This issue focuses on the FIDO standard as an editorial theme. With inputs from Infineon, FIDO Alliance, TrustSEC, Authneton, cryptovision and Mühlbauer Group.
The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button. The FIDO protocols are designed from the ground up to protect user privacy. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.
The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. The FIDO Alliance promotes the development of, use of, and compliance with standards for authentication and device attestation.
Our featured article this issue comes from FIDO Alliance, “Delegated Authentication – Abandon friction, not the cart.” Delegated authentication is a new and innovative solution in the payment and authentication industry that leverages open standards from industry bodies such as FIDO Alliance and EMVCo — standards that reflect broad contributions from industry platform and payment stakeholders such as Apple, American Express, Google, JCB, Microsoft, Mastercard and Visa. Delegated authentication enables qualified merchants or wallet providers to use their own authentication or log-in processes to approve purchases. It’s an interesting theme that is gaining traction – read more about it in this issue!
TrustSEC invites us to consider why PKI and FIDO are a perfect match and Authenton introduces us to their latest token the Authenton#1 FIDO 2.1 certified token, while cryptovision looks at enhancing eID documents with FIDO authentication.