“Our new multi-level evaluation program addresses an increasingly critical market requirement for a more transparent view into the security of FIDO Certified authenticators.” – Brett McDowell, Executive Director, FIDO Alliance
The FIDO Alliance has expanded its certification program for authenticator solutions.
Testing and certification is now available for two security levels. FIDO Certified L1 Authenticators are required to meet FIDO’s interoperability standards, and must pass a best security practices design review. The FIDO L2 Security Certification Requirements, meanwhile, require that a given solution uses a Trusted Execution Environment or a Secure Element to protect biometric data and authentication credentials, and mandate a design review from a FIDO-accredited security certification lab.
In a statement announcing the expanded certification process, FIDO Alliance executive director Brett McDowell explained that it “addresses an increasingly critical market requirement for a more transparent view into the security of FIDO Certified authenticators,” adding that together with the FIDO Metadata service, it will allow organizations “to make better informed risk management decisions when registering credentials from FIDO-enabled devices”.
Several companies have already achieved FIDO Certified L1 Authenticator designation: AuthenTrend Technology, CANVASBIO, i-Sprint Innovations, PixelPin, Sharp, and Shenzhen National Engineering Laboratory of Digital Television Co. Feitian Technologies, meanwhile, is the only organization to have received the FIDO Certified L2 Authenticator designation thus far.