A look at FIDO Certification program, including functional, authenticator and biometric; the value of certification for relaying parties and vendors, and how to get started.
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
Introduction to FIDO Biometric AuthenticationFIDO Alliance
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
FIDO UAF and PKI in Asia: A Case Study and RecommendationsFIDO Alliance
This paper depicts three possible scenarios for integrating FIDO UAF and public key infrastructure (PKI) in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
Introduction to FIDO Biometric AuthenticationFIDO Alliance
The model of password authentication is broken. FIDO is a new approach to authentication, including a modality for biometric authentication. Learn about the specification and the clear benefits of adding FIDO Authentication to Device APIs.
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
Speaker: Rob Carter, Director, Product Development and Innovation, Mastercard
Speaker: Parker Crockford, Director of Policy & Strategic Accounts, Onfido
Speaker and Moderator: Andrew Shikiar, Executive Director and CMO, FIDO Alliance
The General Data Protection Regulation (GDPR) come into effect earlier this year, ushering in the most significant change to European data protection laws in twenty years. The regulation impacts not only impact firms resident in the European Union (EU), but around the world, as any organization doing business with EU citizens must comply with the regulation.
FIDO Alliance standards were created from the outset with a “privacy by design” approach and are a strong fit for GDPR compliance. Crucially, FIDO delivers authentication with no third-party involvement or tracking between accounts and services. And when it comes to biometrics, FIDO standards prevent this information from being stored and matched in servers – it never leaves the user’s device – and FIDO(R) Certified devices do not allow for any biometric data to be captured.
This presentation includes:
- Key GDPR considerations when deploying strong authentication
- Where FIDO Authentication relates to GDPR articles on data protection, consent of data subject and data subject rights
- How FIDO can help your organization meet GDPR requirements
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO manages functional certification programs for its core specifications (UAF, U2F and FIDO2) to ensure product interoperability, and more recently has introduced programs to delineate security capabilities of FIDO Certified Authenticators, and also to test and validate the efficacy of biometric components.
These slides explain how to:
- Learn how to take part in the FIDO Certified program and/or what to consider when licensing FIDO Certified solutions
- Understand how FIDO’s new biometric certification program (a first of its kind in the industry) will help inform the marketplace on the accuracy of various biometric authentication components
- See how FIDO’s Certified Authenticator Levels will help deploying organizations specify and support specific security capabilities and requirements for their end users
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
Overview of FIDO Security Requirements and Certifications by Laurence Lundblade, Docomo Innovations
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
Introduction to FIDO's Identity Verification & Binding Initiative FIDO Alliance
Speaker: Rob Carter, Director, Product Development and Innovation, Mastercard
Speaker: Parker Crockford, Director of Policy & Strategic Accounts, Onfido
Speaker and Moderator: Andrew Shikiar, Executive Director and CMO, FIDO Alliance
The General Data Protection Regulation (GDPR) come into effect earlier this year, ushering in the most significant change to European data protection laws in twenty years. The regulation impacts not only impact firms resident in the European Union (EU), but around the world, as any organization doing business with EU citizens must comply with the regulation.
FIDO Alliance standards were created from the outset with a “privacy by design” approach and are a strong fit for GDPR compliance. Crucially, FIDO delivers authentication with no third-party involvement or tracking between accounts and services. And when it comes to biometrics, FIDO standards prevent this information from being stored and matched in servers – it never leaves the user’s device – and FIDO(R) Certified devices do not allow for any biometric data to be captured.
This presentation includes:
- Key GDPR considerations when deploying strong authentication
- Where FIDO Authentication relates to GDPR articles on data protection, consent of data subject and data subject rights
- How FIDO can help your organization meet GDPR requirements
Webinar: Considerations for Deploying FIDO in the EnterpriseFIDO Alliance
Passwords are archaic, and a danger to enterprise security. Now the accepted standard for multi-factor authentication (MFA), FIDO Authentication can be deployed in the enterprise for easier and secure access to corporate networks, applications, and workstations. Organizations that adopt FIDO will experience profound improvements in security, helpdesk costs, user experience, and productivity. But where to start? Attend this webinar to learn about considerations for deploying FIDO in the enterprise, including how to gradually rollout FIDO authentication and select the right authenticators and the right server policies for the right user cases. This webinar will provide essential education for any organization that wants to get started on eliminating passwords and securing the simple act of logging on within their company.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Webinar: Catch Up with FIDO Plus AMA SessionFIDO Alliance
The FIDO Alliance's goal is for the whole world to move away from usernames, passwords, and traditional MFA to a simpler and stronger way to log in with FIDO! Here's a look at the past year’s progress and what's happening next.
FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO manages functional certification programs for its core specifications (UAF, U2F and FIDO2) to ensure product interoperability, and more recently has introduced programs to delineate security capabilities of FIDO Certified Authenticators, and also to test and validate the efficacy of biometric components.
These slides explain how to:
- Learn how to take part in the FIDO Certified program and/or what to consider when licensing FIDO Certified solutions
- Understand how FIDO’s new biometric certification program (a first of its kind in the industry) will help inform the marketplace on the accuracy of various biometric authentication components
- See how FIDO’s Certified Authenticator Levels will help deploying organizations specify and support specific security capabilities and requirements for their end users
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
Overview of FIDO Security Requirements and Certifications by Laurence Lundblade, Docomo Innovations
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
Use this presentation to learn about FIDO's certification process.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
In just over one year, the FIDO Certified Program has tested and certified more than 200 implementations of the FIDO specifications. There is strong interest and momentum in the market for FIDO Certified products — including FIDO’s new BLE certification, which for the first time brings FIDO technology to wearables and other emerging form factors.
These slides include information about:
- An overview of the program, including updates on newly available certification methodologies,
- Some of the latest and greatest FIDO Certified solutions on the marketplace, and gain an understanding of how products get started through the FIDO Certification process, and also will understand the benefits of deploying FIDO Certified authentication solutions.
Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
How to Join the Fiware IoT-Ready Programme presentation, by Jose Manuel Ruiz Giráldez (AT4 Wireless).
How-to sessions. Certification of IoT Services. 1st FIWARE Summit, Málaga, Dec. 13-15, 2016.
This presentation provides information on Inflectra, our product suite and our partnership programs, including sales affiliate, solution provider, reseller, and hosting partner.
Generating and Closing of Sales Opportunities with 4ipnet Demo Equipment
Access to demo equipment provides partners with the opportunity to showcase 4ipnet products to customers. The 4ipnet Not-for-Resale (NFR) Program provides one-time specially discounted demo equipment for marketing, demonstration labs, testing or showroom facilities, and customer settings for evaluation purposes.
WPC - ETA Approval Certification | Best Consultant in IndiaBrand Liaison
WPC/ETA stands for Wireless Planning and
Coordination (WPC) Equipment Type Approval.
It's a mandatory certification process in India for
certain wireless devices before they can be
imported, sold, or used in the country.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
3. FUNCTIONAL CERTIFICATION
• Available to members and non-members
• Measures compliance among products and services
that support FIDO specifications
• Validates interoperability within the ecosystem
• Certify products such as authenticators, servers,
clients, and combos
All Rights Reserved | FIDO Alliance | Copyright 2018
4. All Rights Reserved | FIDO Alliance | Copyright 20184
INTEROP TESTING OVERVIEW
• Existing Process – Interop Testing Events
• Interop every 90 days
• Plan ahead! May impact product schedules…
• New Process – On Demand Testing
• Pick your testing date from a calendar
• Servers: remote / virtual testing
• Authenticators: ship device or in-person testing
• Convenience and fast turn-around
FIOD
Testing
Virtual
Shipped
In-Person
Interop Events
5. All Rights Reserved | FIDO Alliance | Copyright 20185
FIDO AUTHENTICATOR CERTIFICATION
• The FIDO Authenticator Certification
Program validates that Authenticators
conform to the FIDO specifications
(UAF/U2F/FIDO2) and allows vendors to
certify the security characteristics of their
implementations
• After completing certification, vendors may
use the FIDO logo on their products
6. All Rights Reserved | FIDO Alliance | Copyright 20186
AUTHENTICATOR LEVELS PICTORIAL
NOTE: For Authenticators that use a biometric the Biometric Certification is required at L2+ and higher.
7. All Rights Reserved | FIDO Alliance | Copyright 20187
SECURITY EVALUATION
Level 3rd Party Lab Work Required Evaluation Style
L1 None – evaluation is solely by FIDO Alliance
Security Secretariat
• System design review
L1+
(preliminary)
Vendor must hire a FIDO-approved lab • System design review
• Code review
• SW penetration test / attack potential calculation
L2 Vendor must hire a FIDO-approved lab • System design review
L2+
(preliminary)
Vendor must hire a FIDO-approved lab1 • System design review
• Code review
• SW penetration test / attack potential calculation
L3 Vendor must hire a FIDO-approved lab1 • System design review
• Code review
• HW penetration test / attack potential calculation
L3+ Vendor must hire a FIDO-approved lab1 • System design review
• Code review
• HW penetration test / attack potential calculation
1 At level L2+ and higher, it should usually be the case that the platform HW and SW have already been certified and the FIDO vendor will only
need to certify the FIDO-specific requirements (e.g. the authenticator is running on an already-certified TEE, Secure Element…)
8. All Rights Reserved | FIDO Alliance | Copyright 20188
NEW COMPANION PROGRAM
• Companion Programs are independent testing programs which FIDO
partners with to lessen the certification burden
• Example: Common Criteria or ISO/IEC 15408
• The vendor uses a FIDO created mapping document that maps program
requirements from companion program to FIDO security requirements
• The authenticator is evaluated on the delta requirements only
• Companion Programs are currently required for Authenticator Security
levels 3 and 3+
More information can be found on the FIDO Alliance website:
https://fidoalliance.org/fido-authenticator-certification-companion-
program/
9. FIDO Alliance | All Rights Reserved | Copyright 20189
CHANGES AFTER INITIAL CERTIFICATION
Delta Certification is a process to verify that a Certified
implementation still meets requirements for the following
cases:
• Product upgrades
• Version upgrade
• Level downgrades
• Security vulnerability
• Post suspension
10. All Rights Reserved | FIDO Alliance | Copyright 201810
CHANGES AFTER INITIAL CERTIFICATION
Derivative Certification:
• Products or services that rely upon existing Certified
implementations for conformance with FIDO specifications
• A Derivative implementation may not modify, expand, or
remove FIDO functionality from the Certified
implementation on which it is based
11. FIDO Alliance | All Rights Reserved | Copyright 201811
FIDO BIOMETRIC CERTIFICATION
The FIDO Biometric Certification
Program is intended to certify biometric
components and/or subsystems and is
independent from Authenticator
Certification Program
12. All Rights Reserved | FIDO Alliance | Copyright 201812
BIOMETRIC AND AUTHENTICATOR CERTIFICATION
Using a Certified Biometric Subcomponent:
• Optional for Authenticators using a Biometric at L1-L2.
• The Security Requirements enforce Biometric Certification of the
biometric at L3 and higher when a biometric is used in the
authenticator.
• Once L2+ is finalized Biometric Certification will also be required
• Results in a “FIDO Certified” Authenticator
13. FIDO Alliance | All Rights Reserved | Copyright 201813
BIOMETRIC DEFINITIONS
• False Accept Rate (FAR): The proportion of verification transactions with
wrongful claims of identity that are incorrectly confirmed
• The requirement of less than 1:10,000 for the upper bound of a 80% confidence
interval
• False Reject Rate (FRR): The proportion of verification transactions with
truthful claims of identity that are incorrectly denied
• the requirement of less than 3:100 for the upper bound of a 80% confidence
interval
• Impostor Attack Presentation Match Rate (IAPMR): Proportion of
presentation attacks in which the target reference is matched
• evaluation measures the Impostor Attack Presentation Match Rate for each
presentation attack type, as defined in ISO 30107 Part 3
14. FIDO Alliance | All Rights Reserved | Copyright 201814
SELF-ATTESTATION - OPTIONAL
Biometric Requirements:
• False Accept Rate (FAR): The vendor SHALL attest to an FAR of [1:25,000 or
1:50,000 or 1:75,000 or 1:100,000] at an FRR of 3% or less.
• False Reject Rate (FRR): The vendor SHALL attest to an FRR at no greater than 3%
as measured when determining the self-attested FAR. In other words, self
attestation for FRR is only possible when self attesting for FAR.
NOTE: Self-attestation for FAR and FRR shall be supported by test data and
documented in a report submitted to lab from vendor.
16. All Rights Reserved | FIDO Alliance | Copyright 201816
CERTIFICATION VALUE
• Enable implementations to be identified as officially FIDO certified
• Ensure interoperability between FIDO officially recognized
implementations
• Promote the adoption of the FIDO ecosystem
• Provide RPs with the ability to assess performance requirements for
user authenticators
• Provide the industry at large with a testing baseline for biometric
component performance
17. All Rights Reserved | FIDO Alliance | Copyright 201817
FIDO CERTIFIED ECOSYSTEM (SAMPLE)
PHONES & PCs
Over 480 FIDO Certified Solutions Available Today
SECURITY KEYS CLOUD/SERVER SOLUTIONS
18. All Rights Reserved | FIDO Alliance | Copyright 201818
FIDO METADATA SERVICE
• Web-based tool where FIDO authenticator vendors can
publish metadata statements for FIDO servers to
download
• Provides organizations deploying FIDO servers with a
centralized and trusted source of information about
FIDO authenticators
• Validate the integrity of a device population by
periodically downloading a digitally signed metadata
to verify individual metadata statements
20. All Rights Reserved | FIDO Alliance | Copyright 201620
GETTING STARTED: FUNCTIONAL CERTIFICATION
Register for Self-Conformance Test Tool Access :
https://fidoalliance.org/test-tool-access-request/
• For UAF, you will need to complete both automated and manual testing
• UAF Authenticators only will need a Vendor ID:
http://fidoalliance.org/vendor-id-request/
Complete Self-Conformance Testing at least two weeks prior to
interoperability event.
Elect to Participate in Pre-Testing in the two weeks prior to the
interoperability event (recommended)
Register for and attend the next interoperability event:
https://fidoalliance.org/interop-registration/
Next Interoperability Event Host: Seoul, S. Korea, 12-15 November 2018
(Location TBD). Registration is open.
22. All Rights Reserved | FIDO Alliance | Copyright 201822
GETTING STARTED – BIOMETRIC CERTIFICATION
Apply for Biometric component certification
• Request an account: https://fidoalliance.org/certification/certification-
account-request/
Select an Accredited Biometric Lab and agree to terms for testing
• Biometric Accredited Lab list:
https://fidoalliance.org/fido-accredited-biometric-laboratories/
23. All Rights Reserved | FIDO Alliance | Copyright 201823
BIOMETRIC SUBCOMPONENT TESTING
24. FIDO Alliance | All Rights Reserved | Copyright 201824
ALLOWED INTEGRATION DOCUMENT
• Developed by vendor and submitted to lab
• Used to document changes necessary to accommodate integration with
authenticator
• Must include explanation of possible software and hardware changes
25. All Rights Reserved | FIDO Alliance | Copyright 201825
TESTING STEP 2: AUTHENTICATOR
26. All Rights Reserved | FIDO Alliance | Copyright 201826
Connect with FIDO
fidoalliance.org