FIDO: The Value of Certification

1. Sponsored by:
authenticatecon.com
FIDO: The Value of Certification
Dr. Rae Rivera
October 19, 2021

3. Standardization for
industry
Market
differentiation
Regulatory
requirement
Consumer
protection

5. Conformant
Compliant
Interoperable

7. INDUSTRY
REQUIREMENT
MEETS COMPLIANCE
ASPECTS
VALIDATED IN
MARKET

8. Confidence in product
quality
Security and trust Informed purchases

9. FIDO Certification Programs

10. 10

11. Functional Certification
Conformance Test Validation
• Validates product against
specification
Interoperability
• Validates implementability of
product in the marketplace

12. •
•
•
12

13. 13
Functional
Certification
Security
Evaluation
Authenticator
Certification

14. Vendor
Questionnaire
Test
Procedures
Secretariat or
Lab
Evaluation

15. 15
AUTHENTICATOR SECURITY LEVELS
Level 1
• Basic authenticator security
• Software based solutions
Level 2
• Adds Allowed Restricted Operating Requirement (AROE)
• Increased assurances based on the AROE
Level 3
• All requirements of level 1 and 2, with added assurances related
to hardware protections
• Companion Program required

16. 16

17. 17

18. 18
What is tested?
• False Accept Rate (FAR)
• False Reject Rate (FRR)
• Presentation Attack Detection (PAD)
• Program includes Self-attestation (validated based on vendor test data)
Using a Certified Biometric Subcomponent:
• Optional for Authenticators using a Biometric at L1-L2.
• The Security and Privacy Requirements enforce Biometric Certification of the
biometric at L3 and higher when a biometric is used in the authenticator.
• Once L2+ is finalized Biometric Certification will also be required
• Results in a “FIDO Certified” Authenticator

19. 19

21. “Zero-Touch” onboarding service. To more
securely and automatically onboard and
provision a device on edge hardware, it
only needs to be drop shipped to the point
of installation, connected to the network
and powered up. FDO does the rest. This
zero-touch model simplifies the installer’s
role, reduces costs and eliminates poor
security practices, such as shipping
default passwords.
21

22. 22
Functional
Certification
IoT Security
Evaluation
FDO
Certification

23. 23
Hardware, typically including microcontrollers, microprocessors, mother board,
ICs, physical ports.
Software including (or not) an embedded OS, its firmware, programs, various
applications and most importantly, a FIDO Device Onboarding application/protocol.
Sensors which detect and/or measure events in its operational environment and
send the information to other components
Actuators which are output units that execute decisions based on previously
processed information
Security and Privacy evaluation based on defined threat models and security
profiles

24. 24

25. 25
Combination of digital document image tests and physical document tests
Document image tested performance levels:
• Document false reject rate
• Document false accept rate
• Triaged based on level of fraud/attack (Level A, B, or C)
Physical document tests:
• Genuine document authentication transaction
• Genuine document verification errors
All live testing takes into account the test environment
Conducted at a FIDO Accredited Lab

26. 26 CONFIDENTIAL | © FIDO Alliance 2020

27. 27
Analyze Business Requirements
Validating Business and Technical Requirements
for Implementation
Designing and Implementing Business/Technical
Requirements
Deploying FIDO Authentications Solutions
Educating Others about Authentication

29. Thank you.
Sponsored by: