{"id":3144,"date":"2022-05-24T04:34:20","date_gmt":"2022-05-24T04:34:20","guid":{"rendered":"https:\/\/www.pufsecurity.com\/?post_type=technology&#038;p=3144"},"modified":"2022-07-27T08:46:55","modified_gmt":"2022-07-27T08:46:55","slug":"fido","status":"publish","type":"technology","link":"https:\/\/www.pufsecurity.com\/zh-hans\/technology\/fido\/","title":{"rendered":"FIDO"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Simpler, stronger authentication<\/h2>\n\n\n\n<p>Fast identity online (FIDO) authentication is a set of specifications defined by FIDO Alliance to reduce the amount of password-based authentication between users and cloud servers. FIDO is a device-centric model managing users\u2019 information on distributed devices instead of the centralized management of personal account information on a cloud server. In addition, FIDO facilitates interoperability among devices by alleviating the management of multiple usernames and passwords over various cloud services.&nbsp;<\/p>\n\n\n\n<p>FIDO uses standard Public Key cryptography techniques to decentralize the authentication process. It uses a two-step procedure, i.e., authentication between a user and a user\u2019s device and authentication between the user\u2019s device and a cloud server.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"325\" src=\"https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2022\/05\/TECH_securitysystem_FIDO-1024x325.png\" alt=\"Fast identity online (FIDO)\" class=\"wp-image-3311\" srcset=\"https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2022\/05\/TECH_securitysystem_FIDO-1024x325.png 1024w, https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2022\/05\/TECH_securitysystem_FIDO-300x95.png 300w, https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2022\/05\/TECH_securitysystem_FIDO-768x244.png 768w, https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2022\/05\/TECH_securitysystem_FIDO-1600x508.png 1600w, https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2022\/05\/TECH_securitysystem_FIDO-1536x487.png 1536w, https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2022\/05\/TECH_securitysystem_FIDO.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The precondition of FIDO is that the user\u2019s device must create a unique public\/private key pair for the local device, cloud service, and user\u2019s account during the registration stage. The user\u2019s device first sends the public key to the server, and then the server associates the public key with\u202fthe user\u2019s account. Afterward, the user unlocks the private key every time the user gains access to the device through multiple forms of biometric authentication, e.g., fingerprint, voiceprint recorder, or face ID agreed in the registration stage.<\/p>\n\n\n\n<p>The successful authentication between the user\u2019s device and the cloud server relies on proving that the device possesses the private key through an effective response to a cryptographic challenge from the cloud server. As shown in the above figure, the user\u2019s device signs the challenge from the cloud server by the private key. Then, the cloud server verifies the signed challenge by the stored public key. It is noteworthy that private keys and users\u2019 information are never disclosed from the local user\u2019s device. This is the main principle of FIDO to protect user privacy from the ground up.&nbsp;&nbsp;<\/p>\n\n\n\n<p>FIDO provides simple, robust, device-centric authentication through biometric identification. They protect IoT users today and combat the increased risks in Key Management, both from user error and adversarial attacks.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Simpler, stronger authentication Fast identity online ( [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"subjects":[229],"tech-tag":[],"class_list":["post-3144","technology","type-technology","status-publish","hentry","subjects-security-standards"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/technology\/3144"}],"collection":[{"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/technology"}],"about":[{"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/types\/technology"}],"author":[{"embeddable":true,"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/comments?post=3144"}],"version-history":[{"count":6,"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/technology\/3144\/revisions"}],"predecessor-version":[{"id":4373,"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/technology\/3144\/revisions\/4373"}],"wp:attachment":[{"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/media?parent=3144"}],"wp:term":[{"taxonomy":"subjects","embeddable":true,"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/subjects?post=3144"},{"taxonomy":"tech-tag","embeddable":true,"href":"https:\/\/www.pufsecurity.com\/zh-hans\/wp-json\/wp\/v2\/tech-tag?post=3144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}