FIDO Authenticator


FIDO Authenticator is an Authenticator for FIDO protocols

Newer FIDO Authenticators support the CTAP2 WebAuthn Authenticator

FIDO Authenticator requires a FIDO Client.

FIDO Authenticator requires a local device such as a Mobile Device or a U2F device

FIDO Authenticator allows a user to Authenticate to a FIDO enabled Relying Party using their different Authentication Methods

FIDO Authenticator needs to be able to:

FIDO Authenticators generate Public Key/Private Key pairs for each website with which they communicate.

Key generation places a high load on computing resources, especially in the case of general purpose CPUs.

Smart Card technology is purpose-built to perform key pair generation quickly, with low power consumption. Because Smart Card technology uses a Secure Element, key pair generation is performed securely and is efficiently protected, even from advanced attacks. Smart Card technology protects Private Keys in hardware with interaction restricted to a limited set of commands and responses.

The FIDO Standards define a common API at the FIDO Client for the local authentication method that the user exercises.

FIDO Authenticator Attestation and Metadata#

FIDO Authenticator modules may register various Metadata properties of the FIDO Authenticator a mds.fidoaliance.org which is a JWT that describes various aspects of the particular FIDO Authenticator

More Information#

There might be more information for this subject on one of the following: