FIDO Alliance | All Rights Reserved | Copyright 201818
FIDO BIOMETRIC CERTIFICATION
The FIDO Biometric Certification
Program is intended to certify
biometric components and/or
subsystems and is independent from
Authenticator Certification Program
19. 19
BIOMETRIC AND AUTHENTICATOR CERTIFICATION
Using a Certified Biometric Subcomponent:
• Optional for Authenticators using a Biometric at L1-L2.
• The Security Requirements enforce Biometric Certification of the
biometric at L3 and higher when a biometric is used in the
authenticator.
• Once L2+ is finalized Biometric Certification will also be required
• Results in a “FIDO Certified” Authenticator
20. 20
BIOMETRIC DEFINITIONS
• False Accept Rate (FAR): The proportion of verification transactions with
wrongful claims of identity that are incorrectly confirmed
• The requirement of less than 1:10,000 for the upper bound of a 80% confidence
interval
• False Reject Rate (FRR): The proportion of verification transactions with
truthful claims of identity that are incorrectly denied
• the requirement of less than 3:100 for the upper bound of a 80% confidence
interval
• Impostor Attack Presentation Match Rate (IAPMR): Proportion of
presentation attacks in which the target reference is matched
• evaluation measures the Impostor Attack Presentation Match Rate for each
presentation attack type, as defined in ISO 30107 Part 3
21. FIDO Alliance | All Rights Reserved | Copyright 201821
SELF-ATTESTATION - OPTIONAL
Biometric Requirements:
• False Accept Rate (FAR): The vendor SHALL attest to an FAR of [1:25,000 or
1:50,000 or 1:75,000 or 1:100,000] at an FRR of 3% or less.
• False Reject Rate (FRR): The vendor SHALL attest to an FRR at no greater than 3%
as measured when determining the self-attested FAR. In other words, self
attestation for FRR is only possible when self attesting for FAR.
NOTE: Self-attestation for FAR and FRR shall be supported by test data and
documented in a report submitted to lab from vendor.
22. 22
AGENDA
• The Value of FIDO Certification
• FIDO Certification Programs
• Functional
• Authenticator
• Biometric
• Getting Started
23. All Rights Reserved | FIDO Alliance | Copyright 201623
GETTING STARTED: FUNCTIONAL CERTIFICATION
Register for Self-Conformance Test Tool Access :
https://fidoalliance.org/test-tool-access-request/
• For UAF, you will need to complete both automated and manual testing
• UAF Authenticators only will need a Vendor ID:
http://fidoalliance.org/vendor-id-request/
Complete Self-Conformance Testing at least two weeks prior to
interoperability event.
Elect to Participate in Pre-Testing in the two weeks prior to the
interoperability event (recommended)
Register for and attend the next interoperability event:
https://fidoalliance.org/interop-registration/
Next Interoperability Event Host: Seoul, S. Korea, 12-15 November 2018
(Location TBD). Registration is open.
25. All Rights Reserved | FIDO Alliance | Copyright 201825
GETTING STARTED – BIOMETRIC CERTIFICATION
Apply for Biometric component certification
• Request an account: https://fidoalliance.org/certification/certification-
account-request/
Select an Accredited Biometric Lab and agree to terms for testing
• Biometric Accredited Lab list:
https://fidoalliance.org/fido-accredited-biometric-laboratories/
26. All Rights Reserved | FIDO Alliance | Copyright 201826
BIOMETRIC SUBCOMPONENT TESTING
27. FIDO Alliance | All Rights Reserved | Copyright 2018
27
ALLOWED INTEGRATION DOCUMENT
• Developed by vendor and submitted to lab
• Used to document changes necessary to accommodate integration with
authenticator
• Must include explanation of possible software and hardware changes
28. All Rights Reserved | FIDO Alliance | Copyright 201828
TESTING STEP 2: AUTHENTICATOR
29. All Rights Reserved | FIDO Alliance | Copyright 201829
Connect with FIDO
fidoalliance.org