11. Functional Certification
Conformance Test Validation
• Validates product against
specification
Interoperability
• Validates implementability of
product in the marketplace
15. 15
AUTHENTICATOR SECURITY LEVELS
Level 1
• Basic authenticator security
• Software based solutions
Level 2
• Adds Allowed Restricted Operating Requirement (AROE)
• Increased assurances based on the AROE
Level 3
• All requirements of level 1 and 2, with added assurances related
to hardware protections
• Companion Program required
18. 18
What is tested?
• False Accept Rate (FAR)
• False Reject Rate (FRR)
• Presentation Attack Detection (PAD)
• Program includes Self-attestation (validated based on vendor test data)
Using a Certified Biometric Subcomponent:
• Optional for Authenticators using a Biometric at L1-L2.
• The Security and Privacy Requirements enforce Biometric Certification of the
biometric at L3 and higher when a biometric is used in the authenticator.
• Once L2+ is finalized Biometric Certification will also be required
• Results in a “FIDO Certified” Authenticator
21. “Zero-Touch” onboarding service. To more
securely and automatically onboard and
provision a device on edge hardware, it
only needs to be drop shipped to the point
of installation, connected to the network
and powered up. FDO does the rest. This
zero-touch model simplifies the installer’s
role, reduces costs and eliminates poor
security practices, such as shipping
default passwords.
21
23. 23
Hardware, typically including microcontrollers, microprocessors, mother board,
ICs, physical ports.
Software including (or not) an embedded OS, its firmware, programs, various
applications and most importantly, a FIDO Device Onboarding application/protocol.
Sensors which detect and/or measure events in its operational environment and
send the information to other components
Actuators which are output units that execute decisions based on previously
processed information
Security and Privacy evaluation based on defined threat models and security
profiles
25. 25
Combination of digital document image tests and physical document tests
Document image tested performance levels:
• Document false reject rate
• Document false accept rate
• Triaged based on level of fraud/attack (Level A, B, or C)
Physical document tests:
• Genuine document authentication transaction
• Genuine document verification errors
All live testing takes into account the test environment
Conducted at a FIDO Accredited Lab
27. 27
Analyze Business Requirements
Validating Business and Technical Requirements
for Implementation
Designing and Implementing Business/Technical
Requirements
Deploying FIDO Authentications Solutions
Educating Others about Authentication
Functional Testing –compliant and conformant
Interoperability testing
We are seeing an increase in relying parties requesting products to be FIDO Certified, including specific level requirements to meet RP needs.
Government agencies continue to recognize FIDO Certified products in the market. This is seen internationally within the authentication and identity space.
This is a growing area for FIDO Alliance as we have seen with the Login with FIDO to gain interest and increase awareness of FIDO products in the marketplace.
Available to members and non-members; servers and SDKs
The FIDO Certification Program is intended to certify FIDO authenticators (e.g. UAF, U2F) against FIDO specifications and some additional security requirements.
Level 1 ensures implementations are conformant to the specifications, are interoperable, and meet basic security and privacy considerations. Level 1 is tested by FIDO. Level 2 and above require evaluation and/or testing by a FIDO Accredited Security Laboratory.