Girish Mahajan (Editor)

FIDO Alliance

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

The FIDO ("Fast IDentity Online") Alliance is an industry consortium launched in February 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. Nok Nok Labs, PayPal and Lenovo were among the founders.

Contents

Members

By the end of September 2016, FIDO members totaled more than 260, including a Board made up of the Aetna, Alibaba Group, American Express, ARM, Bank of America, BC Card, Broadcom, CrucialTec, Daon, Egis Technology, Feitian, Google, Infineon, Intel, ING, Lenovo, MasterCard, Microsoft, Nok Nok Labs, NTT DoCoMo, NXP Semiconductors, Oberthur Technologies, PayPal, Qualcomm, RSA, Samsung, Synaptics, USAA, Visa, Vasco Data Security and Yubico. A full list of members is available on the official website.

Specifications

FIDO's aim is that its specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near field communication (NFC). The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button. The specifications emphasize a device-centric model. Authentication over the wire happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.

FIDO specifications provide two categories of user experiences. Which one the user experiences depends on whether the user interacts with the Universal Second Factor (U2F) protocol or the Universal Authentication Framework (UAF) protocol. Both FIDO standards define a common interface at the client for the local authentication method that the user exercises. The client can be pre–installed on the operating system or web browser.

Timeline

FIDO v1.0 specifications were announced on December 9, 2014.

On June 30, 2015, the FIDO Alliance released two new protocols that support Bluetooth technology and near field communication (NFC) as transport protocols for U2F.

On November 20, 2015, the FIDO Alliance submitted to the World Wide Web Consortium (W3C) the Web API specification for accessing FIDO 2.0 credentials.

On February 17, 2016, the W3C created the Web Authentication Working Group to define a client-side API that provides strong authentication functionality to Web Applications, based on the FIDO 2.0 Web APIs.

References

FIDO Alliance Wikipedia