fido certified program: status & futures

All Rights Reserved | FIDO Alliance | Copyright 20171

FIDO Certified Program: Status & Futures

Adam Powers

Technical Director

FIDO Alliance

Certification Goals

• Enable implementations to be identified as officially FIDO certified

• Ensure interoperability between FIDO officially recognized implementations

• Promote the adoption of the FIDO ecosystem

2All Rights Reserved | FIDO Alliance | Copyright 2017

Certification Overview

Available to both members and non-members

Four steps to certification



Deployments are enabled by

100+ 340+ FIDO® Certified products

available today

Certification Growth


TOTAL

343

Apr-15 Jul-15 Sep-15 Dec-15 Mar-16 May-16 Aug-16 Dec-16 May-17

254

89

Korean Market Growth

Most markets seeing healthy growth…

Huge spike in Korean certifications in 2016


9

S5, Mini Alpha Note 4,5 Note

Edge

Tab S,

Tab S2

S6,

S6 EdgeS7,

S7 Edge

Vernee

Thor

Xperia Z5

SO-01H

Xperia Z5

CompactSO-02H

Xperia Z5

PremiumSO-03H

Mate 8

V10 G5 Phab2 Phab2

Pro Plus

Z2, Z2 ProXperia X

Performance

Xperia XZ Xperia X

Compact

SO-02J

All Rights Reserved | FIDO Alliance | Copyright 2017.

Arrows

NX

Arrows

Fit

Arrows

Tab

F-02HF-04HF-04G

F-01H

Aquos ZetaSH-01HSH-03G SH-02J

FIDO Certified Mobile Devices

FIDO Applications on iOS


iPhone 5s iPhone 6, 6+

iPad Air 2, Mini 3

iPhone 6s, 6s+

iPad Mini 4 iPad Pro

Supported iOS Fingerprint Devices

FIDO Certified Tokens

11All Rights Reserved. FIDO Alliance. Copyright 2017


Coming Soon to Certification

New Program Launching Soon: Authenticator Certification Levels

Why authenticator certification?

▸ Verify the protection of FIDO secret keys and user privacy

▸ UAF and U2F authenticators will be eligible

Two authenticator certification levels – L1 & L2

▸ Level 1 – basic security validation for protecting secrets and privacy, performed by FIDO Security Secretariat

▸ Level 2 – lab-based validation of protectionagainst at-scale attacks

▸ Other levels coming soon!13



Level 1 Certification Process

Similar to existing Functional Certification:

▸ Pass test tools

▸ Submit Vendor Questionnaire to FIDO that provides answers about the security and privacy of the implementation

▸ Perform a few additional tests at interop

▸ Submit for Level 1 Certification!


Level 2 Certification Process

Must pass Functional Validation, and also:

▸ Select FIDO Accredited Security Lab

▸ Submit Vendor Questionnaire to lab

▸ Work with lab to validate and / or correct design

▸ Lab submits report to FIDO

▸ Submit for Level 2 Certification!


Launch Plan

Launch!

Trial Period

Issue First Batch of

Certifications

Sunset Period

May 30

Publish Program Policies,

Websites, Accredited Lab

List, and a Marketing

Announcement.May 30 - August 28

90 days to perform Security

Evaluations and answer Vendor

and Accredited Security

Laboratory questions.

August 28

Issue and Announce the

first batch of L1 and L2

Certifications.

November 30, 2018

18 month Sunset Period.

Functional Only is no longer

allowed for Authenticators,

baseline requirement is L1.

Biometric Certification

Why biometric certification?▸ Services and users need to have faith in biometrics

▸ Also verifies the FIDO Privacy Principles

What gets biometric certified?▸ Authenticators

▸ Any kind of biometric:Fingerprint, voice, iris, palm, face

How to get biometric certified?▸ Select an accredited lab

▸ Test biometric with live subjects to meet FAR / FRR

▸ Lab submits test report to FIDO


FIDO Alliance | All Rights Reserved | Copyright 2016

Face

Palm

Iris

Finger

FIDO 2.0 Certification

WebAuthn▸ W3C browser-based authentication

▸ Browser and test tool developmentunderway now!

Client to Authenticator Protocol (CTAP)▸ Based on U2F device transports

Universal Servers*▸ Implement all features of FIDO:

UAF, U2F, WebAuthn


* Formerly refered to as “Gold Servers”

Why Get Certified?

Value of Certification▸ Highest quality products

▸ Market interoperability

▸ Deployment ready

▸ Easily identifiable by buyers

Be a member: ▸ Discounts for members

▸ Early access to draft specifications


Deployments of FIDO Certified

How to reach relying parties:▸ Remember to use your FIDO Certified logo!

▸ Tradeshows, websites, product briefs, etc.

▸ Being a member has its privileges

▸ Connect with RPs at plenaries, networking events, etc.

▸ Certification discounts

▸ Early access to specifications = first mover advantage

▸ Be aware of upcoming requirements for FIDO

▸ For example, NIST 800-63


Confidential

Getting Started

Register for Self-Conformance Test Tool Access : https://fidoalliance.org/test-tool-access-request/

▸ For UAF, you will need to complete both automated and manual testing▸ UAF Authenticators only will need a Vendor ID: http://fidoalliance.org/vendor-id-request/

Complete Self-Conformance Testing at least two weeks prior to interoperability event.

Elect to Participate in Pre-Testing in the two weeks prior to the interoperability event (recommended)

Register for the next interoperability event to be held in June : https://fidoalliance.org/interop-registration/

Registration for June Interop closes on May 24

Next Interoperability Event Host: Synaptics (San Jose, CA)

June 7-8, 2017: UAF

June 8, 2017: U2F


https://fidoalliance.org/test-tool-access-request/

http://fidoalliance.org/vendor-id-request/

https://fidoalliance.org/interop-registration/

Next Steps

Available to both members and non-members

Four steps to certification



Questions?

fido certified program: status & futures

Technology