Overview#Client To Authenticator Protocol (CTAP) "draft" specification describes an Application Layer protocol for communication between a roaming authenticator and another client/platform, as well as bindings of this application protocol to a variety of transport protocols using different physical media.
Client To Authenticator Protocol specifies a protocol for communication between a personal device with cryptographic capabilities (aka authenticator) and a host computer that wishes to use these capabilities for security functions including strong user authentication. A person could use his/her phone or another portable security key as the FIDO Authenticator to transparently and securely log on to notebooks, desktops, connected cars, and other devices.
FIDO2 clients, such as browsers implementing the W3C Web Authentication (Web Authentication API) specification, to perform authentication using pairwise Public Key/Private Key pairs securely held by authenticators speaking the Client To Authenticator Protocol protocol (rather than passwords). Use of three transports for communicating with authenticators is specified in the Client To Authenticator Protocol specification:
- USB Human Interface Device (USB HID)
- Near Field Communication (NFC)
- Bluetooth Smart/Bluetooth Low Energy (BLE).
The Application Layer protocol defines requirements for such transport protocols. Each transport binding defines the details of how such transport layer connections should be set up, in a manner that meets the requirements of the Application Layer protocol.CTAP2 devices provide additional capabilities.
More Information#There might be more information for this subject on one of the following:
- [#1] - Client to Authenticator Protocol (CTAP) - based on information obtained 2018-05-08-
- [#2] - The latest versions of the FIDO Alliance specifications - based on information obtained 2018-06-02-