Certification Submission

After passing both conformance self‐validation and interoperability testing, the implementation may be submitted for certification. This requires that the following be submitted:

Please note that they may take up to 10 business days to process.

Derivative Certification

For Consumer Electronics OEMs or other implementers that will be certifying a large number of implementations that are all based on the same FIDO® Certified implementation, FIDO offers derivative certification. The benefit of derivative certification is that the implementations are not required to go through interoperability testing and each derivative certification is subject to a lower fee than base certifications.

The requirement for derivative certification is that each derivative must have the same FIDO implementation and configuration as a certified implementation. Any hardware and software that play a significant role in the FIDO implementation must not be changed, with the exception of critical bug fixes and security patches. There is currently no requirement that the derivative and base certification be registered by the same company.

The following scenarios are designed to help determine whether an implementation qualifies for a Derivative Certification.

Implementation Derivative?
Company B Using a FIDO® Certified SDK from Company A Yes
Company B Using a FIDO® Certified hardware module with FIDO software burned into it from Company A Yes
Mobile Phone that is FIDO® Certified releases a new model Yes
Mobile Phone that is FIDO® Certified has several variations (e.g. different colors, 32GB, 64 GB) No. Variations that do not alter the implementation are covered under original certification.
Website using a FIDO enabled authentication based on a FIDO® Certified server component licensed from another company Yes
Company with FIDO® Certified implementation [New Product 1.0] introduces a new product[New Product 1.0.1] that is the same as the previous implementation, except that is fixes some typos, fixes some bugs, and applies new security patches No. Product is functionally the same and does not require new certification or derivative certification.
Company with FIDO® Certified implementation [New Product 1.0.1] introduces new product [New Product 1.1] that adds some features unrelated to FIDO No. Product is functionally the same and does not require new certification or derivative certification.
Company with FIDO® Certified implementation [New Product 1.1] introduces new product [New Product 2.0] that is different from New Product 1.1, but the FIDO components have remained unchanged Yes
Company with FIDO® Certified implementation [New Product 2.0] introduces New Product 3.0 that adds/removes/modified FIDO functionality No. Product must undergo the full certification process and receive a new certificate.

 

When registering for a derivative certification, the base certification certificate number must be submitted along with Derivative Test Plan Results. The Derivative Test Plan Results are intended to show that the FIDO implementation has gone through at least a minimal amount of testing to ensure that the implementation is correct and functional.

The following are required as part of the Derivative FIDO Certification submission:

Relying Party Logo Usage

Relying Parties using FIDO® Certified Servers are invited to use the appropriate UAF and U2F FIDO logos with their services. By using the FIDO Logos, Relying Parties agree to abide by the terms for Relying Party Logo Usage. The UAF logos can be found here, and the U2F logos can be found here.

Certification Fees

Fees are per implementation certified and must be paid before a Certificate will be issued.

For an overview of the different Authenticator Certification options and fees, please review the Authenticator Certification Scenarios page.

Fee Type FIDO Member Non-Member
Functional Certification Fee $5,000 USD $6,500 USD
Authenticator Level 1 (L1) Certification Fee Free* Free*
Authenticator Level 2 (L2) Certification Fee* $3,000 USD** $3,000 USD**
Derivative Certification Fee $500 USD $750 USD
Delta Certification Fee $500 USD $750 USD

* Authenticators completing L1 are required to pay the Functional Certification Fee, there is no additional fee for L1 Certification.

** L2 Introductory Fee. Valid until December 31, 2017 for two (2) implementations per company. Starting January 1, 2018 the L2 Fee for FIDO Members is $7,500, and  $13,000 for Non-Members.