Identity
FIDO
Consult our experts. We are happy to support you.
FIDO, short for “Fast IDentity Online”, is a series of authentication standards to help reduce the reliance on passwords.
The FIDO2 and FIDO UAF protocols have established authenticator security goals within the common specification. There are 16 Security Goals (SG) identified by FIDO, 29 Security Measures (SM) that can be implemented to cover the security goals for FIDO authenticators, and 10 Security Requirements are derived to support the Security Measures:
- Authenticator Definition Derived Requirements
- Key Management and Authenticator Security Parameters
- Authenticator’s Test for User Presence and User Verification
- Privacy
- Physical Security, Side Channel Attack Resistance, and Fault Injection Resistance
- Attestation
- Operating Environment
- Self-Tests and Firmware Updates
- Manufacturing and Development
- Operational Guidance
What atsec offers:
atsec China is a FIDO Alliance accredited Level 2 security laboratory, and all other atsec laboratories are authorized, permitting atsec to evaluate the following authenticator products:
- FIDO2: FIDO2 is comprised of the W3C Web Authentication (WebAuthn) and corresponding Client-to-Authenticator Protocols (CTAP) from the FIDO Alliance.
- WebAuthn: WebAuthn defines a standard web API that is being built into browsers and platforms to enable support for FIDO Authentication.
- CTAP2: CTAP2 allows the use of external authenticators (FIDO Security Keys, mobile devices) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a passwordless, second-factor or multi-factor authentication experience.
- CTAP1: Formerly known as “FIDO U2F”, CTAP1 allows the use of existing FIDO U2F devices (such as FIDO Security Keys) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a second-factor experience.
- CTAP1: Formerly known as “FIDO U2F”, CTAP1 allows the use of existing FIDO U2F devices (such as FIDO Security Keys) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a second-factor experience.
- FIDO UAF: FIDO UAF supports a passwordless experience for online service on users’ own devices with local authentication mechanisms such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc.
Authoritative websites:
More information:
Why our services are important to you:
Passwords and other forms of legacy authentication are knowledge-based, a hassle to remember, and easy to phish, harvest, and replay. FIDO helps shift from a knowledge-based authentication scenario to a modern, possession-based and phishing-resistant authentication scenario.
Testing authenticator products against FIDO standards allows vendors to integrate their authenticators into modern and FIDO-enabled online services and provide their users with a flawless authentication experience.
atsec is ready to partner with you to help you understand the requirements of the standard, test your authenticator products, and achieve FIDO certification.
Downloads:
Further information for your certification journey.
Still have questions?
Can’t find what you’re looking for? Let’s talk!
NIST Personal Identity Verification Program (NPIVP) Testing
Through our accreditation as a NIST Personal Identity Verification (PIV) testing laboratory, atsec US offers services related to the NIST PIV program.
eIDAS Trust Service Provider Assessments
The eIDAS Regulation defines requirements for Trust Service Providers (TSP) and their systems providing Qualified Trust Services. atsec is a recognized test laboratory under eIDAS.
Cryptographic Algorithm Testing
Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.
The Information Security Provider
Read Our Latest Blog Articles
Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.
-
Guiding the Way through the World of Cyber Security
Roughly every five years, we refresh our website with a new appearance. As a precursor to our 25th anniversary in January 2025, we are thrilled to show the world our stylish, modern look. It is atsec’s firm belief that effective security assurance can only truly be accomplished when…
-
First SP800-140Br1 Compliant FIPS 140-3 Certificates
On July 11th, 2024, the first three FIPS 140-3 certificates for NIST’s SP800-140Br1 pilot program were posted on the NIST website. atsec information security was one of the labs that took part in the pilot program. SP 800-140Br1 specifies modifications of the methods to be used by a…
-
atsec has become an official GSMA member
atsec has become an official GSMA member. The GSMA represents the interests of mobile operators worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent…