LANGUAGE
  • 日本語
  • 한국어
  • 简体中文
  • English
  • 如何加入 FIDO 联盟
FIDO Alliance
  • The Alliance
    About FIDO Alliance
    • 关于 FIDO 联盟
    • 在线快速身份认证(FIDO)发展历程
    • FIDO Leadership
    • Legal & Logo Usage
    • Code of Conduct
    • 联系方式
    Our Membership
    • 工作组
    • FIDO Members
    • Liaison Partners
    • Committees and Study Groups
    Join FIDO Alliance
    • 会员权益和会费级别
    • 如何加入 FIDO 联盟
    Newsletter Sign-Up
    FIDO Explained
  • Standards & Technology
    Work Areas
    • FIDO Authentication
    • Identity Verification & Binding
    • Internet of Things
    FIDO Authentication
    • FIDO 的工作原理
    • FIDO2: WebAuthn & CTAP
    • Metadata Service
    Specifications
    • Specifications Overview
    • Download Specifications
    Developers
    • Getting Started
    • Developer Resources
  • Discover FIDO
    Getting Started Knowledge Base
    • Intro to FIDO
    • Building the Business Case
    • Buying, Building & Partnering
    • Implementation & Deployment
    Adoption
    • Case Studies
    • FIDO Case Studies
    • Market Solutions
    • FIDO 联盟政府和政策计划
    • Government & Public Policy
    • PSD2 Compliance
    • Commercial Deployments
    Resources
    Showcase
    Research
    Videos
    White Papers
    Presentations
    FAQ
  • FIDO® Certified
    FIDO Certification Programs
    • FIDO Certified Professional Program
    • Introduction
    • Functional Certification
    • Authenticator Certification
    • Biometric Component Certification
    • Introduction
    • Certification Maintenance and Updates
    Get Certified
    • Certification Overview
    • 认证提交
    • Certification Fees
    • Secretariat
    • Fido Trademark License Agreement: Exhibit A
    Certified Products
    • FIDO® Certified Products
    • FIDO Certified Showcase
  • News & Events
    Latest Updates
    • Events Calendar
    • FIDO in the News
    • Press Center
    • FIDO Blog
  • 如何加入 FIDO 联盟
Language
  • 日本語
  • 한국어
  • 简体中文
  • English
search
  • Get Certified - Chinese (Simplified)
    • 功能性认证概述
    • Certified Authenticator Levels
    • 互操作性测试
    • Biometric Component Certification
    • Interoperability Testing
    • Interop Events
    1. Home 
    2. Certification Overview 
    3. Certification Maintenance and Updates

    Certification Maintenance and Updates

    From time to time there are changes to the Certified Authenticator that can affect the FIDO Authenticator Security Requirements. These changes are classified as non-interfering, minor, or major, and relate directly to Derivative, Delta and Recertification.

    The starting point for these processes is when a change is made to an existing certified Authenticator. This change might be a patch designed to correct a discovered flaw, an enhancement to a feature, the addition of a new feature, a clarification in the guidance documentation, or any other change to the Authenticator Hardware and/or Software.

    FIDO Alliance has developed a process for when such changes occur. It is the FIDO Impact Analysis Report (FIAR) and is described below.

    Description of Evaluation of Changes

    The vendor submits the completed FIAR report to the FIDO Security Secretariat who analyzes the changes described in the report to determine their impact upon the FIDO Security Requirements coverage.

    An Implementor Account is needed to submit the FIAR. For those who do not have an account, please create one here Implementer Dashboard to submit the FIAR. If you already have an Implementer Account, you can login using your credentials and upload to the dashboard.

    FIDO Impact Analysis Report Review Process

    The FIAR review process is composed of 3 steps:

    1. The FIAR submission step: The vendor submits a complete FIAR document based on the template provided in the link above.
    2. The FIAR review step: FIDO security secretariat reviews the submitted FIAR report for completeness and analysis the changes to determine their impact on the FIDO Authenticator Security Requirements.
    3. The FIAR conclusion step: FIDO security secretariat will provide a judgement based on the characteristics of the changes made to the Certified Authenticator. The outcome would be either that the changes are Non-INTERFERING or MINOR or MAJOR.

    Derivative Certification Process

    NON-INTERFERING Change

    A non-interfering change has NO impact on the FIDO Security Requirements coverage. Typical changes could be features outside of the Authenticator Boundary or bug fixes related to functional features, performance optimization or an updated name or look.

    A Derivative FIDO Authenticator Certification process is conducted on an Authenticator that has been already certified in earlier versions. In the case where the Security Secretariat concluded that changes reflected in the FIAR have NON-INTERFERING impacts on FIDO Security Requirements coverage after reviewing the FIAR provided by the Vendor, then an addendum to the existing certificate is created. It is made publicly available by the end of this process. Begin the Derivative Certification here.

    The following are required as part of the Derivative FIDO Certification submission:

    • A completed FIAR report (evaluated by the Security Secretariat to determine Derivative)
    • Completed Self-Conformance Test Results
    • Certification Request Form (Indicating Derivative on request)

    Delta Certification Process

    MINOR Change

    A minor change has an impact that is sufficiently minimal to not affect the security assurance level provided by test procedures and calibration requirements to the extent that the Authenticator needs to be recertified. Changes to the FIDO Security Requirements that DO NOT require Calibration falls typically into this scope, but this is not a restricted case.  Typical changes could be bug fixes indirectly related to a security feature or ASPs, an additional feature interacting with the Authenticator boundary or a security strength optimization. Examples include, but not limited to: 1) FIDO certified applet installation on another platform and 2) FIDO certified applet with another transport mode.  Both of these examples, depending on changes, could potentially be recertification, so make certain to document correctly on the FIAR.

    A Delta FIDO Authenticator Certification is conducted on an Authenticator that has been already certified in earlier versions. In the case where the Security Secretariat concluded that changes reflected in the FIAR have MINOR impacts to the FIDO Authenticator Security Requirements coverage, then the following must apply:

    • For L1 Certifications: FIDO Security Secretariat will review only the updates made to the VQ and approves it, then an addendum to the existing certificate is created and made publicly available by the end of the process.
    • For L1+ Certification and above: The Accredited Lab will review only the updates made to the VQ, conduct the delta tests and updates the relevant FER to reflect the new version. Then, an addendum to the existing certificate is created by FIDO Security Secretariat and made public by the end of the process.

    The following are required as part of the Delta FIDO Certification submission:

    • A completed FIAR report (evaluated by the Security Secretariat to determine Delta)
    • Completed Self-Conformance Test Results
    • Interoperability testing (OnDemand options are available)
    • Certification Request Form (Indicating Delta on request)

    Recertification Process

    MAJOR Change

    A major change has a potential impact on the security assurance level. Changes to the FIDO Security Requirements that DO require Calibration falls typically into this category. Typical changes could be the addition/remove/replacement of an ASP or a cryptographic algorithm, an implementation of a new countermeasure or a change to the Authenticator boundary security architecture. Note that in some cases, an update including several minor changes could lead to a major impact on security, in that case, the Security Secretariat might consider it as a major change.

    A FIDO Authenticator Recertification is conducted on an Authenticator that has been already certified in earlier versions. In the case where the Security Secretariat concluded that changes reflected in the FIAR have MAJOR impacts to the FIDO Authenticator Security Requirements coverage, then the following must apply:

    • For L1 Certifications: FIDO Security Secretariat will review completely the VQ while reusing previous certification results to the maximum extent possible to minimize duplication of effort. Then approves it, and issue a new certificate which will replace the existing one. This new certificate will be made publicly available by the end of the process.
    • For L1+ Certification and above: The Accredited Lab will review completely the VQ and re-conduct testing while reusing previous certification results to the maximum extent possible to minimize duplication of effort. Then updates the FER to reflect the new results before submitting it to FIDO Security Secretariat. That latter will validate the FER and issue a new certificate which will replace the existing one. This new certificate will be made publicly available by the end of the process.

    The following are required as part of the Recertification FIDO Certification submission:

    • A completed FIAR report (evaluated by the Security Secretariat to determine Recertification)
    • Completed Self-Conformance Test Results
    • Interoperability testing (OnDemand options are available)
    • Completion of VQ with reuse of pervious certification results were applicable
    • Certification Request Form (Indicating Full Certification on request)

    See Full Certification pricing details here.

    FIDO Alliance
    • FIDO 的工作原理
    • 关于 FIDO 联盟
    • HOW FIDO WORKS
    • Terms of Use
    • Specifications Overview
    • Certification Overview
    • Knowledge Base
    • Privacy Policy
    • Press Center

    Join the Community

    Get the Latest Updates Participate in FIDO-Dev Forum

    Categories

    • Announcements
    • Building the Business Case
    • Buying, Building & Partnering
    • FIDO in the News
    • Implementation & Deployment
    • Intro to FIDO
    • Market Research
    • Perspectives
    • Uncategorized
    Certification Overview
    • Functional Certification
      • Implementer Dashboard
      • Biometric Dashboard
      • 密码保护:FIDO Certified v2
      • Conformance Self‐Validation Testing
      • FIDO Certification Registration & Fees
      • 密码保护:Vendor ID Page
        • Vendor ID
        • Vendor ID
      • Reference Implementation Library
      • Lab Dashboard
      • On Demand Registration Calendar
      • In-Person Testing Request
      • Certification Account Request
      • Reference Implementation Donation Form
      • Password Recovery
      • Lab Accreditation Request
      • Vendor IDs
        • Vendor ID Request
    • Certification Maintenance and Updates
      • Derivative Certification
    • Secretariat
      • FIDO Certification Request Agreement
        • FIDO Certification Request
    • FIDO® Certified
    • Certified Authenticator Levels
      • Authenticator Certification Scenarios
      • Authenticator Level 3
      • Authenticator Level 3+
      • FIDO Accredited Security Laboratories
      • Authenticator Level 1+
      • Authenticator Level 1
      • Authenticator Level 2
      • Companion Programs
    • Getting Started
    • Certification Mark Usage
    • Interoperability Testing
      • Interop Registration
    • Biometric Component Certification
      • FIDO Accredited Biometric Laboratories
    • Certification Fees

    Document Authenticity (DocAuth) Certification Program for Remote Identity Verification

    • Introduction
    • Certification Process Overview
    • Certification Fees
    • Accredited Labs
    • Get Certified
    • Resource Documentation
    Sign up for updates!Get news from FIDO Alliance in your inbox.

    By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.

    First Name
    Last Name
    Email
    Country
    Company
    Job Title
    • 日本語
    • 한국어
    • 简体中文
    • English