Skip to main content

2.7. FIDO Biometric Authentication

2.7. FIDO Biometric Authentication

In the Fast IDentity Online (FIDO) protocol [WebAuthN] [CTAP], the device in the user's hand authenticates the human user, whether by biometrics (such as fingerprints) or by PIN and password. FIDO authentication puts a large amount of trust in the device compared to typical password authentication because it is the device that verifies the biometric, PIN, and password inputs from the user, not the server. For the Relying Party to know that the authentication is trustworthy, the Relying Party needs to know that the Authenticator part of the device is trustworthy. The FIDO protocol employs remote attestation for this.

The FIDO protocol supports several remote attestation protocols and a mechanism by which new ones can be registered and added; thus, remote attestation defined by the RATS architecture is a candidate for use in the FIDO protocol.

Attester: FIDO Authenticator.

Relying Party: Any website, mobile application backend, or service that relies on authentication data based on biometric information.

Last updated on