FIDO | Mobile Phone As Key

376 views
Skip to first unread message

Vishal Khondre

unread,
Dec 8, 2020, 5:14:31 AM12/8/20
to FIDO Dev (fido-dev)
Hi Everyone,

Could someone suggest how to make use of mobile as key in FIDO registration and login process?
I'm using below server code.

Thank you in advance!

Best Regards,
Vishal Khondre

Jiří Bělohradský

unread,
Dec 9, 2020, 6:07:18 AM12/9/20
to FIDO Dev (fido-dev), vishal....@gmail.com
Hello Vishal,

You can try "Krypton" application for Android, but it requires a browser plugin installed on a client computer. We're recently working on a mobile phone security token called Keyote - it has direct connection via bluetooth. We plan to release it on Google Play in spring 2021. Please, let me know if you are interested in testing earlier...

Regards,
Jiri Belohradsky

Dne úterý 8. prosince 2020 v 11:14:31 UTC+1 uživatel vishal....@gmail.com napsal:

Tim Cappalli

unread,
Dec 9, 2020, 9:00:18 AM12/9/20
to belohrad...@gmail.com, fido...@fidoalliance.org, vishal....@gmail.com

Also check out WearAuthn which lets you use a WearOS watch via NFC or Bluetooth.

 

https://play.google.com/store/apps/details?id=me.henneke.wearauthn.authenticator

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/fd5e9f96-6b60-4bc6-9ebc-7dedf294d87fn%40fidoalliance.org.

Vishal Khondre

unread,
Dec 18, 2020, 8:06:22 AM12/18/20
to FIDO Dev (fido-dev), belohrad...@gmail.com
Hi Jiri,

Thank you for your reply. We're exploring FIDO and wanted to build POC for "FIDO Roaming Authenticator". We wanted to use mobile as  Authenticator.
I'll take a look at Krypton. Yes please I would like to test Keyote earlier if possible. 

Having said this, it would be great help if you could point some reference documentation or implementations for  "FIDO Roaming Authenticator"  . Thank you for your help.

rick.h...@att.net

unread,
Dec 18, 2020, 3:20:35 PM12/18/20
to Vishal Khondre, FIDO Dev (fido-dev), belohrad...@gmail.com

I have a unique authenticator app that rolls up FIDO2, U2F, TOTP, and HOTP into a single app. The unique part is its use of behavioral biometrics to identify the person in possession of the phone. I’m moving it to the Google and Apple stores now for by invitation only download. Let me know by oob email if interested. Oh, and as inferred, its available for Android and iOS.

 

 

From: fido...@fidoalliance.org <fido...@fidoalliance.org> On Behalf Of Vishal Khondre
Sent: Friday, December 18, 2020 8:06 AM
To: FIDO Dev (fido-dev) <fido...@fidoalliance.org>
Cc: belohrad...@gmail.com <belohrad...@gmail.com>
Subject: [FIDO-DEV] Re: FIDO | Mobile Phone As Key

 

Hi Jiri,

--

You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.

Ori Mizrahi

unread,
Dec 20, 2020, 3:44:17 PM12/20/20
to FIDO Dev (fido-dev), Rick Hallock, belohrad...@gmail.com, vishal....@gmail.com
To all the folks that have built FIDO certified authenticator mobile apps... Did you implement the CTAP spec from scratch, or did you work off an existing library or implementation? I can't seem to find any open source implementations of CTAP for iOS and Android on the web...

Jiří Bělohradský

unread,
Dec 21, 2020, 3:27:54 AM12/21/20
to FIDO Dev (fido-dev), Rick Hallock
Hello Rick,

I am definetely interested in seeing and testing your app. My Google Play account is belohrad...@gmail.com

Many thanks!
Jiri 

Dne pátek 18. prosince 2020 v 21:20:35 UTC+1 uživatel Rick Hallock napsal:

Jiří Bělohradský

unread,
Dec 21, 2020, 3:38:13 AM12/21/20
to Ori Mizrahi, FIDO Dev (fido-dev)
Hello Ori,

There are some Android open source implementations available. Wearauthn supports both CTAP1 (U2F) as well as CTAP2:


ne 20. 12. 2020 v 21:44 odesílatel Ori Mizrahi <o...@allthenticate.net> napsal:

Jiří Bělohradský

unread,
Dec 21, 2020, 3:39:28 AM12/21/20
to Ori Mizrahi, FIDO Dev (fido-dev)
Hello Ori,

There are some Android open source implementations available. Wearauthn supports both CTAP1 (U2F) as well as CTAP2:


po 21. 12. 2020 v 9:37 odesílatel Jiří Bělohradský <belohrad...@gmail.com> napsal:

MAHENDAR MADHAVAN

unread,
Dec 21, 2020, 4:42:23 PM12/21/20
to Jiří Bělohradský, FIDO Dev (fido-dev), Rick Hallock
Hi Rick, 

I am interested too. Can you add me as well ? my google play account email is madm...@gmail.com

Thanks
Mahendar

Thiru Kt

unread,
Dec 21, 2020, 4:48:50 PM12/21/20
to MAHENDAR MADHAVAN, FIDO Dev (fido-dev), Jiří Bělohradský, Rick Hallock
Hi Rick,

I am very much interested. Please add me too

--
Thanks Thiru Sent from my iPhone

Mike Hill

unread,
Dec 22, 2020, 7:20:19 AM12/22/20
to Thiru Kt, MAHENDAR MADHAVAN, FIDO Dev (fido-dev), Jiří Bělohradský, Rick Hallock
Hi Rick, I'd like to see it as well.

Best
Mike



--
Michael Hill
Founder & CEO
------------------------------------------------------------------
USA: +1 (202) 412-0821
IRL: +353 85 8334477
www.SensiPass.com
@sensipass

Authenticating people, not just credentials.

This transmission is issued by SensiPass Inc. and/or SensiPass Ltd. This email and the information it contains may be legally privileged and/or confidential. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient, you may not use, disseminate, alter, print or copy any information in or transmitted with this message or deliver to anyone. SensiPass is incorporated and registered in the United States and Ireland. 

Registered offices:
3101 Wilson Boulevard, Suite 240, Arlington, VA, 22201, USA
Guinness Enterprise Centre, Taylor's Lane, Dublin D08 YE0P, Ireland.  
©2020 SensiPass. All rights reserved.

Skybird Le

unread,
Dec 22, 2020, 8:37:11 AM12/22/20
to FIDO Dev (fido-dev), Mike Hill, madm...@gmail.com, FIDO Dev (fido-dev), belohrad...@gmail.com, Rick Hallock, Thiru Kt
Me too. skybi...@gmai.com.
Thanks.

Vishal Khondre

unread,
Jan 19, 2021, 12:21:54 AM1/19/21
to FIDO Dev (fido-dev), Skybird Le, Mike Hill, madm...@gmail.com, FIDO Dev (fido-dev), belohrad...@gmail.com, Rick Hallock, Thiru Kt
Hi Rick, 

I am interested too. Could you please add me as well ? my google play account email is vishal....@gmail.com

Thanks
Vishal

Steven Wong

unread,
Jan 19, 2021, 12:39:32 AM1/19/21
to FIDO Dev (fido-dev), vishal....@gmail.com, Skybird Le, Mike Hill, madm...@gmail.com, FIDO Dev (fido-dev), belohrad...@gmail.com, Rick Hallock, Thiru Kt
Hi Rick, 

I am very interested too. my google play account email is steven....@gmail.com

Thanks
Steven

Shane Miller

unread,
Jan 22, 2021, 1:55:05 PM1/22/21
to FIDO Dev (fido-dev), Steven Wong, vishal....@gmail.com, Skybird Le, Mike Hill, madm...@gmail.com, FIDO Dev (fido-dev), belohrad...@gmail.com, Rick Hallock, Thiru Kt
Hey all, I just joined this group.

I too have been working on an authenticator that provides push-based webauthn/fido from an app. I have an API that sends a push message to authenticator app. Once opening the push message, the user does webauthn on the phone, using TPM or Cross-Platform authenticators, and sends back all the data from the mobile device via the api.
We basically proxy webauthn from our app to anything that can call a rest-ful api. This allow for Webauthn/fido2 outside of a browser and allows users to use phone lock or built in security from their phone.

If anyone is interested in checking it out, please do let me know. I would love some feedback!

Thanks
-Shane


Noam

unread,
Jan 24, 2021, 2:26:18 AM1/24/21
to FIDO Dev (fido-dev), bugn...@gmail.com
Would like to see that.
Thanks.

Peter Pavlovich

unread,
Jan 25, 2021, 10:29:58 AM1/25/21
to Vishal Khondre, FIDO Dev (fido-dev), Skybird Le, Mike Hill, madm...@gmail.com, belohrad...@gmail.com, Rick Hallock, Thiru Kt
I am also interested. My email addie is pavl...@gmail.com



--
Peter Pavlovich
CTO
Censinet, Inc.
10 High Street, 
Boston, MA 02110
ppavlovich@censinet.com

Shane Miller

unread,
Jan 27, 2021, 10:25:09 AM1/27/21
to FIDO Dev (fido-dev), Noam, Shane Miller
Hey there Noam,

My email is shane....@autharmor.com - I can jump on a call, answer any questions you have and give a demo if you'd like. 

Thanks!
-Shane

Farhan Masood

unread,
Jan 27, 2021, 10:39:56 AM1/27/21
to Shane Miller, FIDO Dev (fido-dev), Noam
Hey Shane 

I am also interested and My email is f...@soloinsight.com 

--
Regards,
 
Farhan Masood, President and CTO
Soloinsight Inc. 

29 N. Wacker Dr. | Suite 1000 | Chicago, IL 60606

This communication and any documents, files or previous e-mail messages attached to it, constitute an electronic communication within the scope of the Electronic Communication Privacy Act. This communication (including any accompanying documents) is intended only for the use of the addressee(s) and contains information that is PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, dissemination, distribution or copying of this communication is prohibited. If you have received this communication in error, please notify us immediately by e-mail, telephone or fax and promptly destroy the original communication. Thank you for your cooperation. 


Tanmay Sawant

unread,
Sep 14, 2022, 7:37:07 PM9/14/22
to FIDO Dev (fido-dev), Farhan Masood, FIDO Dev (fido-dev), Noam, bugn...@gmail.com
Has anyone successfully implemented a mobile app as a FIDO security key? If so, can you please share resources/specs/workflows? Thanks in advance! Also, let me know if I can test out your application.
Reply all
Reply to author
Forward
0 new messages