Open Source FIDO® Certified FIDO2 Solution Provides Consistent Implementation of Strong Authentication Across PC, Smart, and Mobile Devices
CUPERTINO, CA – MARCH 25, 2021 – StrongKey, the leader in open source authentication and encryption solutions, announced that its FIDO® Certified FIDO2 Server now supports PC, Android, and Apple devices.
With a Preview release of the open source StrongKey Android Client Library (SACL), StrongKey enables Android developers to build native apps using Android mobiles devices as FIDO Authenticators, enabling frictionless user experiences for medium to high risk business transactions. StrongKey also now supports Apple Attestation, enabling current iPhones to be used as FIDO Authenticators with native iOS apps or browser-enabled applications using Safari.
With these advances, StrongKey dramatically expands the use of FIDO for native apps on the two popular mobile platforms. With the SACL, StrongKey enables e-commerce merchants to comply with the European Union’s Payment Services Directive, Revised (PSD2) to deliver Strong Customer Authentication (SCA) while enabling one of the most frictionless user experiences for e-commerce or Open Banking transactions.
“FIDO authentication is a simpler and more secure way to verify the identity of end users,” said Marco Conte, co-founder of Payment Universe. “Support of passwordless authentication across PCs and mobile offers a smoother payment customer experience, reducing friction and cart abandonment while complying with PSD2 SCA requirements.”
StrongKey’s open source software solution, downloadable on GitHub and SourceForge is a cost-effective alternative to FIDO server solutions that come with licensing and per-transaction fees.
The FIDO Alliance, a world-wide consortium, publishes authentication standards with the goal of eliminating passwords and other “shared secret” authentication schemes that cause more than 95% of worldwide data breaches. The standards are designed to preserve privacy and protect against phishing and other attacks perpetrated on shared-secret authentication schemes. FIDO passwordless authentication standards combine human gesture with public-key cryptography to produce a secure, user-friendly authentication mechanism. The FIDO2 standard incorporates two authentication factors with all major platforms—Android, iOS, OS X, Windows and all browsers—supporting FIDO2 across billions of PCs, mobile devices, and web browsers.
StrongKey Tellaro, an open source platform, provides strong authentication, encryption, tokenization, and PKI management in a single appliance backed by a standard FIPS 140-2 certified cryptographic hardware module. StrongKey Tellaro also includes an open source FIDO® Certified server that supports both U2F and FIDO2 with the following additional features:
- Support for the FIDO2 protocol with native Android (version 9 or later) apps to deliver seamless and frictionless user experiences for authentication or e-commerce transactions through the SACL. The SACL takes advantage of AndroidKeystore, which leverages either a Trusted Execution Environment (TEE) or a Secure Element (SE) to protect cryptographic keys on the mobile device
- Supports the use of FIDO digital signatures to confirm business transactions on Android devices that have advanced security capabilities
- FIDO registration, authentication, and transaction authorization using Android biometric prompts to verify users before generating a digital signature to a dynamic link of the transaction
- Enable current iPhones to use FIDO strong authenticator with native iOS apps that call WebView to perform the FIDO registration and authentication capabilities
StrongKey Tellaro enables online merchants, banks, and enterprise companies to:
- Comply with European PSD2 Strong Customer Authentication (SCA) requirements by delivering the most frictionless user experience for dynamic linking of transactions in accordance with PSD2’s Regulatory Technical Specifications (RTS)
- Implement a consistent approach to FIDO authentication across PC, Android, and Apple devices
- Lower the cost of secure authentication using open source software without licensing, transaction, application, or per-user fees
- Migrate away from insecure passwords with FIDO passwordless authentication
- Eliminate password phishing attacks
- Comply with NIST authentication requirements for hardware-based security
For more information on the StrongKey Tellaro solution, visit www.strongkey.com/fido.
StrongKey is the leading provider of open-source strong authentication and encryption solutions. Founded in 2001, StrongKey helps fintech, enterprise, manufacturers, and e-commerce companies protect their systems and data. StrongKey Tellaro is a comprehensive platform that provides FIDO-based authentication, tokenization, encryption, PKI, and key management. Unlike other security solutions, StrongKey provides its software with open-source licensing, thereby eliminating transaction, or per-user fees, and making it a cost-effective security solution. StrongKey Tellaro appliances use FIPS 140-2 Level 2 (standard) and Level 3 (optional) validated cryptographic hardware modules to secure the generation, use, and storage of cryptographic keys to comply with US Federal regulations. www.strongkey.com