Online security group unveils standard for wireless applications

The FIDO (Fast IDentity Online) Alliance, an industry consortium launched in 2013 to revolutionize online security with open standards for simpler, stronger authentication, has introduced additions to standards for securing wireless applications.

The FIDO 1.0 specifications with new transport protocols for FIDO U2F — Bluetooth Classic and Low Energy (BLE), and Near Field Communication (NFC), will provide more secure communication, the body says.

According to FIDO, with these new transport specifications, FIDO U2F is appropriate for mobile and wireless applications, and devices that do not have a USB port.

“Within months of publishing the first FIDO standards, the FIDO Alliance continues to see strong demand from the marketplace. Already enjoying robust adoption, FIDO U2F is ready for more implementers to join us in creating a stronger authentication environment,” said Dustin Ingalls, president of the FIDO Alliance.

“The addition of NFC and Bluetooth support in FIDO U2F illustrates our commitment to ensure FIDO standards are flexible, extensible and future-proof by design. With this strategy, FIDO standards will continue to see accelerated industry adoption as we move ever closer to our goal of ubiquitous FIDO authentication that is more secure, private and easy to use,”, FIDO Alliance executive director Brett McDowell says.

[blockquote right=”pull-right”]“The U2F Bluetooth transport specification allows the creation of special-purpose, Bluetooth Low Energy U2F devices that require just the press of a button to authenticate to an online service. In addition, phones and peripherals, which consume more power, can be programmed to act as U2F devices using either Bluetooth Low Energy or Bluetooth Classic.” [/blockquote]

Mobile phones

The U2F Bluetooth transport specification allows the creation of special-purpose, Bluetooth Low Energy U2F devices that require just the press of a button to authenticate to an online service. In addition, phones and peripherals, which consume more power, can be programmed to act as U2F devices using either Bluetooth Low Energy or Bluetooth Classic.

The U2F NFC transport specification allows the creation of portable U2F devices such as credit cards and keyfobs that are simply tapped against the target device to authenticate to an online service. Alternately, a mobile phone with NFC capability can be programmed to act as an NFC U2F device. The user taps the mobile phone onto a target device to authenticate.

“Support for Bluetooth and NFC solidifies the mobile and wireless story around FIDO’s U2F authentication protocol,” said Stina Ehrensvard, CEO and Founder of Yubico. “Now end-users can enjoy the high security, account integrity and ease-of-use of U2F strong authentication on any of their devices. Yubico is excited about FIDO U2F support of Bluetooth and NFC protocols and the options they represent for protecting privacy, personal data, and user accounts.”

“The FIDO U2F 1.0 expansion is another step toward making strong authentication more prevalent across many Internet connected devices,”, Sami Nassar, Vice President of Cyber Security Solutions at NXP Semiconductors adds. “Today we see FIDO secure elements designed into a wide range of devices that offer secure access to cloud services including access keys, wearable devices, mobile phones and cars.”

Bluetooth and NFC enable more options for FIDO U2F to deliver FIDO authentication across mobile and wireless applications – all contributing to a thriving FIDO authentication landscape. FIDO 1.0 specifications address the new FIDO U2F transport protocols.