Start implementing FIDO
80 views
Skip to first unread message
Sơn Lê
Jul 31, 2022, 10:39:22 PM7/31/22
to FIDO Dev (fido-dev)
Hello, I'm from a fintech company in Vietnam which is developing digital wallets and payment service. Our digital wallet is using old authentication methods such as SMS and Smart OTP.
Therefore, we want to implement FIDO to our app to enhance users' experience and security level of the system. Can you suggest some steps to start at technology aspect, I 've read some documents from fidoalliance and the basic flows of FIDO but got stuck when trying to implement because I did not know what to do at the beginning, especially the size and complexity of messages between the components. We already had an authentication server for our apps.
Thanks for answering.
Best regards,
sonhoang
Arshad Noor
Jul 31, 2022, 11:23:07 PM7/31/22
to Sơn Lê, FIDO Dev (fido-dev)
Hi Sonhoang,
You didn't specify if you're planning to create a digital wallet for a
mobile device or something for the desktop/laptop.
If you are looking for something for Android, here is an open-source
implementation that will work for devices using Android 9 or greater. It
implements the FIDO2 protocol and can be used by native Android apps
(aka Rich Client Applications or RCA) for FIDO registrations,
authentications (aka assertions) and transaction confirmation:
https://github.com/StrongKey/fido2/tree/master/sampleapps/java/sacl
The Android library is designed to work with the FIDO Certified FIDO2
server at the same repository:
https://github.com/strongkey/fido2
The transaction confirmation capability supports the FIDO-EMVCo defined
messages for payment processing:
https://fidoalliance.org/technical-note-fido-authentication-and-emv-3-d-secure-using-fido-for-payment-authentication/
If you have questions about the Android library or FIDO server, please
DO NOT post them here - the FIDO server repo has its own forum for
questions. However, you can direct your questions about the FIDO-EMVCo
messages to this forum.
Good luck.
Arshad Noor
StrongKey
On 7/31/22 7:39 PM, Sơn Lê wrote:
> Hello, I'm from a fintech company in Vietnam which is developing digital
> wallets and payment service. Our digital wallet is using old
> authentication methods such as SMS and Smart OTP.
> Therefore, we want to implement FIDO to our app to enhance users'
> experience and security level of the system. Can you suggest some steps
> to start at *technology aspect*, I 've read some documents from
> *fidoalliance *and the *basic flows of FIDO* but got stuck when trying
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b2cb87d1-dca3-4619-a8a8-6022667a42fdn%40fidoalliance.org
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b2cb87d1-dca3-4619-a8a8-6022667a42fdn%40fidoalliance.org?utm_medium=email&utm_source=footer>.
You didn't specify if you're planning to create a digital wallet for a
mobile device or something for the desktop/laptop.
If you are looking for something for Android, here is an open-source
implementation that will work for devices using Android 9 or greater. It
implements the FIDO2 protocol and can be used by native Android apps
(aka Rich Client Applications or RCA) for FIDO registrations,
authentications (aka assertions) and transaction confirmation:
https://github.com/StrongKey/fido2/tree/master/sampleapps/java/sacl
The Android library is designed to work with the FIDO Certified FIDO2
server at the same repository:
https://github.com/strongkey/fido2
The transaction confirmation capability supports the FIDO-EMVCo defined
messages for payment processing:
https://fidoalliance.org/technical-note-fido-authentication-and-emv-3-d-secure-using-fido-for-payment-authentication/
If you have questions about the Android library or FIDO server, please
DO NOT post them here - the FIDO server repo has its own forum for
questions. However, you can direct your questions about the FIDO-EMVCo
messages to this forum.
Good luck.
Arshad Noor
StrongKey
On 7/31/22 7:39 PM, Sơn Lê wrote:
> Hello, I'm from a fintech company in Vietnam which is developing digital
> wallets and payment service. Our digital wallet is using old
> authentication methods such as SMS and Smart OTP.
> Therefore, we want to implement FIDO to our app to enhance users'
> experience and security level of the system. Can you suggest some steps
> *fidoalliance *and the *basic flows of FIDO* but got stuck when trying
> to implement because I did not know what to do at the beginning,
> especially the *size and complexity of messages* between the
> components. We already had an authentication server for our apps.
> Thanks for answering.
>
> Best regards,
> sonhoang
>
> --
> Thanks for answering.
>
> Best regards,
> sonhoang
>
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b2cb87d1-dca3-4619-a8a8-6022667a42fdn%40fidoalliance.org
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b2cb87d1-dca3-4619-a8a8-6022667a42fdn%40fidoalliance.org?utm_medium=email&utm_source=footer>.
Ackermann Yuriy
Aug 1, 2022, 3:19:19 AM8/1/22
to Sơn Lê, FIDO Dev (fido-dev)
Hey Som.
Here are a great set of resources to start with:
Intro into Webauthn https://webauthn.guide/
More technical guide into WebAuthn API https://medium.com/webauthnworks/introduction-to-webauthn-api-5fd1fb46c285
A community built resource containing all open source servers, solutions, and resources https://github.com/herrjemand/awesome-webauthn
Thx
Yuriy
Yuriy Ackermann
FIDO, Identity, Standardsskype: ackermann.yuriy
github: @herrjemand
twitter: @herrjemand
medium: @herrjemand
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b2cb87d1-dca3-4619-a8a8-6022667a42fdn%40fidoalliance.org.
Reply all
Reply to author
Forward
0 new messages