FIDO alliance

FIDO Alliance
legal form	501 (c) (6) organization
Seat	Mountain View, California
founding	February 2013
Website	FIDOAlliance.org

U2F-ready logo of the FIDO alliance

UAF-ready logo of the FIDO alliance

The non-commercial FIDO alliance (FIDO = F ast ID entity O nline , German: "fast identity for digital connections") was launched in July 2012 and officially founded in February 2013 to work with many different companies to establish open and license-free industry standards for Develop global authentication on the Internet. The headquarters of the alliance is in California .

Overview

In this context, Allianz had developed two standards by the end of 2014. The U2F standard ( Universal Second Factor , German: "universal second factor") is used to specify hardware and software for two-factor authentication . The UAF standard ( Universal Authentication Framework , dt .: "universal framework for authentication") specifies the associated network protocol for passwordless authentication. On December 9, 2014, the first standard called FIDO v1.0 was published, which contains both specifications.

By means of the standards, authentication on the Internet should be possible securely, quickly and easily, and a user no longer needs to fall back on numerous different secure passwords in order to establish secure connections. The personal data and the private keys always and exclusively remain in the possession of the user and are not stored on public servers .

The products certified for the standards can be marked by the providers with the trademarked FIDO ready logo . Suitable hardware and software can be integrated into both operating systems and web browsers . In February 2015, Microsoft announced that the FIDO standard 2.0 would be supported by the new Windows 10 operating system .

For authentication on the Internet, three fundamentally different factors can be combined:

• Knowledge of the user, such as passwords or personal identification numbers
• The user's possessions, such as security tokens based on the U2F standard
• User properties, such as fingerprint , voice , appearance

function

Registration

In the registration of FIDO support to a service every time one of the user's device key pair generated. The public key is sent to the server and the private key is securely stored in the so-called FIDO authenticator. Access to this authenticator is secured locally. This can be done using biometric methods (for example iris or fingerprint scans), previously acquired USB, NFC or Bluetooth security tokens or other methods.

registration

During the registration process , the unlocked FIDO authenticator encrypts the server's request with the private key and answers the request with the result obtained. The server can now use the stored public key to check and validate the authenticity of the user.

Members

Most of the members of the FIDO alliance are headquartered in Asian, European or North American countries. Many of the members of the FIDO alliance are multinational companies .

The six founding members in summer 2012 were: Agnitio , Infineon , Lenovo , Nok Nok Labs , PayPal and Validity Sensors .

At the end of 2014, the following companies were among the main members of the alliance: Alibaba Group , Bank of America , Blackberry , Google Inc. , Mastercard , Microsoft , NXP Semiconductors , Oberthur , Qualcomm , RSA Security , Samsung , Synaptics , Visa Inc. and Yubico .

The following companies support the alliance, among others: CA Technologies , Cherry , Dell , Gemalto , LG Electronics , Morpho Cards , Netflix , Österreichische Staatsdruckerei , plantronics , Safenet and SK Telecom .

At the end of 2014, the alliance already had more than 150 members.

On October 5, 2015, the Federal Office for Information Security joined the Alliance.

Web links

• FIDO Alliance (English)

Individual evidence

1. ↑ fidoalliance.org . (accessed on September 13, 2018).
2. ↑ Terms - Choice of Law, Jurisdiction and Enforcement ( Memento of November 27, 2014 in the Internet Archive )
3. ↑ ^{a b c d} FIDO 1.0 Specifications are Published and Final Preparing for Broad Industry Adoption of Strong Authentication in 2015. Retrieved December 12, 2014 . 
4. ↑ FIDO Ready ™ ( Memento from December 16, 2014 in the Internet Archive )
5. ↑ Specifications Overview. Retrieved December 12, 2014 . 
6. ↑ Dustin Ingalls: Microsoft Announces FIDO Support Coming to Windows 10 ( Memento of the original from February 15, 2015 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. , windows.com, accessed February 15, 2015 @1@ 2Template: Webachiv / IABot / blogs.windows.com
7. ^ History of FIDO Alliance. Retrieved December 15, 2014 . 
8. ↑ ^{a b} Members ( Memento from October 26, 2017 in the Internet Archive )
9. ↑ FIDO Alliance Members Speak out on FIDO 1.0 Specifications - Agnito ( Memento from January 1, 2015 in the Internet Archive )
10. ^ German Federal Office for Information Security Joins FIDO Alliance to Advance Adoption of Simpler, Stronger Authentication in Europe. Retrieved October 5, 2015 .