Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    FIDO Alliance Extends Two-Factor Security Standards to Bluetooth, NFC

    By
    Sean Michael Kerner
    -
    July 1, 2015
    Share
    Facebook
    Twitter
    Linkedin
      FIDO Alliance

      In December 2014, the FIDO (Fast Identity Online) Alliance issued the 1.0 version of its U2F (Universal Second Factor) security specifications to enable two-factor authentication. The U2F 1.0 specification is now being expanded to support the wireless Bluetooth and near-field communications (NFC) protocols.

      What U2F provides is a second-factor authentication mechanism that can be used to supplement a username and password to provide more secure access to a site or online service. With the initial rollout of U2F, USB-based devices were the primary technology mechanism. USB keys, including those from security vendor Yubico, can be used for U2F to enable secure authentication.

      As to why Bluetooth and NFC are being added now to U2F, Sam Srinivas, FIDO Alliance vice president and co-chair of the FIDO U2F Technology Working Group, said FIDO is being pragmatic and incremental in its approach to standardization.

      “We wanted to get the core USB transport, which is very appropriate for desktop use cases, shaken out and into the market,” Srinivas told eWEEK. “We also wanted to make sure the higher crypto layer of the protocol was working well in the field before expanding to other transports—this higher crypto layer is the same regardless of the physical transport.”

      Srinivas added that the need to make sure everything was working properly is why FIDO consciously decided to defer working on other transports, though conceptually it is just the same crypto running over a different underlying physical connection.

      “As soon as we successfully launched FIDO U2F with just the USB transport, we brought the focus back on to the work we were doing on the wireless transports which are most relevant to mobile [Bluetooth and NFC], and what we are announcing now is the completed work,” he said.

      With the U2F specification additions for Bluetooth and NFC, new forms of FIDO-compliant devices can now be built and deployed. For example, FIDO U2F can now be used to enable a key fob or even a credit card-sized device to be used as a second-factor authentication mechanism.

      From a device certification perspective, Srinivas said that FIDO will certify Bluetooth and NFC the same as it has certified USB devices. The certification involves a standard test driver that exercises a device through all of the expected operations for that particular transport (NFC, Bluetooth etc.). He added that after a device passes the test, it is then subject to an operational test where it must perform actual log-ins against a reference test server (i.e., full stack test, not just the transport). Finally, there is an interoperability test where a device must perform log-ins against multiple vendor server implementations.

      “We expect to announce the certification program details at a later date, after people have had a chance to make prototype implementations,” Srinivas said. “Again, here we are following the same model we established with USB in terms of how we sequence the various events.”

      While USB is a universal standard with little variation, Bluetooth implementations can vary across different mobile vendors. However, as to the variations of Bluetooth stacks, many of the FIDO member companies have deep Bluetooth experience, and considerations about stack variations were brought into the design by various member companies that fleshed out the transport protocol design, he said.

      Looking beyond Bluetooth and NFC, Srinivas said FIDO is considering SIM cards and secure memory cards acting as FIDO U2F devices, or more precisely as repositories of FIDO U2F keys.

      “The user would be able to move a SIM or a secure memory card from one phone to another, and their FIDO U2F keys would move to the new phone,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×