CCLAB is one of the 12 laboratories in the world that can issue FIDO certification in Authenticator Certification Level 2.
L2 evaluates FIDO Authenticator protection against basic, scalable attacks.
Authenticator Certification Level 1 is for:
any device HW or SW must defend against phishing, server credential breaches and MiTM attacks (better than passwords).
Authenticator Certification Level 1+ is for:
any device HW or SW should apply White Box Cryptography to defend against OS compromise.
At Authentication Certification Level 2:
the device must support allowed Restricted Operating Environment (ROE) (e.g. TEE, Secure Element), or intrinsically be a ROE (e.g. a USB token or Smart Card). It must defend against device OS compromise.
FIDO Authenticator Certification examples
- L1 - Downloaded app making use of Touch ID in iOS
- L1 - FIDO2 making use of the Android keystore. Keystore is not certified
- L1 - FIDO2 built into a downloadable web browser app
- L1+ - U2F in a downloadable app using white box and other techniques
- L2 - UAF implemented as a TA in an uncertified TEE
- L2+ - FIDO2 making use of the Android keystore. Keystore runs in a TEE that is certified at L2+
Did FIDO spark your interest? Contact us