FIDO Alliance

The FIDO ("Fast IDentity Online") Alliance is an industry consortium launched in February 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords. PayPal and Lenovo were among the founders.^[1]

Members

By the end of June 2015, FIDO members totaled more than 200, including a board made up of the Alibaba Group, ARM, Bank of America, CrucialTec, Discover Financial Services, Google, Daon, Egis Technology, Intel, ING, Lenovo, MasterCard, Microsoft, Nok Nok Labs, NTT DoCoMo, NXP Semiconductors, Oberthur Technologies, PayPal, Qualcomm, RSA, Samsung, Synaptics, USAA, Visa and Yubico.^[2] A full list of members is available here.^[3]

Specifications

See also: Universal 2nd Factor

FIDO's aim is that its specifications will support a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near field communication (NFC).^[4] The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button.^[5] The specifications emphasize a device-centric model.^[4] Authentication over the wire happens using public-key cryptography.^[4] The user's device registers the user to a server by registering a public key.^[4] To authenticate the user, the device signs a challenge from the server using the private key that it holds.^[4] The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.^[4]

FIDO specifications provide two categories of user experiences.^[5] Which one the user experiences depends on whether the user interacts with the Universal Second Factor (U2F) protocol or the Universal Authentication Framework (UAF) protocol.^[5] Both FIDO standards define a common interface at the client for the local authentication method that the user exercises.^[5] The client can be pre–installed on the operating system or web browser.^[5]

FIDO v1.0 specifications were announced on December 9, 2014.^[6]^[7]

On June 30, 2015, the FIDO Alliance released two new protocols that support Bluetooth technology and near field communication (NFC) as transport protocols for U2F.^[8]

References

↑ "PayPal, Lenovo Launch New Campaign to Kill the Password". MIT Technology Review.
↑ "FIDO Alliance Members". FIDO Alliance.
↑ https://fidoalliance.org/membership/members/
1 2 3 4 5 6 "FIDO Alliance >> Specifications overview". FIDO Alliance.
1 2 3 4 5 "Specifications Overview". FIDO Alliance. Retrieved October 2014.
↑ "FIDO 1.0 Specifications Published and Final". FIDO Alliance. Retrieved December 2014.
↑ "Computerworld, December 10, 2014: "Open authentication spec from FIDO Alliance moves beyond passwords"". Computerworld. Retrieved 10 December 2014.
↑ "eWeek, July 1, 2015: "FIDO Alliance Extends Two-Factor Security Standards to Bluetooth, NFC"". eWeek. Retrieved 1 July 2015.

External links

This article is issued from Wikipedia - version of the Saturday, February 13, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.