SlideShare una empresa de Scribd logo

FIDO Certified Program: The Value of Certification

FIDO Alliance
FIDO Alliance

A look at FIDO Certification program, including functional, authenticator and biometric; the value of certification for relaying parties and vendors, and how to get started.

Tecnología
1 de 26
Descargar para leer sin conexión
All Rights Reserved | FIDO Alliance | Copyright 2018 FIDO Certified Program Value of Certification ®
2 FIDO Certification Programs Functional Authenticator Biometric
FUNCTIONAL CERTIFICATION • Available to members and non-members • Measures compliance among products and services that support FIDO specifications • Validates interoperability within the ecosystem • Certify products such as authenticators, servers, clients, and combos All Rights Reserved | FIDO Alliance | Copyright 2018
All Rights Reserved | FIDO Alliance | Copyright 20184 INTEROP TESTING OVERVIEW • Existing Process – Interop Testing Events • Interop every 90 days • Plan ahead! May impact product schedules… • New Process – On Demand Testing • Pick your testing date from a calendar • Servers: remote / virtual testing • Authenticators: ship device or in-person testing • Convenience and fast turn-around FIOD Testing Virtual Shipped In-Person Interop Events
All Rights Reserved | FIDO Alliance | Copyright 20185 FIDO AUTHENTICATOR CERTIFICATION • The FIDO Authenticator Certification Program validates that Authenticators conform to the FIDO specifications (UAF/U2F/FIDO2) and allows vendors to certify the security characteristics of their implementations • After completing certification, vendors may use the FIDO logo on their products
All Rights Reserved | FIDO Alliance | Copyright 20186 AUTHENTICATOR LEVELS PICTORIAL NOTE: For Authenticators that use a biometric the Biometric Certification is required at L2+ and higher.
All Rights Reserved | FIDO Alliance | Copyright 20187 SECURITY EVALUATION Level 3rd Party Lab Work Required Evaluation Style L1 None – evaluation is solely by FIDO Alliance Security Secretariat • System design review L1+ (preliminary) Vendor must hire a FIDO-approved lab • System design review • Code review • SW penetration test / attack potential calculation L2 Vendor must hire a FIDO-approved lab • System design review L2+ (preliminary) Vendor must hire a FIDO-approved lab1 • System design review • Code review • SW penetration test / attack potential calculation L3 Vendor must hire a FIDO-approved lab1 • System design review • Code review • HW penetration test / attack potential calculation L3+ Vendor must hire a FIDO-approved lab1 • System design review • Code review • HW penetration test / attack potential calculation 1 At level L2+ and higher, it should usually be the case that the platform HW and SW have already been certified and the FIDO vendor will only need to certify the FIDO-specific requirements (e.g. the authenticator is running on an already-certified TEE, Secure Element…)
All Rights Reserved | FIDO Alliance | Copyright 20188 NEW COMPANION PROGRAM • Companion Programs are independent testing programs which FIDO partners with to lessen the certification burden • Example: Common Criteria or ISO/IEC 15408 • The vendor uses a FIDO created mapping document that maps program requirements from companion program to FIDO security requirements • The authenticator is evaluated on the delta requirements only • Companion Programs are currently required for Authenticator Security levels 3 and 3+ More information can be found on the FIDO Alliance website: https://fidoalliance.org/fido-authenticator-certification-companion- program/
FIDO Alliance | All Rights Reserved | Copyright 20189 CHANGES AFTER INITIAL CERTIFICATION Delta Certification is a process to verify that a Certified implementation still meets requirements for the following cases: • Product upgrades • Version upgrade • Level downgrades • Security vulnerability • Post suspension
All Rights Reserved | FIDO Alliance | Copyright 201810 CHANGES AFTER INITIAL CERTIFICATION Derivative Certification: • Products or services that rely upon existing Certified implementations for conformance with FIDO specifications • A Derivative implementation may not modify, expand, or remove FIDO functionality from the Certified implementation on which it is based
FIDO Alliance | All Rights Reserved | Copyright 201811 FIDO BIOMETRIC CERTIFICATION The FIDO Biometric Certification Program is intended to certify biometric components and/or subsystems and is independent from Authenticator Certification Program
All Rights Reserved | FIDO Alliance | Copyright 201812 BIOMETRIC AND AUTHENTICATOR CERTIFICATION Using a Certified Biometric Subcomponent: • Optional for Authenticators using a Biometric at L1-L2. • The Security Requirements enforce Biometric Certification of the biometric at L3 and higher when a biometric is used in the authenticator. • Once L2+ is finalized Biometric Certification will also be required • Results in a “FIDO Certified” Authenticator
FIDO Alliance | All Rights Reserved | Copyright 201813 BIOMETRIC DEFINITIONS • False Accept Rate (FAR): The proportion of verification transactions with wrongful claims of identity that are incorrectly confirmed • The requirement of less than 1:10,000 for the upper bound of a 80% confidence interval • False Reject Rate (FRR): The proportion of verification transactions with truthful claims of identity that are incorrectly denied • the requirement of less than 3:100 for the upper bound of a 80% confidence interval • Impostor Attack Presentation Match Rate (IAPMR): Proportion of presentation attacks in which the target reference is matched • evaluation measures the Impostor Attack Presentation Match Rate for each presentation attack type, as defined in ISO 30107 Part 3
FIDO Alliance | All Rights Reserved | Copyright 201814 SELF-ATTESTATION - OPTIONAL Biometric Requirements: • False Accept Rate (FAR): The vendor SHALL attest to an FAR of [1:25,000 or 1:50,000 or 1:75,000 or 1:100,000] at an FRR of 3% or less. • False Reject Rate (FRR): The vendor SHALL attest to an FRR at no greater than 3% as measured when determining the self-attested FAR. In other words, self attestation for FRR is only possible when self attesting for FAR. NOTE: Self-attestation for FAR and FRR shall be supported by test data and documented in a report submitted to lab from vendor.
15 The Value of FIDO Certification
All Rights Reserved | FIDO Alliance | Copyright 201816 CERTIFICATION VALUE • Enable implementations to be identified as officially FIDO certified • Ensure interoperability between FIDO officially recognized implementations • Promote the adoption of the FIDO ecosystem • Provide RPs with the ability to assess performance requirements for user authenticators • Provide the industry at large with a testing baseline for biometric component performance
All Rights Reserved | FIDO Alliance | Copyright 201817 FIDO CERTIFIED ECOSYSTEM (SAMPLE) PHONES & PCs Over 480 FIDO Certified Solutions Available Today SECURITY KEYS CLOUD/SERVER SOLUTIONS
All Rights Reserved | FIDO Alliance | Copyright 201818 FIDO METADATA SERVICE • Web-based tool where FIDO authenticator vendors can publish metadata statements for FIDO servers to download • Provides organizations deploying FIDO servers with a centralized and trusted source of information about FIDO authenticators • Validate the integrity of a device population by periodically downloading a digitally signed metadata to verify individual metadata statements
19 Getting Started
All Rights Reserved | FIDO Alliance | Copyright 201620 GETTING STARTED: FUNCTIONAL CERTIFICATION Register for Self-Conformance Test Tool Access : https://fidoalliance.org/test-tool-access-request/ • For UAF, you will need to complete both automated and manual testing • UAF Authenticators only will need a Vendor ID: http://fidoalliance.org/vendor-id-request/ Complete Self-Conformance Testing at least two weeks prior to interoperability event. Elect to Participate in Pre-Testing in the two weeks prior to the interoperability event (recommended) Register for and attend the next interoperability event: https://fidoalliance.org/interop-registration/ Next Interoperability Event Host: Seoul, S. Korea, 12-15 November 2018 (Location TBD). Registration is open.
Functional Testing Security Evaluation Certification Issuance Trademark Licensing Agreement Metadata Submission 21 CERTIFICATION PROCESS OVERVIEW FIDO Alliance | All Rights Reserved | Copyright 2018
All Rights Reserved | FIDO Alliance | Copyright 201822 GETTING STARTED – BIOMETRIC CERTIFICATION Apply for Biometric component certification • Request an account: https://fidoalliance.org/certification/certification- account-request/ Select an Accredited Biometric Lab and agree to terms for testing • Biometric Accredited Lab list: https://fidoalliance.org/fido-accredited-biometric-laboratories/
All Rights Reserved | FIDO Alliance | Copyright 201823 BIOMETRIC SUBCOMPONENT TESTING
FIDO Alliance | All Rights Reserved | Copyright 201824 ALLOWED INTEGRATION DOCUMENT • Developed by vendor and submitted to lab • Used to document changes necessary to accommodate integration with authenticator • Must include explanation of possible software and hardware changes
All Rights Reserved | FIDO Alliance | Copyright 201825 TESTING STEP 2: AUTHENTICATOR
All Rights Reserved | FIDO Alliance | Copyright 201826 Connect with FIDO fidoalliance.org

Recomendados

FIDO Biometric Certification Program
FIDO Biometric Certification ProgramFIDO Biometric Certification Program
FIDO Biometric Certification Program
FIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
FIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
FIDO Alliance
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric Authentication
FIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
FIDO Alliance
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO Certification
FIDO Alliance
 

Recomendados

FIDO Biometric Certification Program
FIDO Biometric Certification ProgramFIDO Biometric Certification Program
FIDO Biometric Certification Program
FIDO Alliance
 
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO UAF and PKI in Asia: A Case Study and Recommendations
FIDO Alliance
 
The State of FIDO
The State of FIDOThe State of FIDO
The State of FIDO
FIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
FIDO and Adaptive Authentication
FIDO and Adaptive AuthenticationFIDO and Adaptive Authentication
FIDO and Adaptive Authentication
FIDO Alliance
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric Authentication
FIDO Alliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
FIDO Alliance
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO Certification
FIDO Alliance
 
Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative
FIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
FIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APAC
FIDO Alliance
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
FIDO Alliance
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
FIDO Alliance
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the Enterprise
FIDO Alliance
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
FIDO Alliance
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome Address
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
FIDO Alliance
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
FIDO Alliance
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
FIDO Alliance
 
FIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case StudiesFIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case Studies
FIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
FIDO Alliance
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
FIDO Alliance
 
FIDO: The Value of Certification
FIDO: The Value of CertificationFIDO: The Value of Certification
FIDO: The Value of Certification
FIDO Alliance
 
FIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Certification Program Updates
FIDO Certification Program Updates
FIDO Alliance
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
FIDO Alliance
 

Más contenido relacionado

La actualidad más candente

FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
FIDO Alliance
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the Enterprise
FIDO Alliance
 

La actualidad más candente (20)

Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative Introduction to FIDO's Identity Verification & Binding Initiative
Introduction to FIDO's Identity Verification & Binding Initiative
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
 
Consumer Authentication Trends in APAC
Consumer Authentication Trends in APACConsumer Authentication Trends in APAC
Consumer Authentication Trends in APAC
 
Using FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT DevicesUsing FIDO Authenticator for IoT Devices
Using FIDO Authenticator for IoT Devices
 
FIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile NetworkFIDO Authentication in a Mobile Network
FIDO Authentication in a Mobile Network
 
Webinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the EnterpriseWebinar: Considerations for Deploying FIDO in the Enterprise
Webinar: Considerations for Deploying FIDO in the Enterprise
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
Authenticate 2021: Welcome Address
Authenticate 2021: Welcome AddressAuthenticate 2021: Welcome Address
Authenticate 2021: Welcome Address
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 
Beyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User AuthenticationBeyond Passwords: FIDO and the Future of User Authentication
Beyond Passwords: FIDO and the Future of User Authentication
 
GDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準についてGDPR(一般データ保護規則)とFIDO標準について
GDPR(一般データ保護規則)とFIDO標準について
 
FIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case StudiesFIDO in Action: Real World Development Case Studies
FIDO in Action: Real World Development Case Studies
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Webinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA SessionWebinar: Catch Up with FIDO Plus AMA Session
Webinar: Catch Up with FIDO Plus AMA Session
 
FIDO: The Value of Certification
FIDO: The Value of CertificationFIDO: The Value of Certification
FIDO: The Value of Certification
 

Similar a FIDO Certified Program: The Value of Certification

FIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Certification Program Updates
FIDO Certification Program Updates
FIDO Alliance
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
FIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
FIDO Alliance
 

Similar a FIDO Certified Program: The Value of Certification (20)

FIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Certification Program Updates
FIDO Certification Program Updates
 
Overview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and CertificationsOverview of FIDO Security Requirements and Certifications
Overview of FIDO Security Requirements and Certifications
 
Fido Certification Program Process
Fido Certification Program ProcessFido Certification Program Process
Fido Certification Program Process
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
FIDO Certification
FIDO CertificationFIDO Certification
FIDO Certification
 
FIDO Certified Program: Status & Futures
FIDO Certified Program: Status & FuturesFIDO Certified Program: Status & Futures
FIDO Certified Program: Status & Futures
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 
Integrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation ProtocolsIntegrating FIDO Authentication & Federation Protocols
Integrating FIDO Authentication & Federation Protocols
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
How to Join the Fiware IoT-Ready Programme
How to Join the Fiware IoT-Ready ProgrammeHow to Join the Fiware IoT-Ready Programme
How to Join the Fiware IoT-Ready Programme
 
Becoming an Inflectra Partner
Becoming an Inflectra PartnerBecoming an Inflectra Partner
Becoming an Inflectra Partner
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
4ipnet NFR Program
4ipnet NFR Program4ipnet NFR Program
4ipnet NFR Program
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
FIDO2の概要と最新状況
FIDO2の概要と最新状況FIDO2の概要と最新状況
FIDO2の概要と最新状況
 
WPC - ETA Approval Certification | Best Consultant in India
WPC - ETA Approval Certification | Best Consultant in IndiaWPC - ETA Approval Certification | Best Consultant in India
WPC - ETA Approval Certification | Best Consultant in India
 
Pistoia Alliance European Conference 2015 - Stuart Robertson / Exostar
Pistoia Alliance European Conference 2015 - Stuart Robertson / ExostarPistoia Alliance European Conference 2015 - Stuart Robertson / Exostar
Pistoia Alliance European Conference 2015 - Stuart Robertson / Exostar
 

Más de FIDO Alliance

Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
FIDO Alliance
 

Más de FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

FIDO Certified Program: The Value of Certification

  • 1. All Rights Reserved | FIDO Alliance | Copyright 2018 FIDO Certified Program Value of Certification ®
  • 3. FUNCTIONAL CERTIFICATION • Available to members and non-members • Measures compliance among products and services that support FIDO specifications • Validates interoperability within the ecosystem • Certify products such as authenticators, servers, clients, and combos All Rights Reserved | FIDO Alliance | Copyright 2018
  • 4. All Rights Reserved | FIDO Alliance | Copyright 20184 INTEROP TESTING OVERVIEW • Existing Process – Interop Testing Events • Interop every 90 days • Plan ahead! May impact product schedules… • New Process – On Demand Testing • Pick your testing date from a calendar • Servers: remote / virtual testing • Authenticators: ship device or in-person testing • Convenience and fast turn-around FIOD Testing Virtual Shipped In-Person Interop Events
  • 5. All Rights Reserved | FIDO Alliance | Copyright 20185 FIDO AUTHENTICATOR CERTIFICATION • The FIDO Authenticator Certification Program validates that Authenticators conform to the FIDO specifications (UAF/U2F/FIDO2) and allows vendors to certify the security characteristics of their implementations • After completing certification, vendors may use the FIDO logo on their products
  • 6. All Rights Reserved | FIDO Alliance | Copyright 20186 AUTHENTICATOR LEVELS PICTORIAL NOTE: For Authenticators that use a biometric the Biometric Certification is required at L2+ and higher.
  • 7. All Rights Reserved | FIDO Alliance | Copyright 20187 SECURITY EVALUATION Level 3rd Party Lab Work Required Evaluation Style L1 None – evaluation is solely by FIDO Alliance Security Secretariat • System design review L1+ (preliminary) Vendor must hire a FIDO-approved lab • System design review • Code review • SW penetration test / attack potential calculation L2 Vendor must hire a FIDO-approved lab • System design review L2+ (preliminary) Vendor must hire a FIDO-approved lab1 • System design review • Code review • SW penetration test / attack potential calculation L3 Vendor must hire a FIDO-approved lab1 • System design review • Code review • HW penetration test / attack potential calculation L3+ Vendor must hire a FIDO-approved lab1 • System design review • Code review • HW penetration test / attack potential calculation 1 At level L2+ and higher, it should usually be the case that the platform HW and SW have already been certified and the FIDO vendor will only need to certify the FIDO-specific requirements (e.g. the authenticator is running on an already-certified TEE, Secure Element…)
  • 8. All Rights Reserved | FIDO Alliance | Copyright 20188 NEW COMPANION PROGRAM • Companion Programs are independent testing programs which FIDO partners with to lessen the certification burden • Example: Common Criteria or ISO/IEC 15408 • The vendor uses a FIDO created mapping document that maps program requirements from companion program to FIDO security requirements • The authenticator is evaluated on the delta requirements only • Companion Programs are currently required for Authenticator Security levels 3 and 3+ More information can be found on the FIDO Alliance website: https://fidoalliance.org/fido-authenticator-certification-companion- program/
  • 9. FIDO Alliance | All Rights Reserved | Copyright 20189 CHANGES AFTER INITIAL CERTIFICATION Delta Certification is a process to verify that a Certified implementation still meets requirements for the following cases: • Product upgrades • Version upgrade • Level downgrades • Security vulnerability • Post suspension
  • 10. All Rights Reserved | FIDO Alliance | Copyright 201810 CHANGES AFTER INITIAL CERTIFICATION Derivative Certification: • Products or services that rely upon existing Certified implementations for conformance with FIDO specifications • A Derivative implementation may not modify, expand, or remove FIDO functionality from the Certified implementation on which it is based
  • 11. FIDO Alliance | All Rights Reserved | Copyright 201811 FIDO BIOMETRIC CERTIFICATION The FIDO Biometric Certification Program is intended to certify biometric components and/or subsystems and is independent from Authenticator Certification Program
  • 12. All Rights Reserved | FIDO Alliance | Copyright 201812 BIOMETRIC AND AUTHENTICATOR CERTIFICATION Using a Certified Biometric Subcomponent: • Optional for Authenticators using a Biometric at L1-L2. • The Security Requirements enforce Biometric Certification of the biometric at L3 and higher when a biometric is used in the authenticator. • Once L2+ is finalized Biometric Certification will also be required • Results in a “FIDO Certified” Authenticator
  • 13. FIDO Alliance | All Rights Reserved | Copyright 201813 BIOMETRIC DEFINITIONS • False Accept Rate (FAR): The proportion of verification transactions with wrongful claims of identity that are incorrectly confirmed • The requirement of less than 1:10,000 for the upper bound of a 80% confidence interval • False Reject Rate (FRR): The proportion of verification transactions with truthful claims of identity that are incorrectly denied • the requirement of less than 3:100 for the upper bound of a 80% confidence interval • Impostor Attack Presentation Match Rate (IAPMR): Proportion of presentation attacks in which the target reference is matched • evaluation measures the Impostor Attack Presentation Match Rate for each presentation attack type, as defined in ISO 30107 Part 3
  • 14. FIDO Alliance | All Rights Reserved | Copyright 201814 SELF-ATTESTATION - OPTIONAL Biometric Requirements: • False Accept Rate (FAR): The vendor SHALL attest to an FAR of [1:25,000 or 1:50,000 or 1:75,000 or 1:100,000] at an FRR of 3% or less. • False Reject Rate (FRR): The vendor SHALL attest to an FRR at no greater than 3% as measured when determining the self-attested FAR. In other words, self attestation for FRR is only possible when self attesting for FAR. NOTE: Self-attestation for FAR and FRR shall be supported by test data and documented in a report submitted to lab from vendor.
  • 15. 15 The Value of FIDO Certification
  • 16. All Rights Reserved | FIDO Alliance | Copyright 201816 CERTIFICATION VALUE • Enable implementations to be identified as officially FIDO certified • Ensure interoperability between FIDO officially recognized implementations • Promote the adoption of the FIDO ecosystem • Provide RPs with the ability to assess performance requirements for user authenticators • Provide the industry at large with a testing baseline for biometric component performance
  • 17. All Rights Reserved | FIDO Alliance | Copyright 201817 FIDO CERTIFIED ECOSYSTEM (SAMPLE) PHONES & PCs Over 480 FIDO Certified Solutions Available Today SECURITY KEYS CLOUD/SERVER SOLUTIONS
  • 18. All Rights Reserved | FIDO Alliance | Copyright 201818 FIDO METADATA SERVICE • Web-based tool where FIDO authenticator vendors can publish metadata statements for FIDO servers to download • Provides organizations deploying FIDO servers with a centralized and trusted source of information about FIDO authenticators • Validate the integrity of a device population by periodically downloading a digitally signed metadata to verify individual metadata statements
  • 20. All Rights Reserved | FIDO Alliance | Copyright 201620 GETTING STARTED: FUNCTIONAL CERTIFICATION Register for Self-Conformance Test Tool Access : https://fidoalliance.org/test-tool-access-request/ • For UAF, you will need to complete both automated and manual testing • UAF Authenticators only will need a Vendor ID: http://fidoalliance.org/vendor-id-request/ Complete Self-Conformance Testing at least two weeks prior to interoperability event. Elect to Participate in Pre-Testing in the two weeks prior to the interoperability event (recommended) Register for and attend the next interoperability event: https://fidoalliance.org/interop-registration/ Next Interoperability Event Host: Seoul, S. Korea, 12-15 November 2018 (Location TBD). Registration is open.
  • 22. All Rights Reserved | FIDO Alliance | Copyright 201822 GETTING STARTED – BIOMETRIC CERTIFICATION Apply for Biometric component certification • Request an account: https://fidoalliance.org/certification/certification- account-request/ Select an Accredited Biometric Lab and agree to terms for testing • Biometric Accredited Lab list: https://fidoalliance.org/fido-accredited-biometric-laboratories/
  • 23. All Rights Reserved | FIDO Alliance | Copyright 201823 BIOMETRIC SUBCOMPONENT TESTING
  • 24. FIDO Alliance | All Rights Reserved | Copyright 201824 ALLOWED INTEGRATION DOCUMENT • Developed by vendor and submitted to lab • Used to document changes necessary to accommodate integration with authenticator • Must include explanation of possible software and hardware changes
  • 25. All Rights Reserved | FIDO Alliance | Copyright 201825 TESTING STEP 2: AUTHENTICATOR
  • 26. All Rights Reserved | FIDO Alliance | Copyright 201826 Connect with FIDO fidoalliance.org