We post relevant papers and presentations here that may be of help to the industry at large. You may also want to view our TechNotes, which are technical blog posts covering a variety of topics related to FIDO Authentication. Download all the current FIDO White Papers & Public Documents here, or click a link below for the desired file.
FIDO White Papers & Public Documents
- FAQ on FIDO relevance for the GDPR (September 2018): This document provides answers to questions on authentication, user consent, use of biometrics…in the context of the European General Data Protection Regulation. It shows how FIDO authentication can help service providers comply with the regulation.
- FIDO Alliance White Paper: Hardware-backed Keystore Authenticators (HKA) on Android 8.0 or Later Mobile Devices – Enabling Any Relying Parties to Create FIDO UAF (1.1 or later) Client Apps (June 2018): This paper introduces the details of a hardware-backed Keystore authenticators (HKA) implementation approach, based on the first commercial deployment. It takes advantage of secure Android Keystore with key attestation and fingerprint sensors in hardware on standard off-the-shelf Android 8.0 or later mobile devices. Since it is enabled only by Android applications, any RPs and application developers can develop their own secure FIDO UAF 1.1 authenticators.
- FIDO Alliance White Paper: FIDO Authentication and the General Data Protection Regulation (GDPR) (May 2018): This white paper explores three key areas of the EU’s General Data Protection Regulation that deal with authentication, including exploring how FIDO uniquely solves these issues.
- FIDO Alliance White Paper: Enterprise Adoption Best Practices – Managing FIDO Credential Lifecycle for Enterprises (April 2018): This white paper provides guidance to IT and Security professionals on how manage FIDO authentication credentials throughout their full lifecycle.
- FIDO Alliance and Asia PKI Consortium White Paper: FIDO UAF and PKI in Asia – Case Study and Recommendations (April 2018): This paper depicts three possible scenarios for integrating FIDO UAF and PKI in Asian countries, along with recommendations for how the two technologies can work together to bring innovation to the authentication marketplace and to pave the way for deploying better authentication solutions to the public.
- FIDO Alliance White Paper: FIDO & PSD2 – Providing for a Satisfactory Customer Journey (September 2018): This white paper examines the different authentication models that could apply within the interactions of a Third Party Provider and an Account Servicing Payment Service Provider. It proposes the FIDO standards as a solution to simplify the user experience, for any of these models, in a way that meets the Strong Customer Authentication requirements of PSD2.
- FIDO Alliance White Paper: Enterprise Adoption Best Practices – Integrating FIDO & Federation Protocols (December 2017): This white paper outlines how the FIDO standards compliment federation protocols. It also provides guidelines on how to integrate the two in order to add support for FIDO-based MFA and replace or supplement traditional authentication methods in federation environments.
- Javelin Strategy & Research’s 2017 State of Authentication Report (October 2017): This report, sponsored by FIDO Alliance, analyzes the state of customer and enterprise (employee) authentication amongst U.S. businesses. It examines how strong authentication is evolving, and offers a detailed breakdown on the factors influencing industries’ adoption of authentication solutions.
- FIDO Alliance White Paper: Korean FIDO Deployment Case Study- Accredited Certification System for Safe Usage of Accredited Certificate using FIDO in Smartphone in Korea (K-FIDO) (September 2017): This case study describes a Korean deployment that combines the FIDO UAF specification and PKI to enable authentication, identify verification and interoperability among various Fintech services for increased user convenience.
- FIDO & PSD2: Meeting the needs for Strong Consumer Authentication (September 2017): This white paper outlines how the FIDO standards can facilitate the implementation of the new disruptive PSD2 regulation with user-friendly secure solutions.
- FIDO Alliance Letter Regarding Payment Services Directive 2 (August 2017): FIDO Alliance’s letter to European Commission and European Parliament on whether screen scraping should be allowed as a fallback option under PSD2
- FIDO Alliance White Paper: Leveraging FIDO Standards to Extend the PKI Security Model in United States Government Agencies (March 2017)
- Response to the European Banking Authority (EBA) Discussion Paper on Future Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication Under the Revised Payment Services Directive (PSD2) (Feb 2016)
- FIDO Alliance White Paper: FIDO UAF Metadata Service (Feb 2016)
- FIDO Alliance White Paper: FIDO & Privacy (Jan 2016)
- FIDO Alliance White Paper: Bluetooth & NFC Transport for FIDO U2F (July 2015)
- The FIDO Alliance Whitepaper on Privacy Principles: This paper explores how privacy principles are a core part of the FIDO Alliance’s technologies and how they reinforce FIDO’s approach to strong authentication (Feb 2014)
- The FIDO Alliance Whitepaper on FIDO 1.0 Final Specifications: This whitepaper explores the background of FIDO authentication: the needs, benefits and early deployments (Dec 2014).
Industry White Papers & Presentations
- No passwords needed: The iterative design of a parent-child authentication mechanism – Kalpana Hundlani, Carleton University; Sonia Carleton University; Larry Hamid, Bluink Ltd: http://service.scs.carleton.ca/sites/default/files/tr/2017_TR-17-01-kindersurf_hundlani_chiasson_hamid.pdf
- The Paypers Web Fraud Prevention and Online Authentication Market Guide 2016/2017: http://www.thepaypers.com/reports/web-fraud-prevention-and-online-authentication-market-guide-2016-2017/r766692
- The Case for Replacing Passwords with Biometrics – M Jakobsson, S Taveau: http://www.mostconf.org/2012/papers/3.pdf
- “The Evolution of Authentication” — Rolf Lindemann
- Cloud Identity Summit 2013 “A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem – Rajiv Dholakia
- RSA Europe 2013 “Scalable Authentication”
- ISSE 2013 “The Evolution of Authentication”
Paper published in “ISSE 2013 Securing Electronic Business Processes”, Springer Vieweg, ISBN 978-3-658-03370-5
- Open Identity Summit “Not Built on Sand – How Modern Authentication Complements Federation”
- TrustZone and FIDO: Protecting your privacy and identity – Rob Coombs
- Presentation: Biometric Authentication from NTT DOCOMO
Biometric Authentication from NTT DOCOMO