FIDO Standards


FIDO Standards the client and protocol layers.
The FIDO 2.0 Specifications were submitted to the W3C on November 12, 2015 for formal standardization. These are provided here for historic reference only. Implementers are encouraged to work with the Web Authentication API (WebAuthN) specification.

FIDO Standards is designed to create ecosystem of client Authentication Methods that can be used with a variety of Service Providers in an interoperable manner.

FIDO Authentication Method#

FIDO Standards define the authentication protocol used between the client and the Service Providers. The protocol is based on standard Public Key cryptography

The client registers a Public Key with the Service Providers at initial setup. Later, when authenticating, the service verifies that the client owns the Private Key by asking it to sign a challenge. The FIDO protocol is designed to ensure user privacy and security.

FIDO Authenticator#

FIDO Standards define a common API at the client for the local authentication method that the user exercises. The client can be pre–installed on the Operating System or web browser.

Different Authentication Methods such as secure PIN, biometrics and other Authentication Factor devices can be "plugged in" via this standardized interface into the client.

More Information#

There might be more information for this subject on one of the following: