FIDO authenticator not working on Android platform

46 views
Skip to first unread message

Ankur Paul

unread,
Jul 11, 2024, 8:56:20 AM (5 days ago) Jul 11
to FIDO Dev (fido-dev)
Hi, i have two FIDO authenticators now, one that is from Thetis and one is a smartcard that has a FIDO applet loaded that we are developing.

Interestingly, I find, the thetis authenticator works well with registraion/authentication workflows on all platforms like iOS/Android on the NFC transport medium, but on the contrast the applet which we are developing works well on the NFC medium on iOS (pretty well for reg/authentication on platforms), and on windows (using a usb smart card reader example: from Identiv). Our applet totally fails to complete the process when on Android, can someone suggest how shall we diagnose this issue? or any known issues like this anyone has faced and share their solution.

Btw, we are developing a smartcard based formfactor with the FIDO applet. It complied to ISO 7816-4/14443 standards.

Adam Langley

unread,
Jul 13, 2024, 8:29:32 PM (2 days ago) Jul 13
to FIDO Dev (fido-dev), Ankur Paul
On Thursday, July 11, 2024 at 5:56:20 AM UTC-7 Ankur Paul wrote:
Hi, i have two FIDO authenticators now, one that is from Thetis and one is a smartcard that has a FIDO applet loaded that we are developing.

Interestingly, I find, the thetis authenticator works well with registraion/authentication workflows on all platforms like iOS/Android on the NFC transport medium, but on the contrast the applet which we are developing works well on the NFC medium on iOS (pretty well for reg/authentication on platforms), and on windows (using a usb smart card reader example: from Identiv). Our applet totally fails to complete the process when on Android, can someone suggest how shall we diagnose this issue? or any known issues like this anyone has faced and share their solution.

Does Android support smartcard-based security keys at all? I'm not sure that it does, which would explain the failures that you're observing.


Cheers

AGL

DUBOUCHER Thomas

unread,
11:46 AM (11 hours ago) 11:46 AM
to Adam Langley, FIDO Dev (fido-dev), Ankur Paul

THALES GROUP LIMITED DISTRIBUTION to email recipients

 

Android still doesn’t support NFC for FIDO2 devices, but it does support it for U2F devices.

 

If both your RP and your security key supports U2F, you may get mistaken because Android will downgrade the registration to U2F.

 

If the RP doesn’t support U2F, Android will not ask for NFC security key.

 

If your security key doesn’t support U2F, it may cause this error when trying to register your security key.

 

Best regards,

 

 

 

 

Thomas Duboucher

Embedded Security Specialist

Digital Identity and Security

Thales

 

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/29701299-ed17-4869-97de-e5b15b70c330n%40fidoalliance.org.

Reply all
Reply to author
Forward
0 new messages