Smart Card Technology and the FIDO Protocols
Publication Date: April 2016
Today, the FIDO Alliance is working to provide simpler, stronger authentication to reduce reliance on usernames and passwords, which are susceptible to a wide range of attacks. Organizations implementing FIDO authentication standards should consider using smart card technology to enhance the security of their implementations.
The white paper, “Smart Card Technology and the FIDO Protocols,” was created by the Smart Card Alliance’s Identity Council, to describe the role of smart card technology in implementations of the FIDO protocols. Incorporating smart card technology with an implementation of either of the FIDO protocols can strengthen the security of the identity authentication process and bring the benefits of smart card technology to a wider audience.
To describe the role of smart card technology in enhancing the security of FIDO implementations, the white paper includes:
An overview of the FIDO principles and protocols, including the Universal Second Factor (FIDO U2F) and the Universal Authentication Framework (FIDO UAF)
A description of the security benefits of using smart card technology in FIDO protocol implementations
Examples of use cases currently implementing the FIDO protocols with smart card technology, including Gemalto, Google, Infineon Technologies, Morpho, NXP Semiconductors, Oberthur Technologies and Yubico implementations
This white paper is part of the Smart Card Alliance and FIDO Alliance liaison partnership, which allows cooperation and collaboration between the two organizations to accelerate informed adoption of the FIDO standards.
About the White Paper
The Smart Card Alliance Identity Council developed this white paper to describe the role of smart card technology in implementations of the FIDO protocols.
Smart Card Alliance members that contributed to the white paper include: CertiPath; CH2M; Deloitte and Touche LLP; Gemalto; IDmachines; Infineon Technologies; Initiative for Open Authentication (OATH); Morpho (Safran); NXP Semiconductors; Oberthur Technologies; SAIC; SureID, Inc.; XTec, Inc.
About the Smart Card Alliance Identity Council
The Identity Council is focused on promoting best policies and practices concerning person and machine identity, including strong authentication and the appropriate authorization across different use cases. Through its activities the Council encourages the use of digital identities that provide strong authentication across assurance environments through smart credentials – e.g., smart ID cards, mobile devices, enhanced driver’s licenses, and other tokens. The Council furthermore encourages the use of smart credentials, secure network protocols and cryptographic standards in support of digital identities and strong authentication on the Internet.
The Council addresses the challenges of securing identity and develops guidance for organizations so that they can realize the benefits that secure identity delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organization resources to address the challenges of securing identity information for proper use.