Download as PDF, PPTX
Uploaded byFIDO Alliance
Strong Authentication and US Federal Digital Services
The document discusses strong authentication and the US Federal Digital Services. It describes Authenticator Assurance Levels (AAL), with AAL3 providing the highest level of remote network authentication by requiring proof of possession of a hardware cryptographic key. AAL3 authenticators must be validated at FIPS 140 Level 2 or higher, with single-factor ones at Level 1. The document raises implementing AAL3 and a new interoperability target as issues and provides contact information for further discussion.
More Related Content
More from FIDO Alliance
Strong Authentication and US Federal Digital Services
- 1. Strong Authentication andUS Federal Digital Services Paul Grassi, Senior Standards and Technology Advisor, NIST
- 2.
- 3.
- 4.
- 5.
- 6. where does FIDOfit in?
- 7. Privacy Enhancing &Voluntary Secure & Resilient Interoperable Cost-Effective & Easy to Use
- 10.
- 11. Authenticator Assurance Level3 (formerly known as LOA4) AAL 3 is intended to provide the highest practical remote network authentication assurance. Authentication at AAL 3 is based on proof of possession of a key in a physical authenticator through a cryptographic protocol. AAL 3 is similar to AAL 2 except that only hardware cryptographic authenticators (in conjunction with a memorized secret for single-factor cryptographic devices) and multi-factor OTP devices are allowed. The authenticator SHALL be a hardware cryptographic module validated at Federal Information Processing Standard (FIPS) 140 Level 2 or higher overall (Level 1 for single-factor authenticators) with at least FIPS 140 Level 3 physical security.
- 12.
- 13.
- 14.
- 15. So we needa new interoperability target?
- 16.
- 17. strength of authentication(SOFA) https://pages.nist.gov/SOFA
- 19.