Overview#
FIDO Authenticator is an Authenticator for FIDO protocolsNewer FIDO Authenticators support the CTAP2 WebAuthn Authenticator
FIDO Authenticator requires a FIDO Client.
FIDO Authenticator requires a local device such as a Mobile Device or a U2F device
FIDO Authenticator allows a user to Authenticate to a FIDO enabled Relying Party using their different Authentication Methods
FIDO Authenticator needs to be able to:
- generate Cryptographic Key pairs securely
- store Cryptographic Key
- MUST include a cryptographic engine that includes a Cryptographically secure pseudorandom number generator that can operate on the stored keys.
FIDO Authenticators generate Public Key/Private Key pairs for each website with which they communicate.
Key generation places a high load on computing resources, especially in the case of general purpose CPUs.
Smart Card technology is purpose-built to perform key pair generation quickly, with low power consumption. Because Smart Card technology uses a Secure Element, key pair generation is performed securely and is efficiently protected, even from advanced attacks. Smart Card technology protects Private Keys in hardware with interaction restricted to a limited set of commands and responses.
The FIDO Standards define a common API at the FIDO Client for the local authentication method that the user exercises.
FIDO Authenticator Attestation and Metadata#
FIDO Authenticator modules may register various Metadata properties of the FIDO Authenticator a mds.fidoaliance.org
which is a JWT that describes various aspects of the particular FIDO Authenticator
More Information#
There might be more information for this subject on one of the following:- Authenticator
- Client To Authenticator Protocol
- FIDO
- FIDO Alliance Metadata Service
- FIDO Client
- FIDO Standards
- FIDO-CTAP
- Security Key
- U2F device
- Universal Authentication Framework
- Universal Second Factor
- [#1] - FIDO® Suite - based on information obtained 2017-04-04
