fido certified program: status & futures
TRANSCRIPT
All Rights Reserved | FIDO Alliance | Copyright 20171
FIDO Certified Program: Status & Futures
Adam Powers
Technical Director
FIDO Alliance
Certification Goals
• Enable implementations to be identified as officially FIDO certified
• Ensure interoperability between FIDO officially recognized implementations
• Promote the adoption of the FIDO ecosystem
2All Rights Reserved | FIDO Alliance | Copyright 2017
Certification Overview
Available to both members and non-members
Four steps to certification
3All Rights Reserved | FIDO Alliance | Copyright 2017
4All Rights Reserved | FIDO Alliance | Copyright 2017
Deployments are enabled by
100+ 340+ FIDO® Certified products
available today
Certification Growth
5All Rights Reserved | FIDO Alliance | Copyright 2017
TOTAL
343
Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16 Dec-16 May-17
254
89
Korean Market Growth
Most markets seeing healthy growth…
Huge spike in Korean certifications in 2016
6All Rights Reserved | FIDO Alliance | Copyright 2016
9
S5, Mini Alpha Note 4,5 Note
Edge
Tab S,
Tab S2
S6,
S6 EdgeS7,
S7 Edge
Vernee
Thor
Xperia Z5
SO-01H
Xperia Z5
CompactSO-02H
Xperia Z5
PremiumSO-03H
Mate 8
V10 G5 Phab2 Phab2
Pro Plus
Z2, Z2 ProXperia X
Performance
Xperia XZ Xperia X
Compact
SO-02J
All Rights Reserved | FIDO Alliance | Copyright 2017.
Arrows
NX
Arrows
Fit
Arrows
Tab
F-02HF-04HF-04G
F-01H
Aquos ZetaSH-01HSH-03G SH-02J
FIDO Certified Mobile Devices
FIDO Applications on iOS
10All Rights Reserved | FIDO Alliance | Copyright 2017
iPhone 5s iPhone 6, 6+
iPad Air 2, Mini 3
iPhone 6s, 6s+
iPad Mini 4 iPad Pro
Supported iOS Fingerprint Devices
New Program Launching Soon: Authenticator Certification Levels
Why authenticator certification?
▸ Verify the protection of FIDO secret keys and user privacy
▸ UAF and U2F authenticators will be eligible
Two authenticator certification levels – L1 & L2
▸ Level 1 – basic security validation for protecting secrets and privacy, performed by FIDO Security Secretariat
▸ Level 2 – lab-based validation of protectionagainst at-scale attacks
▸ Other levels coming soon!13
All Rights Reserved | FIDO Alliance | Copyright 2017
All Rights Reserved | FIDO Alliance | Copyright 201714
Level 1 Certification Process
Similar to existing Functional Certification:
▸ Pass test tools
▸ Submit Vendor Questionnaire to FIDO that provides answers about the security and privacy of the implementation
▸ Perform a few additional tests at interop
▸ Submit for Level 1 Certification!
All Rights Reserved | FIDO Alliance | Copyright 201715
Level 2 Certification Process
Must pass Functional Validation, and also:
▸ Select FIDO Accredited Security Lab
▸ Submit Vendor Questionnaire to lab
▸ Work with lab to validate and / or correct design
▸ Lab submits report to FIDO
▸ Submit for Level 2 Certification!
All Rights Reserved | FIDO Alliance | Copyright 201716
Launch Plan
Launch!
Trial Period
Issue First Batch of
Certifications
Sunset Period
May 30
Publish Program Policies,
Websites, Accredited Lab
List, and a Marketing
Announcement.May 30 - August 28
90 days to perform Security
Evaluations and answer Vendor
and Accredited Security
Laboratory questions.
August 28
Issue and Announce the
first batch of L1 and L2
Certifications.
November 30, 2018
18 month Sunset Period.
Functional Only is no longer
allowed for Authenticators,
baseline requirement is L1.
Biometric Certification
Why biometric certification?▸ Services and users need to have faith in biometrics
▸ Also verifies the FIDO Privacy Principles
What gets biometric certified?▸ Authenticators
▸ Any kind of biometric:Fingerprint, voice, iris, palm, face
How to get biometric certified?▸ Select an accredited lab
▸ Test biometric with live subjects to meet FAR / FRR
▸ Lab submits test report to FIDO
17All Rights Reserved | FIDO Alliance | Copyright 2016
FIDO Alliance | All Rights Reserved | Copyright 2016
Face
Palm
Iris
Finger
FIDO 2.0 Certification
WebAuthn▸ W3C browser-based authentication
▸ Browser and test tool developmentunderway now!
Client to Authenticator Protocol (CTAP)▸ Based on U2F device transports
Universal Servers*▸ Implement all features of FIDO:
UAF, U2F, WebAuthn
18All Rights Reserved | FIDO Alliance | Copyright 2016
* Formerly refered to as “Gold Servers”
Why Get Certified?
Value of Certification▸ Highest quality products
▸ Market interoperability
▸ Deployment ready
▸ Easily identifiable by buyers
Be a member: ▸ Discounts for members
▸ Early access to draft specifications
21FIDO Alliance | All Rights Reserved | Copyright 2016
Deployments of FIDO Certified
How to reach relying parties:▸ Remember to use your FIDO Certified logo!
▸ Tradeshows, websites, product briefs, etc.
▸ Being a member has its privileges
▸ Connect with RPs at plenaries, networking events, etc.
▸ Certification discounts
▸ Early access to specifications = first mover advantage
▸ Be aware of upcoming requirements for FIDO
▸ For example, NIST 800-63
22FIDO Alliance | All Rights Reserved | Copyright 2016
Confidential
Getting Started
Register for Self-Conformance Test Tool Access : https://fidoalliance.org/test-tool-access-request/
▸ For UAF, you will need to complete both automated and manual testing▸ UAF Authenticators only will need a Vendor ID: http://fidoalliance.org/vendor-id-request/
Complete Self-Conformance Testing at least two weeks prior to interoperability event.
Elect to Participate in Pre-Testing in the two weeks prior to the interoperability event (recommended)
Register for the next interoperability event to be held in June : https://fidoalliance.org/interop-registration/
Registration for June Interop closes on May 24
Next Interoperability Event Host: Synaptics (San Jose, CA)
June 7-8, 2017: UAF
June 8, 2017: U2F
23FIDO Alliance | All Rights Reserved | Copyright 2016
Next Steps
Available to both members and non-members
Four steps to certification
24All Rights Reserved | FIDO Alliance | Copyright 2016