인증 사양 다운로드 - FIDO Alliance

인증 사양 다운로드

최신 버전의 FIDO Alliance 사용자 인증 사양은 아래에서 확인할 수 있습니다. FIDO를 처음 사용하는 경우, 계속 진행하기 전에 먼저 사양 개요를 검토하는 것이 좋습니다.

기술 요구 사항을 충족하는 것 외에도 FIDO Alliance 각 디바이스의 보안 보증을 강화하기 위해 구현해야 하는 추가 보안 요구 사항을 개발했습니다. 이러한 요구 사항은 인증된 인증자 레벨 페이지에 있는 인증자 Certification 프로그램에서 확인할 수 있습니다.

이전 버전의 사양은 사양 아카이브에서 UAF 1.0 사양의 중국어 번역본과 함께 확인할 수 있습니다. FIDO FIDO Alliance 사양의 FIDO 사양 현황 및 지적재산권(IPR)은 여기에서 확인할 수 있습니다.


FIDO 얼라이언스는 모든 구현자가 다운로드할 수 있도록 다음 기술 사양을 게시합니다. 또한, 얼라이언스는 공개 토론 목록( fido-dev@fidoalliance.org )을 운영하여 FIDO 인증 기술 구현을 위한 지원을 제공하고 있습니다. FIDO 사양 구현과 관련하여 궁금한 점이 있으면 해당 포럼에 게시해 주세요.

FIDO Alliance 독자들의 편의를 위해 PDF 형식의 사양을 제공하지만, PDF 형식의 사양에서 서식 문제가 발생하는 경우 HTML 형식의 사양을 참조하는 것이 좋습니다. 아직 FIDO 얼라이언스의 회원이 아니며 공개 사양 초안에 대한 의견이 있으신 경우, 문의 양식을 이용해 주시기 바랍니다.

FIDO2 Specifications
CLIENT TO AUTHENTICATOR PROTOCOL (CTAP)
This Proposed Standard document describes the Client-to-Authenticator Protocol (CTAP) which uses USB, NFC, and / or BLE for communication between browsers or platforms and FIDO2 authenticators.

CTAP 2.1 Proposed Standard with Errata: HTML | PDF

CTAP 2.1 Errata: HTML | PDF

CTAP 2.2 Review Draft 02: HTML | PDF
W3C – Web Authentication:
An API for accessing Public Key Credentials
Level 2 (Webauthn)

This specification defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

Download: HTML
UAF Specifications
FIDO UAF Complete Specifications
This is a zip file containing the FIDO Alliance Universal Authentication Framework (UAF) specification files:

Change USB transport to conform to ISO7816-4
NFC (ISO7816-4) support
Bluetooth Low Energy support
Updated JavaScript 1.1 specification
Transports Extension specification
Expanded Metadata Service specification to include U2F

1.1 Proposed Standard: Files

1.2 Proposed Standard: Files
FIDO UAF Architectural Overview
This overview document describes the various protocol design considerations in detail and also describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents.
You should read this document first if you are new to UAF.

1.1 Proposed Standard: HTML | PDF
1.2 Proposed Standard: HTML | PDF
FIDO UAF Protocol Specification
This document defines the message formats and processing rules for all UAF protocol messages.

1.1 Proposed Standard: HTML | PDF
1.2 Proposed Standard: HTML | PDF
UAF Application API and Transport Binding Specification
This document describes the client-side APIs and interoperability profile for client applications to utilize FIDO UAF.

1.1 Proposed Standard: HTML | PDF
1.2 Proposed Standard: HTML | PDF
FIDO UAF Authenticator-specific Module API
This document defines Authenticator-specific Modules and the API provided to the FIDO client by ASMs.

1.1 Proposed Standard: HTML | PDF
1.2 Proposed Standard: HTML | PDF
FIDO UAF Authenticator Commands
This document describes Low-level functionality that UAF Authenticators should implement to support the UAF protocol.

1.1 Proposed Standard: HTML | PDF

1.2 Proposed Standard: HTML | PDF
FIDO ECDAA Algorithm
This document describes how to use Elliptic Curve (EC) Direct Anonymous Attestation (DAA) as a form of secure and private attestation for authenticators.

1.1 Proposed Standard: HTML | PDF

1.2 Review Draft: HTML | PDF

2.0 Implementation Draft: HTML | PDF
FIDO UAF APDU Commands
This document defines a mapping of FIDO UAF Authenticator commands to Application Protocol Data Units (APDUs) thus facilitating UAF authenticators based on Secure Elements.

1.1 Proposed Standard: HTML | PDF

1.2 Proposed Standard: HTML | PDF
UAF Registry of Predefined Values
This document describes implementation considerations and recommendations for creators of U2F devices and for relying parties implementing U2F support.

1.1 Proposed Standard: HTML | PDF
1.2 Proposed Standard: HTML | PDF
FIDO UAF Android This document defines the assertion format “APCV1CBOR” in order to use Android Protected Confirmation for FIDO UAF Transaction Confirmation.

1.2 Proposed Standard: HTML | PDF
FIDO UAF WebAuthentication Assertion Format
This document defines the assertion format “WAV1CBOR” in order to use Web Authentication assertions through the FIDO UAF protocol.

1.2 Proposed Standard: HTML | PDF
FIDO UAF ERRATA
This errata is being published to address certain issues that have been identified in the UAF v1.1 Specification. All Specifications and errata are required to be approved by the FIDO Board prior to publication.

1.1 Implementation Draft: PDF
FIDO Metadata
FIDO Authenticator Metadata Statements
This document defines the authenticator metadata. This metadata, in turn, describes FIDO authenticator form factors, characteristics, and capabilities. The metadata is used to inform relying party interactions with, and make policy decisions about, the authenticators.

1.1 Proposed Standard: HTML | PDF

3.0 Proposed Standard: HTML | PDF
FIDO Authenticator Metadata Service
Baseline method for relying parties to obtain FIDO Metadata statements.

1.1 Proposed Standard: HTML | PDF

3.0 Proposed Standard: HTML | PDF
FIDO2 and UAF Common Files
FIDO Registry of Predefined Values
This document defines all the strings and constants common to all FIDO specifications.

1.1 Proposed Standard: HTML | PDF

2.2 Proposed Standard: HTML | PDF
FIDO AppID and Facet Specification
This document defines the scope of user credentials and how a trusted computing base that supports application isolation may make access control decisions about which keys can be used by which applications and web origins.

1.1 Proposed Standard: HTML | PDF

2.1 Proposed Standard: HTML | PDF
FIDO Security Reference
Provides an analysis of FIDO security based on detailed analysis of security threats pertinent to the FIDO protocols based on its goals, assumptions, and inherent security measures.

1.1 Proposed Standard: HTML | PDF

2.1 Proposed Standard: HTML | PDF
FIDO Technical Glossary
Defines the technical terms and phrases used in FIDO Alliance specifications and documents.

1.1 Proposed Standard: HTML | PDF

2.1 Proposed Standard: HTML | PDF
FIDO ECDAA Algorithm

This document describes how to use Elliptic Curve (EC) Direct Anonymous Attestation (DAA) as a form of secure and private attestation for authenticators.

1.1 Proposed Standard: HTML | PDF

2.1 Proposed Standard: HTML | PDF
U2F SPECIFICATIONS
FIDO U2F Complete Specifications
This is a zip file containing the U2F 1.2 Specifications public snapshot of FIDO Alliance Universal 2nd Factor (U2F) specs approved July 11th, 2017. Included in the latest U2F 1.2 specifications are:

Change USB transport to conform to ISO7816-4
NFC (ISO7816-4) support
Bluetooth Low Energy support
Updated JavaScript 1.1 specification
Transports Extension specification
Expanded Metadata Service specification to include U2F
You should read this document first if you are new to U2F.

1.2 Proposed Standard: Files
FIDO U2F Architectural Overview
This overview document describes the various design considerations which go into the protocol in detail and describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents. It describes the various privacy considerations in the protocol design through the document and summarizes these at the end
You should read this document first if you are new to U2F.

1.0 Proposed Standard: HTML

1.2 Proposed Standard: PDF

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO U2F JavaScript API
This document describes the client side API in the web browser for accessing U2F capabilities. An online service or website can levearge U2F by using this API on the client side and pairing it with a server which can verify U2F messages on the server side. (Later specifications will describe APIs in non-browser contexts).


1.0 Proposed Standard: HTML

1.2 Proposed Standard: PDF

1.2 Proposed Standard: Files

1.2 Proposed Standard: Files
FIDO U2F Raw Message Formats
This document describes the binary format of request messages which go from the FIDO U2F server to the FIDO U2F token and the binary format of the response messages from the token to the server. These messages are encoded by the browser (FIDO client) for communication over a particular transport (such as USB) to the cryptographic core of the token which performs key generation and signing. A header file with standard values is also specified.

1.0 Proposed Standard: HTML

1.2 Proposed Standard: PDF

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO U2F HID Protocol
This document describes how the browser (FIDO client) frames the binary raw messages coming from the javascript API for transport over USB-HID to a U2F token. The binary raw messages are described in the ‘FIDO U2F Raw Message Formats’ document. A header file with standard values is also specified. [Later specifications will specify how the javascript APIs frames raw messages over other (non-USB) transports].

1.0 Proposed Standard: HTML

1.2 Proposed Standard: PDF

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO U2F Bluetooth® protocol
This document describes the communication protocol between a FIDO client and FIDO authenticators over Bluetooth technology and Bluetooth Smart.

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO U2F NFC Protocol
This document describes the communication protocol between a FIDO client and FIDO authenticators over Near Field Communication (NFC).

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO U2F Transport Extensions
This standard describes one way relying parties may learn which transports an authenticator supports, by allowing authenticator vendors to embed hardware features as an optional extension in the authenticator’s attestation certificate.

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO U2F Implementation Considerations
This document describes implementation considerations and recommendations for creators of U2F devices and for relying parties implementing U2F support.

1.0 Proposed Standard: HTML

1.0 Proposed Standard: PDF

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO AppID and Facet Specification
This document defines the scope of user credentials and how a trusted computing base which supports application isolation may make access control decisions about which keys can be used by which applications and web origins.

1.0 Proposed Standard: HTML

1.0 Proposed Standard: PDF

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO Security Reference
Provides an analysis of FIDO security based on detailed analysis of security threats pertinent to the FIDO protocols based on its goals, assumptions, and inherent security measures.

1.0 Proposed Standard: HTML

1.0 Proposed Standard: PDF

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO Technical Glossary
Defines the technical terms and phrases used in FIDO Alliance specifications and documents.

1.0 Proposed Standard: HTML

1.0 Proposed Standard: PDF

1.2 Proposed Standard: HTML

1.2 Proposed Standard: PDF
FIDO U2F Readme
This is a README for the U2F 1.2 Implementation Draft public snapshot of the Universal Second Factor (U2F) specs as of July 11, 2017.

1.0 Proposed Standard: TXT

1.2 Proposed Standard: TXT

FIDO 사양 상태 및 지적 재산권(IPR) 정보

이 사이트의 사양에 대한 지적재산권 현황 요약:

SpecificationSpecification Status
U2F 1.0Proposed Standard Expanded to the World
U2F 1.1

Proposed Standard Expanded to the World
U2F 1.2Proposed Standard Expanded to the World
UAF 1.0Proposed Standard Expanded to the World
UAF 1.1Proposed Standard Expanded to the World
FIDO2 Submission to W3CProposed Standard Expanded to the World
FIDO2 CTAPProposed Standard Expanded to the World
FIDO Device Onboard 1.0Proposed Standard Expanded to the World
FIDO Device Onboard 1.1Proposed Standard Expanded to the World

지적재산권 현황에 대한 설명 FIDO Alliance 사양은 사전 초안, 작업 초안, 검토 초안 및 제안된 표준의 여러 단계를 거쳐 진행됩니다. FIDO Alliance 회원 기관이 규정을 준수하는 구현을 위해 특허권에 대한 로열티 없는 라이선스를 부여하는 계약인 약속은 사양 단계에 따라 다르게 적용됩니다. 이 약속은 사전 초안, 작업 초안 및 검토 초안 사양 단계에는 적용되지 않습니다. 표준 제안 단계에서는 관련 기술 작업반의 모든 FIDO Alliance 회원사가 전 세계에 약속을 제공합니다. 2020년 1월 1일 이전에 표준 제안으로 발표된 모든 FIDO Alliance FIDO Alliance 사양에 대해, 이 약속은 준수하는 구현에 대해 특허권을 주장하지 않겠다는 약속이며, 당시 모든 FIDO Alliance 회원사가 전 세계에 제공합니다. 상기 내용은 간략하게 요약한 것이며, 실제 약관은 FIDO Alliance 회원 계약서에 명시되어 있으므로 구체적인 사안에 대해서는 이를 참조해야 합니다.

특허 고지 FIDO Alliance 멤버십 계약은 회원에게 특정 조건 하에서 약속에서 부여된 청구를 철회할 수 있는 기회를 제공합니다. 구체적인 조건은 FIDO Alliance 멤버십 계약을 참조하시기 바랍니다. 위원회는 이 사이트에 게시된 사양과 관련하여 그러한 통지를 받은 사실이 없음을 대중에게 보고하게 되어 기쁘게 생각합니다. 이것이 의미하는 바에 대해 더 자세히 알고 싶은 구현자는 지적 재산권 요약 및/또는 FIDO Alliance 회원 계약의 섹션 6을 검토하는 것이 좋습니다.