Overview#

FIDO Authenticator is an Authenticator for FIDO protocols

Newer FIDO Authenticators support the CTAP2 WebAuthn Authenticator

FIDO Authenticator requires a FIDO Client.

FIDO Authenticator requires a local device such as a Mobile Device or a U2F device

FIDO Authenticator allows a user to Authenticate to a FIDO enabled Relying Party using their different Authentication Methods

FIDO Authenticator needs to be able to:

• generate Cryptographic Key pairs securely
• store Cryptographic Key
• MUST include a cryptographic engine that includes a Cryptographically secure pseudorandom number generator that can operate on the stored keys.

FIDO Authenticators generate Public Key/Private Key pairs for each website with which they communicate.

Key generation places a high load on computing resources, especially in the case of general purpose CPUs.

Smart Card technology is purpose-built to perform key pair generation quickly, with low power consumption. Because Smart Card technology uses a Secure Element, key pair generation is performed securely and is efficiently protected, even from advanced attacks. Smart Card technology protects Private Keys in hardware with interaction restricted to a limited set of commands and responses.

The FIDO Standards define a common API at the FIDO Client for the local authentication method that the user exercises.

FIDO Authenticator Attestation and Metadata#

FIDO Authenticator modules may register various Metadata properties of the FIDO Authenticator a mds.fidoaliance.org which is a JWT that describes various aspects of the particular FIDO Authenticator

More Information#

There might be more information for this subject on one of the following:

• Authenticator
• Client To Authenticator Protocol
• FIDO
• FIDO Alliance Metadata Service
• FIDO Client
• FIDO Standards
• FIDO-CTAP
• Security Key
• U2F device
• Universal Authentication Framework
• Universal Second Factor

---

• [#1] - FIDO® Suite - based on information obtained 2017-04-04