June 28, 2018

White Paper: Hardware-backed Keystore Authenticators (HKA) on Android 8.0 or Later Mobile Devices

Enabling Any Relying Parties to Create FIDO UAF (1.1 or later) Client Apps

This paper introduces the details of a hardware-backed Keystore authenticators (HKA) implementation approach, based on the first commercial deployment. It takes advantage of secure Android Keystore with key attestation and fingerprint sensors in hardware on standard off-the-shelf Android 8.0 or later mobile devices. Since it is enabled only by Android applications, any RPs and application developers can develop their own secure FIDO UAF 1.1 authenticators.

Download Specs