FIDO Consulting

Our team's FIDO consultants are experts in helping manufacturers write the documentation needed to pass a FIDO certification or define their authenticators' designs to meet the requirements of the standard, and in assisting during the entire FIDO certification process.

Request information

What is FIDO

The FIDO ("Fast IDentity Online") Alliance is an industry consortium launched in February 2013 to address the lack of interoperability among strong authentication devices and the problems users face creating and remembering multiple usernames and passwords.

FIDO is the World’s Largest Ecosystem for Standards-Based, Interoperable Authentication. The specifications and certifications from the FIDO Alliance enables enterprises and service providers to deploy strong authentication solutions that reduce reliance on passwords and protect against phishing, man-in-the-middle and replay attacks using stolen passwords.

The FIDO Alliance currently has two sets of specifications for simpler, stronger authentication: Universal Second Factor (U2F) and Universal Authentication Framework (UAF).

UAF: The passwordless FIDO experience is supported by the Universal Authentication Framework (UAF) protocol. This protocol requires the user to select a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic, entering a PIN, etc.

U2F: The second factor FIDO experience is supported by the Universal Second Factor (U2F) protocol. This protocol allows online services to augment the security of their existing password infrastructure by adding a strong second factor device to user login. This allows the service to simplify its passwords (e.g. 4–digit PIN) without compromising security.

FIDO Certification

FIDO has launched a certification program for FIDO authenticators. So far, two levels have already been defined.

The following steps must be completed to obtain the FIDO certification:

  1. Conformance Self Validation, where test tools are used by vendors to validate that the implementation conforms to the FIDO specifications.
  2. Interoperability Testing, where testing is performed to ensure that implementations are functional and compatible with other implementations.
  3. Certification, where all the required documentation (depending on the level) is submitted as a request for certification.
  4. Trademark Usage (optional). After executing the Trademark License Agreement, implementers may use the FIDO® Certified mark and logo on their product, packaging, and marketing literature.

For the certification phase, these are the main steps to be followed:

  • Preparation
    • Vendors seeking FIDO Certification must fulfill the requirements specified in the following documents:
      • FIDO Authenticator Certification Policy
      • FIDO Authenticator Security Requirements
      • FIDO Authenticator Vendor NDA
      • Vendor Questionnaire
      • FIDO Allowed Cryptography List
      • FIDO Allowed Restricted Operating Environments List
      • FIDO Authenticator Metadata Requirements
    • Functional Certification Requirements
      • Vendors must complete FIDO Functional Certification requirements for Authenticators, including the Conformance Self-Validation and Interoperability Testing.
    • Authenticator Certification Application
      • Vendors must complete the Authenticator Certification Application
      • The Certification Secretariat must review and approve the Authenticator Certification Application
    • Security Evaluation
      • The Security Evaluation, performed by FIDO Security Secretariat (L1) or a FIDO Accredited Security Laboratory (L2) , implies review of the Vendor Questionnaire and complete the Test Procedures.

        Note: 3rd Party accredited labs are involved from level2.

    • Report Review
      • The vendor reviews the FIDO Evaluation Report. It must be approved by the Security Secretariat.
    • Certification Issuance
      • The Vendor will submit the Certification Request and pay the Authenticator Certification Fees before a Certificate will be issued.
    • (Optional) Trademark Usage
      • After executing the Trademark License Agreement (TMLA), Vendors may use the FIDO® Certified mark and logo on their product, packaging, and marketing literature.
    • (Optional) Metadata Submission to MDS
      • The Vendor has the option to submit Metadata to the FIDO Metadata Service (MDS).

What we offer?

  1. Gap Analysis

    We check the current status of your product and documentation informing you about the changes you need to carry out before going through the certification process.

    This service is quite interesting in FIDO given that the authenticators must meet some specific requirements and having a clear understanding of them, avoid to find issues at the last stages of the development.

  2. Consultancy

    If you need your solution to become a certified FIDO authenticator; we can offer you the maximum support during the process to get it.

    Filling the vendor questionnaire is not a trivial task if you are not used to security certifications.

    We can do it for you allowing you to focus on your product and saving your time and money.

  3. Guide you in the certification process

    We can guide you through the whole certification process minimizing the certification time.

    We can support you choosing the lab and carries out the communication with it.