FIDO2 Smartcard Applet
Fido2 smartcard applet
Smart cards have become a fast-growing market due to the higher demand for tighter security measures. It also became mandatory in governmental and fintech services’ digital transformation. Smartcards now contain end-users personal data (e.g. health, social security, digital identity, crypto transactions, etc)
FIDO2 Applet on Java Card
Java Card: A Multi-Application Operating System for Smart Cards It allows applets) to be loaded and securely executed on-chip card systems. Java Card is a very small subset of Java platforms that can be used on embedded devices such as smart cards with small memory and CPU footprint devices.
Java Card has been around for over 20 years now. It is a mature smart card operating system. Applet load, initialization, personalization, and deletion heavily rely on GlobalPlatform specifications.
Java Card is an open, multi-application operating system for smart cards. Diverse parties can develop applications for the same smart card using their respective Java programming skills. The resulting applets run on the same card and co-reside independently. Thus, applications from various vendors can be combined after being separately developed.
Fast Identity Online
FIDO2 is the umbrella term for a passwordless authentication open standard developed by the Fast Identity Online (FIDO) Alliance, an industry consortium comprised of technology firms and other service providers. FIDO 2 consists of two core components. The first is the WebAuthn API, which industry leaders are incorporating into their browsers, including Chrome, Edge, Mozilla, and WebKit. Second, there’s the Client to Authenticator (CTAP) protocol that provides FIDO 2-capable devices an interface for external authenticators via NFC, USB, or Bluetooth.
Solutions built atop FIDO2 undergo rigorous certification to ensure that user credentials are decentralized, isolated and encrypted on users’ personal devices.
TrustSEC FIDO2 Applet
Based on the above, TrustSEC offers its FIDO2 java card Applet to all business owners who have a smartcard solution integrated with web-based services and would like to secure their end-users logins over the web. It corresponds to the requirements for secure authentication that are integrated/activated with smartcards and could exist on the card in addition to other applets to help businesses provide a secure turnkey solution. It could easily be intended for production over any java smart card operating system.
FIDO2 Smartcards could be a 2-factor-authentication or Multi-factor authenticator based on the biometric feature addition Something you are ( Fingerprint ), however, the 2Fa FIDO2 Smartcards will be a combination of something you have (the smart card) with something you know (a secret, the smart card PIN).
FIDO2 Authentication Process
The user registers to a web application or services, His/Her registration generates a public key and a private key. When requesting access to the web service, a challenge is generated, then the challenge is signed and returned using the keys pairing part over the smartcard which is created in the smart card and never leave it. When the right key pair is used, the user can successfully log in.
Also, a great advantage of using one FIDO2 Authenticator Applet is the possibility of multiple logins to different applications, while only one PIN/fingerprint is required to enable access to the authenticator.
Check TrustSEC Security keys range to choose from single-factor, two-factor, or multi-factor keys for secure login, over different platforms for different verticals with a variety of authentication scenarios.