The client registers a Public Key with the Service Providers at initial setup. Later, when authenticating, the service verifies that the client owns the Private Key by asking it to sign a challenge. The FIDO protocol is designed to ensure user privacy and security.API at the client for the local authentication method that the user exercises. The client can be pre–installed on the Operating System or web browser.
The FIDO 2.0 Specifications were submitted to the W3C on November 12, 2015 for formal standardization. These are provided here for historic reference only. Implementers are encouraged to work with the Web Authentication API (WebAuthN) specification.authentication protocol used between the client and the Service Providers. The protocol is based on standard Public Key cryptography