FIDO (Fast Identity Online)

FIDO is a series of specifications of information system security for a strong authentication process and is an agnostic technology that has interoperability on various systems. FIDO was developed by FIDO Alliance, a non-profit organization that strives to standardize the authentication process on client and protocol layers. The FIDO specification supports multifactor authentication (MFA) and public key cryptography. Unlike database passwords, FIDO stores Personally Identifying Information (PII) or personally identifiable information, such as biometric authentication data, which is located locally on the user’s device to protect it.

FIDO biometrics and other personal identifications stored locally are intended to address user concerns about personal data stored on external servers in the cloud. Biometric scanners are tools that use biometric data to identify individuals based on their measurement of physiological characteristics. These physiological characteristics provide the ability to control and protect the integrity of sensitive data stored in information systems. Biometrics is a computerized method that uses aspects of biology, especially the unique characteristics possessed by humans. Biometric data that may be used include fingerprints, retina, iris recognition, face recognition, DNA, palm print, hand geometry and arteries (palm veins).

By abstracting the implementation of the protocol with Application Programming Interfaces (API), FIDO also reduces the workload required by application developers to create secure logins for mobile clients that run on different operating systems (OS) on various types of hardware. FIDO supports the Universal Authentication Framework (UAF) protocol and the Universal Second Factor (U2F) protocol. In the UAF protocol, the client device will create a new key pair during registration with an online service and maintain a private key (private key); while the public key is registered with an online service. During the authentication process, the client device must prove ownership of its private key to the service in several ways, which of course are user-friendly actions such as fingerprinting, entering a PIN, taking a selfie, or talking to a microphone.

In the U2F protocol, the authentication process requires a strong second factor such as connecting Near Field Communication (NFC) or with a USB security token. Users are asked to enter and touch their personal U2F protocol device during the login process. FIDO-capable user devices create a new key pair, and the public key is shared with online services and is associated with the user’s account. The service can then authenticate the user by requesting that the registered device sign a challenge with the private key.

Recommended Posts