Online Courses


Home » Software Engineering » FIDO – Core Principles
Software EngineeringDevelopmentUdemy

FIDO – Core Principles

March 8, 2025 117 0
1
FIDO – Core Principles

FIDO – Core Principles, An introductory guide for understanding the basis of FIDO.

Course Description

The course introduces the FIDO2 technology by identifying its constituent parts, along with their properties, responsibilities, relationships and the specific interactions among them. As a bonus, it concludes by explaining the details for some of the security characteristics offered by FIDO2.

The elements that make up FIDO2 are:

  • On the Client (e.g. User’s Device) side
    • Relying Party
      • The entity that needs to leverage FIDO2 capabilities and thus who initiates a FIDO2 registration or authentication.
    • Client (e.g. Browser or App)
      • What ties together the Relying Party and the Authenticator
      • The communication between Relying Party and Client is ruled by the WebAuthn specification.
      • The communication between Client and Authenticator is governed by the CTAP2 (Client to Authenticator Protocol version 2) specification
    • Authenticator
      • The cryptographic module that creates and uses the cryptographic keys that enable the FIDO2 technology.
  • On the Server side
    • FIDO2 Server
      • The entity that verifies the FIDO2 operation and that ultimately decides whether the FIDO2 action that occurred on the User’s side is honored or not.
    • Metadata Service
      • The entity (which is always the FIDO Alliance) who governs the registered FIDO2 authenticators and maintains the properties associated to them
      • The FIDO2 Server might use it to help in making a decision on how much what occurred on the User’s side can be trusted or not.

The interactions between the User and FIDO occur in two different instances:

  • Registration
    • When a FIDO2 credential, which is nothing other than a cryptographic key, is generated by the Authenticator with the participation of the User, and then part of the resulting cryptographic material is shared to the FIDO2 Server for further verification.
  • Authentication
    • When a FIDO2 credential is used, with participation of the User, and then the resulting authentication material is shared to the FIDO2 Server for further verification.

As a way to appreciate some of the security benefits that FIDO2 offers, an analysis comparing FIDO2 and passwords is included at the end of the course. This comparison is viewed from two different angles:

  • Credential Theft
  • Phishing

Tags:

Related Courses
We will be happy to hear your thoughts

Leave a reply

About Online Courses

Online Courses is a website offering a wide range of online courses and free learning resources updated daily. Discover the best online courses and thousands of free courses with certificates to elevate your knowledge and skills with the free content available on our platform.

Online Courses
Logo
Register New Account
Compare items
  • Total (0)
Compare
0