It's time to build differently

Get started with our FIDO client' SDK.

Try our SDK for free

How does FIDO work

Authenticator setup

The mobile device is certified through the detection of the user's biometric data. Simultaneously, a private and a public key are enabled. The private key is always kept exclusively within the device.

Online authorisation

During the authentication procedure on an online service (RP - relying party) the client sends, towards a FIDO server, a request containing the details of the transaction that the user wishes to complete. The server verifies the identity of the device and authorises the client through the challenge process, based on a public key infrastructure (PKI).

Movenda is member of the FIDO Alliance

FIDO® UAF high-level architecture

The FIDO UAF Architecture is designed to meet the FIDO goals and yield the desired ecosystem benefits. It accomplishes this by filling in the status-quo's gaps using standardized protocols and APIs. The following diagram summarizes the reference architecture and how its components relate to typical user devices and Relying Parties.

FIDO UAF high-level architecture
FIDO UAF Components

A FIDO UAF Client implements the client side of the FIDO UAF protocols, and is responsible for:

  • Interacting with specific FIDO UAF Authenticators using the FIDO UAF Authenticator Abstraction layer via the FIDO UAF Authenticator API.
  • Interacting with a user agent on the device (e.g. a mobile app, browser) using user agent-specific interfaces to communicate with the FIDO UAF Server. For example, a FIDO-specific browser plugin would use existing browser plugin interfaces or a mobile app may use a FIDO-specific SDK. The user agent is then responsible for communicating FIDO UAF messages to a FIDO UAF Server at a Relying Party.

The FIDO UAF architecture ensures that FIDO client software can be implemented across a range of system types, operating systems, and Web browsers. While FIDO client software is typically platform-specific, the interactions between the components should ensure a consistent user experience from platform to platform.

FIDO UAF client component
FIDO UAF bundle SDK

The overview is enough for you?

Try our SDK for free

FIDO® UAF protocol message flows

FIDO UAF authenticator acquisition and user enrollment

It is expected that users will acquire FIDO UAF Authenticators in various ways: they purchase a new system that comes with embedded FIDO UAF Authenticator capability; they purchase a device with an embedded FIDO UAF Authenticator, or they are given a FIDO Authenticator by their employer or some other institution such as their bank. After receiving a FIDO UAF Authenticator, the user must go through an authenticator-specific enrollment process, which is outside the scope of the FIDO UAF protocols. For example, in the case of a fingerprint sensing authenticator, the user must register their fingerprint(s) with the authenticator. Once enrollment is complete, the FIDO UAF Authenticator is ready for registration with FIDO UAF enabled online services and websites.

FIDO UAF usage scenarios

Given the FIDO UAF architecture, a Relying Party is able to transparently detect when a user begins interacting with them while possessing an initialized FIDO UAF Authenticator. In this initial introduction phase, the website will prompt the user regarding any detected FIDO UAF Authenticator(s), giving the user options regarding registering it with the website or not.

FIDO UAF authenticator registration scenario
Adoption of new types of FIDO UAF authenticators

Authenticators will evolve and new types are expected to appear in the future. Their adoption on the part of both users and Relying Parties is facilitated by the FIDO architecture. In order to support a new FIDO UAF Authenticator type, Relying Parties need only to add a new entry to their configuration describing the new authenticator, along with its FIDO Attestation Certificate. Afterwards, end users will be able to use the new FIDO UAF Authenticator type with those Relying Parties.

You're all set now.

Try our SDK for free