Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

NEWS

First 10 products awarded new FIDO Authenticator security certification

The FIDO Alliance, the 250+ member association developing specifications and certification programs for simpler, stronger authentication, announced today the expansion of its certification program to include multi-level security evaluations for authenticators such as physical security keys and biometrics in mobile devices and PCs. The Alliance also announced the first products certified under the new Authenticator Certification Levels program.

The new authenticator certifications will further increase consumer, enterprise and service providers’ confidence that user credentials housed in standards-based FIDO Authentication devices are protected from targeted attacks against a user’s FIDO device. The new program incorporates traditional FIDO functional certification, which measures compliance and ensures interoperability among products and services that support FIDO specifications.

“Our new multi-level evaluation program addresses an increasingly critical market requirement for a more transparent view into the security of FIDO Certified authenticators,” said Brett McDowell, executive director of the FIDO Alliance. This new certification program, used in combination with the FIDO Metadata service, enables enterprises and online services to make better informed risk management decisions when registering credentials from FIDO-enabled devices, resulting in more accurate and reliable “scores” on the back-end while delivering better user experiences on the front end due to lower instances of intrusive “step up authentication” challenges.”

Available levels and security requirements
The FIDO Alliance is now offering testing and certification for two security levels for all published specifications: FIDO Certified Level 1 (L1) Authenticator and FIDO Certified Level 2 (L2) Authenticator. Additional levels covering a full range of security requirements will be introduced at a later date.

All FIDO Certified L1 Authenticators must pass interoperability testing for compliance with the FIDO specifications. They also must pass a design review against FIDO Certification Requirements to ensure the authenticator uses the best security practice for the operating system it is running on.

The FIDO L2 Security Certification Requirements mandate that authenticators implement a restricted operating environment such as a Trusted Execution Environment (TEE) or Secure Element (SE) to protect biometric data and authentication credentials against operating system compromises that arise from app downloads, malicious website content or similar threats. FIDO Certified L2 Authenticators also must pass a comprehensive design review by a FIDO-accredited third-party security certification laboratory. As with L1 Certification, the authenticator must pass interoperability testing.

Benefits to consumers, web service providers and technology providers
FIDO specifications for strong authentication incorporate public key cryptography and simple user experiences to help the world reduce its reliance on passwords. The use of public key cryptography, where the private key is stored on and never leaves the device, ensures that FIDO credentials are not susceptible to scalable attacks such as phishing — the most common form of attack against password credentials. This makes all FIDO Certified implementations inherently more secure than password-based systems.

FIDO Authenticator Certification levels take strong security even further by ensuring that authenticators keep cryptographic key “secrets” (and in some cases, biometric information) safe and confirm privacy principles are met.

Web service providers that accept FIDO credentials for strong authentication benefit from an expanded program that allows them to easily assess, set requirements for, and increase their level of assurance in the FIDO authenticators used by consumers. Technology providers with FIDO authenticators on the market report with confidence that their implementations meet service providers’ requirements and elevate their products in the marketplace. Today, service providers including Aetna, Facebook, Google, eBay and Bank of America are enjoying the benefits of FIDO Authentication.

Newly-certified companies, accredited labs and additional resources
Organisations announced today that have achieved L1 and L2 certifications include:

FIDO Certified L1 Authenticator: AuthenTrend Technology Inc.CANVASBIOi-Sprint Innovations Pte LtdPixelPin LTDSHARP CORPORATIONShenzhen National Engineering Laboratory of Digital Television  Co., Ltd.
FIDO Certified L2 Authenticator: Feitian Technologies Co., Ltd.

Labs accredited to perform L2 certifications are: Applus+ Laboratories; Beijing Unionpay Card Technology Co.,Ltd; Brightsight B.V.DPLS LabTelecommunications Technology Association (TTA); and UL Verification Services Inc. The FIDO Alliance is currently accepting applications for additional labs seeking accreditation. To view the process, visit https://fidoalliance.org/certification/accredited-security-laboratories/.

To learn more about the FIDO Authenticator Certification levels, costs, and to submit a product for certification, visit https://fidoalliance.org/certification/authenticator-certification-levels/.

For more information about the FIDO Alliance, FIDO specifications and FIDO Certified products, visit http://www.fidoalliance.org.

Continue Reading

Recent Posts