StrongKey expands FIDO support for Apple and Android
25 March 2021 16:48 GMT

StrongKey, the leader in open source authentication and encryption solutions, announced that its FIDO Certified FIDO2 Server now supports PC, Android, and Apple devices. 

With a Preview release of the open source StrongKey Android Client Library (SACL), StrongKey enables Android developers to build native apps using Android mobiles devices as FIDO Authenticators, enabling frictionless user experiences for medium to high risk business transactions. StrongKey also now supports Apple Attestation, enabling current iPhones to be used as FIDO Authenticators with native iOS apps or browser-enabled applications using Safari.

With these advances, StrongKey dramatically expands the use of FIDO for native apps on the two popular mobile platforms. With the SACL, StrongKey enables e-commerce merchants to comply with the European Union's Payment Services Directive, Revised (PSD2) to deliver Strong Customer Authentication (SCA) while enabling one of the most frictionless user experiences for e-commerce or Open Banking transactions.

"FIDO authentication is a simpler and more secure way to verify the identity of end users," said Marco Conte, co-founder of Payment Universe. "Support of passwordless authentication across PCs and mobile offers a smoother payment customer experience, reducing friction and cart abandonment while complying with PSD2 SCA requirements."

StrongKey's open source software solution, downloadable on GitHub and SourceForge is a cost-effective alternative to FIDO server solutions that come with licensing and per-transaction fees.

The FIDO Alliance, a world-wide consortium, publishes authentication standards with the goal of eliminating passwords and other "shared secret" authentication schemes that cause more than 95% of worldwide data breaches. The standards are designed to preserve privacy and protect against phishing and other attacks perpetrated on shared-secret authentication schemes. FIDO passwordless authentication standards combine human gesture with public-key cryptography to produce a secure, user-friendly authentication mechanism. The FIDO2 standard incorporates two authentication factors with all major platforms—Android, iOS, OS X, Windows and all browsers—supporting FIDO2 across billions of PCs, mobile devices, and web browsers.

StrongKey Tellaro, an open source platform, provides strong authentication, encryption, tokenization, and PKI management in a single appliance backed by a standard FIPS 140-2 certified cryptographic hardware module. StrongKey Tellaro also includes an open source FIDO® Certified server that supports both U2F and FIDO2 with the following additional features:

Support for the FIDO2 protocol with native Android (version 9 or later) apps to deliver seamless and frictionless user experiences for authentication or e-commerce transactions through the SACL. The SACL takes advantage of AndroidKeystore, which leverages either a Trusted Execution Environment (TEE) or a Secure Element (SE) to protect cryptographic keys on the mobile device
Supports the use of FIDO digital signatures to confirm business transactions on Android devices that have advanced security capabilities
FIDO registration, authentication, and transaction authorization using Android biometric prompts to verify users before generating a digital signature to a dynamic link of the transaction
Enable current iPhones to use FIDO strong authenticator with native iOS apps that call WebView to perform the FIDO registration and authentication capabilities

StrongKey Tellaro enables online merchants, banks, and enterprise companies to:

Comply with European PSD2 Strong Customer Authentication (SCA) requirements by delivering the most frictionless user experience for dynamic linking of transactions in accordance with PSD2's Regulatory Technical Specifications (RTS)
Implement a consistent approach to FIDO authentication across PC, Android, and Apple devices
Lower the cost of secure authentication using open source software without licensing, transaction, application, or per-user fees
Migrate away from insecure passwords with FIDO passwordless authentication
Eliminate password phishing attacks
Comply with NIST authentication requirements for hardware-based security

Industry Events


connect:ID 2021 5-6 Oct 21