Yuriy Ackermann, Sr. Certification Engineer, FIDO Alliance

The FIDO Alliance is  pleased to announce the release of the FIDO U2F version 1.2 specification. This update has been published as a “Proposed Standard” and comes after several months of work by FIDO members. The changes include:

  • Improvements to JavaScript and MessagePort APIs
  • U2F metadata statement support
  • Attestation Certificate X.509 Transport extension added
  • Silent-authentication mode added
  • Various fixes and editorial updates

Silent authenticator support is the highlight feature of this update.  It is particularly useful to FIDO-based federated solutions that need silent mode for “bearer token” like authentication modes. The major advantage of FIDO-based solutions is that key material cannot be compromised. Since FIDO protocols are based on digital signatures, and the private key is stored generally in secure enclaves, federated identity schemes can use the authenticator as an unrecoverable bearer token, and not worry about cross-site scripting (XSS) and malware on the client side.

With added support for Metadata Statements, vendors now can register FIDO U2F authenticators with a metadata service. This is particularly useful for service providers  who would want to restrict the types of the authenticators they accept. For example, a service provider may  only allow  FIDO Certified authenticators, or it may be required by regulation to only accept government-approved authenticators supporting particular protocols or certifications, such as FIPS, CSPN, AFSCM and others.

Another interesting feature is FIDO U2F X.509 Transport Extension. This gives service providers a better picture of the types of authenticators the user has, which helps improve the user experience.

Other changes include improved JavaScript API (JSAPI), U2FHID ISO enhancements, and forward compatibility with FIDO2.

For a detailed overview refer to our extended overview blog; “FIDO TechNote: A Detailed Look at FIDO U2F v1.2

 


More

EMVCo, FIDO Alliance, and W3C Form Interest Group to Enhance Security and Interoperability of Web Payments

https://www.w3.org/ — 17 April 2019 — The FIDO Alliance, EMVCo, and the World Wide Web Consortium…

Read More →

News: Your Google Android 7+ Phone Is Now a FIDO2 Security Key

Exciting news from Google: starting today, any phone running Android 7+ can function as a…

Read More →

ICYMI: FIDO Alliance Off to Landmark Start to 2019

by Andrew Shikiar, Chief Marketing Officer, FIDO Alliance It’s been an exciting few weeks of…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.