Authenticator Level 1+

Level 1+ tests the authenticator’s (SW implemented) defense against large scale software attacks and provides greater assurance of defense compared to Level 1. 

The Security and Privacy Requirements for Level 1+ defends itself even if the device operating system is compromised. At L1+ white box cryptography and other software protection techniques are used rather than an AROE. 

L1+ authenticators are similar to L1 authenticators but with Whitebox cryptography. 

Level 1+ Security Evaluations is completed by a FIDO Accredited Security Laboratory and includes penetration testing.

Next Steps

Depending on your current implementation and the Level you wish to complete the process varies slightly. The scenarios below will help determine the next steps:

Client or Server Implementation

• Certification levels are only for Authenticators, Clients and Servers can complete Functional Certification.

New Authenticator Implementation

• If you are completing FIDO Certification for the first time for this implementation, the first step for certification is to start at Functional Certification.
• Functional Certification tests conformance to the specifications and Interoperability with FIDO Clients and Servers.

If you are completing FIDO Certification for the first time for this implementation, the first step for certification is to start at Functional Certification.

Functional Certification tests conformance to the specifications and Interoperability with FIDO Clients and Servers.

No Security Requirements are tested during Interoperability Testing for L1+, but the Functional Certification steps are still required.

After Functional Certification, the implementation continues on to the process outlined in the Authenticator Certification Policy, and on the Authenticator Certification Levels page.

It is required that the Level 1+ Vendor Questionnaire be evaluated by a FIDO Accredited Security Laboratory as part of the Security Evaluation step of Authenticator Certification. The Vendor is responsible for choosing and working with one of the FIDO Accredited Security Laboratories to complete the Security Evaluation.

All L1+ implementers must create an account for FIDO Certification, you can request an account, or login.

Functionally Certified Authenticator Implementation

For a Functionally Certified Authenticator seeking L1+ Certification, the Functional Certification requirements were met by the original Functional Certification (there are no new Interoperability Requirements for L1+), so the next step is to follow the process included in the Authenticator Certification Policy, and on the Authenticator Certification Levels page, to complete the Vendor Questionnaire.

It is required that the Level 1+ Vendor Questionnaire be evaluated by a FIDO Accredited Security Laboratory as part of the Security Evaluation step of Authenticator Certification. The Vendor is responsible for choosing and working with one of the FIDO Accredited Security Laboratories to complete the Security Evaluation.

All L1+ implementers must create an account for FIDO Certification, you can request an account, or login.

L1+ Certification Fees

Fees are per implementation certified and must be paid before a Certificate will be issued.

For an overview of the different Certification options and fees, please review the Authenticator Certification Scenarios page.

L1+ Certification Fees

• FIDO Member: $7,500 USD
• FIDO Member Derivative: $500 USD
• FIDO Member Delta: $500 USD
• Non-Member: $13,000 USD
• Non-Member Derivative: $750 USD
• Non-Member Delta: $750 USD

Laboratory Security Evaluation Fees

• There is no FIDO Fee for a Laboratory Evaluation. The cost for the Security Evaluation will depend on the Accredited Security Laboratory used by the Vendor.

Implementer Dashboard

Implementers can Login to view their Dashboard.

Login