The English version of this specification is the only normative version. Non-normative translations may also be available.
Copyright © 2013-2022 FIDO Alliance All Rights Reserved.
This document defines all the strings and constants reserved by UAF protocols. The values defined in this document are referenced by various UAF specifications.
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current FIDO Alliance publications and the latest revision of this technical report can be found in the FIDO Alliance specifications index at https://fidoalliance.org/specifications/.
This document was published by the FIDO Alliance as a Proposed Standard. If you wish to make comments regarding this document, please Contact Us. All comments are welcome.
Implementation of certain elements of this Specification may require licenses under third party intellectual property rights, including without limitation, patent rights. The FIDO Alliance, Inc. and its Members and any other contributors to the Specification are not, and shall not be held, responsible in any manner for identifying or failing to identify any or all such third party intellectual property rights.
THIS FIDO ALLIANCE SPECIFICATION IS PROVIDED “AS IS” AND WITHOUT ANY WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY EXPRESS OR IMPLIED WARRANTY OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
This document has been reviewed by FIDO Aliance Members and is endorsed as a Proposed Standard. It is a stable document and may be used as reference material or cited from another document. FIDO Alliance's role in making the Recommendation is to draw attention to the specification and to promote its widespread deployment.
Type names, attribute names and element names are written as
String literals are enclosed in “”, e.g. “UAF-TLV”.
In formulas we use “|” to denote byte wise concatenation operations.
The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in [RFC2119].
This document is the FIDO Alliance glossary of normative technical terms.
This document is not an exhaustive compendium of all FIDO technical terminology because the FIDO terminology is built upon existing terminology. Thus many terms that are commonly used within this context are not listed. They may be found in the glossaries/documents/specifications referenced in the bibliography. Terms defined here that are not attributed to other glossaries/documents/specifications are being defined here.
This glossary is expected to evolve along with the FIDO Alliance specifications and documents.
Authenticator Attestation GUID. See Authenticator Attestation GUID.
Authenticator Attestation ID. See Authenticator Attestation ID.
An Allowed Restricted Operating Environment (AROE) is an ROE that has been approved by FIDO and meets the requirements in the FIDO Authenticator Allowed Restricted Operating Environments List document [FIDORestrictedOperatingEnv].
A set of functionality provided by a common entity (the application owner, aka the Relying Party), and perceived by the user as belonging together.
An (application) facet is how an application is implemented on various platforms. For example, the application MyBank may have an Android app, an iOS app, and a Web app. These are all facets of the MyBank application.
A platform-specific identifier (URI) for an application facet.
The AppID is an identifier for a set of different Facets of a relying party's application. The AppID is a URL pointing to the TrustedFacets, i.e. list of FacetIDs related to this AppID.
In a FIDO context, Attestation is how Authenticators make an identity claim about themselves that can be cryptographically verified and looked up in the Metadata Service.
A public key certificate related to an Attestation Key.
A unique identifier assigned to a model, class or batch of FIDO2 Authenticators that all share the same characteristics, and which a Relying Party can use to look up an Attestation Public Key and Authenticator Metadata for the device.
A unique identifier assigned to a model, class or batch of FIDO UAF Authenticators that all share the same characteristics, and which a Relying Party can use to look up an Attestation Public Key and Authenticator Metadata for the device.
A key used for FIDO Authenticator attestation.
A root certificate explicitly trusted by the FIDO Alliance, to which Attestation Certificates chain to.
Authentication is the process in which user employs their FIDO Authenticator to prove possession of a registered key to a relying party.
The combination of signature and hash algorithms used for authenticator-to-relying party authentication.
The combination of an Authentication Algorithm with a message syntax or framing that is used by an Authenticator when constructing a response.
See FIDO Authenticator.
A FIDO Authenticator that transactionally provides a username and at least two authentication factors: cryptographic key material (something you have) plus user verification (something you know / something you are) and so can be used by itself to complete an authentication.
It is assumed that these authenticators have an internal matcher. The matcher is able to verify an already enrolled user. If there is more than one user enrolled – the matcher is also able to identify the right user.
Examples of such authenticator is a biometric sensor or a PIN based verification. Authenticators which only verify presence, such as a physical button, or perform no verification at all, cannot act as a first-factor authenticator.
Signcommand. They might or might not have a user verification method. It is assumed that these authenticators may or may not have an internal matcher.
Verified information about the characteristics of a certified authenticator, associated with an AAID and available from the FIDO Alliance. FIDO Servers are expected to have access to up-to-date metadata to be able to interact with a given authenticator.
A set of Authenticators having the same AAID, AAGUID or having at least one common attestationCertificateKeyIdentifier in the MetadataStatement.
A JSON data structure that allows a relying party to communicate to a FIDO Client the capabilities or specific authenticators that are allowed or disallowed for use in a given operation.
Software associated with a FIDO Authenticator that provides a uniform interface between the hardware and FIDO Client software.
Data parameters used by or stored within the Authenticator which are FIDO Relevant.
A FIDO Authenticator or combination of authenticator and ASM, which uses an access control mechanism to restrict the use of registered keys to trusted FIDO Clients and/or trusted FIDO User Devices. Compare to a Roaming Authenticator.
An X.509v3 certificate defined by the profile specified in [RFC5280] and its successors.
See: [RFC5056], [RFC5929] and [ChannelID]. A channel binding allows applications to establish that the two end-points of a secure channel at one network layer are the same as at a higher layer by binding authentication to the higher layer to the channel at the lower layer.
This term is used “in context”, and may refer to a FIDO UAF Client or some other type of client, e.g. a TLS client. See FIDO Client.
A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation.
Any piece of information that may allow, in the context of FIDO protocols, implicit or explicit association and or attribution of multiple actions, believed by the user to be distinct and unrelated, back to a single unique entity. An example of a correlation handle outside of the FIDO context is a client certificate used in traditional TLS mutual authentication: because it sends the same data to multiple Relying Parties, they can therefore collude to uniquely identify and track the user across unrelated activities. [AnonTerminology]
A data object that is a portable representation of the association between an identifier and a unit of authentication information, and that can be presented for use in verifying an identity claimed by an entity that attempts to access a system ([RFC4949]).
In a FIDO context, the association is cryptographically verifiable.
A phase of a FIDO protocol in which a Relying Party tells a FIDO Authenticator to forget a specified piece of (or all) locally managed key material associated with a specific Relying Party account, in case such keys are no longer considered valid by the Relying Party.
A phase of a FIDO protocol in which a Relying Party is able to determine the availability of FIDO capabilities at the client’s device, including metadata about the available authenticators.
Denotes the Encryption of data D with key K
Elliptic Curve based Direct Anonymous Attestation. ECDAA is an attestation scheme alternative to FIDO Basic Attestation. It is an improved Direct Anonymous Attestation scheme based on elliptic curves and bilinear pairings. Direct Anonymous Attestation schemes use individual private keys in the Authenticator while avoiding global correlation handles. ECDAA provides significantly improved performance compared with the original DAA scheme. FIDO ECDAA [FIDOEcdaaAlgorithm] defines object encodings, pairing friendly curves etc. in order to lead to interoperable ECDAA implementations across different FIDO Servers and FIDO Authenticators.
Elliptic Curve Digital Signature Algorithm, as defined by ANSI X9.62 [ECDSA-ANSI].
The process of making a user known to an authenticator. This might be a biometric enrollment as defined in [ISOBiometrics] or involve processes such as taking ownership of, and setting a PIN or password for, a non-biometric cryptographic storage device. Enrollment may happen as part of a FIDO protocol ceremony, or it may happen outside of the FIDO context for multi-purpose authenticators.
An Execution Environment (EE), as defined in [OMTPTR1], is a set of hardware and software components providing facilities necessary to support running of applications. An EE typically consists of the following elements:
See Application Facet
See Application Facet ID
An authentication entity that meets the FIDO Alliance’s requirements and which has related metadata.
A FIDO Authenticator is responsible for user verification, and maintaining the cryptographic material required for the relying party authentication.
It is important to note that a FIDO Authenticator is only considered such for, and in relation to, its participation in FIDO Alliance protocols. Because the FIDO Alliance aims to utilize a diversity of existing and future hardware, many devices used for FIDO may have other primary or secondary uses. To the extent that a device is used for non-FIDO purposes such as local operating system login or network login with non-FIDO protocols, it is not considered a FIDO Authenticator and its operation in such modes is not subject to FIDO Alliance guidelines or restrictions, including those related to security and privacy.
A FIDO Authenticator may be referred to as simply an authenticator or abbreviated as “authnr”. Important distinctions in an authenticator’s capabilities and user experience may be experienced depending on whether it is a roaming or bound authenticator, and whether it is a first-factor, or second-factor authenticator.
It is assumed by registration assertion schemes that the authenticator has exclusive control over the data being signed by the attestation key.
Authenticators specify in the Metadata Statement whether they have
exclusive control over the data being signed by the
This is the software entity processing the UAF or U2F protocol messages on the FIDO User Device. FIDO Clients may take one of two forms:
Any information gathered or created as part of completing a FIDO transaction. This includes but is not limited to, biometric measurements of or reference data for the user and FIDO transaction history.
Server software typically deployed in the relying party’s infrastructure that meets UAF protocol server requirements.
See FIDO Client.
The computing device where the FIDO Client operates, and from which the user initiates an action that utilizes FIDO.
The KeyID is an opaque identifier for a key registered by an authenticator with a FIDO Server, for first-factor authenticators. It is used in concert with an AAID to identify a particular authenticator that holds the necessary key. Thus key identifiers must be unique within the scope of an AAID.
One possible implementation is that the KeyID is the SHA256 hash of the
managed by the ASM.
A key container created by a FIDO Authenticator, containing a private key and (optionally) other data (such as Username). A key handle may be wrapped (encrypted with a key known only to the authenticator) or unwrapped. In the unwrapped form it is referred to as a raw key handle. Second-factor authenticators must retrieve their key handles from the relying party to function. First-factor authenticators manage the storage of their own key handles, either internally (for roaming authenticators) or via the associated ASM (for bound authenticators).
The process of securely establishing a key between FIDO Server and FIDO Authenticator.
KeyRegistrationData object is created and returned by an authenticator
as the result of the authenticator's
Register command. The KRD object contains
items such as the authenticator's AAID, the newly generated UAuth.pub key, as
well as other authenticator-specific information such as algorithms used by the
authenticator for performing cryptographic operations, and counter values. The
KRD object is signed using the authenticator's attestation private key.
A secret value that acts as a guard for authenticator commands. KHAccessTokens are generated and provided by an ASM.
A component of a FIDO Authenticator which is able to perform (local) user verification, e.g. biometric comparison [ISOBiometrics], PIN verification, etc.
The security mechanisms that an authenticator may use to protect the matcher component.
A service that provides Metadata Statements of FIDO Authenticators.
The FIDO Alliance publishes Metadata Statements on the FIDO Metadata Service.
A description of some characteristics of the Authenticator. It is provided by the Authenticator Vendor and some characteristics are verified depending on certification status. FIDO UAF Servers are expected to have access to up-to-date metadata to be able to interact with a given authenticator.
The FIDO Alliance publishes Metadata Statements on the FIDO Metadata Service.
All relevant data stored in an authenticator (e.g. cryptographic keys) are related to a single "persona" (e.g. “business” or “personal” persona). Some administrative interface (not standardized by FIDO) provided by the authenticator may allow maintenance and switching of personas.
The user can switch to the “Personal” Persona and register new accounts. After switching back to the “Business” Persona, these accounts will not be recognized by the authenticator (until the User switches back to “Personal” Persona again).
This mechanism may be used to provide an additional measure of privacy to the user, where the user wishes to use the same authenticator in multiple contexts, without allowing correlation via the authenticator across those contexts.
An identifier provided by an ASM, PersonaID is used to associate different registrations. It can be used to create virtual identities on a single authenticator, for example to differentiate “personal” and “business” accounts. PersonaIDs can be used to manage privacy settings on the authenticator.
A (biometric) reference data (also called template) is a digital reference of distinct characteristics that have been extracted from a biometric sample. Biometric reference data is used during the biometric user verification process [ISOBiometrics]. Non-biometric reference data is used in conjunction with PIN-based user verification.
A FIDO protocol operation in which a user generates and associates new key material with an account at the Relying Party, subject to policy set by the server, and acceptable attestation that the authenticator and registration matches that policy.
The registration scheme defines how the authentication key is being exchanged between the FIDO Server and the FIDO Authenticator.
A Restricted Operating Environment (ROE) is an operating environment that has security capabilities and meets certain security-related requirements: it protects ROE assets from general software and hardware attacks, defines rigid safeguards as to data and functions that a program can access and resists a set of defined threats. There are multiple technologies that can be used to implement an ROE and the level of security achieved varies accordingly.
A web site or other entity that uses a FIDO protocol to directly authenticate users (i.e., performs peer-entity authentication). Note that if FIDO is composed with federated identity management protocols (e.g., SAML, OpenID Connect, etc.), the identity provider will also be playing the role of a FIDO Relying Party.
A relying party identifier is a valid domain string identifying the WebAuthn Relying Party on whose behalf a given registration or authentication ceremony is being performed. A public key credential can only be used for authentication with the same entity (as identified by RP ID) it was registered with [WebAuthn].
In software engineering, version control (also known as revision control, source control, or source code management) is a class of systems responsible for managing changes to computer programs, documents, large web sites, or other collections of information.
Examples of Revision Control Systems are Git, Subversion, BitKeeper, Team Foundation Version Control, Visual SourceSafe, IBM Rational Clearcase, ...
A rich execution environment (REE) is an execution environment comprising at least one device OS or Rich OS and all other components of the device (SoCs, other discrete components, firmware, and software) which execute, host, and support the Rich OS (excluding any TEEs, SEs or ROEs included in the device).
A FIDO Authenticator configured to move between different FIDO Clients and FIDO User Devices lacking an established trust relationship by:
Compare to Bound Authenticator.
Signing of data D with key K
As defined by GlobalPlatform [SecureElementPP], a Secure Element is a tamper-resistant secure hardware component which is used in a device to provide the security, confidentiality, and multiple application environment required to support various business models. It may exist in any form factor, such as embedded or integrated SE, SIM/UICC, smart card, smart microSD, etc.
The security strength of a cryptographic algorithm (resp. a system) is a number associated with the amount of work (i.e. the number of operations) that is required to break the cryptographic algorithm (resp. the system).
It is specified in bits and it is often a value like 80, 112, 128, 192, or 256. A security strength of b bits means that of the order of 2^b operations are required to break the system.
When the system is a physical/true RNG, the security strength (in bits) is equivalent to the size (in bits) of the random bytes retrieved from it.
A random value provided by the FIDO Server in the UAF protocol requests.
Attack based on information gained from the physical implementation of a cryptosystem, rather than on brute force or theoretical weaknesses in the underlying algorithms. For example, timing information, power consumption, or electromagnetic emissions can provide extra sources of information and can be exploited to attack the system.
A monotonically increasing counter maintained by the Authenticator. It is increased on every use of the UAuth.priv key. This value can be used by the FIDO Server to detect cloned authenticators.
SignedData object is created and returned by an authenticator as
the result of the authenticator's
Sign command. The to-be-signed data
input to the signature operation is represented in the returned SignedData
object as intact values or as hashed values. The SignedData object
also contains general information about the authenticator and its mode,
a nonce, information about authenticator-specific cryptographic algorithms,
and a use counter. The
SignedData object is signed using a relying
party-specific UAuth.priv key.
FIDO Authenticator that does not prompt the user or perform any user verification.
An authentication which is performed on top of an already authenticated session.
Example: The user authenticates the session initially using a username and password, and the web site later requests a FIDO authentication on top of this authenticated session.
One reason for requesting step-up authenication could be a request for a high value resource.
FIDO U2F is always used as a step-up authentication. FIDO UAF could be used as step-up authentication, but it could also be used as an initial authentication mechanism.
Note: In general, there is no implication that the step-up authentication method itself is "stronger" than the initial authentication. Since the step-up authentication is performed on top of an existing authentication, the resulting combined authentication strength will increase most likely, but it will never decrease.
As defined by GlobalPlatform [SecureElementPP], a tamper-resistant secure hardware is a hardware designed to isolate and protect embedded software and data by implementing appropriate security measures. The hardware and embedded software meet the requirements of the latest Security IC Platform Protection Profile [PP0084] including resistance to physical tampering scenarios described in that Protection Profile.
See Reference Data.
See User Presence Check
Transport Layer Security
In FIDO U2F, the term Token is often used to mean what is called an authenticator in UAF. Also, note that other uses of “token”, e.g. KHAccessToken, User Verification Token, etc., are separately distinct. If they are not explicitly defined, their meaning needs to be determined from context.
An operation in the FIDO protocol that allows a relying party to request that a FIDO Client, and authenticator with the appropriate capabilities, display some information to the user, request that the user authenticate locally to their FIDO Authenticator to confirm the information, and provide proof-of-possession of previously registered key material and an attestation of the confirmation back to the relying party.
This is a feature of FIDO Authenticators able to show content of a message to a user, and protect the integrity of this message. It could be implemented using the GlobalPlatform specified TrustedUI [TEESecureDisplay].
A trusted execution environment (TEE) is an execution environment that runs alongside but isolated from a Rich Execution Environment. A TEE has security capabilities and meets certain security-related requirements: It protects TEE assets from general software attacks, defines rigid safeguards as to data and functions that a program can access, and resists a set of defined threats. There are multiple technologies that can be used to implement a TEE, and the level of security achieved varies accordingly. See also [TEE].
The data structure holding a list of trusted FacetIDs. The AppID is used to retrieve this data structure.
A Trusted Path is the means by which a user and a security functionality of the Authenticator can communicate with the necessary confidence. In other words, a Trusted Path allows users to perform functions through an assured direct interaction with the security functionality of the Authenticator.
Transaction Text, i.e. text to be confirmed in the case of transaction confirmation.
A mechanism for encoding data such that the type, length and value of the data are given. Typically, the type and length data fields are of a fixed size. This format offers some advantages over other data encoding mechanisms, that make it suitable for some of the FIDO UAF protocols.
The FIDO protocol and family of authenticators which enable a cloud service to offer its users the options of using an easy–to–use, strongly–secure open standards–based second-factor device for authentication. The protocol relies on the server to know the (expected) user before triggering the authentication.
. The FIDO Protocol and family of authenticators which enable a service to offer its users flexible and interoperable authentication. This protocol allows triggering the authentication before the server knows the user.
See FIDO Client.
User authentication keys generated by FIDO Authenticator. UAuth.pub is the public part of key pair. UAuth.priv is the private part of the key. UAuth.key is the more generic notation to refer to UAuth.priv.
An 8 bit (1 byte) unsigned integer.
A 16 bit (2 bytes) unsigned integer.
A 32 bit (4 bytes) unsigned integer.
Unified Protocol Version
Relying party’s user, and owner of the FIDO Authenticator.
The user agent is a client application that is acting on behalf of a user in a client-server system. Examples of user agents include web browsers and mobile apps.
User Presence check is defined as obtaining some explicit gesture from a user (i.e. a natural person) that they are present. Examples are pressing a button, touching a touch screen or pad, or any biometrics that require a conscious action from the user such as touching a fingerprint sensor (but not passive biometrics such as looking at a device or checking an EKG).
User Verification is defined as verifying that a particular user, typically a person, has supplied some input so the authenticator can know it is that particular person. The input is typically something only the user knowns or something the user is (biometric). This definition is primarily used to refer to a single method, not multifactor authentication based the combination of methods. Examples are a PIN, password or fingerprint.
The user verification token is generated by
Authenticator and handed to the ASM after successful
user verification. Without having this token, the ASM
cannot invoke special commands such as
The lifecycle of the user verification token is managed by the authenticator. The concrete techniques for generating such a token and managing its lifecycle are vendor-specific and non-normative.
A human-readable string identifying a user’s account at a relying party.
The specific means by which local user verification is accomplished. e.g. fingerprint, voiceprint, or PIN.
This is also known as modality.
The portion of a relying party application built on the "Open Web Platform" which executes in the context of the user agent. When the term “Web Application” appears unqualified or without specific context in FIDO documents, it generally refers to either the client-side portion or the combination of both client-side and server-side pieces of such an application.
The portion of a relying party application that executes on the web server, and responds to HTTP requests. When the term “Web Application” appears unqualified or without specific context in FIDO documents, it generally refers to either the client-side portion or the combination of both client-side and server-side pieces of such an application.